def test_decode_audience_missing(self): payload = utils.jwt_payload(self.user) token = utils.jwt_encode(payload) with override_jwt_settings(JWT_AUDIENCE='test'): with self.assertRaises(exceptions.JSONWebTokenError): utils.get_payload(token)
def test_payload_decode_audience_missing(self): payload = utils.jwt_payload(self.user) token = utils.jwt_encode(payload) with override_settings(JWT_AUDIENCE='test'): with self.assertRaises(GraphQLJWTError): utils.get_payload(token)
def test_payload_decode_audience_missing(self): payload = utils.jwt_payload(self.user) token = utils.jwt_encode(payload) with override_jwt_settings(JWT_AUDIENCE='test'): with self.assertRaises(GraphQLJWTError): utils.get_payload(token)
def token_is_expired(token): ret = False try: get_payload(token) except JSONWebTokenError: ret = True except JSONWebTokenExpired: ret = True return ret
def mutate_and_get_payload(cls, root, info, token, **kwargs): """ Overloaded to determine the owener form the payload and return it. """ payload = get_payload(token, info.context) user = User.objects.get(email=payload["email"]) return cls(payload=payload, user=user)
def authenticate(self, request=None, **kwargs): if request is None: try: username = kwargs.get('username') group = kwargs.get('group') if group.searh_user(username): return User(username=username) return None except: return None token = get_credentials(request, **kwargs) if token is not None: payload = get_payload(token, request) return get_user_by_payload(payload) try: username = kwargs[get_user_model().USERNAME_FIELD] password = kwargs["password"] auth = AuthenticationDB.objects.get(name='AuthenticationDB') if auth.validate_user(username=username, password=password): return User(username=username) return None except: return None
def validate(self, attrs): # Get and check payload try: payload = get_payload(attrs["token"]) except (JSONWebTokenExpired, JSONWebTokenError) as e: raise serializers.ValidationError(str(e)) # Get and check user by payload try: user = get_user_by_payload(payload) except JSONWebTokenError as e: raise serializers.ValidationError(str(e)) # Get and check "origIat" orig_iat = payload.get("origIat") if not orig_iat: raise serializers.ValidationError(_("origIat field is required")) if jwt_refresh_expired_handler(orig_iat): raise serializers.ValidationError(_("Refresh has expired")) new_payload = jwt_payload_handler(user) new_payload["origIat"] = orig_iat refresh_expires_in = ( orig_iat + jwt_settings.JWT_REFRESH_EXPIRATION_DELTA.total_seconds()) token = jwt_encode_handler(new_payload) return { "token": token, "payload": new_payload, "refresh_expires_in": refresh_expires_in, }
def test_token_auth(self): response = self.execute({ 'username': self.user.get_username(), 'password': '******', }) payload = get_payload(response.data['tokenAuth']['token']) self.assertEqual(self.user.get_username(), payload['username'])
def test_token_auth(self): response = self.execute({ self.user.USERNAME_FIELD: self.user.get_username(), 'password': '******', }) token = response.cookies.get(jwt_settings.JWT_COOKIE_NAME).value payload = get_payload(token) self.assertEqual(token, response.data['tokenAuth']['token']) self.assertUsernameIn(payload)
def test_token_auth(self): response = self.execute({ self.user.USERNAME_FIELD: self.user.get_username(), 'password': '******', }) payload = get_payload(response.data['tokenAuth']['token']) self.assertUsernameIn(payload)
def test_token_auth(self): response = self.execute({ self.user.USERNAME_FIELD: self.user.get_username(), 'password': '******', }) data = response.data['tokenAuth'] payload = get_payload(data['token']) refresh_token = get_refresh_token(data['refreshToken']) self.assertUsernameIn(payload) self.assertEqual(refresh_token.user, self.user)
def test_refresh(self): with back_to_the_future(seconds=1): response = self.execute({ 'token': self.token, }) data = response.data['refreshToken'] token = data['token'] payload = get_payload(token) self.assertNotEqual(token, self.token) self.assertUsernameIn(data['payload']) self.assertEqual(payload['origIat'], self.payload['origIat']) self.assertGreater(payload['exp'], self.payload['exp'])
