diff --git a/dj_rest_auth/views.py b/dj_rest_auth/views.py index 9e84deff..a80cd9a2 100644 --- a/dj_rest_auth/views.py +++ b/dj_rest_auth/views.py @@ -177,20 +177,21 @@ def logout(self, request): if 'rest_framework_simplejwt.token_blacklist' in settings.INSTALLED_APPS: # add refresh token to blacklist - token: RefreshToken = RefreshToken(None) - if api_settings.JWT_AUTH_HTTPONLY: - try: - token = RefreshToken(request.COOKIES[api_settings.JWT_AUTH_REFRESH_COOKIE]) - except KeyError: - response.data = {'detail': _('Refresh token was not included in cookie data.')} - response.status_code =status.HTTP_401_UNAUTHORIZED - else: - try: - token = RefreshToken(request.data['refresh']) - except KeyError: - response.data = {'detail': _('Refresh token was not included in request data.')} - response.status_code =status.HTTP_401_UNAUTHORIZED try: + token: RefreshToken = RefreshToken(None) + if api_settings.JWT_AUTH_HTTPONLY: + try: + token = RefreshToken(request.COOKIES[api_settings.JWT_AUTH_REFRESH_COOKIE]) + except KeyError: + response.data = {'detail': _('Refresh token was not included in cookie data.')} + response.status_code =status.HTTP_401_UNAUTHORIZED + else: + try: + token = RefreshToken(request.data['refresh']) + except KeyError: + response.data = {'detail': _('Refresh token was not included in request data.')} + response.status_code =status.HTTP_401_UNAUTHORIZED + token.blacklist() except (TokenError, AttributeError, TypeError) as error: if hasattr(error, 'args'):