From 2ed696f90fc9428531768967de0e1fbce9551a8d Mon Sep 17 00:00:00 2001
From: annisadevin <adevi.nurmalasari@gmail.com>
Date: Sun, 1 May 2022 10:37:57 +0700
Subject: [PATCH] Menambahkan view dan serializer logout
---
auth_remindme/settings.py | 12 ++++++++----
oauth/serializers.py | 3 +++
oauth/urls.py | 1 +
oauth/views.py | 25 ++++++++++++++++++++-----
4 files changed, 32 insertions(+), 9 deletions(-)
diff --git a/auth_remindme/settings.py b/auth_remindme/settings.py
index 3b79de8..9ed7288 100644
--- a/auth_remindme/settings.py
+++ b/auth_remindme/settings.py
@@ -58,6 +58,7 @@ INSTALLED_APPS = [
'main',
'oauth',
'rest_framework_simplejwt',
+ 'rest_framework_simplejwt.token_blacklist',
]
MIDDLEWARE = [
@@ -170,7 +171,10 @@ STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage'
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
- )
+ ),
+ 'DEFAULT_PERMISSION_CLASSES': (
+ 'rest_framework.permissions.IsAuthenticated',
+ ),
}
AUTH_USER_MODEL = "oauth.UserAccount"
@@ -178,9 +182,9 @@ AUTH_USER_MODEL = "oauth.UserAccount"
SIMPLE_JWT = {
'ACCESS_TOKEN_LIFETIME': timedelta(minutes=5),
'REFRESH_TOKEN_LIFETIME': timedelta(days=1),
- 'ROTATE_REFRESH_TOKENS': False,
- 'BLACKLIST_AFTER_ROTATION': False,
- 'UPDATE_LAST_LOGIN': False,
+ 'ROTATE_REFRESH_TOKENS': True,
+ 'BLACKLIST_AFTER_ROTATION': True,
+ 'UPDATE_LAST_LOGIN': True,
'ALGORITHM': 'HS256',
'SIGNING_KEY': SECRET_KEY,
diff --git a/oauth/serializers.py b/oauth/serializers.py
index 221d266..5b3ed9e 100644
--- a/oauth/serializers.py
+++ b/oauth/serializers.py
@@ -20,3 +20,6 @@ class UserSerializer(serializers.ModelSerializer):
return instance
except Exception as err:
raise err
+
+class LogoutSerializer(serializers.Serializer):
+ refresh_token = serializers.CharField()
\ No newline at end of file
diff --git a/oauth/urls.py b/oauth/urls.py
index acff786..8d843f9 100644
--- a/oauth/urls.py
+++ b/oauth/urls.py
@@ -14,4 +14,5 @@ urlpatterns = [
path('api/token/verify/', TokenVerifyView.as_view(), name='token_verify'),
path('api/create-user/', views.UserCreate.as_view()),
path('api/resource/', views.ResourceTest.as_view()),
+ path('api/logout/', views.Logout.as_view()),
]
diff --git a/oauth/views.py b/oauth/views.py
index 8b5146c..18b8deb 100644
--- a/oauth/views.py
+++ b/oauth/views.py
@@ -1,9 +1,8 @@
from rest_framework import generics
from rest_framework.exceptions import ValidationError
-from rest_framework.response import Response
-from rest_framework.views import APIView
+from rest_framework_simplejwt.tokens import RefreshToken
from .models import UserAccount
-from .serializers import UserSerializer
+from .serializers import LogoutSerializer, UserSerializer
from rest_framework.permissions import AllowAny, IsAuthenticated
from djangorestframework_camel_case.parser import (CamelCaseJSONParser,
CamelCaseMultiPartParser,
@@ -29,6 +28,22 @@ class UserCreate(generics.CreateAPIView):
class ResourceTest(generics.ListAPIView):
queryset = UserAccount.objects.all()
serializer_class = UserSerializer
- permission_classes = [AllowAny]
+ permission_classes = [IsAuthenticated]
parser_classes = (CamelCaseJSONParser, CamelCaseFormParser, CamelCaseMultiPartParser, )
- renderer_classes = (CamelCaseJSONRenderer, CamelCaseBrowsableAPIRenderer, )
\ No newline at end of file
+ renderer_classes = (CamelCaseJSONRenderer, CamelCaseBrowsableAPIRenderer, )
+
+# Antara pakai logout ini atau langsung di react
+class Logout(generics.CreateAPIView):
+ serializer_class = LogoutSerializer
+ permission_classes = [IsAuthenticated]
+ parser_classes = (CamelCaseJSONParser, CamelCaseFormParser, CamelCaseMultiPartParser, )
+ renderer_classes = (CamelCaseJSONRenderer, CamelCaseBrowsableAPIRenderer, )
+
+ def perform_create(self, request):
+ try:
+ refresh_token = request.data["refresh_token"]
+ token = RefreshToken(refresh_token)
+ token.blacklist()
+ except Exception as err:
+ error_message = {'error': err}
+ raise ValidationError(error_message)
--
GitLab