/django-rest-framework-jwt

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds blacklist token feature as separate subapp #91

Closed
wants to merge 99 commits into
base: master
from

Conversation

Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
5 participants
@erichonkanen @avimeir @jpadilla @fxdgear @uber1geek
@erichonkanen
Contributor

erichonkanen commented Mar 27, 2015

Builds off work submitted by @avimeir and the discussion at #89
@erichonkanen

This comment has been minimized.

Show comment
Hide comment
@erichonkanen

erichonkanen Mar 28, 2015

Contributor

Tested this in a local project by logging into my app with a distant expiring JWT_EXPIRATION_DATE, issuing a POST to /api/v1/auth-token-blacklist/ with the token, and then attempting to access the api (navigated to another page with api call). A 401 Unauthorized is issued and I am logged out of my ember app as expected... Let me know if anyone has input.. seems like nice feature
Contributor

erichonkanen commented Mar 28, 2015

Tested this in a local project by logging into my app with a distant expiring JWT_EXPIRATION_DATE, issuing a POST to /api/v1/auth-token-blacklist/ with the token, and then attempting to access the api (navigated to another page with api call). A 401 Unauthorized is issued and I am logged out of my ember app as expected... Let me know if anyone has input.. seems like nice feature
@erichonkanen

This comment has been minimized.

Show comment
Hide comment
@erichonkanen

erichonkanen Mar 28, 2015

Contributor

Should this package include an admin.py for the default black list token implementation? Should the JWTBlackListToken model include any other fields like the actual token value?
Contributor

erichonkanen commented Mar 28, 2015

Should this package include an admin.py for the default black list token implementation? Should the JWTBlackListToken model include any other fields like the actual token value?
@avimeir

This comment has been minimized.

Show comment
Hide comment
@avimeir

avimeir Mar 28, 2015

@erichonkanen nice work!

I'd add the exp claim to the model, so that we can later clean-up the DB by removing all expired tokens.

avimeir commented Mar 28, 2015

@erichonkanen nice work!

I'd add the exp claim to the model, so that we can later clean-up the DB by removing all expired tokens.
@erichonkanen

This comment has been minimized.

Show comment
Hide comment
@erichonkanen

erichonkanen Mar 28, 2015

Contributor

@avimeir thanks! should the exp be a DateTimeField or CharField? I know the format it comes in as is seconds since epoch
Contributor

erichonkanen commented Mar 28, 2015

@avimeir thanks! should the exp be a DateTimeField or CharField? I know the format it comes in as is seconds since epoch
@erichonkanen

This comment has been minimized.

Show comment
Hide comment
@erichonkanen

erichonkanen Mar 28, 2015

Contributor 
def jwt_blacklist_set_handler(payload):
    """
    Default implementation that blacklists a jwt token.
    """
    jti = payload.get('jti')
    exp = datetime.fromtimestamp(payload.get('exp'))

    return models.JWTBlackListToken.objects.create(jti=jti, expires_at=exp)

Made it DateTimeField and just converted
Contributor

erichonkanen commented Mar 28, 2015 

def jwt_blacklist_set_handler(payload):
    """
    Default implementation that blacklists a jwt token.
    """
    jti = payload.get('jti')
    exp = datetime.fromtimestamp(payload.get('exp'))

    return models.JWTBlackListToken.objects.create(jti=jti, expires_at=exp)

Made it DateTimeField and just converted
@erichonkanen

This comment has been minimized.

Show comment
Hide comment
@erichonkanen

erichonkanen May 4, 2015

Contributor

@jpadilla ran git rebase, fixed conflicts but Im noticing this effectively made a 2nd copy of every commit now at the front.. is this expected or did I do it wrong? Ive mostly just used rebase to squash commits in the past...
Contributor

erichonkanen commented May 4, 2015

@jpadilla ran git rebase, fixed conflicts but Im noticing this effectively made a 2nd copy of every commit now at the front.. is this expected or did I do it wrong? Ive mostly just used rebase to squash commits in the past...
@jpadilla

This comment has been minimized.

Show comment
Hide comment
@jpadilla

jpadilla May 4, 2015

Member

@erichonkanen oh snap, could you perhaps squash all of this into one commit then?
Member

jpadilla commented May 4, 2015

@erichonkanen oh snap, could you perhaps squash all of this into one commit then?
@erichonkanen

This comment has been minimized.

Show comment
Hide comment
@erichonkanen

erichonkanen May 5, 2015

Contributor

Cleaned commit history and submitted in new PR
Contributor

erichonkanen commented May 5, 2015

Cleaned commit history and submitted in new PR

@erichonkanen erichonkanen closed this May 5, 2015

@erichonkanen erichonkanen deleted the erichonkanen:jti branch May 5, 2015

@uber1geek

This comment has been minimized.

Show comment
Hide comment
@uber1geek

uber1geek Aug 29, 2017

How can i implement this feature @erichonkanen ?

uber1geek commented Aug 29, 2017

How can i implement this feature @erichonkanen ?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment