APDS-61 - [BE] add API to list and delete permanent tokens #1
Conversation
rest_framework_jwt/views.py
Outdated
| def get_queryset(self): | ||
| return self.queryset.filter(user=self.request.user) | ||
|
|
||
| def get(self, *args, **kwargs): |
There was a problem hiding this comment.
Why do we need this and below if you have mixins?
There was a problem hiding this comment.
Mixins used here only add the "destroy" and "list" methods
There was a problem hiding this comment.
We used mixins so router should discover it. Check: http://www.django-rest-framework.org/api-guide/viewsets/
tests/test_views.py
Outdated
| @@ -492,3 +495,38 @@ def test_refresh_jwt_after_refresh_expiration(self): | |||
| def tearDown(self): | |||
| # Restore original settings | |||
| api_settings.JWT_ALLOW_REFRESH = DEFAULTS['JWT_ALLOW_REFRESH'] | |||
|
|
|||
|
|
|||
| class DeviceViewTests(TokenTestCase): | |||
There was a problem hiding this comment.
Please add devices for not your user to make sure we are not showing it and can't delete.
tests/urls.py
Outdated
| @@ -28,6 +28,8 @@ def post(self, request): | |||
| url(r'^auth-token/$', views.obtain_jwt_token), | |||
| url(r'^auth-token-refresh/$', views.refresh_jwt_token), | |||
| url(r'^auth-token-verify/$', views.verify_jwt_token), | |||
| url(r'^devices/(?P<pk>[\w]+)$', views.device_delete_view), | |||
|
The tests are okay (see details), Travis does not provide Python3.3 somehow (it works in the original repo though). We do not have to drop support for DRF 3.0, 3.1, 3.2 because those versions are only supposed to work with Django 1.8 and 1.9. |
poxip
changed the title
| user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE) | ||
| name = models.CharField(_('Device name'), max_length=255) | ||
| details = models.CharField(_('Device details'), max_length=255, blank=True) | ||
| last_request_datetime = models.DateTimeField(auto_now=True) |
There was a problem hiding this comment.
Missing empty line at the end of file.
Pylint and pep8 will complain.
There was a problem hiding this comment.
GitHub does not show the last empty line as far as I remember. The flake8 task in tox did not complain, see: https://travis-ci.org/ArabellaTech/django-rest-framework-jwt/jobs/256993179
rest_framework_jwt/serializers.py
Outdated
| class DeviceSerializer(serializers.ModelSerializer): | ||
| class Meta: | ||
| model = Device | ||
| fields = ['permanent_token', 'jwt_secret', 'created', 'name', 'details', 'last_request_datetime'] |
There was a problem hiding this comment.
WHat?! you return JWT secret to the world?
http://getblimp.github.io/django-rest-framework-jwt/#jwt_secret_key Please check documentation what JWT secret is.
tests/test_views.py
Outdated
| self.assertEqual(response.status_code, 200) | ||
| self.assertEqual(len(response.data), 1) | ||
| self.assertEqual(set(response.data[0].keys()), { | ||
| 'permanent_token', 'jwt_secret', 'created', 'name', 'details', 'last_request_datetime' |
There was a problem hiding this comment.
Please, do not make any field secret public. After all, there is a reason why they call it secret.
http://getblimp.github.io/django-rest-framework-jwt/#jwt_secret_key
* APDS-65 - [BE] modify login API to generate permanent token * Remove TODO * Remove python select from travis config * Use user agent * Remove Python 3.3 from travis * CR * Correct * APDS-64 - [BE] add API to logout device (#6) * APDS-64 - [BE] remove Device on logout * Corrects * Replace doublequotes with singlequotes * Remove duplicated lines * Remove python setting from Travis config * Use user agent in logout view * Fix tests * Remove Python 3.3 from travis * CR * CR * APDS-63, APDS-62 - [BE] add API to refresh token using permanent_token (#4) * APDS-63 - [BE] disallow passing permanent_token header in views other than device refresh This requires APDS-62 to be finished * APDS-62 - [BE] add API to refresh token using permanent_token * Replace doublequotes with singlequotes * Update with changes from APDS-62 * Remove python setting from .travis.yml * Correct tests * Auto logout when permanent token has expired * Remove Python 3.3 from travis * CR * Remove addons from .travis.yml
This also closes APDS-60.
In this PR I had to drop support for DRF 3.1 and 3.2, because their code is incompatible with Django >= 1.10 (see: encode/django-rest-framework#3252 - it has been fixed in 3.3). I can't do anything about it to make it backwards compatible.