async def login(Authorization: AuthJWT = Depends()):
# add previous access jwt token to denylist
saved_token = redis_denylist.get('saved_token')
redis_denylist.setex(
Authorization.get_raw_jwt(saved_token)['jti'],
settings.ACCESS_TOKEN_EXPIRE_MINUTES * 60, 'true')
Authorization.jwt_refresh_token_required()
# add previous refresh jwt token to denylist
redis_denylist.setex(Authorization.get_raw_jwt()['jti'],
settings.REFRESH_TOKER_EXPIRE_MINUTES * 60, 'true')
subject = Authorization.get_jwt_subject()
return create_token_pair(Authorization, subject)
def logout(Authorize: AuthJWT = Depends()):
"""
Mark token as unusable
"""
jti = Authorize.get_raw_jwt()['jti']
app.denyTokenList.append(jti)
return {"msg": "Successfully logged out"}
async def get_refresh_token(Authorize: AuthJWT = Depends()):
"""
Use refresh token to update access and refresh token
"""
Authorize.jwt_refresh_token_required()
raw_jwt = Authorize.get_raw_jwt()
return create_tokens(Authorize, **raw_jwt)
async def get_current_user(request: Request,
response: Response,
db_session: Session = Depends(get_db),
Authorize: AuthJWT = Depends()):
try:
Authorize.jwt_required()
except Exception as e:
traceback.print_exc()
raise
token = Authorize.get_raw_jwt()
# admin user
admin = token.get('admin', False)
if admin:
user = get_admin_user_by_email(db_session, token.get('sub'))
if user is None:
raise CREDENTIALS_EXCEPTION
return user
filer = token.get('filer', False)
if filer:
user = get_filer_user_by_email(db_session, token.get('sub'))
if user is None:
raise CREDENTIALS_EXCEPTION
return user
raise CREDENTIALS_EXCEPTION
async def access_test(Authorization: AuthJWT = Depends()):
try:
Authorization.jwt_required()
token_id = Authorization.get_raw_jwt()['jti']
logger.info(f'autorization passed with {token_id}')
return {'status': 'OK'}
except RevokedTokenError as e:
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED,
detail="Token has been revoked")
def auth_jwt_decode_refresh_token(
auth_jwt: AuthJWT = Depends(),
) -> JWTToken:
try:
auth_jwt.jwt_refresh_token_required()
payload = auth_jwt.get_raw_jwt()
return JWTRefreshToken(**payload)
except Exception:
raise UnauthorizedError(message="JWT Format Error")
def access_revoke(Authorize: AuthJWT = Depends()):
Authorize.jwt_required()
# Store the tokens in redis with the value true for revoked.
# We can also set an expires time on these tokens in redis,
# so they will get automatically removed after they expire.
jti = Authorize.get_raw_jwt()['jti']
redis_conn.setex(jti, ACCESS_EXPIRES, 'true')
return {"msg": "Access token revoked"}
def auth_jwt_decode_oauth_state(
auth_jwt: AuthJWT,
state: Optional[str],
) -> Optional[JWTOAuthToken]:
payload = auth_jwt.get_raw_jwt(state)
if payload:
try:
return JWTOAuthToken(**payload)
except Exception:
raise UnauthorizedError(message="JWT Format Error")
return None
async def websocket(websocket: WebSocket, csrf_token: str = Query(...), Authorize: AuthJWT = Depends()):
await websocket.accept()
try:
Authorize.jwt_required("websocket",websocket=websocket,csrf_token=csrf_token)
# Authorize.jwt_optional("websocket",websocket=websocket,csrf_token=csrf_token)
# Authorize.jwt_refresh_token_required("websocket",websocket=websocket,csrf_token=csrf_token)
# Authorize.fresh_jwt_required("websocket",websocket=websocket,csrf_token=csrf_token)
await websocket.send_text("Successfully Login!")
decoded_token = Authorize.get_raw_jwt()
await websocket.send_text(f"Here your decoded token: {decoded_token}")
except AuthJWTException as err:
await websocket.send_text(err.message)
await websocket.close()
def auth_jwt_decode_access_token_optional(
auth_jwt: AuthJWT = Depends(),
scheme: HTTPAuthorizationCredentials = Depends(jwt_scheme)
# scheme is only used for authorization in swagger UI
) -> Optional[JWTAccessToken]:
auth_jwt.jwt_optional()
payload = auth_jwt.get_raw_jwt()
if not payload:
return None
try:
return JWTAccessToken(**payload)
except Exception:
raise UnauthorizedError(message="JWT Format Error")
async def refresh_tokens(Authorize: AuthJWT = Depends()):
Authorize.jwt_refresh_token_required()
current_user = Authorize.get_jwt_subject()
jti = Authorize.get_raw_jwt()['jti']
access_token = Authorize.create_access_token(subject=current_user)
refresh_token = Authorize.create_refresh_token(subject=current_user)
if not DEBUG_LOGIN:
app.state.redis.revoke_tokens(jti)
app.state.redis.save_tokens(Authorize.get_jti(access_token), Authorize.get_jti(refresh_token))
return {"access_token": access_token, "refresh_token": refresh_token, "result": True}
async def websocket_jwt_optional_cookies(
websocket: WebSocket,
csrf_token: str = Query(...),
Authorize: AuthJWT = Depends()
):
await websocket.accept()
try:
Authorize.jwt_optional("websocket",websocket=websocket,csrf_token=csrf_token)
decoded_token = Authorize.get_raw_jwt()
if decoded_token:
await websocket.send_text("hello world")
await websocket.send_text("hello anonym")
except AuthJWTException as err:
await websocket.send_text(err.message)
await websocket.close()
def verify_token_and_domain(
request: Request,
Authorize: AuthJWT = Depends(),
dummy=Depends(HTTPBearer())
) -> RawJwt:
"""
Check JWT access token and domain, if domain from request anf from token are equal, than pass the validation.
