def post(self, request: Request):
try:
token = request.data['token']
except KeyError:
return Response({'error': 'Field "token" is required'},
status=status.HTTP_400_BAD_REQUEST)
try:
payload = token_backend.decode(token)
except (InvalidTokenError, TokenBackendError):
return Response(status=status.HTTP_401_UNAUTHORIZED)
try:
token_type = payload['token_type']
except KeyError:
return Response({'error': 'No token_type for token was given'},
status=status.HTTP_401_UNAUTHORIZED)
try:
app_id = payload['id']
except KeyError:
return Response({'error', 'No id in token'},
status=status.HTTP_401_UNAUTHORIZED)
if token_type != AppRefreshToken().access_token.token_type:
return Response({'error': 'Wrong token_type'},
status=status.HTTP_401_UNAUTHORIZED)
# Exp_time проверяется в decode
if App.objects.filter(id=app_id).exists():
return Response(status=status.HTTP_200_OK)
return Response(status=status.HTTP_401_UNAUTHORIZED)
def validate(self, attrs):
data = super(CustomTokenRefreshSerializer, self).validate(attrs)
decoded_payload = token_backend.decode(data['access'], verify=True)
user_uid = decoded_payload['user_id']
# add filter query
user = UserModel.objects.filter(id=user_uid).first()
data['username'] = user.username
data['email'] = user.email
data['name'] = user.name
data['phone'] = user.phone
data['position'] = user.position
data['slogan'] = user.slogan
data['owner_course'] = user.owner_course
data['temporary_user'] = user.temporary_user
data['description'] = user.description
if hasattr(user.photo, 'id') is True:
data['photo'] = {
'id': user.photo.id,
'name': "image.png",
'status': "done",
'path': user.photo.photo.name,
}
else:
data['photo'] = {
'id': "",
'name': "image.png",
'status': "done",
'path': "",
}
return data
def post(self, request: Request):
try:
token = request.data['refresh']
except KeyError:
return Response({'error': 'Field "refresh" is required'},
status=status.HTTP_400_BAD_REQUEST)
try:
payload = token_backend.decode(token)
except (InvalidTokenError, TokenBackendError):
return Response(status=status.HTTP_401_UNAUTHORIZED)
try:
token_type = payload['token_type']
except KeyError:
return Response({'error': 'No token_type for token was given'},
status=status.HTTP_401_UNAUTHORIZED)
try:
app_id = payload['id']
except KeyError:
return Response({'error', 'No id in token'},
status=status.HTTP_401_UNAUTHORIZED)
if token_type != AppRefreshToken.token_type:
return Response({'error': 'Wrong token_type'},
status=status.HTTP_401_UNAUTHORIZED)
if not App.objects.filter(id=app_id).exists():
return Response(status=status.HTTP_401_UNAUTHORIZED)
refresh = AppRefreshToken(token=token, verify=False)
data = {
'access': str(refresh.access_token),
}
return Response(data, status=status.HTTP_200_OK)
def __init__(self, token=None, verify=True):
self.token = token
self.current_time = aware_utcnow()
if token is not None:
# An encoded token was provided
from rest_framework_simplejwt.state import token_backend
# Decode token
try:
self.payload = token_backend.decode(token, verify=verify)
if not get_or_none(User, pk=self.payload['user_id']):
raise TokenError(_('Token is invalid or expired'))
except TokenBackendError:
raise TokenError(_('Token is invalid or expired'))
if tokens.BlacklistedToken.objects.filter(
token__jti=self.payload['jti']).exists():
raise TokenError(_('Token is blacklisted'))
if verify:
self.verify()
new_token, created = \
tokens.OutstandingToken.objects.get_or_create(
jti=self.payload['jti'],
user_id=self.payload['user_id'],
defaults={
'token': str(self.token),
'expires_at': tokens.datetime_from_epoch(
self.payload['exp']
),
},
)
super().__init__(token, verify)
def test_views_video_lti_instructor(self, mock_initialize):
"""Validate the context returned for an instructor request."""
video = VideoFactory(
lti_id="123",
playlist__lti_id="abc",
playlist__consumer_site__name="example.com",
)
view = VideoLTIView()
view.request = self.factory.post(
"/",
{
"resource_link_id": "123",
"roles": "instructor",
"context_id": "abc",
"tool_consumer_instance_guid": "example.com",
},
)
context = view.get_context_data()
jwt_token = context.pop("jwt_token")
decoded_token = token_backend.decode(jwt_token)
self.assertEqual(decoded_token["video_id"], str(video.id))
self.assertEqual(set(context.keys()), {"state", "video"})
self.assertEqual(context["state"], "instructor")
self.assertEqual(context["video"]["id"], str(video.id))
self.assertEqual(context["video"]["title"], str(video.title))
self.assertEqual(context["video"]["description"],
str(video.description))
self.assertIsNone(context["video"]["urls"])
def test_username_and_password_are_correct___refresh_token_can_be_used_to_get_access_token(
self):
username = '******'
password = '******'
user = fake_user(username=username, password=password)
response = self.app.post(reverse('auth:access_token'),
params=json.dumps({
'username': username,
'password': password
}),
content_type='application/json')
response = self.app.post(reverse('auth:refresh_token'),
content_type='application/json',
headers={
'Authorization':
'Bearer {}'.format(
response.json['refresh_token'])
})
data = response.json
actual_access_ident = token_backend.decode(
data.get('access_token').encode())
self.assertEqual(user.id, actual_access_ident['user_id'])
self.assertEqual(data['expires_in'], 3600)
self.assertEqual(data['token_type'], 'Bearer')
def __init__(self, token=None, verify=True):
"""
!!!! IMPORTANT !!!! MUST raise a TokenError with a user-facing error
message if the given token is invalid, expired, or otherwise not safe
to use.
