change structure of permissions output
This commit is contained in:
@@ -1,7 +1,6 @@
|
||||
import typing
|
||||
from rest_framework.permissions import AllowAny
|
||||
from apps.authentication.api.v1.serializers.jwt import CustomizedTokenObtainPairSerializer
|
||||
from rest_framework_simplejwt.authentication import JWTAuthentication
|
||||
from rest_framework.decorators import action, permission_classes
|
||||
from apps.authentication import permissions as auth_permissions
|
||||
from apps.authentication.api.v1.serializers.serializer import (
|
||||
@@ -14,6 +13,8 @@ from apps.authentication.api.v1.serializers.serializer import (
|
||||
)
|
||||
from rest_framework_simplejwt.views import TokenObtainPairView
|
||||
from apps.authorization.api.v1 import api as authorize_view
|
||||
from rest_framework.permissions import IsAuthenticated
|
||||
from apps.authentication.tools import get_token_jti
|
||||
from rest_framework.viewsets import ModelViewSet
|
||||
from apps.authentication.models import (
|
||||
User,
|
||||
@@ -24,16 +25,14 @@ from apps.authentication.models import (
|
||||
BankAccountInformation,
|
||||
BlacklistedAccessToken
|
||||
)
|
||||
from django.db import transaction
|
||||
from rest_framework.response import Response
|
||||
from common.tools import CustomOperations
|
||||
from rest_framework.views import APIView
|
||||
from django.core.cache import cache
|
||||
from rest_framework import status
|
||||
from django.db import transaction
|
||||
from common.sms import send_sms
|
||||
import random
|
||||
from rest_framework.views import APIView
|
||||
from rest_framework.permissions import IsAuthenticated
|
||||
from apps.authentication.tools import get_token_jti
|
||||
|
||||
|
||||
class CustomizedTokenObtainPairView(TokenObtainPairView):
|
||||
@@ -41,24 +40,6 @@ class CustomizedTokenObtainPairView(TokenObtainPairView):
|
||||
serializer_class = CustomizedTokenObtainPairSerializer
|
||||
|
||||
|
||||
class LogoutView(APIView):
|
||||
permission_classes = [IsAuthenticated]
|
||||
|
||||
def post(self, request):
|
||||
token_str = request.auth # access token from header
|
||||
jti, user_id = get_token_jti(str(token_str))
|
||||
|
||||
if not jti:
|
||||
return Response({'detail': 'Invalid token'}, status=status.HTTP_400_BAD_REQUEST)
|
||||
|
||||
BlacklistedAccessToken.objects.get_or_create(jti=jti, defaults={
|
||||
'token': token_str,
|
||||
'user_id': user_id,
|
||||
})
|
||||
|
||||
return Response({'detail': 'Access token blacklisted.'}, status=status.HTTP_200_OK)
|
||||
|
||||
|
||||
class UserViewSet(ModelViewSet):
|
||||
""" Crud operations for user model """
|
||||
queryset = User.objects.all()
|
||||
@@ -307,3 +288,23 @@ class GeneralOTPViewSet(ModelViewSet):
|
||||
if entered_code == cached_code:
|
||||
return Response(status=status.HTTP_200_OK)
|
||||
return Response(status=status.HTTP_403_FORBIDDEN)
|
||||
|
||||
|
||||
class LogoutView(APIView):
|
||||
""" logout user """
|
||||
|
||||
permission_classes = [IsAuthenticated]
|
||||
|
||||
def post(self, request): # noqa
|
||||
token_str = request.auth # access token from header
|
||||
jti, user_id = get_token_jti(str(token_str))
|
||||
|
||||
if not jti:
|
||||
return Response({'detail': 'Invalid token'}, status=status.HTTP_400_BAD_REQUEST)
|
||||
|
||||
BlacklistedAccessToken.objects.get_or_create(jti=jti, defaults={
|
||||
'token': token_str,
|
||||
'user_id': user_id,
|
||||
})
|
||||
|
||||
return Response({'detail': 'Access token blacklisted.'}, status=status.HTTP_200_OK)
|
||||
|
||||
Reference in New Issue
Block a user