fix: hashed password checks on refresh token.

sweeftdigital · Oct 31, 2024 · 89844a6 · 89844a6
1 parent 9ecc98a
commit 89844a6
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/apis/serializers.py b/apis/serializers.py
@@ -216,7 +216,7 @@ def validate(self, attrs):
         user = User.objects.get(id=user_id)
         if settings.SIMPLE_JWT.get("REVOKE_TOKEN_CLAIM"):
             current_user_password = get_md5_hash_password(user.password)
-            if current_user_password != refresh.payload.get("REVOKE_TOKEN_CLAIM"):
+            if current_user_password != refresh.get("password"):
                 raise serializers.ValidationError({"message": _("Invalid token payload")})
 
         # Set additional claims in the access token manually