Issue: Fix Logout Functionality for Non-Existent Tokens #41
Description
Issue: Fix Logout Functionality for Non-Existent Tokens
Summary
This issue details the changes made to the logout functionality in the application to handle the refresh token does not exist or has already been invalidated. The goal is to ensure proper session management and enhance user security.
Changes to the Views
- Logout View:
- Updated the logout implementation to check if the refresh token exists before attempting to blacklist it.
- Added error handling to return appropriate responses when the token is invalid or does not exist.
New API View: LogoutView
- View Implementation:
TheLogoutViewis designed to handle user logout requests and blacklist the provided refresh token.
from rest_framework_simplejwt.views import TokenBlacklistView
from rest_framework.response import Response
from rest_framework import status
class LogoutView(TokenBlacklistView):
def post(self, request):
try:
refresh_token = request.data.get("refresh")
if not refresh_token:
return Response({
"statusCode": 400,
"message": "Refresh token is required"
}, status=status.HTTP_400_BAD_REQUEST)
token = RefreshToken(refresh_token)
token.blacklist()
return Response({
"statusCode": 200,
"message": "Logged out successfully"
}, status=status.HTTP_200_OK)
except Exception as e:
return Response({
"statusCode": 400,
"message": str(e)
}, status=status.HTTP_400_BAD_REQUEST)
#Endpoint
path('log-out/', LogoutView.as_view(), name='logout'),