def verify(self, request, *args, **kwargs):
token = request.GET['token']
user = request.GET['profil']
from rest_framework_simplejwt.authentication import JWTAuthentication
try:
JWTAuthentication.get_validated_token(self, token)
User.objects.filter(pk=user).update(is_active=True)
return Response(_('Account verified'), status=status.HTTP_200_OK)
except InvalidToken:
return Response(InvalidToken.default_detail,
status=InvalidToken.status_code)
def test_access_token_after_expiration(self, client, user):
time1, time2 = '2100-01-01 00:00:00', '2100-01-02 00:00:01'
with freeze_time(time1):
response = client.post(LOGIN_URL, {
'email': user.email,
'password': DEFAULT_USER_PASSWORD,
})
assert response.status_code == status.HTTP_200_OK
with freeze_time(time2):
auth_backend = JWTAuthentication()
with pytest.raises(InvalidToken):
auth_backend.get_validated_token(response.data['access'])
def delete(self, request):
"""
Deletes a list of given landzones
:author Munir Safi
:since 2020-11-19
:param {request} the incoming rest_framework http request object
"""
if request.headers.get('Authorization', None) is not None:
header_token = request.headers['Authorization'].split(' ')[1]
jwt_object = JWTAuthentication()
valid_token = jwt_object.get_validated_token(header_token)
user_email = jwt_object.get_user(valid_token)
AuthUser = get_user_model()
user = AuthUser.objects.get(email=user_email)
for landzone_uuid in request.data:
zone = LandZone.objects.get(uuid=landzone_uuid)
if zone.owner == user:
zone.delete()
else:
return Response(
{
'message':
'You are attempting to delete an area that you have no privelages for'
},
status=status.HTTP_401_UNAUTHORIZED)
return Response(status=status.HTTP_200_OK)
else:
return Response(
{'message': 'You must be logged in to delete a zone!'},
status=status.HTTP_401_UNAUTHORIZED)
def post(self, request):
"""
Save the landzones a user submits
:author Munir Safi
:since 2020-11-14
:param {request} the incoming rest_framework http request object
"""
if request.headers.get('Authorization', None) is not None:
header_token = request.headers['Authorization'].split(' ')[1]
jwt_object = JWTAuthentication()
valid_token = jwt_object.get_validated_token(header_token)
user_email = jwt_object.get_user(valid_token)
AuthUser = get_user_model()
user = AuthUser.objects.get(email=user_email)
for landzone in request.data['landzones']:
if landzone.get('geoJSON', None) is not None:
land_zone = LandZone(geo_json=landzone['geoJSON'],
owner=user)
land_zone.save()
else:
return Response(
{
'message':
'You must include a \'geoJSON\' property in your array of objects'
},
status=status.HTTP_400_BAD_REQUEST)
return Response(status=status.HTTP_200_OK)
else:
return Response(
{'message': 'You must be logged in to register a new zone!'},
status=status.HTTP_401_UNAUTHORIZED)
def has_permission(self, request, view):
jwt_object = JWTAuthentication()
header = jwt_object.get_header(request)
raw_token = jwt_object.get_raw_token(header)
validated_token = jwt_object.get_validated_token(raw_token)
user = jwt_object.get_user(validated_token)
return user.is_staff
def _check_login_social_simple_jwt_only(self, url, data, token_type):
resp = self.client.post(url, data)
self.assertEqual(resp.status_code, 200)
# check token valid
jwt_auth = JWTAuthentication()
token_instance = jwt_auth.get_validated_token(resp.data['token'])
self.assertEqual(token_instance['token_type'], token_type)
def _check_login_social_simple_jwt_only(self, url, data, token_type):
resp = self.client.post(url, data)
self.assertEqual(resp.status_code, 200)
# check token valid
jwt_auth = JWTAuthentication()
token_instance = jwt_auth.get_validated_token(resp.data['token'])
self.assertEqual(token_instance['token_type'], token_type)
def post(self, request):
"""
Validates the current user, then updates their password using the new
given password
:author Munir Safi
:since 2020-11-14
:param {request} the incoming rest_framework http request object
"""
if request.headers.get('Authorization', None) is not None:
header_token = request.headers['Authorization'].split(' ')[1]
jwt_object = JWTAuthentication()
valid_token = jwt_object.get_validated_token(header_token)
user_email = jwt_object.get_user(valid_token)
AuthUser = get_user_model()
user = AuthUser.objects.get(email=user_email)
user.set_password(request.data['password'])
user.save()
refresh = RefreshToken.for_user(user)
return Response({
