def test_login_authorization_has_valid_refresh_token(self): response = self.test_client.post('/api/auth', content_type="application/json", data=json.dumps(dict(username='******', password='******'))) key = json.loads(response.get_data(as_text=True)) token = decode_token(key['refresh_token']) self.assertEqual(token['type'], 'refresh') self.assertEqual(token['identity'], self.admin_user_id)
def test_login_authorization_has_valid_access_token(self): response = self.test_client.post('/api/auth', content_type="application/json", data=json.dumps(dict(username='******', password='******'))) key = json.loads(response.get_data(as_text=True)) token = decode_token(key['access_token']) self.assertEqual(token['type'], 'access') self.assertEqual(token['identity'], self.admin_user_id) self.assertTrue(token['fresh']) self.assertDictEqual(token['user_claims'], {'username': '******', 'roles': [self.admin_role_id]})
def __func(): data = request.get_json() refresh_token = data.get('refresh_token', None) if data else None if refresh_token is None: return Problem(BAD_REQUEST, 'Could not logout.', 'A refresh token is required to logout.') decoded_refresh_token = decode_token(refresh_token) refresh_token_identity = decoded_refresh_token[current_app.config['JWT_IDENTITY_CLAIM']] user_id = get_jwt_identity() if user_id == refresh_token_identity: user = User.query.filter(User.id == user_id).first() if user is not None: user.logout() revoke_token(decode_token(refresh_token)) return None, NO_CONTENT else: return Problem( BAD_REQUEST, 'Could not logout.', 'The identity of the refresh token does not match the identity of the authentication token.')
def test_logout(self): response = self.test_client.post('/api/auth', content_type="application/json", data=json.dumps(dict(username='******', password='******'))) key = json.loads(response.get_data(as_text=True)) access_token = key['access_token'] refresh_token = key['refresh_token'] headers = {'Authorization': 'Bearer {}'.format(access_token)} response = self.test_client.post('/api/auth/logout', headers=headers, content_type="application/json", data=json.dumps(dict(refresh_token=refresh_token))) refresh_token = decode_token(refresh_token) refresh_token_jti = refresh_token['jti'] self.assertEqual(response.status_code, NO_CONTENT) tokens = BlacklistedToken.query.filter_by(jti=refresh_token_jti).all() self.assertEqual(len(tokens), 1)
def test_refresh_valid_token_yields_access_token(self): response = self.test_client.post('/api/auth', content_type="application/json", data=json.dumps(dict(username='******', password='******'))) key = json.loads(response.get_data(as_text=True)) headers = {'Authorization': 'Bearer {}'.format(key['refresh_token'])} refresh = self.test_client.post('/api/auth/refresh', content_type="application/json", headers=headers) self.assertEqual(refresh.status_code, OBJECT_CREATED) key = json.loads(refresh.get_data(as_text=True)) self.assertSetEqual(set(key.keys()), {'access_token'}) token = decode_token(key['access_token']) self.assertEqual(token['type'], 'access') self.assertEqual(token['identity'], self.admin_user_id) self.assertFalse(token['fresh'])
def login(email_or_token, password=None): if password: email = email_or_token try: u = User.objects(email=email)[0] except: return None if u.check_password(password): return u else: return None else: token = email_or_token identity = decode_token(token)["identity"] return User.from_identity(identity)
def test_login_authorization_has_valid_access_token(self): response = self.test_client.post('/api/auth', content_type="application/json", data=json.dumps( dict(username='******', password='******'))) key = json.loads(response.get_data(as_text=True)) token = decode_token(key['access_token']) self.assertEqual(token['type'], 'access') self.assertEqual(token['identity'], self.admin_user_id) self.assertTrue(token['fresh']) self.assertDictEqual(token['user_claims'], { 'username': '******', 'roles': [self.admin_role_id] })
def update_email(token): """ update email verifying it and set status to true""" try: token_data = decode_token(token) email = token_data['email'] username = token_data['username'] except Exception: raise MyException('please click the link to verify your email', status_code=404) user = User.query.filter(User.username == username).first() if user is None: raise MyException('invalid user', status_code=404) user.email = email db.session.commit() user.email_status = True return {"updated_email": email}
