Merge branch 'pr91' into alichass-jwt-custom-claims

2024-12-02 13:53:43 +03:00 · 2020-06-20 13:39:20 -05:00 · 2020-06-20 13:39:20 -05:00 · 5c9a9f2e7f
commit 5c9a9f2e7f
parent 15ad7f4c73 ed99925d72
10 changed files with 93 additions and 10 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -12,15 +12,28 @@ jobs:
    executor: docker/docker
    steps:
      - checkout
      - run: pip install --user -r dev-requirements.txt
      - run: pip install --user -r dj_rest_auth/tests/requirements.pip
      - run: pip install -q --user coveralls djangorestframework==$DRF Django==$DJANGO_VERSION
      - run:
-          command: coverage run --source=dj_rest_auth setup.py test
+          command: pip install --user -r dev-requirements.txt
          name: "Pip Install dev requirements"
      - run:
          command: pip install --user -r dj_rest_auth/tests/requirements.pip
          name: "Pip Install test requirements"
      - run:
          command: |
            mkdir -p test-results/
            coverage run --source=dj_rest_auth setup.py test
            coverage report
          name: Test
      - run:
          command: COVERALLS_REPO_TOKEN=Q58WdUuZOi89XHyDeDsGE2lxUGQ2IfqP3 coveralls
          name: Coverage
      - run:
          command: python3 setup.py sdist
          name: Build
      - store_test_results:
          path: test-results/
      - store_artifacts:
          path: dist/
  test-django-2:
    <<: *template
    environment:
--- a/.gitignore
+++ b/.gitignore
@ -46,6 +46,7 @@ coverage.xml
 *.cover
 .hypothesis/
 .pytest_cache/
 test-results/
 # Translations
 *.mo
@ -106,4 +107,7 @@ venv.bak/
 # mypy
 .mypy_cache/
 demo/react-spa/node_modules/
-demo/react-spa/yarn.lock
+demo/react-spa/yarn.lock
 # Visual Studio Code
 .vscode/
--- a/demo/requirements.pip
+++ b/demo/requirements.pip
@ -1,5 +1,5 @@
-django>=1.9.0
+django>=2.2
-git+https://github.com/jazzband/dj-rest-auth.git@master
+dj-rest-auth @ git+https://github.com/jazzband/dj-rest-auth.git@master
 djangorestframework>=3.11.0
 djangorestframework-simplejwt==4.4.0
 django-allauth>=0.24.1
--- a/demo/templates/rest_framework/api.html
+++ b/demo/templates/rest_framework/api.html
@ -0,0 +1,52 @@
 {% extends "rest_framework/base.html" %}
 {% block style %}
    {{ block.super }}
        <style>
            #btn-link {
                border: none;
                outline: none;
                background: none;
                display: block;
                padding: 3px 20px;
                clear: both;
                font-weight: 400;
                line-height: 1.42857143;
                color: #A30000;
                white-space: nowrap;
                width: 100%;
                text-align: left;
            }
            #btn-link:hover {
                background: #EEEEEE;
                color: #C20000;
            }
        </style>
 {% endblock %}
 {% block userlinks %}
    {% if user.is_authenticated or response.data.access_token %}
        <li class="dropdown">
            <a href="#" class="dropdown-toggle" data-toggle="dropdown">
                {% firstof user.username 'Registered' %}
                <b class="caret"></b>
            </a>
            <ul class="dropdown-menu dropdown-menu-right">
                {% url 'rest_user_details' as user_url %}
                <li><a href="{{ user_url }}">User</a></li>
                <li>
                    {% url 'rest_logout' as logout_url %}
                    <form action="{{ logout_url }}" method="post">
                        {% csrf_token %}
                        <button type="submit" id="btn-link">Logout</button>
                    </form>
                </li>
            </ul>
        </li>
    {% else %}
        {% url 'rest_login' as login_url %}
        <li><a href="{{ login_url }}">Login</a></li>
        {% url 'rest_register' as register_url %}
        <li><a href="{{ register_url }}">Register</a></li>
    {% endif %}
 {% endblock %}
--- a/dev-requirements.txt
+++ b/dev-requirements.txt
@ -1,5 +1,5 @@
 --editable .