def authenticate(self, request=None, username=None, password=None, **kwargs): if request is None: try: group = kwargs.get('group') if group.searh_user(username): return User(username=username) return None except: return None token = get_credentials(request, **kwargs) if token is not None: payload = get_payload(token, request) username = jwt_settings.JWT_PAYLOAD_GET_USERNAME_HANDLER(payload) ldap_user = _LDAPUser(self, username=username.strip(), request=request) if self.settings.USER_SEARCH is not None: user_dn = ldap_user._search_for_user_dn() elif self.settings.USER_DN_TEMPLATE is not None: user_dn = ldap_user._construct_simple_user_dn() else: user_dn = None if user_dn is not None: try: result_search = ldap_user.connection.search_s(user_dn, 0) if len(result_search) == 1 and result_search is not None: return User(username=username) return None except: return None if password or self.settings.PERMIT_EMPTY_PASSWORD: ldap_user = _LDAPUser(self, username=username.strip(), request=request) user = self.authenticate_ldap_user(ldap_user, password) else: logger.debug('Rejecting empty password for {}'.format(username)) user = None return user
def test_refresh(self): with mock.patch('graphql_jwt.utils.datetime') as datetime_mock: datetime_mock.utcnow.return_value =\ datetime.utcnow() + timedelta(seconds=1) response = self.execute({ 'token': self.token, }) data = response.data['refreshToken'] token = data['token'] self.assertNotEqual(self.token, token) self.assertEqual(self.user.get_username(), data['payload']['username']) payload = get_payload(token) self.assertEqual(self.payload['orig_iat'], payload['orig_iat'])
def test_refresh_token(self): with back_to_the_future(seconds=1): response = self.execute({ 'refreshToken': self.refresh_token.token, }) data = response.data['refreshToken'] token = data['token'] refresh_token = get_refresh_token(data['refreshToken']) payload = get_payload(token) self.assertNotEqual(token, self.token) self.assertGreater(payload['exp'], self.payload['exp']) self.assertNotEqual(refresh_token.token, self.refresh_token.token) self.assertEqual(refresh_token.user, self.user) self.assertGreater(refresh_token.created, self.refresh_token.created)
def authenticate(self, request: Request) -> Optional[Tuple[User, dict]]: """ Returns a tuple of `User` and a JSON web token if the signature for the token supplied in JWT-based authentication is valid. Otherwise, returns `None`. """ jwt_value = get_http_authorization(request) if jwt_value is None: return None try: payload = get_payload(jwt_value) except (JSONWebTokenExpired, JSONWebTokenError) as e: raise exceptions.AuthenticationFailed(str(e)) try: user = get_user_by_payload(payload) except JSONWebTokenError: raise exceptions.AuthenticationFailed(_("Invalid payload")) return user, payload
def validate(self, attrs): try: payload = get_payload(attrs["token"]) except (JSONWebTokenExpired, JSONWebTokenError) as e: raise serializers.ValidationError(str(e)) return {"payload": payload}
def test_decode_error(self): with self.assertRaises(exceptions.JSONWebTokenError): utils.get_payload('invalid')
def test_payload_expired_signature(self): payload = utils.jwt_payload(self.user) token = utils.jwt_encode(payload) with self.assertRaises(GraphQLJWTError): utils.get_payload(token)
def test_expired_signature(self): payload = utils.jwt_payload(self.user) token = utils.jwt_encode(payload) with self.assertRaises(exceptions.JSONWebTokenExpired): utils.get_payload(token)
def test_payload_decode_error(self): with self.assertRaises(GraphQLJWTError): utils.get_payload('invalid')
def get_user_by_token(token, context=None): payload = get_payload(token, context) return get_user_by_payload(payload)
def get_token(user: UserModel, context=None): payload = get_payload(user, context) return jwt_encode(payload, context)