Merge pull request #2 from eadwinCode/simple_jwt_merge

eadwinCode · web-flow · commit 98f19ce6dc93 · 2021-11-01T18:17:02.000+01:00
Simple jwt merge
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
@@ -0,0 +1,46 @@
+# Code of Conduct
+
+As contributors and maintainers of the Jazzband projects, and in the interest of
+fostering an open and welcoming community, we pledge to respect all people who
+contribute through reporting issues, posting feature requests, updating documentation,
+submitting pull requests or patches, and other activities.
+
+We are committed to making participation in the Jazzband a harassment-free experience
+for everyone, regardless of the level of experience, gender, gender identity and
+expression, sexual orientation, disability, personal appearance, body size, race,
+ethnicity, age, religion, or nationality.
+
+Examples of unacceptable behavior by participants include:
+
+- The use of sexualized language or imagery
+- Personal attacks
+- Trolling or insulting/derogatory comments
+- Public or private harassment
+- Publishing other's private information, such as physical or electronic addresses,
+  without explicit permission
+- Other unethical or unprofessional conduct
+
+The Jazzband roadies have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are not
+aligned to this Code of Conduct, or to ban temporarily or permanently any contributor
+for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+
+By adopting this Code of Conduct, the roadies commit themselves to fairly and
+consistently applying these principles to every aspect of managing the jazzband
+projects. Roadies who do not follow or enforce the Code of Conduct may be permanently
+removed from the Jazzband roadies.
+
+This code of conduct applies both within project spaces and in public spaces when an
+individual is representing the project or its community.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by
+contacting the roadies at `roadies@jazzband.co`. All complaints will be reviewed and
+investigated and will result in a response that is deemed necessary and appropriate to
+the circumstances. Roadies are obligated to maintain confidentiality with regard to the
+reporter of an incident.
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version
+1.3.0, available at [https://contributor-covenant.org/version/1/3/0/][version]
+
+[homepage]: https://contributor-covenant.org
+[version]: https://contributor-covenant.org/version/1/3/0/
diff --git a/docs/docs/settings.rst b/docs/docs/settings.rst
@@ -37,6 +37,7 @@ Some of Simple JWT's behavior can be customized through settings variables in
 
       'AUTH_TOKEN_CLASSES': ('ninja_jwt.tokens.AccessToken',),
       'TOKEN_TYPE_CLAIM': 'token_type',
+      'TOKEN_USER_CLASS': 'ninja_jwt.models.TokenUser',
 
       'JTI_CLAIM': 'jti',
 
@@ -235,6 +236,14 @@ identifier is used to identify revoked tokens in the blacklist app.  It may be
 necessary in some cases to use another claim besides the default "jti" claim to
 store such a value.
 
+``TOKEN_USER_CLASS``
+--------------------
+
+A stateless user object which is backed by a validated token. Used only for
+the experimental JWTTokenUserAuthentication authentication backend. The value
+is a dotted path to your subclass of ``rest_framework_simplejwt.models.TokenUser``,
+which also is the default.
+
 ``SLIDING_TOKEN_LIFETIME``
 --------------------------
 
diff --git a/ninja_jwt/schema.py b/ninja_jwt/schema.py
@@ -1,5 +1,6 @@
 from typing import Dict, Optional, Type, cast
 
+from django.conf import settings
 from django.contrib.auth import authenticate, get_user_model
 from django.contrib.auth.models import AbstractUser, update_last_login
 from django.utils.translation import gettext_lazy as _
@@ -214,7 +215,10 @@ def validate_schema(cls, values: Dict) -> dict:
             raise exceptions.ValidationError({"token": "token is required"})
         token = UntypedToken(values["token"])
 
-        if api_settings.BLACKLIST_AFTER_ROTATION:
+        if (
+            api_settings.BLACKLIST_AFTER_ROTATION
+            and "ninja_jwt.token_blacklist" in settings.INSTALLED_APPS
+        ):
             jti = token.get(api_settings.JTI_CLAIM)
             if BlacklistedToken.objects.filter(token__jti=jti).exists():
                 raise exceptions.ValidationError("Token is blacklisted")
