def save_token(token):
blacklist_token = BlacklistToken(token=token)
try:
#insert the token
db.session.add(blacklist_token)
db.session.commit()
response_object = {
'status': 'success',
'message': 'Successfully logged out.'
}
return response_object, 200
except Exception as e:
response_object = {'status': 'fail', 'message': e}
return response_object, 200
def save_token(token):
blacklist_token = BlacklistToken(token=token)
try:
db.session.add(blacklist_token)
db.session.commit()
response_object = {
"status": "success",
"message": "Successfully logged out"
}
return response_object, 200
except Exception as e:
response_object = {"status": "fail", "message": e}
return response_object, 200
def save_token(token):
blacklist_token = BlacklistToken(token=token)
try:
db.session.add(blacklist_token)
db.session.commit()
return {
'status': 'success',
'msg': 'Successfully logged out'
}
except Exception as e:
return {
'status': 'fail',
'msg': e
}, 400
def decode_auth_token(auth_token):
try:
a = key
payload = jwt.decode(auth_token, key, algorithms=['HS256'])
is_blacklisted_token = BlacklistToken.check_blacklist(auth_token)
if is_blacklisted_token:
return 'Token blacklisted. Please log in again'
else:
return payload['sub']
except jwt.ExpiredSignatureError:
return {"message": "'Signature expired. Please log in again'"}
except jwt.InvalidTokenError:
return {"message": "Invalid token. Please log in again"}
def decode_auth_token(auth_token):
'''Decodes the auth token
:param auth_token: return: integer|string'''
try:
payload = jwt.decode(auth_token, key)
is_blacklisted_token = BlacklistToken.check_blacklist(auth_token)
if is_blacklisted_token:
return 'Token blacklisted. Please log in again.'
else:
return payload['sub']
except jwt.ExpiredSignatureError:
return 'Signature expired. Please log in again.'
except jwt.InvalidTokenError:
return 'Invalid token. Please log in again.'
def save_token(token):
blacklist_token = BlacklistToken(token=token)
try:
db.session.add(blacklist_token)
db.session.commit()
response_object = {
'status': True,
'message': 'Successfully logged out!'
}
return response_object, 200
except Exception as e:
response_object = {'status': False, 'message': e}
return response_object, 200
def save_token(token: str) -> Tuple[Dict[str, str], int]:
blacklist_token = BlacklistToken(token=token)
try:
# insert the token
db.session.add(blacklist_token)
db.session.commit()
response_object = {
"status": "success",
"message": "Successfully logged out."
}
return response_object, 200
except Exception as e:
response_object = {"status": "fail", "message": e}
return response_object, 200
def decode_auth_token(auth_token):
try:
print(auth_token)
payload = jwt.decode(auth_token, key, algorithm='HS256')
print("payload : ", payload)
is_blacklisted_token = BlacklistToken.check_blacklist(auth_token)
if is_blacklisted_token:
return 'Token blacklisted. Please log in again.'
else:
return payload['sub']
except jwt.ExpiredSignatureError:
return 'Signature expired. Please log in again.'
except jwt.InvalidTokenError:
return 'Invalid token. Please log in again.'
def decode_auth_token(auth_token):
#Decodes the auth token
#:param authtoken:
#:return: int|str
try:
payload = jwt.decode(auth_token, key)
is_blacklisted_token = BlacklistToken.check_blacklist(auth_token)
if is_blacklisted_token:
return "Token blacklisted. Please log in again."
else:
return payload['sub']
except jwt.ExpiredSignatureError:
return "Signature expired. Please log in again."
except jwt.InvalidTokenError:
return "Invalid token. Please log in again."
def decode_auth_token(auth_token):
"""
Decodes the auth token
:param auth_token:
:return: integer|string
"""
try:
payload = jwt.decode(auth_token, key, "utf-8")
is_blacklisted_token = BlacklistToken.check_blacklist(auth_token)
if is_blacklisted_token:
return "Token blacklisted. Please log in again."
else:
return payload["sub"]
except jwt.ExpiredSignatureError:
return "Signature expired. Please log in again."
except jwt.InvalidTokenError:
return "Invalid token. Please log in again."
def decode_auth_token(auth_token):
"""
Decodes the auth token
:param auth_token:
:return: integer|string
"""
try:
payload = jwt.decode(auth_token, key, algorithms='HS256')
is_blacklisted_token = BlacklistToken.is_blacklisted(auth_token)
if is_blacklisted_token:
return 'Token blacklisted. Please log in again.'
else:
return payload['sub']
except jwt.ExpiredSignatureError:
return 'Signature expired. Please log in again.'
