def authenticate(self, request): auth = get_authorization_header(request).split() auth_header_prefix = settings.JWT_AUTH_HEADER_PREFIX.lower() if not auth or smart_text(auth[0].lower()) != auth_header_prefix: raise exceptions.AuthenticationFailed() if len(auth) == 1: msg = 'Invalid Authorization header. No credentials provided.' raise exceptions.AuthenticationFailed(msg) elif len(auth) > 2: msg = ('Invalid Authorization header. Credentials string ' 'should not contain spaces.') raise exceptions.AuthenticationFailed(msg) try: payload = jwt_decode_handler(auth[1]) except jwt.ExpiredSignature: msg = 'Signature has expired.' raise exceptions.AuthenticationFailed(msg) except jwt.DecodeError: msg = 'Error decoding signature.' raise exceptions.AuthenticationFailed(msg) user = self.authenticate_credentials(payload) return (user, auth[1])
def get_payload_from_token(token): try: payload = jwt_decode_handler(token) except jwt.ExpiredSignatureError: raise exceptions.AuthenticationFailed(_("Signature has expired.")) except jwt.DecodeError: raise exceptions.AuthenticationFailed(_("Error decoding signature.")) return payload
def authenticate_credentials(self, payload): """ Returns an active user that matches the payload's user id and email. """ try: user_id = jwt_get_user_id_from_payload(payload) if user_id: user = User.objects.get(pk=user_id, is_active=True) else: raise exceptions.AuthenticationFailed(_('Invalid payload')) except User.DoesNotExist: raise exceptions.AuthenticationFailed(_('Invalid signature')) return user
def get_token_from_request(request): auth = get_authorization_header(request).split() auth_header_prefix = settings.JWT_AUTH_HEADER_PREFIX.lower() if not auth or auth[0].lower().decode("utf-8") != auth_header_prefix: raise exceptions.AuthenticationFailed() if len(auth) == 1: raise exceptions.AuthenticationFailed( _("Invalid Authorization header. No credentials provided.")) elif len(auth) > 2: raise exceptions.AuthenticationFailed( _("Invalid Authorization header. Credentials string " "should not contain spaces.")) return auth[1]
def __call__(self, request): if request.path_info != settings.JWT_LOGIN_URL: try: token = mixins.get_token_from_request(request) payload = mixins.get_payload_from_token(token) user_id = mixins.get_user_id_from_payload(payload) request.user = mixins.get_user(user_id) if not request.user: raise exceptions.AuthenticationFailed( _("Invalid user ID.")) except exceptions.AuthenticationFailed as e: return JsonResponse({"error": str(e)}, status=401) return self.get_response(request)
def __call__(self, request): user = None try: token = mixins.get_token_from_request(request) payload = mixins.get_payload_from_token(token) user_id = mixins.get_user_id_from_payload(payload) user = mixins.get_user(user_id) if not user: raise exceptions.AuthenticationFailed(_("Invalid user ID.")) except exceptions.AuthenticationFailed as e: logger.debug(e) request.user = user if user else AnonymousUser() return self.get_response(request)
def __call__(self, request): ### # added custom allowed jwt request urls to be allowed. ### if request.path_info.startswith( "/admin") or request.path_info.startswith("/static"): return self.get_response(request) if request.path_info not in settings.JWT_ALLOWED_URLS: try: token = mixins.get_token_from_request(request) payload = mixins.get_payload_from_token(token) user_id = mixins.get_user_id_from_payload(payload) request.user = mixins.get_user(user_id) if not request.user: raise exceptions.AuthenticationFailed( _("Invalid user ID.")) except exceptions.AuthenticationFailed as e: return JsonResponse({"error": str(e)}, status=401) return self.get_response(request)
def get_user_id_from_payload(payload): user_id = jwt_get_user_id_from_payload(payload) if not user_id: raise exceptions.AuthenticationFailed(_("Invalid payload")) return user_id