def assertToken(self, plain, user=None): user = user or self.owner self.assertTrue( any( check_password(plain, hashed, preferred='pbkdf2_sha256_iter1') for hashed in Token.objects.filter( user=user).values_list('key', flat=True))) self.assertEqual(len(Token.make_hash(plain).split('$')), 4)
def authenticate_credentials(self, _, key): key = Token.make_hash(key) try: token = self.model.objects.get(key=key) except self.model.DoesNotExist: raise exceptions.AuthenticationFailed('badauth') if not token.user.is_active: raise exceptions.AuthenticationFailed('badauth') return token.user, token
def authenticate_credentials(self, key): key = Token.make_hash(key) try: user, token = super().authenticate_credentials(key) except TypeError: # no token given return None # unauthenticated if not token.is_valid: raise exceptions.AuthenticationFailed('Invalid token.') token.last_used = timezone.now() token.save() return user, token
def authenticate_credentials(self, basic): invalid_token_message = 'Invalid basic auth token' try: user, key = base64.b64decode(basic).decode( HTTP_HEADER_ENCODING).split(':') key = Token.make_hash(key) token = self.model.objects.get(key=key) domain_names = token.user.domains.values_list('name', flat=True) if user not in ['', token.user.email ] and not user.lower() in domain_names: raise Exception except Exception: raise exceptions.AuthenticationFailed(invalid_token_message) if not token.user.is_active: raise exceptions.AuthenticationFailed(invalid_token_message) return token.user, token
def assertAuthenticationStatus(self, code, plain=None, expired=False, **kwargs): plain = plain or self.token.plain self.client.set_credentials_token_auth(plain) # only forward REMOTE_ADDR if not None if kwargs.get('REMOTE_ADDR') is None: kwargs.pop('REMOTE_ADDR', None) response = self.client.get(self.reverse('v1:root'), **kwargs) body = json.dumps({'detail': 'Invalid token.' }) if code == HTTP_401_UNAUTHORIZED else None self.assertResponse(response, code, body) if expired: key = Token.make_hash(plain) self.assertFalse(Token.objects.get(key=key).is_valid)
def authenticate_credentials(self, key): key = Token.make_hash(key) user, token = super().authenticate_credentials(key) token.last_used = timezone.now() token.save() return user, token
def authenticate_credentials(self, key): key = Token.make_hash(key) return super().authenticate_credentials(key)