search

jpadilla / django-rest-framework-jwt

JSON Web Token Authentication support for Django REST Framework
http://jpadilla.github.io/django-rest-framework-jwt/
MIT License
3.19k stars 649 forks source link

Refresh token after username change #345

Closed GRLeo closed 7 years ago

GRLeo commented 7 years ago

I allow my users to change their usernames so I need to update their tokens after that action. I have a custom refresh serializer:

class CustomRefreshJSONWebTokenSerializer(RefreshJSONWebTokenSerializer):
    """Checks user using user_id instead of username"""
    def _check_user(self, payload):
        user_id = api_settings.JWT_PAYLOAD_GET_USER_ID_HANDLER(payload)

        if not user_id:
            msg = _('Invalid payload.')
            raise serializers.ValidationError(msg)

        # Make sure user exists
        try:
            user = get_user_model().objects.get(pk=user_id)
        except get_user_model().DoesNotExist:
            msg = _("User doesn't exist.")
            raise serializers.ValidationError(msg)

        if not user.is_active:
            msg = _('User account is disabled.')
            print('Disabled')
            raise serializers.ValidationError(msg)
        return user

When I try to refresh token after username change I receive "Invalid signature."

Is it possible to refresh token after username change?

GRLeo commented 7 years ago

I had a mistake, I was making httpredirect before the end of refresh ajax call.

This custom serializer works fine.