Disallow refreshing a blacklisted token

[ashokdelphia]

Otherwise, you can refresh a blacklisted token and get a fresh token that works.

Fixes #36.

[codecov-io]

Codecov Report

Merging #37 into master will decrease coverage by 0.19%.
The diff coverage is 85.71%.

@@            Coverage Diff            @@
##           master      #37     +/-   ##
=========================================
- Coverage   98.13%   97.94%   -0.2%     
=========================================
  Files          19       19             
  Lines         430      437      +7     
  Branches       32       34      +2     
=========================================
+ Hits          422      428      +6     
  Misses          6        6             
- Partials        2        3      +1

Flag	Coverage Δ
#codecov	97.94% <85.71%> (-0.2%)	⬇️
#dj111	97.41% <85.71%> (-0.2%)	⬇️
#dj20	97.41% <85.71%> (-0.2%)	⬇️
#dj21	97.41% <85.71%> (-0.2%)	⬇️
#dj22	97.41% <85.71%> (-0.2%)	⬇️
#dj30	97.71% <85.71%> (-0.43%)	⬇️
#drf310	97.41% <85.71%> (-0.2%)	⬇️
#drf311	97.71% <85.71%> (-0.43%)	⬇️
#drf37	97.41% <85.71%> (-0.2%)	⬇️
#drf38	97.41% <85.71%> (-0.2%)	⬇️
#drf39	97.41% <85.71%> (-0.2%)	⬇️
#py27	97.41% <85.71%> (-0.2%)	⬇️
#py35	97.41% <85.71%> (-0.2%)	⬇️
#py36	97.41% <85.71%> (-0.2%)	⬇️
#py37	97.41% <85.71%> (-0.2%)	⬇️
#py38	97.71% <85.71%> (-0.2%)	⬇️

Impacted Files	Coverage Δ
src/rest_framework_jwt/utils.py	98.8% <85.71%> (-1.2%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update db55924...6c65061. Read the comment docs.

[fitodic]

Love the PR! Could you please add a changelog? As soon as that's added, we'll push a patch release.

[ashokdelphia]

Love the PR! Could you please add a changelog? As soon as that's added, we'll push a patch release.

Will do. Sorry to forget that.

[ashokdelphia]

Once the patch release is out, I was thinking it may be worth requesting a CVE and ensuring that people scanning for vulnerable versions are warned about 1.15.0. Please let me know if you have any thoughts about that.

[fitodic]

Love the PR! Could you please add a changelog? As soon as that's added, we'll push a patch release.

Will do. Sorry to forget that.

No worries, most people do, including myself 🙂

Once the patch release is out, I was thinking it may be worth requesting a CVE and ensuring that people scanning for vulnerable versions are warned about 1.15.0. Please let me know if you have any thoughts about that.

Sounds great! Unfortunately, I no longer have write access to this repository so I won't be able to merge this change. I'm sure someone from @Styria-Digital/owners will pick this up.

[ntuckovic]

@fitodic sorry for the inconvenience. We've lower your rights to plain member and with that accidentally removed your maintainer rights for this repo. You have been now declared as an outside collaborator and explicitly given maintaining rights for this repository. Let me know if you have any difficulties with merging PR. Thank you for your efforts!

[fitodic]

@ntuckovic Thanks for the info and the maintainer access! I understand and completely agree with the change in membership status to a regular group member.

@ashokdelphia I'll merge this and release a patch version soon.

[ashokdelphia]

@ashokdelphia I'll merge this and release a patch version soon.

Thank you!

[fitodic]

1.15.1 is uploaded to PyPI.