'refresh': str(refresh),
'access': str(refresh.access_token)
})
else:
return Response(
{
'message':
'Cannot change user password if no user is active'
},
status=status.HTTP_400_BAD_REQUEST)
class JWTAuthMiddleware:
"""
Custom middleware that verifies the JWT and adds the user_id to the scope
"""
def __init__(self, inner):
self.inner = inner
self.auth = JWTAuthentication()
self.token_pattern_string = '\/[\w]+[.]{1}[\w]+[.]{1}[\w_-]*\/'
self.token_pattern = re.compile(self.token_pattern_string)
def __call__(self, scope):
close_old_connections()
headers = dict(scope['headers'])
if b'authorization' in headers:
try:
raw_token = bytes(
headers[b'authorization']).decode('utf-8').split()[1]
valid_token = self.auth.get_validated_token(raw_token)
user_id = valid_token.get('user_id')
return self.inner(dict(scope, user_id=user_id))
except IndexError:
return self.inner(
dict(scope, auth_error="Invalid token format."))
except InvalidToken:
return self.inner(dict(scope, auth_error="Invalid token."))
# elif 10 < len(scope['path']):
elif 'path' in scope.keys() and len(
re.findall(self.token_pattern, str(scope['path']))) > 0:
try:
# print("Trying")
raw_token = self._extract_token(str(scope['path']))
# print("Raw: %s" % raw_token)
# raw_token = str(scope['path']).replace('/ws/chat/', '').replace('/', '')
valid_token = self.auth.get_validated_token(raw_token)
user_id = valid_token.get('user_id')
return self.inner(dict(scope, user_id=user_id))
except InvalidToken:
print("Invalid token")
return self.inner(dict(scope, auth_error="Invalid token."))
return self.inner(
dict(scope, auth_error="Missing authorization headers."))
def _extract_token(self, path):
mats = re.findall(self.token_pattern, path)
raw_path = str(mats[0]).replace("/", "")
return raw_path
def validate(self, attrs):
data = super().validate(attrs)
jwt_object = JWTAuthentication()
validated_token = jwt_object.get_validated_token(attrs.get('token'))
user = jwt_object.get_user(validated_token)
user_serializer = UserSerializer(user)
data['user'] = user_serializer.data
return data
def authenticate_from_token(request):
jwt_object = JWTAuthentication()
header = jwt_object.get_header(request)
raw_token = jwt_object.get_raw_token(header)
validated_token = jwt_object.get_validated_token(raw_token)
user = jwt_object.get_user(validated_token)
request.data["user"] = user.id
return request
def get_user_from_access_token_or_401(access_token):
jwt_authenticaton = JWTAuthentication()
validated_token = jwt_authenticaton.get_validated_token(access_token)
try:
return jwt_authenticaton.get_user(validated_token)
except AuthenticationFailed:
raise NotAuthenticated401
def get_jwt_payload(request):
jwt_object = JWTAuthentication()
header = jwt_object.get_header(request)
raw_token = jwt_object.get_raw_token(header)
validated_token = jwt_object.get_validated_token(raw_token)
token_backend = TokenBackend(algorithm='HS256')
payload = token_backend.decode(token=str(validated_token), verify=False)
return payload
def get_user_for_token(token_key):
try:
jwt_object = JWTAuthentication()
validated_token = jwt_object.get_validated_token(token_key)
user = jwt_object.get_user(validated_token)
return user
except Token.DoesNotExist:
return AnonymousUser()
def get(self, request, token):
validated_token = JWTAuthentication.get_validated_token(self, token)
user_id = validated_token['user_id']
user = get_object_or_404(NewUser, id=user_id)
if user:
user.is_active = True
user.save()
return Response({"status": 'active', "message": 'Login now!'})
return Response(status=status.HTTP_400_BAD_REQUEST)
def process_view(self, request, view_func, view_args, view_kwargs):
jwt_object = JWTAuthentication()
header = jwt_object.get_header(request)
if header is not None:
raw_token = jwt_object.get_raw_token(header)
validated_token = jwt_object.get_validated_token(raw_token)
request.user = jwt_object.get_user(validated_token)
return None
return Response({'error': "Invalid Token"}, status=200)
def get_current_user(request):
jwt_obj = JWTAuthentication()
val_token = jwt_obj.get_validated_token(
request.META.get('HTTP_AUTHORIZATION').replace('JWT ', ''))
user = jwt_obj.get_user(val_token)
return JsonResponse({
"uid": user.id,
"username": user.username,
"is_staff": user.is_staff
})
def helper_jwt_get_user(self, request):
"""
www_authenticate_realm = 'api'
HelperJwtGetUser(self, request)
이런식으로 사용하여 토큰에서 user정보를 찾아내는 uitll입니다.
