Esempio n. 1
0
    def authenticate(self, request):
        auth = get_authorization_header(request).split()
        auth_header_prefix = settings.JWT_AUTH_HEADER_PREFIX.lower()

        if not auth or smart_text(auth[0].lower()) != auth_header_prefix:
            raise exceptions.AuthenticationFailed()

        if len(auth) == 1:
            msg = 'Invalid Authorization header. No credentials provided.'
            raise exceptions.AuthenticationFailed(msg)
        elif len(auth) > 2:
            msg = ('Invalid Authorization header. Credentials string '
                   'should not contain spaces.')
            raise exceptions.AuthenticationFailed(msg)

        try:
            payload = jwt_decode_handler(auth[1])
        except jwt.ExpiredSignature:
            msg = 'Signature has expired.'
            raise exceptions.AuthenticationFailed(msg)
        except jwt.DecodeError:
            msg = 'Error decoding signature.'
            raise exceptions.AuthenticationFailed(msg)

        user = self.authenticate_credentials(payload)

        return (user, auth[1])
Esempio n. 2
0
    def authenticate(self, request):
        auth = get_authorization_header(request).split()
        auth_header_prefix = settings.JWT_AUTH_HEADER_PREFIX.lower()

        if not auth or smart_text(auth[0].lower()) != auth_header_prefix:
            raise exceptions.AuthenticationFailed()

        if len(auth) == 1:
            msg = 'Invalid Authorization header. No credentials provided.'
            raise exceptions.AuthenticationFailed(msg)
        elif len(auth) > 2:
            msg = ('Invalid Authorization header. Credentials string '
                   'should not contain spaces.')
            raise exceptions.AuthenticationFailed(msg)

        try:
            payload = jwt_decode_handler(auth[1])
        except jwt.ExpiredSignature:
            msg = 'Signature has expired.'
            raise exceptions.AuthenticationFailed(msg)
        except jwt.DecodeError:
            msg = 'Error decoding signature.'
            raise exceptions.AuthenticationFailed(msg)

        user = self.authenticate_credentials(payload)

        return (user, auth[1])
Esempio n. 3
0
 def dispatch(self, request, *args, **kwargs):
     auth = get_authorization_header(request)
     if auth:
         return super(OptionalJWTMixin,
                      self).dispatch(request, *args, **kwargs)
     else:
         return super(JSONWebTokenAuthMixin,
                      self).dispatch(request, *args, **kwargs)
Esempio n. 4
0
def get_token_from_request(request):
    auth = get_authorization_header(request).split()
    auth_header_prefix = settings.JWT_AUTH_HEADER_PREFIX.lower()

    if not auth or auth[0].lower().decode("utf-8") != auth_header_prefix:
        raise exceptions.AuthenticationFailed()

    if len(auth) == 1:
        raise exceptions.AuthenticationFailed(
            _("Invalid Authorization header. No credentials provided."))
    elif len(auth) > 2:
        raise exceptions.AuthenticationFailed(
            _("Invalid Authorization header. Credentials string "
              "should not contain spaces."))

    return auth[1]
 def process_request(request):
     if 'HTTP_AUTHORIZATION' in request.META:
         header = get_authorization_header(request).split()
         if header is not None:
             if header[0].lower() == "basic":
                 username, password = base64.b64decode(header[1]).split(":")
                 user = authenticate(username=username, password=password)
                 if user is not None and user.is_active:
                     login(request, user)
             elif header[0].lower() == settings.JWT_AUTH_HEADER_PREFIX.lower():
                 # use jwt auth
                 try:
                     auth = JSONWebTokenAuthMixin().authenticate(request)
                     if auth is not None:
                         user = auth[0]
                         user.backend = 'django.contrib.auth.backends.ModelBackend'
                         login(request, user)
                 except AuthenticationFailed as e:
                     logging.exception(e)
     return None
Esempio n. 6
0
 def dispatch(self, request, *args, **kwargs):
     auth = get_authorization_header(request)
     if auth:
         return super(OptionalJWTMixin, self).dispatch(request, *args, **kwargs)
     else:
         return super(JSONWebTokenAuthMixin, self).dispatch(request, *args, **kwargs)