Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Harden revoke access token for password changes #746

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

sevdog
Copy link

@sevdog sevdog commented Aug 23, 2023

This is an enhancement of #719 which:

  • uses django built-in cryptogaphic methods
  • uses the same logic used for session in django (see source)
  • align with the usage of SECRET_KEY_FALLBACKS settings (introduced in v4.1)

It also cleans up a bit the authentication tests: there is no need to replicate every logic of test_get_user in test_get_user_with_check_revoke_token.

Copy link
Member

@Andrew-Chen-Wang Andrew-Chen-Wang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great stuff, thanks so much!

@kosuke-zhang
Copy link

I need this feature. When can it be merged and release?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants