Skip to content

Commit

Permalink
Fix: Disable refresh token for inactive user.
Browse files Browse the repository at this point in the history
  • Loading branch information
ajay09 committed May 31, 2024
1 parent d66d246 commit 76741ff
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions rest_framework_simplejwt/tokens.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
from uuid import uuid4

from django.conf import settings
from django.contrib.auth import get_user_model
from django.contrib.auth.models import AbstractBaseUser
from django.utils.module_loading import import_string
from django.utils.translation import gettext_lazy as _
Expand Down Expand Up @@ -246,8 +247,15 @@ class BlacklistMixin(Generic[T]):
def verify(self, *args, **kwargs) -> None:
self.check_blacklist()

self.check_user_active()

super().verify(*args, **kwargs) # type: ignore

def check_user_active(self):
user_id = self.payload.get(api_settings.USER_ID_CLAIM, None)
if user_id and not get_user_model().objects.get(**{api_settings.USER_ID_FIELD: user_id}).is_active:
raise TokenError(_("User is inactive"))

def check_blacklist(self) -> None:
"""
Checks if this token is present in the token blacklist. Raises
Expand Down

0 comments on commit 76741ff

Please sign in to comment.