def info_from_jwt(token): """ Check and retrieve authentication information from custom bearer token. Returned value will be passed in 'token_info' parameter of your operation function, if there is one. 'sub' or 'uid' will be set in 'user' parameter of your operation function, if there is one. :param token Token provided by Authorization header :type token: str :return: Decoded token information or None if token is invalid :rtype: dict | None """ if token: return decode_token(token) return None
def wrapper(*args, **kwds): try: token = decode_token(request.cookies.get('access_token_cookie'), request.cookies.get('csrf_access_token')) if token.get('identity') == None: print("rediretc") return redirect("/unauthorized"), 302 except ExpiredSignatureError as e: pass except Exception as e: return redirect("/unauthorized"), 302 return route(*args, **kwds)
def _decode_token(request_type: TokenType, token_location: TokenLocation) -> Union[dict, None]: encoded_token = None if token_location == TokenLocation.HEADERS: encoded_token = _get_encoded_token(request_type, _get_header_names, _get_header_token) elif token_location == TokenLocation.QUERY_STRING: encoded_token = _get_encoded_token(request_type, _get_query_param_names, _get_query_param_token) decoded_token = decode_token(encoded_token) verify_token_type(decoded_token, expected_type=request_type.value) return decoded_token
def add_to_db(cls, encoded_token, identity_claim): decoded_token = decode_token(encoded_token) jti = decoded_token['jti'] token_type = decoded_token['type'] user_identity = decoded_token[identity_claim] expires = datetime.fromtimestamp(decoded_token['exp']) revoked = False db_token = TokenList(jti=jti, token_type=token_type, user_identity=user_identity, expires=expires, revoked=revoked) db.session.add(db_token) db.session.commit()
def store_token(encoded_token): decoded_token = decode_token(encoded_token) token_type = { 'access': TokenType.access_token.value, 'refresh': TokenType.refresh_token.value }.get(decoded_token['type']) expires = datetime.datetime.utcfromtimestamp(decoded_token['exp']) token_object = JsonWebToken(jti=decoded_token['jti'], token_type=token_type, user_id=int(decoded_token['identity']), expires=expires) db.session.add(token_object) db.session.commit()
def test_new_token(self, db_session, test_user): token_user, _ = test_user test_token = jwt_create_access_token(identity=token_user.public_id, fresh=False) decoded_test_token = decode_token(test_token) # create token and add to database token_values = {'encoded_token': test_token, 'user_identity': token_user.public_id} db_session.add(models.Token(**token_values)) db_session.commit() # test values new_token = services.get_token_by_jti(jti=decoded_test_token['jti']) assert new_token.jti assert new_token.type == 'access' assert new_token.revoked is not None assert new_token.expires assert new_token.user_public_id == token_user.public_id
def add_token_to_database(encoded_token, identity_claim): """ Adds a new token to the database. It is not revoked when it is added. :param identity_claim: """ decoded_token = decode_token(encoded_token) db_token = TokenBlacklist( jti=decoded_token['jti'], token_type=decoded_token['type'], user_identity=decoded_token[identity_claim], expires=datetime.datetime.fromtimestamp(decoded_token['exp']), revoked=False, ) db.session.add(db_token) db.session.commit()
def post(self): args = parser.parse_args() access_token = args['access_token'] user_id = decode_token(access_token)['identity'] client = MongoClient('mongodb://localhost:27017') db = client.pookle collection = db.users users = collection.find() for user in users: if user['id'] == user_id: current_user = { 'id': user['id'], } return current_user return {'id': ''}
def wrapper(*args, **kwargs): from flask import redirect, session, request from flask_jwt_extended import decode_token from datetime import datetime # attempt to grab the jwt from request try: token = session.get("access_token", None) except: token = None jwt_data = decode_token(token) if token != None else None # if the grab worked and the identity key is in the dict then proceed if jwt_data and jwt_data.get("exp", 0) >= int(datetime.now().strftime('%s')): return func(*args, **kwargs) else: return redirect(f'/login?msg=Require Login&rurl={request.path}', code=302)
def post(self): body = request.get_json(force=True) #print(body.get('reset_token')) _id = decode_token(body.get('access_token'))['identity'] print(col.find_one({"_id": _id}).get('username')) bvalue = bytes(body.get('password'), 'utf-8') temp_hash = bcrypt.hashpw(bvalue, bcrypt.gensalt()) col.update_one({"_id": _id}, {"$set": { 'password': temp_hash.decode('utf-8') }}) return 'Your password has been reset successfully!'
def getRate(): try: user_id = decode_token( request.headers.get('Authorization')).get('identity') movie_id = db.session.query(Link).filter_by( imdbID=request.args.get('movieId')).first().movie_id user_rate = db.session.query(Rate).filter_by( user_id=user_id).filter_by(movie_id=movie_id).first() if user_rate: return {"rate": user_rate.rate} else: return {"rate": 0} except Exception as e: print(str(e)) return {"rate": 0}
def test_no_user_claims(app, user_loader_return): jwtM = get_jwt_manager(app) @jwtM.user_claims_loader def empty_user_loader_return(identity): return user_loader_return # Identity should not be in the actual token, but should be in the data # returned via the decode_token call with app.test_request_context(): token = create_access_token('username') pure_decoded = jwt.decode(token, config.decode_key, algorithms=[config.algorithm]) assert config.user_claims not in pure_decoded extension_decoded = decode_token(token) assert config.user_claims in extension_decoded
def add_token_to_db(encoded_token, identity_claim): decoded_token = decode_token(encoded_token) jti = decoded_token['jti'] token_type = decoded_token['type'] user_id = decoded_token[identity_claim].get('id') expires = posix_utc_to_datetime(decoded_token['exp']) revoked = False db_token = TokenBlacklist(jti=jti, token_type=token_type, user_id=user_id, expires=expires, revoked=revoked) db.session.add(db_token) db.session.commit()
def get(self): identity = get_jwt_identity() access_token = create_access_token(identity=identity) access_token_details = decode_token(access_token) response = jsonify({ "msg": "refresh successful", "access_token": access_token, "access_token_lifetime": access_token_details['exp'] - int(time.time()), }) # set_access_cookies(response, access_token) return response
def test_create_new_user(): with app.app_context(): with patch(context + ".database") as mock: mock.users.find_one.return_value = valid_doc assert not create_new_user("user", pwd) mock.users.find_one.return_value = None insert_ack = MagicMock() insert_ack.acknowledged = True mock.users.insert_one.return_value = insert_ack result = create_new_user("user", pwd) assert decode_token(result)["identity"] == "user"
def user_profile(): # get the access token from the authorization header auth_header = request.headers.get('Authorization') access_token = auth_header.split(" ")[1] if access_token: decoded_token = decode_token(access_token) email = decoded_token["identity"] user = User.query.filter_by(email=email).first() if user: result = user_schema.dump(user) return jsonify(result) else: return jsonify(message="Sorry, could not find your profile"), 404 else: return jsonify(message="Could not find Access Token"), 401
def wrapper(*args, **kwargs): log.info("Is Authenticated Decorator.") user_data = get_jwt_identity() log.info(user_data) user_obj = User.query.filter_by(email=user_data['email']).one() setattr(request, 'user', user_obj) setattr(request, 'auth_token', request.cookies['x-access-token']) token_extra_details = decode_token(request.cookies['x-access-token']) token_data = { 'iat': token_extra_details['iat'], 'exp': token_extra_details['exp'], 'identity': token_extra_details['identity'], 'token': request.cookies['x-access-token'] } setattr(request, 'token_data', token_data) return fn(*args, **kwargs)
def test_user_login(test_client): login_body = { "email": "*****@*****.**", "password": "******", } expected_jwt_id = 1 expected_response_status = 201 actual_response = test_client.post("/api/users/login", json=login_body) actual_status = actual_response.status_code actual_response_token = actual_response.get_json().get("access_token") actual_jwt_id = decode_token(actual_response_token).get("sub") assert expected_response_status == actual_status assert expected_jwt_id == actual_jwt_id
def on_join(): token = request.args.get('token') if token: try: decoded_token = decode_token(token) user = User.query.filter_by( email=decoded_token['identity']).first() room = user.device_id if room: join_room(room) print(f'User {user.name} joined {user.device_id}') except Exception: # on any jwt error raise ConnectionRefusedError('unauthorized!') else: raise ConnectionRefusedError('unauthorized!')
def get(self): data = request.headers.get('Authorization').split(" ")[1] try: email = decode_token(data) if email["identity"]: user = UserModel.get_user_by_email(email["identity"]) response = jsonify({ "user": user_schema.dump(user), "success": True, "code": 200 }) response.status_code = 200 return response except: abort(400)
def parse_jwt(): if request.headers.has_key("AUTH_TOKEN"): authToken = request.headers["AUTH_TOKEN"] try: loginInfo = decode_token(authToken[7:]) g.email = loginInfo['identity'][0] g.user_type = loginInfo['identity'][1] g.logged_in = True except Exception: g.logged_in = False elif "DEBUG_TOKEN" in app.config and app.config["DEBUG_TOKEN"]: g.email = app.config["DEBUG_EMAIL"] g.user_type = app.config["DEBUG_USER_TYPE"] g.logged_in = app.config["DEBUG_LOGGED_IN"] else: g.logged_in = False
def test_user_login( test_client: flask.testing.FlaskClient, db: flask_sqlalchemy.SQLAlchemy ) -> None: r = test_client.post( '/user/', data={'email': '*****@*****.**', 'password': '******'} ) user_id = r.get_json()['id'] r = test_client.post( '/user/login', data={'email': '*****@*****.**', 'password': '******'} ) access_token = r.get_json()['access_token'] identity = flask_jwt_extended.decode_token(access_token)['identity'] assert identity == user_id
