feat: integrate caching logic for blacklisted refresh tokens and families

- Added cache check for blacklisted refresh tokens in TokenVerifySerializer
- Enhanced BlacklistMixin and FamilyMixin to support caching for blacklisted tokens and families.

Author: juanbailon

rest_framework_simplejwt/serializers.py

@@ -11,6 +11,7 @@
 from .models import TokenUser
 from .settings import api_settings
 from .tokens import RefreshToken, SlidingToken, Token, UntypedToken, FamilyMixin
+from .cache import blacklist_cache
 
 AuthUser = TypeVar("AuthUser", AbstractBaseUser, TokenUser)
 
@@ -195,6 +196,12 @@ def validate(self, attrs: dict[str, None]) -> dict[Any, Any]:
             and "rest_framework_simplejwt.token_blacklist" in settings.INSTALLED_APPS
         ):
             jti = token.get(api_settings.JTI_CLAIM)
+            if (
+                blacklist_cache.is_refresh_tokens_cache_enabled
+                and blacklist_cache.is_refresh_token_blacklisted(jti)
+            ):
+                raise ValidationError(_("Token is blacklisted"))
+
             if BlacklistedToken.objects.filter(token__jti=jti).exists():
                 raise ValidationError(_("Token is blacklisted"))
 

rest_framework_simplejwt/tokens.py

@@ -27,6 +27,7 @@
     get_md5_hash_password,
     logger,
 )
+from .cache import blacklist_cache
 
 if TYPE_CHECKING:
     from .backends import TokenBackend
@@ -279,6 +280,12 @@ def check_blacklist(self) -> None:
             """
             jti = self.payload[api_settings.JTI_CLAIM]
 
+            if (
+                blacklist_cache.is_refresh_tokens_cache_enabled and  
+                blacklist_cache.is_refresh_token_blacklisted(jti)
+            ):
+                raise RefreshTokenBlacklistedError(_("Token is blacklisted"))
+
             if BlacklistedToken.objects.filter(token__jti=jti).exists():
                 raise RefreshTokenBlacklistedError(_("Token is blacklisted"))
 
@@ -307,7 +314,12 @@ def blacklist(self) -> BlacklistedToken:
                 },
             )
 
-            return BlacklistedToken.objects.get_or_create(token=token)
+            blacklisted_token, created = BlacklistedToken.objects.get_or_create(token=token)
+            
+            if blacklist_cache.is_refresh_tokens_cache_enabled:
+                blacklist_cache.add_refresh_token(jti)
+
+            return blacklisted_token, created
 
         def outstand(self) -> Optional[OutstandingToken]:
             """
@@ -397,7 +409,12 @@ def blacklist_family(self) -> BlacklistedTokenFamily:
             )
 
             # Blacklist the entire family
-            return BlacklistedTokenFamily.objects.get_or_create(family=family)[0]
+            blacklisted_fam, created = BlacklistedTokenFamily.objects.get_or_create(family=family)
+            
+            if blacklist_cache.is_families_cache_enabled:
+                blacklist_cache.add_token_family(family_id)
+
+            return blacklisted_fam
 
         def get_family_id(self) -> Optional[str]:
             return self.payload.get(api_settings.TOKEN_FAMILY_CLAIM, None)
@@ -443,6 +460,12 @@ def check_family_blacklist(token: T) -> None:
                 logger.warning(f"Token of user:{user_id} does not have a family_id. Skipping family blacklist check.")
                 return
 
+            if (
+                blacklist_cache.is_families_cache_enabled and
+                blacklist_cache.is_token_family_blacklisted(family_id)
+            ):
+                raise TokenError(_("Token family is blacklisted"))
+
             if BlacklistedTokenFamily.objects.filter(family__family_id=family_id).exists():
                 raise TokenError(_("Token family is blacklisted"))