def validate(self, attrs): # Get and check payload try: payload = get_payload(attrs["token"]) except (JSONWebTokenExpired, JSONWebTokenError) as e: raise serializers.ValidationError(str(e)) # Get and check user by payload try: user = get_user_by_payload(payload) except JSONWebTokenError as e: raise serializers.ValidationError(str(e)) # Get and check "origIat" orig_iat = payload.get("origIat") if not orig_iat: raise serializers.ValidationError(_("origIat field is required")) if jwt_refresh_expired_handler(orig_iat): raise serializers.ValidationError(_("Refresh has expired")) new_payload = jwt_payload_handler(user) new_payload["origIat"] = orig_iat refresh_expires_in = ( orig_iat + jwt_settings.JWT_REFRESH_EXPIRATION_DELTA.total_seconds()) token = jwt_encode_handler(new_payload) return { "token": token, "payload": new_payload, "refresh_expires_in": refresh_expires_in, }
def __verify_payload(payload: Dict): user = get_user_by_payload(payload) jti = "" try: jti = payload["jti"] except: raise jwt.MissingRequiredClaimError("jti") if (not user.jtis.filter(value=jti).exists()): raise jwt.InvalidTokenError("Token expired by user-logout request")
def decode_handler(token, context=None): payload = jwt.decode(token, jwt_settings.JWT_SECRET_KEY, jwt_settings.JWT_VERIFY, options={ 'verify_exp': jwt_settings.JWT_VERIFY_EXPIRATION, }, leeway=jwt_settings.JWT_LEEWAY, audience=jwt_settings.JWT_AUDIENCE, issuer=jwt_settings.JWT_ISSUER, algorithms=[jwt_settings.JWT_ALGORITHM]) user = get_user_by_payload(payload) if user is not None: if 'password' not in payload or payload['password'] != user.password[ -8:]: raise Exception('Password has changed') return payload
def authenticate(self, request: Request) -> Optional[Tuple[User, dict]]: """ Returns a tuple of `User` and a JSON web token if the signature for the token supplied in JWT-based authentication is valid. Otherwise, returns `None`. """ jwt_value = get_http_authorization(request) if jwt_value is None: return None try: payload = get_payload(jwt_value) except (JSONWebTokenExpired, JSONWebTokenError) as e: raise exceptions.AuthenticationFailed(str(e)) try: user = get_user_by_payload(payload) except JSONWebTokenError: raise exceptions.AuthenticationFailed(_("Invalid payload")) return user, payload
def test_user_disabled_by_payload(self, *args): payload = utils.jwt_payload(self.user) with self.assertRaises(exceptions.JSONWebTokenError): utils.get_user_by_payload(payload)
def test_user_by_invalid_payload(self): with self.assertRaises(exceptions.JSONWebTokenError): utils.get_user_by_payload({})
def test_user_disabled_by_payload(self, *args): payload = utils.jwt_payload(self.user) with self.assertRaises(GraphQLJWTError): utils.get_user_by_payload(payload)
def test_user_by_invalid_payload(self): with self.assertRaises(GraphQLJWTError): utils.get_user_by_payload({})
def test_user_disabled_by_payload(self, *args): payload = utils.jwt_payload(self.user) with self.assertRaises(GraphQLJWTError): utils.get_user_by_payload(payload)
def test_user_by_invalid_payload(self): with self.assertRaises(GraphQLJWTError): utils.get_user_by_payload({})