def decode_token(token: str, context=None): payload = {} def __verify_payload(payload: Dict): user = get_user_by_payload(payload) jti = "" try: jti = payload["jti"] except: raise jwt.MissingRequiredClaimError("jti") if (not user.jtis.filter(value=jti).exists()): raise jwt.InvalidTokenError("Token expired by user-logout request") try: payload = jwt_decode(token, context) __verify_payload(payload) except jwt.ExpiredSignature: raise exceptions.JSONWebTokenExpired() except jwt.DecodeError as e: print(e) raise exceptions.JSONWebTokenError('Error decoding signature') except jwt.InvalidTokenError as j: print(j) raise exceptions.JSONWebTokenError('Invalid token') return payload
def resolve(self, next, root, info, **kwargs): request = info.context if needs_live_client_jwt_verification(request): token = get_live_client_authorization(request) decodedToken = jwt_decode(token) do_additional_token_verification(decodedToken) elif needs_additional_jwt_verification(request): token = get_http_authorization(info.context) decodedToken = jwt_decode(token) do_additional_token_verification(decodedToken) if not hasattr(request, "user"): request.user = AnonymousUser() return super().resolve(next, root, info, **kwargs)
def mutate(self, info, token, password1, password2): email = None # result = settings.PASSWORD_NOT_RESET_ERROR result = settings.KO errors_list = [] if password1 is None or len(password1.strip()) == 0: errors_list.append(settings.PASSWORD1_REQUIRED_ERROR) if password2 is None or len(password2.strip()) == 0: errors_list.append(settings.PASSWORD2_REQUIRED_ERROR) if password1 != password2: errors_list.append(settings.PASSWORDS_NOT_MATCH_ERROR) else: password_pattern = re.compile(settings.PASSWORD_REGEX_PATTERN) if password_pattern.match(password1) is None: errors_list.append(settings.PASSWORD_REGEX_ERROR) if token is None or len(token.strip()) == 0: errors_list.append(settings.TOKEN_REQUIRED_ERROR) else: try: payload = jwt_decode(token) email = payload.get('email') if email is None or len(email.strip()) == 0: raise Exception() user = None try: user = get_user_model().objects.get(email=email) except get_user_model().DoesNotExist: errors_list.append(settings.ACCOUNT_DOES_NOT_EXIST_ERROR) if user is not None: if not user.is_active: errors_list.append(settings.ACCOUNT_INACTIVE_ERROR) elif token != user.last_token: errors_list.append(settings.TOKEN_NOT_MATCH_ERROR) elif user.is_used_last_token: errors_list.append(settings.TOKEN_USED_ERROR) if len(errors_list) == 0: # https://django-graphql-jwt.domake.io/en/stable/settings.html#pyjwt user.set_password(password1) user.is_used_last_token = True user.save() # result = settings.PASSWORD_RESET result = settings.OK except ExpiredSignatureError: errors_list.append(settings.EXPIRED_TOKEN_ERROR) except Exception: errors_list.append(settings.TOKEN_ERROR) return ResetPassword(email=email, result=result, errors=errors_list)
def mutate(self, info, token): old_email = None new_email = None # result = settings.EMAIL_NOT_UPDATED_ERROR result = settings.KO errors_list = [] if token is None or len(token.strip()) == 0: errors_list.append(settings.TOKEN_REQUIRED_ERROR) else: try: payload = jwt_decode(token) old_email = payload.get('email') new_email = payload.get('new_email') email_pattern = re.compile(settings.EMAIL_REGEX_PATTERN) if old_email is None or len(old_email.strip()) == 0 \ or new_email is None or len(new_email.strip()) == 0 is None: raise Exception() elif email_pattern.match(new_email) is None: errors_list.append(settings.EMAIL_REGEX_ERROR) elif get_user_model().objects.filter( email__iexact=new_email).exists(): errors_list.append(settings.EMAIL_ALREADY_REGISTERED_ERROR) else: user = None try: