def _decode_jwt_from_request(request_type):
# We have three cases here, having jwts in both cookies and headers is
# valid, or the jwt can only be saved in one of cookies or headers. Check
# all cases here.
if config.jwt_in_cookies and config.jwt_in_headers:
try:
decoded_token = _decode_jwt_from_cookies(request_type)
except NoAuthorizationError:
try:
decoded_token = _decode_jwt_from_headers()
except NoAuthorizationError:
raise NoAuthorizationError(
"Missing JWT in headers and cookies")
elif config.jwt_in_headers:
decoded_token = _decode_jwt_from_headers()
else:
decoded_token = _decode_jwt_from_cookies(request_type)
# Make sure the type of token we received matches the request type we expect
if decoded_token['type'] != request_type:
raise WrongTokenError(
'Only {} tokens can access this endpoint'.format(request_type))
# If blacklisting is enabled, see if this token has been revoked
if config.blacklist_enabled:
check_if_token_revoked(decoded_token)
return decoded_token
def wrapper(*args, **kwargs):
# Get the JWT
jwt_data = _decode_jwt_from_request()
# verify this is a refresh token
if jwt_data['type'] != 'refresh':
raise WrongTokenError('Only refresh tokens can access this endpoint')
# If blacklisting is enabled, see if this token has been revoked
blacklist_enabled = get_blacklist_enabled()
if blacklist_enabled:
check_if_token_revoked(jwt_data)
# Save the jwt in the context so that it can be accessed later by
# the various endpoints that is using this decorator
ctx_stack.top.jwt_identity = jwt_data['identity']
return fn(*args, **kwargs)
def wrapper(*args, **kwargs):
# Attempt to decode the token
jwt_data = _decode_jwt_from_request(type='access')
# Verify this is an access token
if jwt_data['type'] != 'access':
raise WrongTokenError(
'Only access tokens can access this endpoint')
# If blacklisting is enabled, see if this token has been revoked
blacklist_enabled = get_blacklist_enabled()
if blacklist_enabled:
check_if_token_revoked(jwt_data)
# Save the jwt in the context so that it can be accessed later by
# the various endpoints that is using this decorator
ctx_stack.top.jwt = jwt_data
return fn(*args, **kwargs)
def wrapper(*args, **kwargs):
# Attempt to decode the token
jwt_data = _decode_jwt_from_request()
# Verify this is an access token
if jwt_data['type'] != 'access':
raise WrongTokenError('Only access tokens can access this endpoint')
# If blacklisting is enabled, see if this token has been revoked
blacklist_enabled = get_blacklist_enabled()
if blacklist_enabled:
check_if_token_revoked(jwt_data)
# Check if the token is fresh
if not jwt_data['fresh']:
raise FreshTokenRequired('Fresh token required')
# Save the jwt in the context so that it can be accessed later by
# the various endpoints that is using this decorator
ctx_stack.top.jwt_identity = jwt_data['identity']
ctx_stack.top.jwt_user_claims = jwt_data['user_claims']
return fn(*args, **kwargs)