except jwt.InvalidTokenError:
return 'Invalid token. Please log in again.'
def decode_auth_token(auth_token: str) -> Union[str, int]:
"""
Decodes the auth token
:param auth_token:
:return: integer|string
"""
try:
payload = jwt.decode(auth_token, key, algorithms=["HS256"])
is_blacklisted_token = BlacklistToken.check_blacklist(auth_token)
if is_blacklisted_token:
return "Token blacklisted. Please log in again."
else:
return payload["sub"], payload["scope"]
except jwt.ExpiredSignatureError:
return "Signature expired. Please log in again."
except jwt.InvalidTokenError:
return "Invalid token. Please log in again."
def save_token(token: str) -> Tuple[Dict[str, str], int]:
blacklist_token = BlacklistToken(token=token)
try:
# insert the token
db.session.add(blacklist_token)
db.session.commit()
response_object = {
'status': 'Sucesso',
'message': 'Usuário deslogado com sucesso.'
}
return response_object, 200
except Exception as e:
response_object = {
'status': 'Falha',
'message': e
}
return response_object, 200
def decode_auth_token(auth_token):
"""
Decodes the auth token
:param auth_token: token to be decoded
:return: string response
"""
try:
payload = jwt.decode(auth_token, key)
is_blacklisted_token = BlacklistToken.check_blacklist(auth_token)
if is_blacklisted_token:
return 'Token blacklisted. Please login again'
else:
return payload['sub']
except jwt.ExpiredSignatureError:
return 'Signature expired'
except jwt.InvalidTokenError:
return 'Invalid token'
def decode_auth_token(auth_token: str) -> Union[str, int]:
"""
Decodes the auth token
:param auth_token:
:return: integer|string
"""
try:
payload = jwt.decode(auth_token, key, algorithms='HS256')
is_blacklisted_token = BlacklistToken.check_blacklist(auth_token)
if is_blacklisted_token:
return 'Conta deslogada. Por favor realizar o login novamente.'
else:
return payload['uid']
except jwt.ExpiredSignatureError:
return 'Senha expirada. Por favor realizar o login novamente.'
except jwt.InvalidTokenError:
return 'Senha inválida. Por favor realizar o login novamente.'
def save_token(token):
blacklist_token=BlacklistToken(token)
try:
db.session.add(blacklist_token)
db.session.commit()
response_obj={
'status':'success',
'message':'Successfuly logged out'
}
return make_response(response_obj,status.HTTP_200_OK)
except Exception as e:
response_obj={'status':'fail',
'message':e}
return make_response(response_obj,status.HTTP_200_OK)
def decode_auth_token(auth_token):
"""
Decodes the auth token
:param auth_token:
:return: integer|string
"""
logger.info(f"Decode Auth Token: {auth_token}")
is_blacklisted_token = BlacklistToken.check_blacklist(auth_token)
logger.info(f"is_blacklisted: {is_blacklisted_token}")
if is_blacklisted_token:
return {'error': 'Token blacklisted. Please log in again.'}
else:
try:
payload = jwt.decode(auth_token, key, algorithms='HS256')
return payload['sub']
except jwt.ExpiredSignatureError:
return {'error': 'Signature expired. Please log in again.'}
except jwt.InvalidTokenError:
return {'error': 'Invalid token. Please log in again.'}
def decode_auth_token(auth_token):
"""
Decode Auth Token
:param auth_token:
:return: integer|string
"""
try:
payload = jwt.decode(auth_token, key, algorithms=[JWT_ALGORITHM])
is_blacklisted_token = BlacklistToken.check_blacklist(auth_token)
if is_blacklisted_token:
return 'Token is expired. Please log in again.'
return payload['sub']
except jwt.ExpiredSignature:
return 'Signature expired. Please log in again'
except jwt.InvalidTokenError:
return 'Invalid token. Please login again'
def decode_auth_token(auth_token):
"""
인증토큰 검증
:param auth_token:
:return: integer|string
"""
try:
payload = jwt.decode(auth_token,
key,
algorithms='HS256',
verify=True)
is_blacklisted_token = BlacklistToken.check_blacklist(auth_token)
if is_blacklisted_token:
return '인증 토큰, 재로그인 필요'
else:
return payload['sub']
except jwt.ExpiredSignatureError:
return '인증만료, 재로그인 필요'
except jwt.InvalidTokenError:
return '유효하지 않은 인증, 재로그인 필요'
def decode_auth_token(auth_token):
"""
Decodes the auth token
:param auth_token:
:return: integer|string
"""
try:
from app.main.service.auth_helper import Auth
auth_token = (auth_token, Auth.remove_token_prefix(auth_token)
)[Auth.token_has_prefix(auth_token)]
payload = jwt.decode(auth_token, key)
is_blacklisted_token = BlacklistToken.check_blacklist(auth_token)
if is_blacklisted_token:
return 'Token blacklisted. Please log in again.'
