search

Tivix / django-rest-auth

This app makes it extremely easy to build Django powered SPA's (Single Page App) or Mobile apps exposing all registration and authentication related functionality as CBV's (Class Base View) and REST (JSON)
www.tivix.com
MIT License
2.41k stars 661 forks source link

LOGOUT_ON_PASSWORD_CHANGE: Is this session based or token based #634

Open sant527 opened 3 years ago

sant527 commented 3 years ago

I am using django-rest-auth

I am implementing password change.

I found this option: at https://django-rest-auth.readthedocs.io/en/latest/api_endpoints.html

LOGOUT_ON_PASSWORD_CHANGE = False to keep the user logged in after password change

I wanted to understand the flow.

I sent my password details 

old_password
new_password1
new_password2

to the endpoint /rest-auth/password/change/ (POST)

curl --location --request POST "http://127.0.0.1:8000/rest-auth/password/change/" \
--header "Authorization:Token a42fdd3938ad24d8abd064d3fedhsh599115e38b6a" \
--header 'Content-Type: application/json' \
--data-raw '{ 
    "old_password": "oldP"
    "new_password1": "newP"
    "new_password2": "newP"
}'

Now what happens to my token on LOGOUT_ON_PASSWORD_CHANGE = True