We use cookies to ensure you get the best experience on our website
Halaman utama Jelajahi Bantuan
Daftar Masuk
0ct0pu5
/
desec-stack
1
0
Fork 0
Berkas Masalah 0 Permintaan Tarik 0 Wiki
Jelajahi Sumber

fix(api): removes routing to Djoser's multi-token-incompatible views

We imported the following URL configuration from Djoser
(djoser/urls/authtoken.py):

	urlpatterns = [
	    url(
		r'^token/create/?$',
		views.TokenCreateView.as_view(),
		name='token-create'
	    ),
	    url(
		r'^token/destroy/?$',
		views.TokenDestroyView.as_view(),
		name='token-destroy'
	    ),
	    url(
		r'^token/login/?$',
		views.TokenCreateView.as_view(),
		name='login'
	    ),
	    url(
		r'^token/logout/?$',
		views.TokenDestroyView.as_view(),
		name='logout'
	    ),
	]

Note that the trailing slash is optional in all four routes. While
the api defined four routes overriding the ones defined by Djoser,
they do not cover the case where no trailing slash is given. However,
Djoser's views are not compatible with api's multi-token solution.

This lead to the situation where an attempted login caused a server
error when an user had more than one token and used the Djoser login
view (by not using a trailing slash).

This commit removes Djoser's views from api's routing altogether (it
is not clear why we kept them in the first place). All four views
(names 'token-create', 'token-destroy', 'login', and 'logout') are
covered by api-defined views.

Functionality changes when no trailing slash is given. Previously,
it was mostly working. Now, we always return 301.
Nils Wisiol 6 tahun lalu
induk
1ccedae394
melakukan
0c09855b36
2 mengubah file dengan 1 tambahan dan 14 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 1 13
      api/desecapi/tests/test_authentication.py
  2. 0 1
      api/desecapi/urls/version_1.py

+ 1 - 13
api/desecapi/tests/test_authentication.py
Tampilan Berkas 

@@ -51,7 +51,7 @@ class SignUpLoginTestCase(DesecTestCase):
 
     LOGIN_ENDPOINT = None
 
 
     REGISTRATION_STATUS = status.HTTP_201_CREATED
 
-    LOGIN_STATUS = status.HTTP_200_OK
 
+    LOGIN_STATUS = status.HTTP_201_CREATED
 
 
     def __init__(self, *args, **kwargs):
 
         super().__init__(*args, **kwargs)
 
@@ -102,24 +102,12 @@ class URLSignUpLoginTestCase(SignUpLoginTestCase):
 
     REGISTRATION_ENDPOINT = '/api/v1/auth/users/'
 
     LOGIN_ENDPOINT = '/api/v1/auth/token/login/'
 
 
-    LOGIN_STATUS = status.HTTP_201_CREATED
 
-
 
 
 class LegacyURLSignUpLoginTestCase(SignUpLoginTestCase):
 
 
     REGISTRATION_ENDPOINT = '/api/v1/auth/users/create/'
 
     LOGIN_ENDPOINT = '/api/v1/auth/token/create/'
 
 
-    LOGIN_STATUS = status.HTTP_201_CREATED
 
-
 
-
 
-class LegacyURLSignUpLoginTestCase2(SignUpLoginTestCase):
 
-
 
-    REGISTRATION_ENDPOINT = '/api/v1/auth/users/create/'
 
-    LOGIN_ENDPOINT = '/api/v1/auth/token/create'
 
-
 
-    LOGIN_STATUS = status.HTTP_200_OK
 
-
 
 
 class TokenAuthenticationTestCase(DynDomainOwnerTestCase):

+ 0 - 1
api/desecapi/urls/version_1.py
Tampilan Berkas 

@@ -20,7 +20,6 @@ auth_urls = [
 
     # Token management
 
     path('token/login/', views.TokenCreateView.as_view(), name='login'),
 
     path('token/logout/', views.TokenDestroyView.as_view(), name='logout'),
 
-    path('', include('djoser.urls.authtoken')),  # note: this is partially overwritten by the two lines above
 
     path('tokens/', include(tokens_router.urls)),
 
 
     # User home

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5