Argument dummy needs only for generating the documentation.
"""
domain = request.base_url.hostname
Authorize.jwt_required()
raw_jwt = Authorize.get_raw_jwt()
user_domain = raw_jwt.get('domain')
if domain != user_domain:
raise HTTPException(401)
return raw_jwt
def delete_user_profile_picture(Authorize: AuthJWT = Depends(),
db: Session = Depends(get_db)):
Authorize.jwt_required()
user_id = Authorize.get_jwt_subject()
user_name = Authorize.get_raw_jwt()["username"]
dbuser = userCRUD.get(db, user_id)
if not user_name:
raise HTTPException(500, "Failed to get username from JWT")
profile_picture = get_default_profile_picture(user_name)
dbuser = userCRUD.update_profile_picture(db,
user_id=user_id,
image=profile_picture)
return JSONResponse({"success": True})
async def get_active_user_from_cookie(request: Request,
db_session: Session = Depends(get_db),
Authorize: AuthJWT = Depends()):
Authorize.jwt_refresh_token_required()
token = Authorize.get_raw_jwt()
# admin user
admin = token.get('admin', False)
if admin:
user = get_admin_user_by_email(db_session, token.get('sub'))
if user is None or not user.active:
raise CREDENTIALS_EXCEPTION
return user
filer = token.get('filer', False)
if filer:
user = get_filer_user_by_email(db_session, token.get('sub'))
if user is None or not user.active:
raise CREDENTIALS_EXCEPTION
return user
raise CREDENTIALS_EXCEPTION
def refresh_revoke(Authorize: AuthJWT = Depends()):
Authorize.jwt_refresh_token_required()
jti = Authorize.get_raw_jwt()['jti']
redis_conn.setex(jti, settings.refresh_expires, 'true')
return {"detail": "Refresh token has been revoke"}
async def refresh_token_revoke(Authorize: AuthJWT = Depends()):
Authorize.jwt_refresh_token_required()
jti = Authorize.get_raw_jwt()['jti']
conn_redis.setex(jti,REFRESH_EXPIRES,"true")
return {"message":"Refresh token revoked."}
async def access_token_revoke(Authorize: AuthJWT = Depends()):
Authorize.jwt_required()
jti = Authorize.get_raw_jwt()['jti']
conn_redis.setex(jti,ACCESS_EXPIRES,"true")
return {"message":"Access token revoked."}
def add_to_deny(Authorize: AuthJWT, token: str = None):
jti = Authorize.get_raw_jwt(token)["jti"]
denylist.add(jti)
def refresh_revoke(Authorize: AuthJWT = Depends()):
Authorize.jwt_refresh_token_required()
jti = Authorize.get_raw_jwt()['jti']
blacklist.add(jti)
return {"msg": "Refresh token revoked"}
def access_revoke(Authorize: AuthJWT = Depends()):
Authorize.jwt_required()
jti = Authorize.get_raw_jwt()['jti']
blacklist.add(jti)
return {"msg": "Access token revoked"}
def user(Authorize: AuthJWT = Depends()):
Authorize.jwt_required()
foo_claims = Authorize.get_raw_jwt()['foo']
return {"foo": foo_claims}
def refresh_revoke(Authorize: AuthJWT = Depends()):
Authorize.jwt_refresh_token_required()
jti = Authorize.get_raw_jwt()['jti']
denylist.add(jti)
return {"detail": "Refresh token has been revoke"}
def raw_token(Authorize: AuthJWT = Depends()):
Authorize.jwt_required()
return Authorize.get_raw_jwt()
async def logout(Authorize: AuthJWT = Depends()):
Authorize.jwt_required()
app.state.redis.revoke_tokens(Authorize.get_raw_jwt()['jti'])
return {"status": "ok", "msg": "logged out", "result": True}
def refresh_revoke(Authorize: AuthJWT = Depends()):
Authorize.jwt_refresh_token_required()
jti = Authorize.get_raw_jwt()['jti']
redis_conn.setex(jti, REFRESH_EXPIRES, 'true')
return {"msg": "Refresh token revoked"}