 responses>=0.5.0
 djangorestframework-simplejwt==4.4.0
-django-allauth
+django-allauth>=0.25.0
 coveralls>=1.11.1
--- a/dj_rest_auth/tests/requirements.pip
+++ b/dj_rest_auth/tests/requirements.pip
@ -1,4 +1,4 @@
 django-allauth>=0.25.0
-responses>=0.3.0
+responses>=0.5.0
 flake8==2.4.0
 djangorestframework-simplejwt==4.4.0
--- a/dj_rest_auth/tests/settings.py
+++ b/dj_rest_auth/tests/settings.py
@ -72,6 +72,9 @@ REST_FRAMEWORK = {
    )
 }
 TEST_RUNNER = 'xmlrunner.extra.djangotestrunner.XMLTestRunner'
 TEST_OUTPUT_DIR = 'test-results'
 INSTALLED_APPS = [
    'django.contrib.messages',
    'django.contrib.admin',
--- a/dj_rest_auth/views.py
+++ b/dj_rest_auth/views.py
@ -86,6 +86,9 @@ class LoginView(GenericAPIView):
        response = Response(serializer.data, status=status.HTTP_200_OK)
        if getattr(settings, 'REST_USE_JWT', False):
            cookie_name = getattr(settings, 'JWT_AUTH_COOKIE', None)
            cookie_secure = getattr(settings, 'JWT_AUTH_SECURE', False)
            cookie_httponly = getattr(settings, 'JWT_AUTH_HTTPONLY', True)
            cookie_samesite = getattr(settings, 'JWT_AUTH_SAMESITE', 'Lax')
            from rest_framework_simplejwt.settings import api_settings as jwt_settings
            if cookie_name:
                from datetime import datetime
@ -94,7 +97,9 @@ class LoginView(GenericAPIView):
                    cookie_name,
                    self.access_token,
                    expires=expiration,
-                    httponly=True
+                    secure=cookie_secure,
                    httponly=cookie_httponly,
                    samesite=cookie_samesite
                )
        return response
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@ -12,6 +12,8 @@ Configuration
        - JWT_SERIALIZER - (Using REST_USE_JWT=True) response for successful authentication in ``dj_rest_auth.views.LoginView``, default value ``dj_rest_auth.serializers.JWTSerializer``
        - JWT_TOKEN_CLAIMS_SERIALIZER - A custom JWT Claim serializer. Default is `rest_framework_simplejwt.serializers.TokenObtainPairSerializer`
        - USER_DETAILS_SERIALIZER - serializer class in ``dj_rest_auth.views.UserDetailsView``, default value ``dj_rest_auth.serializers.UserDetailsSerializer``
        - PASSWORD_RESET_SERIALIZER - serializer class in ``dj_rest_auth.views.PasswordResetView``, default value ``dj_rest_auth.serializers.PasswordResetSerializer``
@ -48,6 +50,9 @@ Configuration
 - **REST_USE_JWT** - Enable JWT Authentication instead of Token/Session based. This is built on top of djangorestframework-simplejwt https://github.com/SimpleJWT/django-rest-framework-simplejwt, which must also be installed. (default: False)
 - **JWT_AUTH_COOKIE** - The cookie name/key.
 - **JWT_AUTH_SECURE** - If you want the cookie to be only sent to the server when a request is made with the https scheme (default: False).
 - **JWT_AUTH_HTTPONLY** - If you want to prevent client-side JavaScript from having access to the cookie (default: True).
 - **JWT_AUTH_SAMESITE** - To tell the browser not to send this cookie when performing a cross-origin request (default: 'Lax'). SameSite isn’t supported by all browsers.
 - **OLD_PASSWORD_FIELD_ENABLED** - set it to True if you want to have old password verification on password change enpoint (default: False)
 - **LOGOUT_ON_PASSWORD_CHANGE** - set to False if you want to keep the current user logged in after a password change
--- a/setup.py
+++ b/setup.py
@ -34,6 +34,7 @@ setup(
        'with_social': ['django-allauth>=0.25.0'],
    },
    tests_require=[
        'unittest-xml-reporting>=3.0.2',
        'responses>=0.5.0',
        'django-allauth>=0.25.0',
        'djangorestframework-simplejwt>=4.4.0 ',