"""
if self.token_type is None or self.lifetime is None:
raise self.errors(
_('Cannot create token with no type or lifetime'))
self.token = token
self.current_time = aware_utcnow()
# Set up token
if token is not None:
# An encoded token was provided
from rest_framework_simplejwt.state import token_backend
# Decode token
try:
self.payload = token_backend.decode(token, verify=verify)
except TokenBackendError:
raise self.errors(_('Token is invalid or expired'))
if verify:
self.verify()
else:
# New token. Skip all the verification steps.
self.payload = {api_settings.TOKEN_TYPE_CLAIM: self.token_type}
# Set "exp" claim with default value
self.set_exp(from_time=self.current_time, lifetime=self.lifetime)
# Set "jti" claim
self.set_jti()
def post(self, request: Request):
try:
token = request.data['refresh']
except KeyError:
return Response({'error': 'Field "refresh" is required'},
status=status.HTTP_400_BAD_REQUEST)
try:
username = request.data['username']
except KeyError:
return Response({'error': 'Field "username" is required'},
status=status.HTTP_400_BAD_REQUEST)
try:
req_client_id = request.data['client_id']
except KeyError:
return Response({'error': 'Field "client_id" is required'},
status=status.HTTP_400_BAD_REQUEST)
try:
payload = token_backend.decode(token)
except (InvalidTokenError, TokenBackendError):
return Response(status=status.HTTP_401_UNAUTHORIZED)
try:
token_type = payload['token_type']
except KeyError:
return Response({'error': 'No token_type for token was given'},
status=status.HTTP_401_UNAUTHORIZED)
try:
user_id = payload['id']
except KeyError:
return Response({'error', 'No id in token'},
status=status.HTTP_401_UNAUTHORIZED)
try:
client_id = payload['client_id']
except KeyError:
return Response({'error', 'No client_id in token'},
status=status.HTTP_401_UNAUTHORIZED)
if token_type != ThirdPartyAppRefreshToken.token_type:
return Response({'error': 'Wrong token_type'},
status=status.HTTP_401_UNAUTHORIZED)
# Exp_time проверяется в decode
if not App.objects.filter(
id=client_id).exists() or not User.objects.filter(
id=user_id).exists():
return Response(status=status.HTTP_401_UNAUTHORIZED)
if req_client_id != client_id:
return Response({'error': 'Client ids don\'t match'},
status=status.HTTP_401_UNAUTHORIZED)
if User.objects.get(id=user_id).username != username:
return Response({'error': 'Username is wrong for given token'},
status=status.HTTP_401_UNAUTHORIZED)
refresh = ThirdPartyAppRefreshToken(token=token, verify=False)
data = {
'access': str(refresh.access_token),
}
return Response(data, status=status.HTTP_200_OK)
def __call__(self, request):
# Code to be executed for each request before
# the view (and later middleware) are called.
AUTH_HEADER = request.META.get('HTTP_AUTHORIZATION', None)
token = AUTH_HEADER.split(" ")[1]
decoded_token = token_backend.decode(token, verify=False)
company = decoded_token['custom_field']
request.custom_field = company
response = self.get_response(request)
# Code to be executed for each request/response after
# the view is called.
return response
def test_username_and_password_are_correct___returned_token_represents_the_user(
self):
username = '******'
password = '******'
user = fake_user(username=username, password=password)
response = self.app.post(reverse('auth:access_token'),
params=json.dumps({
'username': username,
'password': password
}),
content_type='application/json')
data = response.json
actual_refresh_ident = token_backend.decode(
data.get('refresh_token').encode())
actual_access_ident = token_backend.decode(
data.get('access_token').encode())
self.assertEqual(user.id, actual_refresh_ident['user_id'])
self.assertEqual(user.id, actual_access_ident['user_id'])
self.assertEqual(data['expires_in'], 86400)
self.assertEqual(data['token_type'], 'Bearer')
def validate(self, attrs):
data = super().validate(attrs)
decoded_payload = token_backend.decode(data['access'], verify=True)
user_pk = decoded_payload['user_id']
user_model = get_user_model()
user = user_model.objects.get(id=user_pk)
data.update({
'user':
dict(
pk=user.pk,
full_name=user.full_name,
email=user.email,
role=get_user_role(user.pk),
)
})
return data
def __call__(self, request):
#http 요청에서 httponly 쿠키를 찾고
if 'drf_backend' in request.COOKIES:
#쿠키가 있다면 쿠키에서 JWT토큰을 가져오고
token_cookie = request.COOKIES['drf_backend']
#요청 헤더에 JWT토큰을 추가
request.META['HTTP_AUTHORIZATION'] = f"Bearer {token_cookie}"
#토큰에서 사용자 정보를 생성
payload = token_backend.decode(token_cookie, verify=True)
request.user = User.objects.filter(id=payload["user_id"]).first()
#다음 미들웨어에 요청을 넘김
response = self.get_response(request)
return response
def validate(self, attrs):
token_payload = attrs.get('refresh')
if token_payload is not None:
# Decode token
try:
token = token_backend.decode(token_payload)
except TokenBackendError:
raise TokenError('Token is invalid or expired')
try:
user = User.objects.get(pk=token.get('user_id'))
except User.DoesNotExist:
raise exceptions.AuthenticationFailed(self.error_msg,
'no_active_account')
if not user.is_active:
raise exceptions.AuthenticationFailed(self.error_msg,
'no_active_account')
return super().validate(attrs)
