djangorestframework-simplejwt icon indicating copy to clipboard operation
djangorestframework-simplejwt copied to clipboard

Published 20 hours ago verified publisher icon jazzband

Allow to generate token for inactive user

Open vitalii-bulyzhyn opened this issue 2 years ago • 2 comments

I have next auth logic in my service:

  1. User creates account (by default is_active = False). That should automatically log him in and and send verification email
  2. If user is not verified - functionality will be blocked for him
  3. After the verification - *is_active = True, so user can do whatever he wants

The problem here is that simplejwt does not support token generation for inactive user

I think this logic is quite common, so maybe it has sense to add to settings something like:

SIMPLE_JWT = {
    "ALLOW_INACTIVE": True
}

What do you think?

vitalii-bulyzhyn avatar Sep 03 '22 23:09 vitalii-bulyzhyn

For those one who's looking for this logic, it's in settings.py need to add next:

AUTHENTICATION_BACKENDS = ['django.contrib.auth.backends.AllowAllUsersModelBackend']

def user_authentication_rule(user):
    return user

SIMPLE_JWT = {
   ...,
   'USER_AUTHENTICATION_RULE': 'django.conf.settings.user_authentication_rule',
}

But I'm just wondering if that should be a default behaviour when the user authentication model is set to AllowAllUsersModelBackend

vitalii-bulyzhyn avatar Sep 07 '22 22:09 vitalii-bulyzhyn

Mentioned method does not actually work.

The reason is this line: https://github.com/jazzband/djangorestframework-simplejwt/blob/master/rest_framework_simplejwt/authentication.py#L134

But I agree that the authentication backend should handle things like that.

hvdklauw avatar Jan 16 '24 12:01 hvdklauw