def validate(self, attrs):
# Get and check payload
try:
payload = get_payload(attrs["token"])
except (JSONWebTokenExpired, JSONWebTokenError) as e:
raise serializers.ValidationError(str(e))
# Get and check user by payload
try:
user = get_user_by_payload(payload)
except JSONWebTokenError as e:
raise serializers.ValidationError(str(e))
# Get and check "origIat"
orig_iat = payload.get("origIat")
if not orig_iat:
raise serializers.ValidationError(_("origIat field is required"))
if jwt_refresh_expired_handler(orig_iat):
raise serializers.ValidationError(_("Refresh has expired"))
new_payload = jwt_payload_handler(user)
new_payload["origIat"] = orig_iat
refresh_expires_in = (
orig_iat +
jwt_settings.JWT_REFRESH_EXPIRATION_DELTA.total_seconds())
token = jwt_encode_handler(new_payload)
return {
"token": token,
"payload": new_payload,
"refresh_expires_in": refresh_expires_in,
}
def __verify_payload(payload: Dict):
user = get_user_by_payload(payload)
jti = ""
try:
jti = payload["jti"]
except:
raise jwt.MissingRequiredClaimError("jti")
if (not user.jtis.filter(value=jti).exists()):
raise jwt.InvalidTokenError("Token expired by user-logout request")
def decode_handler(token, context=None):
payload = jwt.decode(token,
jwt_settings.JWT_SECRET_KEY,
jwt_settings.JWT_VERIFY,
options={
'verify_exp': jwt_settings.JWT_VERIFY_EXPIRATION,
},
leeway=jwt_settings.JWT_LEEWAY,
audience=jwt_settings.JWT_AUDIENCE,
issuer=jwt_settings.JWT_ISSUER,
algorithms=[jwt_settings.JWT_ALGORITHM])
user = get_user_by_payload(payload)
if user is not None:
if 'password' not in payload or payload['password'] != user.password[
-8:]:
raise Exception('Password has changed')
return payload
def authenticate(self, request: Request) -> Optional[Tuple[User, dict]]:
"""
Returns a tuple of `User` and a JSON web token if the signature for the
token supplied in JWT-based authentication is valid. Otherwise, returns
`None`.
"""
jwt_value = get_http_authorization(request)
if jwt_value is None:
return None
try:
payload = get_payload(jwt_value)
except (JSONWebTokenExpired, JSONWebTokenError) as e:
raise exceptions.AuthenticationFailed(str(e))
try:
user = get_user_by_payload(payload)
except JSONWebTokenError:
raise exceptions.AuthenticationFailed(_("Invalid payload"))
return user, payload
def test_user_disabled_by_payload(self, *args):
payload = utils.jwt_payload(self.user)
with self.assertRaises(exceptions.JSONWebTokenError):
utils.get_user_by_payload(payload)
def test_user_by_invalid_payload(self):
with self.assertRaises(exceptions.JSONWebTokenError):
utils.get_user_by_payload({})
def test_user_disabled_by_payload(self, *args):
payload = utils.jwt_payload(self.user)
with self.assertRaises(GraphQLJWTError):
utils.get_user_by_payload(payload)
def test_user_by_invalid_payload(self):
with self.assertRaises(GraphQLJWTError):
utils.get_user_by_payload({})
def test_user_disabled_by_payload(self, *args):
payload = utils.jwt_payload(self.user)
with self.assertRaises(GraphQLJWTError):
utils.get_user_by_payload(payload)
def test_user_by_invalid_payload(self):
with self.assertRaises(GraphQLJWTError):
utils.get_user_by_payload({})
