def get_jwt_payload(config, socket_data=None):
# Get token from request
payload = {}
auth_header = config.get('AUTH_HEADER', 'Authorization')
authorization = None
if is_socket() and socket_data:
if 'headers' in socket_data and auth_header in socket_data['headers']:
authorization = socket_data['headers'][auth_header]
elif auth_header in request.headers:
authorization = request.headers[auth_header]
if not authorization:
return payload
# strip prefix
prefix = config.get('AUTH_PREFIX', 'Bearer')
token_parts = authorization.split()
if len(token_parts) != 2 or token_parts[0] != prefix:
return payload
authorization = token_parts[1]
# get payload from token
secret = config['SECRET_KEY']
algorithm = config.get('CRYPT_ALGO', 'HS256')
try:
options = {'verify_exp': False, 'verify_iat': False}
payload = jwt.decode(authorization, secret, algorithm=algorithm, options=options)
except jwt.InvalidTokenError:
payload = {}
print(payload)
return payload
def inner(*args, **kwargs):
def reject():
if is_socket():
return ('unauthorized', {'error': 'Not Authorized!'}, UNAUTHORIZED)
return ({'error': 'Not Authorized!'}, UNAUTHORIZED)
config = args[0].app.config
# get user from payload
socket_data = None
if is_socket():
if len(args) == 2:
socket_data = args[1]
payload = get_jwt_payload(config, socket_data)
if 'user' not in payload:
if reject:
return reject()
else:
user = None
else:
user = deserialize_user(payload['user'])
if not user and reject:
return reject()
# Inject into function
if 'current_user' in inspect.getargspec(fn).args:
kwargs['current_user'] = user
result = fn(*args, **kwargs)
# refresh token
if result and user is not None:
payload = update_exp(payload, config)
token = create_token(payload, config)
header, token_string = header_string(token, config)
params = list(result) if isinstance(result, tuple) else [result]
if is_socket():
event = params.pop(0)
message = params.pop(0) if params else None
status = params.pop(0) if params else OK
headers = params.pop(0) if params else {}
headers[header] = token_string
if is_socket():
result = (event, message, status, headers)
else:
result = (message, status, headers)
return result
def authorize(controller, user, message='authorized', socket_data=None):
config = controller.app.config
# get current token payload if it exists
payload = get_jwt_payload(config, socket_data)
# make new token
payload['user'] = serialize_user(user)
# payload = update_exp(payload, config)
token = create_token(payload, config)
print(payload)
# get headers
header, token_string = header_string(token, config)
headers = {header: token_string}
message = {'message': message} if not isinstance(message, dict) else message
if is_socket():
return ('authorized', message, OK, headers)
return (message, OK, headers)
def reject():
if is_socket():
return ('unauthorized', {'error': 'Not Authorized!'}, UNAUTHORIZED)
return ({'error': 'Not Authorized!'}, UNAUTHORIZED)