Migrate to simple jwt

{{ cookiecutter.name }}/mypy.ini

@@ -22,7 +22,7 @@ plugins =
 [mypy.plugins.django-stubs]
 django_settings_module = "app.settings"
 
-[mypy-rest_framework_jwt.*]
+[mypy-rest_framework_simplejwt.*]
 ignore_missing_imports = on
 
 [mypy-app.testing.api.*]

{{ cookiecutter.name }}/pyproject.toml

@@ -28,6 +28,7 @@ django-split-settings = "^1.3.2"
 django-storages = "^1.14.4"
 djangorestframework = "^3.15.2"
 djangorestframework-camel-case = "^1.4.2"
+djangorestframework-simplejwt = {extras = ["crypto"], version = "^5.5.0"}
 drf-jwt = "^1.19.2"
 drf-spectacular = {extras = ["sidecar"], version = "^0.27.2"}
 pillow = "^10.1.0"

{{ cookiecutter.name }}/src/a12n/api/serializers.py

@@ -0,0 +1,6 @@
+from django.utils.translation import gettext_lazy as _
+from rest_framework_simplejwt.serializers import TokenObtainPairSerializer
+
+
+class TokenObtainPairWithProperMessageSerializer(TokenObtainPairSerializer):
+    default_error_messages = {"no_active_account": _("Invalid username or password.")}

{{ cookiecutter.name }}/src/a12n/api/urls.py

@@ -1,11 +1,13 @@
 from django.urls import path
+from rest_framework_simplejwt import views as jwt
 
 from a12n.api import views
 
 
 app_name = "a12n"
 
 urlpatterns = [
-    path("token/", views.ObtainJSONWebTokenView.as_view()),
-    path("token/refresh/", views.RefreshJSONWebTokenView.as_view()),
+    path("token/", views.TokenObtainPairView.as_view(), name="auth_obtain_pair"),
+    path("token/refresh/", views.TokenRefreshView.as_view(), name="auth_refresh"),
+    path("logout/", jwt.TokenBlacklistView.as_view(), name="auth_logout"),
 ]

{{ cookiecutter.name }}/src/a12n/api/views.py

@@ -1,11 +1,11 @@
-from rest_framework_jwt import views as jwt
+from rest_framework_simplejwt import views as jwt
 
 from a12n.api.throttling import AuthAnonRateThrottle
 
 
-class ObtainJSONWebTokenView(jwt.ObtainJSONWebTokenView):
+class TokenObtainPairView(jwt.TokenObtainPairView):
     throttle_classes = [AuthAnonRateThrottle]
 
 
-class RefreshJSONWebTokenView(jwt.RefreshJSONWebTokenView):
+class TokenRefreshView(jwt.TokenRefreshView):
     throttle_classes = [AuthAnonRateThrottle]

{{ cookiecutter.name }}/src/a12n/tests/jwt_views/conftest.py

@@ -0,0 +1,17 @@
+import pytest
+from rest_framework_simplejwt.tokens import RefreshToken
+
+
+@pytest.fixture
+def user(factory):
+    user = factory.user(username="jwt-tester-user")
+    user.set_password("sn00pd0g")
+    user.save()
+
+    return user
+
+
+@pytest.fixture
+def initial_token_pair(user):
+    refresh = RefreshToken.for_user(user)
+    return {"refresh": str(refresh), "access": str(refresh.access_token)}

{{ cookiecutter.name }}/src/a12n/tests/jwt_views/tests_logout_jwt_view.py

@@ -0,0 +1,40 @@
+import pytest
+from rest_framework_simplejwt.token_blacklist.models import BlacklistedToken
+
+
+pytestmark = [
+    pytest.mark.django_db,
+    pytest.mark.usefixtures("user"),
+]
+
+
+@pytest.fixture
+def logout(as_anon):
+    def _logout(token, expected_status=200):
+        return as_anon.post(
+            "/api/v1/auth/logout/",
+            {
+                "refresh": token,
+            },
+            expected_status=expected_status,
+        )
+
+    return _logout
+
+
+def test_logout_token_saved_to_blacklist(logout, initial_token_pair):
+    logout(initial_token_pair["refresh"])
+
+    assert BlacklistedToken.objects.get(token__token=initial_token_pair["refresh"])
+
+
+def test_logout_refresh_token_impossible_to_reuse(initial_token_pair, logout, as_anon):
+    logout(initial_token_pair["refresh"])
+
+    result = as_anon.post(
+        path="/api/v1/auth/token/refresh/",
+        data={"refresh": initial_token_pair["refresh"]},
+        expected_status=401,
+    )
+
+    assert "blacklisted" in result["detail"]