def get_secret_key(payload=None): if api_settings.JWT_GET_USER_SECRET_KEY: User = get_user_model() user = User.objects.get(pk=payload.get('user_id')) key = str(api_settings.JWT_GET_USER_SECRET_KEY(user)) return key return api_settings.JWT_SECRET_KEY
def jwt_get_secret_key(payload=None): """ For enhanced security you may want to use a secret key based on user. This way you have an option to logout only this user if: - token is compromised - password is changed - etc. """ if api_settings.JWT_GET_USER_SECRET_KEY: user = User.objects.get(pk=payload.get('user_id')) key = str(api_settings.JWT_GET_USER_SECRET_KEY(user)) return key return api_settings.JWT_SECRET_KEY
def get_jwt_secret_key(self, payload=None): """ This is a utility function copied, and slightly modified, from the django-rest-framework-jwt lib that allows us to get the jwt_secret we are storing in the User model for each user from the token. """ if payload is not None: User = get_user_model() user = User.objects.get(pk=payload["id"]) key = str(api_settings.JWT_GET_USER_SECRET_KEY(user)) return key return api_settings.JWT_SECRET_KEY
def jwt_get_secret_key(payload=None): """ For enchanced security you may use secret key on user itself. This way you have an option to logout only this user if: - token is compromised - password is changed - etc. """ if api_settings.JWT_GET_USER_SECRET_KEY: User = get_user_model() # noqa: N806 user = User.objects.get(pk=payload.get('user_id')) key = str(api_settings.JWT_GET_USER_SECRET_KEY(user)) return key return api_settings.JWT_SECRET_KEY
def jwt_get_secret_key(payload=None): """ For enhanced security you may want to use a secret key based on user. This way you have an option to logout only this user if: - token is compromised - password is changed - etc. """ if api_settings.JWT_GET_USER_SECRET_KEY: username = jwt_get_username_from_payload_handler(payload) User = get_user_model() user = User.objects.get_by_natural_key(username) key = api_settings.JWT_GET_USER_SECRET_KEY(user) return key return api_settings.JWT_SECRET_KEY
def jwt_get_secret_key(payload: dict = None) -> str: """ This is copy of rest_framework_jwt.utils.jwt_get_secret_key with loyal behaviour of nonexistent user. """ if api_settings.JWT_GET_USER_SECRET_KEY and payload: user_id = payload.get('user_id') if user_id: UserModel = get_user_model() try: user = UserModel.objects.get(pk=user_id) except UserModel.DoesNotExist: msg = _('Invalid signature.') raise exceptions.AuthenticationFailed(msg) key = str(api_settings.JWT_GET_USER_SECRET_KEY(user)) return key return api_settings.JWT_SECRET_KEY
def jwt_get_secret_key(user_id=None): """ For enhanced security you may want to use a secret key based on user. This way you have an option to logout only this user if: - token is compromised - password is changed - etc. """ if not user_id: return api_settings.JWT_SECRET_KEY User = get_user_model() # noqa: N806 user = User.objects.get(pk=user_id) key = str(api_settings.JWT_GET_USER_SECRET_KEY(user)) return key
def jwt_get_secret_key(payload=None): """ For enhanced security you may want to use a secret key based on user. This way you have an option to logout only this user if: - token is compromised - password is changed - etc. """ if api_settings.JWT_GET_USER_SECRET_KEY: username = api_settings.JWT_PAYLOAD_GET_USERNAME_HANDLER(payload) User = get_user_model() # Make sure user exists try: user = User.objects.get_by_natural_key(username) except User.DoesNotExist: msg = _("User doesn't exist.") raise serializers.ValidationError(msg) key = api_settings.JWT_GET_USER_SECRET_KEY(user) return key return api_settings.JWT_SECRET_KEY