Skip to content

Comments

Harden revoke access token for password changes#746

Open
sevdog wants to merge 1 commit intojazzband:masterfrom
sevdog:harden-revoke-token-claim
Open

Harden revoke access token for password changes#746
sevdog wants to merge 1 commit intojazzband:masterfrom
sevdog:harden-revoke-token-claim

Conversation

@sevdog
Copy link

@sevdog sevdog commented Aug 23, 2023

This is an enhancement of #719 which:

  • uses django built-in cryptogaphic methods
  • uses the same logic used for session in django (see source)
  • align with the usage of SECRET_KEY_FALLBACKS settings (introduced in v4.1)

It also cleans up a bit the authentication tests: there is no need to replicate every logic of test_get_user in test_get_user_with_check_revoke_token.

Andrew-Chen-Wang
Andrew-Chen-Wang approved these changes Dec 4, 2023
View reviewed changes
Copy link
Member

@Andrew-Chen-Wang Andrew-Chen-Wang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great stuff, thanks so much!

@kosuke-zhang
Copy link

kosuke-zhang commented Aug 26, 2024

I need this feature. When can it be merged and release?

@kosuke-zhang kosuke-zhang mentioned this pull request Oct 2, 2024
Open
@sevdog sevdog force-pushed the harden-revoke-token-claim branch from 27f4675 to cebedb6 Compare March 6, 2025 15:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Andrew-Chen-Wang Andrew-Chen-Wang Andrew-Chen-Wang approved these changes

Assignees

No one assigned

Labels

enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sevdog @kosuke-zhang @Andrew-Chen-Wang