From e7c53489e45a7c9e0863fdb68bdc638ec3d6f5ac Mon Sep 17 00:00:00 2001
From: Niaz <faridani.rad@gmail.com>
Date: Sat, 14 Sep 2024 16:39:24 +0200
Subject: [PATCH] Activate blacklist app

Found by ZeroPath's Beta Business Logic Scanner https://zeropath.com
---
 librephotos/settings/production.py | 1 +
 librephotos/urls.py                | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/librephotos/settings/production.py b/librephotos/settings/production.py
index 94790781cf..5c0014aa24 100644
--- a/librephotos/settings/production.py
+++ b/librephotos/settings/production.py
@@ -65,6 +65,7 @@
     "api",
     "nextcloud",
     "rest_framework",
+    "rest_framework_simplejwt.token_blacklist",
     "corsheaders",
     "chunked_upload",
     "django_extensions",
diff --git a/librephotos/urls.py b/librephotos/urls.py
index df279789b4..5c4d74dbfe 100644
--- a/librephotos/urls.py
+++ b/librephotos/urls.py
@@ -23,7 +23,11 @@
     TokenObtainPairSerializer,
     TokenRefreshSerializer,
 )
-from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView
+from rest_framework_simplejwt.views import (
+    TokenBlacklistView,
+    TokenObtainPairView,
+    TokenRefreshView,
+)
 
 from api.views import (
     album_auto,
@@ -215,6 +219,7 @@ def post(self, request, *args, **kwargs):
     re_path(r"^api/wordcloud", dataviz.SearchTermWordCloudView.as_view()),
     re_path(r"^api/auth/token/obtain/$", CustomTokenObtainPairView.as_view()),
     re_path(r"^api/auth/token/refresh/$", CustomTokenRefreshView.as_view()),
+    re_path(r"^api/auth/token/blacklist/", TokenBlacklistView.as_view()),
     re_path(
         r"^media/(?P<path>.*)/(?P<fname>.*)",
         views.MediaAccessFullsizeOriginalView.as_view(),