Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix user_id type mismatch when user claim is not pk #851

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Fix user_id type mismatch when user claim is not pk #851

wants to merge 2 commits into from

Conversation

jdg-journeyfront
Copy link

Regarding changes made at https://github.com/jazzband/djangorestframework-simplejwt/pull/806/files

We're using a USER_ID_CLAIM that is neither the primary key field nor is it the
same type as the primary key, (tests are using the email column but we use a
UUID column secondary key) and these previous changes fail at this point when
attempting to create an OutstandingToken, because it assumes that the ID pulled
out of the token claims is usable as the database key for a user.

So to mitigate this gets the user from the database using the USER_ID_FIELD
setting and uses that in the get_or_create call.

jdg-journeyfront and others added 2 commits January 8, 2025 09:56
@jdg-journeyfront
Fix user_id type mismatch when user claim is not pk
d2aae8f 
Regarding changes made at https://github.com/jazzband/djangorestframework-simplejwt/pull/806/files

We're using a USER_ID_CLAIM that is neither the primary key field nor is it the
same type as the primary key, and these previous changes fail at this point
when attempting to create an OutstandingToken, because it assumes that the ID
pulled out of the token claims is usable as the database key for a user.

So to mitigate this gets the user from the database using the USER_ID_FIELD
setting and uses that in the get_or_create call.
@pre-commit-ci
[pre-commit.ci] auto fixes from pre-commit.com hooks
834a89d 
for more information, see https://pre-commit.ci
vgrozdanic
vgrozdanic reviewed Jan 11, 2025
View reviewed changes
tests/test_token_blacklist.py
token.blacklist()
outstanding_token = OutstandingToken.objects.get(token=token)
self.assertEqual(outstanding_token.user, self.user)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please also add a test which will ensure that the User.DoesNotExist error is properly handled when the user does not exist anymore?

E.g:

  1. create the token,
  2. delete self.user object with self.user.delete()
  3. call token.blacklist()
  4. assert that there is a BlacklistedToken record

@lalit-sh
Copy link

Hi, When can we expect this to be merged ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vgrozdanic vgrozdanic vgrozdanic left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jdg-journeyfront @lalit-sh @vgrozdanic