Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verify Serializer Should Honour Blacklist #239

Merged
merged 7 commits into from
Jul 7, 2021
Merged

Verify Serializer Should Honour Blacklist #239

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
7d691c8
add blacklist check on verfify endpoint
Apr 16, 2020
c9c6c54
add review improvements
Jul 9, 2020
b26c799
fix tests
Jul 10, 2020
2af7747
Merge branch 'master' into blacklisted_token_should_not_verify
Andrew-Chen-Wang Nov 24, 2020
ad26e66
fix lint
Dec 11, 2020
7da1152
Merge branch 'master' into blacklisted_token_should_not_verify
Andrew-Chen-Wang Apr 6, 2021
a2d5ac6
Merge branch 'master' into blacklisted_token_should_not_verify
Andrew-Chen-Wang Jul 7, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions rest_framework_simplejwt/serializers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,16 @@
from django.conf import settings
TeresaSiegmantel marked this conversation as resolved.
Show resolved Hide resolved
from django.contrib.auth import authenticate
from django.utils.translation import gettext_lazy as _
from rest_framework import exceptions, serializers
from rest_framework.exceptions import ValidationError

from .exceptions import TokenError
from .settings import api_settings
from .state import User
from .tokens import RefreshToken, SlidingToken, UntypedToken

if 'rest_framework_simplejwt.token_blacklist' in settings.INSTALLED_APPS:
TeresaSiegmantel marked this conversation as resolved.
Show resolved Hide resolved
from .token_blacklist.models import BlacklistedToken

class PasswordField(serializers.CharField):
def __init__(self, *args, **kwargs):
Expand Down Expand Up @@ -141,4 +146,15 @@ class TokenVerifySerializer(serializers.Serializer):
def validate(self, attrs):
UntypedToken(attrs['token'])

if 'rest_framework_simplejwt.token_blacklist' in settings.INSTALLED_APPS:
TeresaSiegmantel marked this conversation as resolved.
Show resolved Hide resolved
try:
token = RefreshToken(attrs['token'])
# not a refresh token
except TokenError:
return {}

jti = token.get(api_settings.JTI_CLAIM)
if BlacklistedToken.objects.filter(token__jti=jti).exists():
raise ValidationError(_('Token is blacklisted'))
TeresaSiegmantel marked this conversation as resolved.
Show resolved Hide resolved

return {}
11 changes: 11 additions & 0 deletions tests/test_token_blacklist.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
from django.test import TestCase

from rest_framework_simplejwt.exceptions import TokenError
from rest_framework_simplejwt.serializers import TokenVerifySerializer
from rest_framework_simplejwt.settings import api_settings
from rest_framework_simplejwt.token_blacklist.models import (
BlacklistedToken, OutstandingToken,
Expand Down Expand Up @@ -190,3 +191,13 @@ def test_jti_field_should_contain_uuid_hex_strings(self):
actual_hexes = [i.jti_hex for i in OutstandingToken.objects.all()]

self.assertEqual(actual_hexes, self.expected_hexes)


class TokenVerifySerializerShouldHonourBlacklist(TestCase):
TeresaSiegmantel marked this conversation as resolved.
Show resolved Hide resolved

def token_verify_serializer_shouldHonour_blacklist(self):
TeresaSiegmantel marked this conversation as resolved.
Show resolved Hide resolved
refresh_token = RefreshToken()
refresh_token.blacklist()

serializer = TokenVerifySerializer({"token": refresh_token.payload})
self.assertFalse(serializer.is_valid())