APDS-63, APDS-62 - [BE] add API to refresh token using permanent_token #4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… than device refresh This requires APDS-62 to be finished
poxip
changed the title
poxip
changed the base branch from
feature/APDS-64-logout
to
feature/APDS-62-api-to-refresh-token
poxip
changed the base branch from
feature/APDS-62-api-to-refresh-token
to
feature/APDS-64-logout
poxip
changed the title
poxip
changed the base branch from
feature/APDS-64-logout
to
feature/APDS-64-add-logout
jacoor
suggested changes
Jul 25, 2017
rest_framework_jwt/serializers.py
Outdated
| payload = jwt_payload_handler(device.user) | ||
| return { | ||
| 'token': jwt_encode_handler(payload), | ||
| 'permanent_token': permanent_token, |
There was a problem hiding this comment.
And why do you return permanent token here?
rest_framework_jwt/views.py
Outdated
| @@ -124,7 +154,7 @@ def get(self, request): | |||
| return Response({}, status=status.HTTP_200_OK) | |||
There was a problem hiding this comment.
you can send device id in response to login for them to store which should be send everytime in headers.
Or they can send you permanent token in delete call.
rest_framework_jwt/views.py
Outdated
| @@ -124,7 +154,7 @@ def get(self, request): | |||
| return Response({}, status=status.HTTP_200_OK) | |||
There was a problem hiding this comment.
PLeasae also do not leave it as "200 OK" - just raise exception always until it is implemented.
…django-rest-framework-jwt into feature/APDS-63
jacoor
suggested changes
Jul 27, 2017
| payload = jwt_payload_handler(device.user, device=device) | ||
| return { | ||
| 'token': jwt_encode_handler(payload), | ||
| 'user': device.user |
There was a problem hiding this comment.
why you return user?
User is already(should be) encoded in JWT token, isn't it?
There was a problem hiding this comment.
Even if not, it should not return user, only token. And, btw, why you return manually data instead of using serializers?
There was a problem hiding this comment.
I based this on the JSONWebTokenSerializer above.
There was a problem hiding this comment.
Understood. Our implementation encodes user in JWT token, as you remember. Keep as is for now please. We will update later
@remik FYI.
poxip
added a commit
that referenced
this pull request
Aug 1, 2017
* APDS-64 - [BE] remove Device on logout * Corrects * Replace doublequotes with singlequotes * Remove duplicated lines * Remove python setting from Travis config * Use user agent in logout view * Fix tests * Remove Python 3.3 from travis * CR * CR * APDS-63, APDS-62 - [BE] add API to refresh token using permanent_token (#4) * APDS-63 - [BE] disallow passing permanent_token header in views other than device refresh This requires APDS-62 to be finished * APDS-62 - [BE] add API to refresh token using permanent_token * Replace doublequotes with singlequotes * Update with changes from APDS-62 * Remove python setting from .travis.yml * Correct tests * Auto logout when permanent token has expired * Remove Python 3.3 from travis * CR * Remove addons from .travis.yml
poxip
added a commit
that referenced
this pull request
Aug 1, 2017
* APDS-65 - [BE] modify login API to generate permanent token * Remove TODO * Remove python select from travis config * Use user agent * Remove Python 3.3 from travis * CR * Correct * APDS-64 - [BE] add API to logout device (#6) * APDS-64 - [BE] remove Device on logout * Corrects * Replace doublequotes with singlequotes * Remove duplicated lines * Remove python setting from Travis config * Use user agent in logout view * Fix tests * Remove Python 3.3 from travis * CR * CR * APDS-63, APDS-62 - [BE] add API to refresh token using permanent_token (#4) * APDS-63 - [BE] disallow passing permanent_token header in views other than device refresh This requires APDS-62 to be finished * APDS-62 - [BE] add API to refresh token using permanent_token * Replace doublequotes with singlequotes * Update with changes from APDS-62 * Remove python setting from .travis.yml * Correct tests * Auto logout when permanent token has expired * Remove Python 3.3 from travis * CR * Remove addons from .travis.yml
poxip
added a commit
that referenced
this pull request
Aug 1, 2017
* APDS-61 - add API to list and delete permanent tokens * CR * Use router * Revert tox.ini * Revert Readme * Use format='json' in requests * Modify client.login() call * Add auto_now to Device.last_request_datetime * Revert .travis.yml * Tox: remove py33 and add py36 * tox: revert and add Python 3.3 * Do not test under Python 3.3 * CR Change jwt_secret to UUUIDField with auto value, add Device.id and remove vulnerable data from Device serializer * APDS-65 - [BE] modify login API to generate permanent token (#2) * APDS-65 - [BE] modify login API to generate permanent token * Remove TODO * Remove python select from travis config * Use user agent * Remove Python 3.3 from travis * CR * Correct * APDS-64 - [BE] add API to logout device (#6) * APDS-64 - [BE] remove Device on logout * Corrects * Replace doublequotes with singlequotes * Remove duplicated lines * Remove python setting from Travis config * Use user agent in logout view * Fix tests * Remove Python 3.3 from travis * CR * CR * APDS-63, APDS-62 - [BE] add API to refresh token using permanent_token (#4) * APDS-63 - [BE] disallow passing permanent_token header in views other than device refresh This requires APDS-62 to be finished * APDS-62 - [BE] add API to refresh token using permanent_token * Replace doublequotes with singlequotes * Update with changes from APDS-62 * Remove python setting from .travis.yml * Correct tests * Auto logout when permanent token has expired * Remove Python 3.3 from travis * CR * Remove addons from .travis.yml
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Also disallow passing permanent_token header in views other than the Device's token refresh view (APDS-63)