def process_request(self, request):
if 'HTTP_AUTHORIZATION' not in request.META:
return
method, claim = request.META['HTTP_AUTHORIZATION'].split(' ', 1)
if method.upper() != AUTH_METHOD:
return
username = token.get_claimed_username(claim)
if not username:
return
User = get_user_model()
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
return
claim_data = None
for public in user.public_keys.all():
claim_data = token.verify(claim,
public.key,
validate_nonce=self.validate_nonce)
if claim_data:
break
if not claim_data:
return
logging.info('Successfully authenticated %s using JWT', user.username)
request._dont_enforce_csrf_checks = True
request.user = user
def process_request(self, request):
if 'HTTP_AUTHORIZATION' not in request.META:
return
method, claim = request.META['HTTP_AUTHORIZATION'].split(' ', 1)
if method.upper() != AUTH_METHOD:
return
username = token.get_claimed_username(claim)
if not username:
return
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
return
claim_data = None
for public in user.public_keys.all():
claim_data = token.verify(claim, public.key, validate_nonce=self.validate_nonce)
if claim_data:
break
if not claim_data:
return
logging.info('Successfully authenticated %s using JWT', user.username)
request._dont_enforce_csrf_checks = True
request.user = user
def process_base(self, request):
"""
Base function for processing middleware (process_request) and DRF authentication
(authenticate)
"""
if 'HTTP_AUTHORIZATION' not in request.META:
return None
method, claim = request.META['HTTP_AUTHORIZATION'].split(' ', 1)
if method.upper() != AUTH_METHOD:
return None
username = token.get_claimed_username(claim)
if not username:
return None
User = get_user_model()
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
return None
claim_data = None
for public in user.public_keys.all():
claim_data = token.verify(claim,
public.key,
validate_nonce=self.validate_nonce)
if claim_data:
break
if not claim_data:
return None
logger.debug('Successfully authenticated %s using JWT', user.username)
return user
def process_request(self, request):
"""
Process a Django request and authenticate users.
If a JWT authentication header is detected and it is determined to be valid, the user is set as
``request.user`` and CSRF protection is disabled (``request._dont_enforce_csrf_checks = True``) on
the request.
:param request: Django Request instance
"""
if 'HTTP_AUTHORIZATION' not in request.META:
return
try:
method, claim = request.META['HTTP_AUTHORIZATION'].split(' ', 1)
except ValueError:
return
if method.upper() != AUTH_METHOD:
return
username = token.get_claimed_username(claim)
if not username:
return
User = get_user_model()
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
return
claim_data = None
for public in user.public_keys.all():
claim_data = token.verify(claim,
public.key,
validate_nonce=self.validate_nonce)
if claim_data:
break
if not claim_data:
return
logger.debug('Successfully authenticated %s using JWT', user.username)
request._dont_enforce_csrf_checks = True
request.user = user
def test_get_claimed_username(self):
private, public = generate_key_pair()
t = token.sign('guido', private)
self.assertEqual(token.get_claimed_username(t), 'guido')
def test_get_claimed_username(self):
private, public = generate_key_pair()
t = token.sign('guido', private)
self.assertEqual(token.get_claimed_username(t), 'guido')
