mirror of
https://github.com/Tivix/django-rest-auth.git
synced 2024-12-02 13:53:43 +03:00
check if blacklist is installed and warn user to delete client side if cookies and blacklist are not enabled
This commit is contained in:
parent
b55fcc2361
commit
d5d9c69aa3
|
@ -1,5 +1,4 @@
|
|||
import json
|
||||
from unittest.mock import patch
|
||||
|
||||
from allauth.account import app_settings as account_app_settings
|
||||
from django.conf import settings
|
||||
|
@ -560,9 +559,8 @@ class APIBasicTests(TestsMixin, TestCase):
|
|||
self.assertEquals(resp.status_code, 200)
|
||||
|
||||
@override_settings(REST_USE_JWT=True)
|
||||
@patch('rest_framework_simplejwt.tokens.BlacklistMixin.blacklist')
|
||||
def test_blacklisting_not_installed(self, mocked_blacklist):
|
||||
mocked_blacklist.side_effect = AttributeError(f"'RefreshToken' object has no attribute 'blacklist'")
|
||||
def test_blacklisting_not_installed(self):
|
||||
settings.INSTALLED_APPS.remove('rest_framework_simplejwt.token_blacklist')
|
||||
payload = {
|
||||
"username": self.USERNAME,
|
||||
"password": self.PASS
|
||||
|
@ -571,7 +569,10 @@ class APIBasicTests(TestsMixin, TestCase):
|
|||
resp = self.post(self.login_url, data=payload, status_code=200)
|
||||
token = resp.data['refresh_token']
|
||||
resp = self.post(self.logout_url, status=200, data={'refresh': token})
|
||||
self.assertEqual(resp.status_code, 501)
|
||||
self.assertEqual(resp.status_code, 200)
|
||||
self.assertEqual(resp.data["detail"],
|
||||
"Neither cookies or blacklist are enabled, so the token has not been deleted server side. "
|
||||
"Please make sure the token is deleted client side.")
|
||||
|
||||
@override_settings(REST_USE_JWT=True)
|
||||
def test_blacklisting(self):
|
||||
|
|
|
@ -134,19 +134,23 @@ class LogoutView(APIView):
|
|||
request.user.auth_token.delete()
|
||||
except (AttributeError, ObjectDoesNotExist):
|
||||
pass
|
||||
|
||||
if getattr(settings, 'REST_SESSION_LOGIN', True):
|
||||
django_logout(request)
|
||||
response = Response({"detail": _("Successfully logged out.")},
|
||||
status=status.HTTP_200_OK)
|
||||
|
||||
if getattr(settings, 'REST_USE_JWT', False):
|
||||
cookie_name = getattr(settings, 'JWT_AUTH_COOKIE', None)
|
||||
if cookie_name:
|
||||
response.delete_cookie(cookie_name)
|
||||
else:
|
||||
|
||||
elif 'rest_framework_simplejwt.token_blacklist' in settings.INSTALLED_APPS:
|
||||
# add refresh token to blacklist
|
||||
try:
|
||||
token = RefreshToken(request.data['refresh'])
|
||||
token.blacklist()
|
||||
|
||||
except KeyError:
|
||||
response = Response({"detail": _("Refresh token was not included in request data.")},
|
||||
status=status.HTTP_401_UNAUTHORIZED)
|
||||
|
@ -157,10 +161,6 @@ class LogoutView(APIView):
|
|||
response = Response({"detail": _(error.args[0])},
|
||||
status=status.HTTP_404_NOT_FOUND)
|
||||
|
||||
# warn user blacklist is not enabled
|
||||
elif "'RefreshToken' object has no attribute 'blacklist'" in error.args:
|
||||
response = Response({"detail": _("Blacklist is not enabled in INSTALLED_APPS.")},
|
||||
status=status.HTTP_501_NOT_IMPLEMENTED)
|
||||
else:
|
||||
response = Response({"detail": _("An error has occurred.")},
|
||||
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
|
||||
|
@ -169,6 +169,12 @@ class LogoutView(APIView):
|
|||
response = Response({"detail": _("An error has occurred.")},
|
||||
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
|
||||
|
||||
else:
|
||||
response = Response({
|
||||
"detail": _("Neither cookies or blacklist are enabled, so the token has not been deleted server "
|
||||
"side. Please make sure the token is deleted client side."
|
||||
)}, status=status.HTTP_200_OK)
|
||||
|
||||
return response
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user