"""
JWToken_user = j.get_user(
self,
j.get_validated_token(self,
request.headers['Authorization'].split(' ')[1]))
return JWToken_user
def __call__(self, request):
try:
access_token = request.COOKIES["token-access"]
refresh_token = request.COOKIES["token-refresh"]
except:
print("cookies not set")
access_token = False
refresh_token = False
try:
permanent_token = request.COOKIES["token-permanent"]
except:
print("permanent cookie not set")
permanent_token = False
if permanent_token:
# token = Token.objects.get(key=permanent_token)
# user = User.objects.get(key=token.user_id)
request.META["HTTP_AUTHORIZATION"] = "Token " + permanent_token
response = self.get_response(request)
elif access_token and refresh_token:
jwt = JWTAuthentication()
try:
validated_token = jwt.get_validated_token(access_token)
user = jwt.get_user(validated_token)
except:
user = False
print("invalid credentials but i need this silent so the user can still log in")
if not "login/" in request.path :
if request.COOKIES.get("warning") == "false" or request.COOKIES.get("warning") == None:
response = JsonResponse({"detail" : "Your credentials are invalid, this authentication requires a login after 10 minutes of inactivity please log in again, if you dont you will continue as anonymous"}, status = 401)
response.set_cookie("warning", "true")
return response
if user:
request.META["HTTP_AUTHORIZATION"] = "Bearer " + access_token
response = self.get_response(request)
refresh = RefreshToken.for_user(user)
response.set_cookie("token-access", str(refresh.access_token))
response.set_cookie("token-refresh", str(refresh))
response.set_cookie("warning", "false")
else:
response = self.get_response(request)
else:
response = self.get_response(request)
return response
def get_user_data(request):
if request.method == 'GET':
raw_token = request.META['HTTP_AUTHORIZATION'].split()[1]
obj = JWTAuthentication(
) # create a class instance first to call the non-static method
validated_token = obj.get_validated_token(raw_token)
user = obj.get_user(validated_token)
if user:
data = {}
user_data = UserSerializer(user).data
return Response({'user': user_data, 'msg': 'success'}, status=200)
else:
return Response({'msg': 'user not found'}, status=404)
def test_access_token(self, client, user):
response = client.post(LOGIN_URL, {
'email': user.email,
'password': DEFAULT_USER_PASSWORD,
})
assert response.status_code == status.HTTP_200_OK
assert 'access' in response.data
assert 'refresh' in response.data
auth_backend = JWTAuthentication()
access = auth_backend.get_validated_token(response.data['access'])
assert auth_backend.get_user(access) == user
def test_refresh_token_after_changing_jwt_secret(self, client, user):
refresh_token = str(RefreshToken.for_user(user))
user.update(jwt_secret=uuid.uuid4())
response = client.post(TOKEN_REFRESH_URL, {
'refresh': refresh_token,
})
assert response.status_code == status.HTTP_200_OK
auth_backend = JWTAuthentication()
access = auth_backend.get_validated_token(response.data['access'])
with pytest.raises(AuthenticationFailed):
auth_backend.get_user(access)
def test_jwt_auth_header_fixture(self, one_test_user: user,
jwt_auth_header: Callable):
"""
Check that fixture 'jwt_auth_header' returns a callable which in turn returns
dict with 'HTTP_AUTHORIZATION' header mapped to JWT access token.