user = get_user_model().objects.get(email=old_email) except get_user_model().DoesNotExist: errors_list.append( settings.ACCOUNT_DOES_NOT_EXIST_ERROR) if user is not None: if not user.is_active: errors_list.append(settings.ACCOUNT_INACTIVE_ERROR) elif token != user.last_token: errors_list.append(settings.TOKEN_NOT_MATCH_ERROR) elif user.is_used_last_token: errors_list.append(settings.TOKEN_USED_ERROR) if len(errors_list) == 0: user.email = new_email.lower() user.is_used_last_token = True user.save() # result = settings.EMAIL_UPDATED result = settings.OK except ExpiredSignatureError: errors_list.append(settings.EXPIRED_TOKEN_ERROR) except Exception: errors_list.append(settings.TOKEN_ERROR) return UpdateEmail(old_email=old_email, new_email=new_email, result=result, errors=errors_list)
def mutate(info, token, uid): try: uid = force_bytes(urlsafe_base64_decode(uid)) user = User.objects.get(pk=uid) except (TypeError, ValueError, OverflowError, User.DoesNotExist): return Activate(success=False, errors=['user', 'No such user found']) if user is not None and jwt_decode(token): user.is_confirmed = True user.save() login(info.context, user) return Activate(success=True) return Activate(success=False, errors=['user', 'User is invalid'])
def __call__(self, scope): headers = dict(scope['headers']) token = "NOTOKEN" for item in headers[b'cookie'].split(): keyValue = str(item).split("=") if keyValue[0] == "b'token": token = keyValue[1][:-1] break if token == "NOTOKEN": raise Exception("Authentication error") else: username = jwt_decode(token)['username'] scope['user'] = User.objects.get(username=username) return self.inner(scope)
def test_rsa_jwt(self): private_key = rsa.generate_private_key( public_exponent=65537, key_size=2048, backend=default_backend(), ) public_key = private_key.public_key() payload = utils.jwt_payload(self.user) with override_jwt_settings(JWT_PUBLIC_KEY=public_key, JWT_PRIVATE_KEY=private_key, JWT_ALGORITHM='RS256'): token = utils.jwt_encode(payload) decoded = utils.jwt_decode(token) self.assertEqual(payload, decoded)
def __call__(self, scope): """ Return user(or AnonymousUser) that tries to connect to websockets """ headers = dict(scope['headers']) user = None if b'cookie' in headers: cookie = headers[b'cookie'].decode("utf-8") result = re.search(r'authorization=[\w.-]+', cookie) if result: token = result.group(0).split('=')[1] email = utils.jwt_decode(token)['email'] user = get_user_model().objects.get(email=email) if user: scope['user'] = user else: scope['user'] = AnonymousUser() return self.inner(scope)
def mutate(self, info, token): email = None # result = settings.USER_NOT_ACTIVATED_ERROR result = settings.KO errors_list = [] if token is None or len(token.strip()) == 0: errors_list.append(settings.TOKEN_REQUIRED_ERROR) else: try: payload = jwt_decode(token) email = payload.get('email') if email is None or len(email.strip()) == 0: raise Exception() user = None try: user = get_user_model().objects.get(email=email.lower()) except get_user_model().DoesNotExist: errors_list.append(settings.ACCOUNT_DOES_NOT_EXIST_ERROR) if user is not None: if user.is_active: errors_list.append(settings.ACCOUNT_ACTIVE_ERROR) elif token != user.last_token: raise Exception(settings.TOKEN_NOT_MATCH_ERROR) elif user.is_used_last_token: errors_list.append(settings.TOKEN_USED_ERROR) if len(errors_list) == 0: user.is_active = True user.is_used_last_token = True user.save() # result = settings.USER_ACTIVATED result = settings.OK except ExpiredSignatureError: errors_list.append(settings.EXPIRED_TOKEN_ERROR) except Exception: errors_list.append(settings.TOKEN_ERROR) return ActivateAccount(email=email, result=result, errors=errors_list)