else:
return payload['sub']
except jwt.ExpiredSignatureError:
return 'Signature expired. Please log in again.'
except jwt.InvalidTokenError:
return 'Invalid token. Please log in again.'
def decode_auth_token(auth_token: str) -> Union[str, int]:
"""
Decodes the auth token
:param auth_token:
:return: integer|string
"""
try:
payload = jwt.decode(auth_token, key, algorithms='HS256')
user = Usuario.query.filter_by(id=payload['uid']).first()
is_blacklisted_token = BlacklistToken.check_blacklist(auth_token)
if is_blacklisted_token:
return 'Conta deslogada. Por favor realizar o login novamente.'
elif user.ativo != True:
return 'Conta invativa. Por favor entrar em contato com o administrador.'
else:
return payload['uid']
except jwt.ExpiredSignatureError:
return 'Token expirado. Por favor realizar o login novamente.'
except jwt.InvalidTokenError:
return 'Token inválido. Por favor realizar o login novamente.'
def test_valid_blacklisted_token_logout(self):
""" Test for logout after a valid token gets blacklisted """
with self.client:
# usuario registration
resp_register = register_user(self)
data_register = json.loads(resp_register.data.decode())
self.assertTrue(data_register['status'] == 'success')
self.assertTrue(
data_register['message'] == 'Successfully registered.')
self.assertTrue(data_register['Authorization'])
self.assertTrue(resp_register.content_type == 'application/json')
self.assertEqual(resp_register.status_code, 201)
# usuario login
resp_login = login_user(self)
data_login = json.loads(resp_login.data.decode())
self.assertTrue(data_login['status'] == 'success')
self.assertTrue(data_login['message'] == 'Successfully logged in.')
self.assertTrue(data_login['Authorization'])
self.assertTrue(resp_login.content_type == 'application/json')
self.assertEqual(resp_login.status_code, 200)
# blacklist a valid token
blacklist_token = BlacklistToken(
token=json.loads(resp_login.data.decode())['Authorization'])
db.session.add(blacklist_token)
db.session.commit()
# blacklisted valid token logout
response = self.client.post(
'/auth/logout',
headers=dict(
Authorization='Bearer ' + json.loads(
resp_login.data.decode()
)['Authorization']
)
)
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'fail')
self.assertTrue(data['message'] == 'Token blacklisted. Please log in again.')
self.assertEqual(response.status_code, 401)
def test_valid_blacklisted_token_logout(self):
""" Test for logout after a valid token gets blacklisted """
with self.client:
# user registration
resp_register = register_user(self)
data_register = json.loads(resp_register.data.decode())
self.assertTrue(data_register["status"] == "success")
self.assertTrue(
data_register["message"] == "Successfully registered.")
self.assertTrue(data_register["Authorization"])
self.assertTrue(resp_register.content_type == "application/json")
self.assertEqual(resp_register.status_code, 201)
# user login
resp_login = login_user(self)
data_login = json.loads(resp_login.data.decode())
self.assertTrue(data_login["status"] == "success")
self.assertTrue(data_login["message"] == "Successfully logged in.")
self.assertTrue(data_login["Authorization"])
self.assertTrue(resp_login.content_type == "application/json")
self.assertEqual(resp_login.status_code, 200)
# blacklist a valid token
blacklist_token = BlacklistToken(
token=json.loads(resp_login.data.decode())["Authorization"])
db.session.add(blacklist_token)
db.session.commit()
# blacklisted valid token logout
response = self.client.post(
"/auth/logout",
headers=dict(
Authorization="Bearer " +
json.loads(resp_login.data.decode())["Authorization"]),
)
data = json.loads(response.data.decode())
self.assertTrue(data["status"] == "fail")
self.assertTrue(
data["message"] == "Token blacklisted. Please log in again.")
self.assertEqual(response.status_code, 401)
def test_blacklist_repr(self):
new_token = BlacklistToken(token='test token')
self.assertEqual(repr(new_token),
"<id: token: {}>".format(new_token.token))
def check_if_token_in_blacklist(decrypted_token):
return (
BlacklistToken.check_blacklist(decrypted_token["jti"])
) # Here we blacklist particular JWTs that have been created in the past.