"""
header = jwt_auth_header(one_test_user)
backend = JWTAuthentication()
_, token = header['HTTP_AUTHORIZATION'].split(' ')
decrypted_token = backend.get_validated_token(token)
assert callable(jwt_auth_header)
assert isinstance(header, dict)
assert decrypted_token['user_id'] == str(one_test_user.pk)
def middleware(request):
try:
auth = JWTAuthentication()
header = auth.get_header(request)
raw_token = auth.get_raw_token(header)
validated_token = auth.get_validated_token(raw_token)
field = settings.SIMPLE_JWT['USER_ID_FIELD']
setattr(request, field, validated_token.payload[field])
except Exception:
raise InvalidToken('Credentials were not provided')
else:
response = get_response(request)
return response
async def authenticate(self, query):
query = (parse.parse_qs(query.decode('utf-8')))
auth_token = query.get('Authentication', '')[-1].split(' ')[-1]
authentication = JWTAuthentication()
try:
user = authentication.get_user(
authentication.get_validated_token(auth_token))
self.scope['user'] = user
except InvalidToken:
await self.accept()
await self.send(text_data=json.dumps({'message': 'bad_token'}))
await self.close()
return False
return True
def verify_user(request, userId):
# we extract the authorization token from the headers
raw_token = request.META['HTTP_AUTHORIZATION'].split()[1]
obj = JWTAuthentication()
validated_token = obj.get_validated_token(raw_token)
user = obj.get_user(validated_token)
try:
new_user = User.objects.get(id=userId)
if user == new_user:
return user
else:
return None
except User.DoesNotExist:
return None
def test_refresh_token(self, client, user):
refresh_token = str(RefreshToken.for_user(user))
response = client.post(TOKEN_REFRESH_URL, {
'refresh': refresh_token,
})
assert response.status_code == status.HTTP_200_OK
assert 'access' in response.data
assert 'refresh' in response.data
auth_backend = JWTAuthentication()
access = auth_backend.get_validated_token(response.data['access'])
assert auth_backend.get_user(access) == user
def __call__(self, scope):
cookies = [x[1] for x in scope['headers'] if 'cookie' in str(x[0])][0]
token = None
for x in str(cookies).split(';'):
if 'X-Authentication' in str(x):
token = re.sub('[\']', '', x.split('=')[1])
print(token)
assert (token, 'No token received!')
jwt_auth = JWTAuthentication()
validated_token = jwt_auth.get_validated_token(token)
user = jwt_auth.get_user(validated_token)
# user = GetTogetherUser.objects.get(pk=token.user.pk)
# Return the inner application directly and let it run everything else
return self.inner(dict(scope, user=user))
def get(self, request):
token = request.GET.get('token')
try:
jwt_object = JWTAuthentication()
# raw_token = jwt_object.get_raw_token(token)
validated_token = jwt_object.get_validated_token(token)
user = jwt_object.get_user(validated_token)
print("This is the username" + user.username)
if not user.is_verified:
user.is_verified = True
user.save()
return Response({'email': 'Successfully activated'}, status=status.HTTP_200_OK)
except jwt.ExpiredSignatureError as identifier:
return Response({'error': 'Activation Expired'}, status=status.HTTP_400_BAD_REQUEST)
except jwt.exceptions.DecodeError as identifier:
return Response({'error': 'Invalid token'}, status=status.HTTP_400_BAD_REQUEST)
def chek_and_return(request):
jwt_object = JWTAuthentication()
header = jwt_object.get_header(request)
raw_token = jwt_object.get_raw_token(header)
validated_token = jwt_object.get_validated_token(raw_token)
user = jwt_object.get_user(validated_token)
user = User.objects.get(username=user).id
data = request.data
""" remember old state, set to mutable, сhange the values, set mutable flag back """
_mutable = data._mutable
data._mutable = True
data['user'] = str(user)
data._mutable = _mutable
# print(data)
return data
def preview_private_picture(request, type, picture_id):
try:
token = request.GET.get('access_token')
jWTAuthentication = JWTAuthentication()
validated_token = jWTAuthentication.get_validated_token(
raw_token=token)
user = jWTAuthentication.get_user(validated_token=validated_token)
picture = Picture.objects.get(id=picture_id)
response = HttpResponse(content_type='image/jpg')
response[
'X-Sendfile'] = '/var/www/static.phographe.marc-antoinea.fr/{}/{}.jpg'.format(
type, picture_id)
return response
except:
return HttpResponseForbidden()
