search

vitalik / django-ninja

💨 Fast, Async-ready, Openapi, type hints based framework for building APIs
https://django-ninja.dev
MIT License
7.36k stars 437 forks source link

After adding the blacklist successfully, the token is still authenticated successfully #1248

Open AshuaiNe opened 4 months ago

AshuaiNe commented 4 months ago

settings.py NINJA_JWT = { 'BLACKLIST_AFTER_ROTATION': True,} INSTALLED_APPS = [ "ninja_jwt.token_blacklist",]

`
@http_post( "/logout",

response=UserLogoutSchema,

    summary="user-logout",
    url_name="user-logout",
    auth=JWTAuth(),
)

def logout(self):
    headers = self.context.request.headers
    token = headers.get("Authorization").split(" ")[1]
    token = RefreshToken(token).blacklist()
    return {"code": 200, "message": "user logout"}

`

Checking JWTAuth found no interaction with the blacklist

baseplate-admin commented 4 months ago

reopen in https://github.com/eadwinCode/django-ninja-extra