Skip to content
This repository has been archived by the owner on May 26, 2020. It is now read-only.

Optional user based secret key #419

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Conversation

slykar
Copy link

@slykar slykar commented Jan 25, 2018

Use JWT_GET_USER_SECRET_KEY only when you actually pass user_id in the payload.

This way you are able to use user-based secret keys and fallback to a default secret key when user is irrelevant.

Also, without this check, you will be getting DoesNotExist error when trying to generate a token for payload without user_id.

Use `JWT_GET_USER_SECRET_KEY` only when you actually pass `user_id` in the `payload`.

This way you are able to use user-based secret keys and fallback to a default secret key when user is irrelevant.
@slykar
Copy link
Author

slykar commented Jan 25, 2018

This could be also achieved with #416 from what I can see

@codecov
Copy link

codecov bot commented Jan 25, 2018

Codecov Report

Merging #419 into master will decrease coverage by 0.33%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #419      +/-   ##
==========================================
- Coverage   90.67%   90.34%   -0.34%     
==========================================
  Files          14       12       -2     
  Lines         847      818      -29     
  Branches       29       29              
==========================================
- Hits          768      739      -29     
  Misses         66       66              
  Partials       13       13
Flag Coverage Δ
#codecov 90.34% <ø> (-0.34%) ⬇️
#dj110 87.04% <ø> (-0.45%) ⬇️
#dj111 87.04% <ø> (-0.45%) ⬇️
#dj18 89.48% <ø> (-0.36%) ⬇️
#dj19 89.48% <ø> (-0.36%) ⬇️
#drf31 89.48% <ø> (-0.36%) ⬇️
#drf32 89.48% <ø> (-0.36%) ⬇️
#drf33 89.48% <ø> (-0.36%) ⬇️
#drf34 90.34% <ø> (-0.34%) ⬇️
#drf35 89.97% <ø> (-0.35%) ⬇️
#drf36 89.97% <ø> (-0.35%) ⬇️
#py27 90.34% <ø> (-0.34%) ⬇️
#py33 89.11% <ø> (-0.38%) ⬇️
#py34 89.97% <ø> (+0.48%) ⬆️
#py35 87.04% <ø> (?)
#py36 87.04% <ø> (?)
Impacted Files Coverage Δ
rest_framework_jwt/models.py

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0a0bd40...7abc026. Read the comment docs.

@sergeynikiforov
Copy link

@slykar Hey, what about wrapping the call to User.objects.get(...) in try...except catching DoesNotExist errors and re-raising them as jwt.InvalidTokenError or smth?

@slykar
Copy link
Author

slykar commented Feb 28, 2018

@sergeynikiforov I'm not sure. What I would like to achieve is to use the default key if user_id is not passed. I wan't to control whether to use user based secret or not when calling jwt_encode_handler.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants