def validate(self, attrs):
# Check if token is invalid or expired
refresh = RefreshToken(attrs['refresh'])
# Check if session with token exists
jti = refresh[api_settings.JTI_CLAIM]
if not TokenSession.objects.filter(jti=jti).exists():
raise TokenError(_('Token is not whitelisted'))
TokenSession.objects.filter(jti=jti).delete()
refresh.set_jti()
refresh.set_exp()
return self.whitelist(refresh)
def get_validated_token(self, raw_token, refresh_token=None):
"""
Validates an encoded JSON web token and returns a validated token
wrapper object.
"""
messages = []
for AuthToken in api_settings.AUTH_TOKEN_CLASSES:
try:
if refresh_token is None:
return AuthToken(raw_token)
else:
return AuthToken(raw_token), None
except TokenError as e:
if refresh_token is None:
messages.append({
'token_class': AuthToken.__name__,
'token_type': AuthToken.token_type,
'message': e.args[0]
})
else:
try:
refresh = RefreshToken(refresh_token)
new_tokens = {'access': str(refresh.access_token)}
if api_settings.ROTATE_REFRESH_TOKENS:
if api_settings.BLACKLIST_AFTER_ROTATION:
try:
# Attempt to blacklist the given refresh token
refresh.blacklist()
except AttributeError as e:
messages.append({'Error:': e.args[0]})
refresh.set_jti()
refresh.set_exp()
new_tokens['refresh'] = str(refresh)
return AuthToken(new_tokens['access']), new_tokens
except Exception as e:
messages.append({'Error:': e.args[0]})
raise InvalidToken({
'detail':
_('Given token not valid for any token type'),
'messages':
messages,
})
def test_it_should_raise_token_error_if_token_invalid(self):
token = RefreshToken()
del token['exp']
s = TokenVerifySerializer(data={'token': str(token)})
with self.assertRaises(TokenError) as e:
s.is_valid()
self.assertIn("has no 'exp' claim", e.exception.args[0])
token.set_exp(lifetime=-timedelta(days=1))
s = TokenVerifySerializer(data={'token': str(token)})
with self.assertRaises(TokenError) as e:
s.is_valid()
self.assertIn('invalid or expired', e.exception.args[0])
def validate(self, attrs):
refresh = RefreshToken(attrs['refresh'])
data = {'access': str(refresh.access_token)}
if api_settings.ROTATE_REFRESH_TOKENS:
if api_settings.BLACKLIST_AFTER_ROTATION:
try:
# Attempt to blacklist the given refresh token
refresh.blacklist()
except AttributeError:
# If blacklist app not installed, `blacklist` method will
# not be present
pass
refresh.set_jti()
refresh.set_exp()
data['refresh'] = str(refresh)
return data
def save_model(self, request, obj, form, change):
if obj.user:
refresh = RefreshToken()
# custom claims
refresh["client"] = "pyintelowl"
refresh["user_id"] = obj.user.id
# overwrite lifetime/expiry
refresh.set_exp(
lifetime=jwt_settings.get("PYINTELOWL_TOKEN_LIFETIME", None))
token = OutstandingToken.objects.create(
user=obj.user,
jti=refresh.payload["jti"],
token=str(refresh),
created_at=refresh.current_time,
expires_at=datetime_from_epoch(refresh["exp"]),
)
return token
return None
def validate(self, attrs):
# wrap the given refresh token as a RefreshToken object
refresh = RefreshToken(attrs["refresh"])
# create response data
data = {"access": str(refresh.access_token)}
if jwt_settings["ROTATE_REFRESH_TOKENS"]:
blacklisted_token = None
if jwt_settings["BLACKLIST_AFTER_ROTATION"]:
try:
# Attempt to blacklist the given refresh token
blacklisted_token, _ = refresh.blacklist()
except AttributeError:
# If blacklist app not installed, `blacklist` method will
# not be present
pass
# rotate refresh token
refresh.set_jti()
if refresh.get("client", False) == "pyintelowl":
