用户更改密码后如何在 Django 中重置 JWT 令牌?
[英]How to reset JWT token in Django after user changes password?
问题描述
我的问题是我想在有人重置他或她的密码时刷新或过期 JWT 令牌。 我的项目在 Django rest 框架中,所以我需要的只是一个关于如何发生的例子。 我需要能够使所有其他令牌无效
温馨问候。
2 个解决方案
解决方案1
0 2020-01-28 12:40:24
默认情况下,如果您不更新会话身份验证,则用户将被注销。 如果你想更新会话身份验证这里是代码
from django.contrib.auth import update_session_auth_hash
#after you change password for User- user
update_session_auth_hash(request, user)
解决方案2
0 2020-01-28 13:51:59
您需要覆盖默认令牌生成过程。
def jwt_create_payload(user):
"""
Create JWT claims token.
To be more standards-compliant please refer to the official JWT standards
specification: https://tools.ietf.org/html/rfc7519#section-4.1
"""
issued_at_time = datetime.utcnow()
expiration_time = issued_at_time + api_settings.JWT_EXPIRATION_DELTA
payload = {
'user_id': user.pk,
'username': '%s-%s' % (user.username + user.password),
'iat': unix_epoch(issued_at_time),
'exp': expiration_time
}
# It's common practice to have user object attached to profile objects.
# If you have some other implementation feel free to create your own
# `jwt_create_payload` method with custom payload.
if hasattr(user, 'profile'):
payload['user_profile_id'] = user.profile.pk if user.profile else None,
# Include original issued at time for a brand new token
# to allow token refresh
if api_settings.JWT_ALLOW_REFRESH:
payload['orig_iat'] = unix_epoch(issued_at_time)
if api_settings.JWT_AUDIENCE is not None:
payload['aud'] = api_settings.JWT_AUDIENCE
if api_settings.JWT_ISSUER is not None:
payload['iss'] = api_settings.JWT_ISSUER
return payload
根据新的jwt_create_payload函数在您的设置中更新JWT_PAYLOAD_HANDLER参数。 当您更改密码时,您的令牌将失效。
如何在用户更改密码或请求重置密码时收到通知?
[英]How to get notified when a user changes password or requests a password reset?
测试Django 1-5重置密码表单 - 如何为测试生成令牌?
[英]Testing Django 1-5 Reset Password Form - how to generate the token for the test?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.