Open ghost opened 6 years ago
1) you can use JWT_GET_USER_SECRET_KEY, so you basically generate a secret key from the last_login. Mix it with user's password (hash) or something similar. This will invalidate the previous tokens on new login or on password change. 2) store user's unsuccessful attempts somewhere and just check them in the authenticate method
@pkariz thank you for your anwser, the first i have run well with your advice, but by the second question how could i do , the request.Meta["remote_addr"]
can not be got from the Serilizer-obj
because the request not in kwargs keys , i have replaced it by making a login middleware after the view return . but i think it's not a very good idea
I have try it that i want to solve thsi two problems,
then i tred it in this view, but the msg in last line msg can not be use .