refresh.set_exp(
lifetime=jwt_settings.get("PYINTELOWL_TOKEN_LIFETIME", None)
)
else:
refresh.set_exp()
data["refresh"] = str(refresh)
# PATCHED - Create Outstanding Token in the db
if blacklisted_token:
user = blacklisted_token.token.user
if user:
OutstandingToken.objects.create(
user=user,
jti=refresh.payload["jti"],
token=str(refresh),
created_at=refresh.current_time,
expires_at=datetime_from_epoch(refresh["exp"]),
)
return data
def validate(self, attrs):
refresh = RefreshToken(attrs['refresh'])
data = {
'access': str(refresh.access_token),
'expires_in': refresh.access_token.get('exp', '')
}
if api_settings.ROTATE_REFRESH_TOKENS:
if api_settings.BLACKLIST_AFTER_ROTATION:
try:
refresh.blacklist()
except AttributeError:
pass
refresh.set_jti()
refresh.set_exp()
data['refresh'] = str(refresh)
return data
def post(self, request, format=None):
if request.method == "POST":
ref_token = request.data.get("refresh_token")
try:
reftokenModel = RefreshToken(
ref_token) # RefreshToken(token=ref_token)
except TokenError:
return Response(
{
'success': False,
"message":
"Token is invalid or expired. Do a full login"
},
status=HTTPStatus.HTTP_400_BAD_REQUEST)
data = {
'access': str(reftokenModel.access_token),
'refresh': ref_token
}
if api_settings.ROTATE_REFRESH_TOKENS:
if api_settings.BLACKLIST_AFTER_ROTATION:
try:
reftokenModel.blacklist()
except AttributeError:
pass
reftokenModel.set_jti()
reftokenModel.set_exp()
data['refresh'] = str(reftokenModel)
return Response(
{
'token': data['access'],
'refresh_token': data['refresh'],
"token_type": "Bearer"
},
status=HTTPStatus.HTTP_200_OK)
else:
status_code = HTTPStatus.METHOD_NOT_ALLOWED
response = JsonResponse({'success': 'false'}, status=status_code)
return response
def mutate(cls, context, info, **input):
refresh = RefreshToken(input['refreshToken'])
if settings.SIMPLE_JWT.get('ROTATE_REFRESH_TOKENS'):
if settings.SIMPLE_JWT.get('BLACKLIST_AFTER_ROTATION'):
try:
# Attempt to blacklist the given refresh token
refresh.blacklist()
except AttributeError:
# If blacklist app not installed, `blacklist` method will not be present
pass
refresh.set_jti()
refresh.set_exp()
access_token = token_backend.encode(refresh.access_token.payload)
refresh_token = token_backend.encode(refresh.payload)
return Tokens(
accessToken=access_token,
refreshToken=refresh_token
)
def validate(self, attrs):
refresh = RefreshToken(attrs['refresh'])
data = {'access': str(refresh.access_token)}
if api_settings.ROTATE_REFRESH_TOKENS:
if api_settings.BLACKLIST_AFTER_ROTATION:
try:
# Attempt to blacklist the given refresh token
refresh.blacklist()
except AttributeError:
# If blacklist app not installed, `blacklist` method will
# not be present
pass
refresh.set_jti()
refresh.set_exp()
data['refresh'] = str(refresh)
decoded = jwt.decode(data['access'], settings.SECRET_KEY)
user = User.objects.get(id=decoded['user_id'])
data['user'] = UserSerializer(user).data
return data
def validate(self, attrs):
refresh = RefreshToken(attrs["refresh"])
data = {"access": str(refresh.access_token)}
if api_settings.ROTATE_REFRESH_TOKENS:
if api_settings.BLACKLIST_AFTER_ROTATION:
try:
# Attempt to blacklist the given refresh token
refresh.blacklist()
except AttributeError:
# If blacklist app not installed, `blacklist` method will
# not be present
pass
refresh.set_jti()
refresh.set_exp()
data["refresh"] = str(refresh)
# Updating users active status
User.objects.filter(id=refresh["user_id"]).update(last_login=localtime(now()))
return data
