fix: Token.outstand forces users to install blacklist app (#884)

Andrew-Chen-Wang · web-flow · commit 027c79c8f35b · 2025-03-10T14:39:06.000-04:00
diff --git a/rest_framework_simplejwt/tokens.py b/rest_framework_simplejwt/tokens.py
@@ -205,30 +205,12 @@ def check_exp(
         if claim_time <= current_time - leeway:
             raise TokenError(format_lazy(_("Token '{}' claim has expired"), claim))
 
-    def outstand(self) -> OutstandingToken:
+    def outstand(self) -> Optional[OutstandingToken]:
         """
         Ensures this token is included in the outstanding token list and
         adds it to the outstanding token list if not.
         """
-        jti = self.payload[api_settings.JTI_CLAIM]
-        exp = self.payload["exp"]
-        user_id = self.payload.get(api_settings.USER_ID_CLAIM)
-        User = get_user_model()
-        try:
-            user = User.objects.get(**{api_settings.USER_ID_FIELD: user_id})
-        except User.DoesNotExist:
-            user = None
-
-        # Ensure outstanding token exists with given jti
-        return OutstandingToken.objects.get_or_create(
-            jti=jti,
-            defaults={
-                "user": user,
-                "created_at": self.current_time,
-                "token": str(self),
-                "expires_at": datetime_from_epoch(exp),
-            },
-        )
+        return None
 
     @classmethod
     def for_user(cls: type[T], user: AuthUser) -> T:
@@ -325,6 +307,31 @@ def blacklist(self) -> BlacklistedToken:
 
             return BlacklistedToken.objects.get_or_create(token=token)
 
+        def outstand(self) -> Optional[OutstandingToken]:
+            """
+            Ensures this token is included in the outstanding token list and
+            adds it to the outstanding token list if not.
+            """
+            jti = self.payload[api_settings.JTI_CLAIM]
+            exp = self.payload["exp"]
+            user_id = self.payload.get(api_settings.USER_ID_CLAIM)
+            User = get_user_model()
+            try:
+                user = User.objects.get(**{api_settings.USER_ID_FIELD: user_id})
+            except User.DoesNotExist:
+                user = None
+
+            # Ensure outstanding token exists with given jti
+            return OutstandingToken.objects.get_or_create(
+                jti=jti,
+                defaults={
+                    "user": user,
+                    "created_at": self.current_time,
+                    "token": str(self),
+                    "expires_at": datetime_from_epoch(exp),
+                },
+            )
+
         @classmethod
         def for_user(cls: type[T], user: AuthUser) -> T:
             """