def on_join(data): try: token = decode_token(data['accessToken']) except (exceptions.ExpiredSignatureError, exceptions.DecodeError, KeyError): return user = User.query.filter(User.id==token['identity'], User.status>=1).first() if not user: return login_user(user) join_room(f'{current_user.id}') if current_user.group: join_room(f'{current_user.group.id}') join_room('all') join_room('deployments') handle_join_deployment(user, data) emit('CONNECTED', {'code': 200})
def add_token_to_database(encoded_token, user_identity): decoded_token = decode_token(encoded_token) jti = decoded_token['jti'] token_type = decoded_token['type'] expires = decoded_token['exp'] revoked = False db_token = TokenBlacklist( jti=jti, token_type=token_type, user_identity=user_identity, expires=expires, revoked=revoked, ) db.session.add(db_token) db.session.commit()
def reset_password(): body = _load_body() reset_token = body.get('reset_token') password = body.get('password') if not reset_token or not password: return response_bad_request('both reset_token and password required') # TODO: validation user_id = decode_token(reset_token)['identity'] # * user = crud.update_user_password(user_id, password) send_email( [user.email], '[Movie-bag] Password reset successful', 'email/reset_password_done', )
def login(): if current_user.is_authenticated: return redirect(url_for('home_blueprint.home')) form = LoginForm(request.form) if request.method == 'GET': return render_template('login.html', form=form) else: if not form.validate_on_submit(): return render_template('login.html', form=form) try: # Should be data and not json (endpoint expects form body) data = requests.post('http://api:8080/api/v1/auth/access-token', data={ 'username': form.email.data, 'password': form.password.data }) if data.status_code == 200: user = User() decoded_token = decode_token(data.json()['access_token']) user.id = decoded_token['sub'] session['token'] = data.json()['access_token'] session['token_exp'] = decoded_token['exp'] login_user(user) next = request.args.get('next') if not is_safe_url(next): return abort(400) return redirect(next or url_for('home_blueprint.home')) else: return render_template('login.html', data={ 'username': form.email.data, 'password': form.password.data, 'error': data.json()['detail'] }, api_headers=data.headers, form=form) except Exception as e: print(e) return "Some very good exception handling!"
def create_refresh_token(cls, refresh_token, user_agent): new_token = {} token = cls._verify_refresh_token(refresh_token, user_agent) token_data = decode_token(refresh_token) new_access_token = create_access_token(token_data.get('sub')) new_token['accessToken'] = new_access_token # refresh token 의 유효 기간이 3일 미만일 경우 refresh_token 또한 재발급. if (token_data.get('exp') - time()) < 259200: new_refresh_token = create_refresh_token(token_data.get('sub')) token.refresh_token = new_refresh_token new_token['refreshToken'] = new_refresh_token db.session.commit() return new_token
def test_refresh_invalid_user_blacklists_token(self): user = add_user(username='******', password='******') db.session.commit() response = self.test_client.post('/api/auth', content_type="application/json", data=json.dumps(dict(username='******', password='******'))) key = json.loads(response.get_data(as_text=True)) token = key['refresh_token'] db.session.delete(user) db.session.commit() headers = {'Authorization': 'Bearer {}'.format(token)} refresh = self.test_client.post('/api/auth/refresh', content_type="application/json", headers=headers) self.assertEqual(refresh.status_code, UNAUTHORIZED_ERROR) token = decode_token(token) tokens = BlacklistedToken.query.filter_by(jti=token['jti']).all() self.assertEqual(len(tokens), 1)
def test_admin_login(client, mock_admin_ad): """Test that admin logins are successfull.""" # Make sure the user doesn't exist before the first login assert len(User.query.all()) == 0 # Because we are mocking AD with ldap3, we have to use the distinguished name to log in rv = client.post('/api/v1/login', data=json.dumps({ 'username': '******', 'password': '******'})) assert rv.status_code == 200 rv_json = json.loads(rv.data.decode('utf-8')) assert set(rv_json.keys()) == set(['token']) # Make sure the user was created after the first login guid = '5609c5ec-c0df-4480-a94b-b6eb0fc4c066' assert User.query.filter_by(ad_guid=guid).first() decoded_token = flask_jwt_extended.decode_token(rv_json['token']) assert decoded_token['sub']['guid'] == guid assert decoded_token['sub']['username'] == 'testuser' assert decoded_token['user_claims']['roles'] == ['admin']
def add_token_to_database(encoded_token, identity_claim): """ Adds a new token to the database. It is not revoked when it is added. :param identity_claim: configured key to get user identity """ decoded_token = decode_token(encoded_token) jti = decoded_token['jti'] token_type = decoded_token['type'] user_identity = decoded_token[identity_claim] expires = datetime.fromtimestamp(decoded_token['exp']) revoked = False db_token = TokenBlacklist( jti=jti, token_type=token_type, user_id=user_identity, expires=expires, revoked=revoked, ) db.session.add(db_token) db.session.commit()