def test_retrieve_refresh_token_ommitted():
app = Sanic()
app.config.SANIC_JWT_REFRESH_TOKEN_ENABLED = True
with pytest.raises(exceptions.RefreshTokenNotImplemented):
initialize(app,
authenticate=lambda: True,
store_refresh_token=lambda: True)
def test_retrieve_refresh_token_ommitted():
app = Sanic("sanic-jwt-test")
with pytest.raises(exceptions.RefreshTokenNotImplemented):
initialize(app,
authenticate=lambda: True,
refresh_token_enabled=True,
store_refresh_token=lambda: True)
def test_configuration_initialize_method_default():
try:
app = Sanic()
initialize(
app,
authenticate=lambda: True,
)
except Exception as e:
pytest.fail('Raised exception: {}'.format(e))
def test_invalid_classview():
app = Sanic("sanic-jwt-test")
class NotAView(object):
pass
with pytest.raises(exceptions.InvalidClassViewsFormat):
initialize(app,
authenticate=lambda: True,
class_views=[(object, NotAView)])
def start(port,
site=None,
username='******',
password='******'):
app.site = site
users.append(User(2, username, password))
initialize(app, authenticate=authenticate)
return app.create_server(host="0.0.0.0",
port=port,
access_log=True)
def test_store_refresh_token_and_retrieve_refresh_token_defined():
app = Sanic("sanic-jwt-test")
app.config.SANIC_JWT_REFRESH_TOKEN_ENABLED = True
initialize(
app,
authenticate=lambda: True,
store_refresh_token=lambda: True,
retrieve_refresh_token=lambda: True,
)
assert True
def create_app():
app = Sanic(name='Normalizer')
initialize(app, authenticate=authenticate)
# Regex to search for "val", case insensitive
r = re.compile(r'.*val.*', flags=re.IGNORECASE)
@app.post('/normalize')
@protected()
def normalize(request: Request):
return json(
{d['name']: d[next(filter(r.match, d))]
for d in request.json})
return app
def app():
app = Sanic(__name__)
app.config.SANIC_JWT_AUTHORIZATION_HEADER_PREFIX = "JWT"
app.config.SANIC_JWT_EXPIRATION_DELTA = 360000
app.config.SANIC_JWT_USER_ID = "username"
sanicjwt = initialize(app, authentication_class=CustomAuth)
app.blueprint(bp)
return app, sanicjwt
def initialize_authentication(app: Sanic) -> Sanic:
"""
initialize authentication
:param app: Sanic
:return app: Sanic
"""
# initialize(app, authenticate=authenticate)
initialize(
app,
authentication_class=MyAuthentication,
responses_class=MyResponses,
add_scopes_to_payload=my_scope_extender,
scopes_enabled=True,
expiration_delta=EXPIRE_TIME,
refresh_token_enabled=True,
claim_nbf=True,
claim_nbf_delta=1, # 偏移量
leeway=1 # 应用程序将用于解决系统时间配置中的细微变化的时间
)
return app
def init_auth(sanic_app, secret="This is big secret, set me in app.yaml"):
"""
Initiate sanic-jwt module
Copyright (C) 2020 Mikhail Marenov - All Rights Reserved
You MAY NOT CHANGE source code of Ax workflow without writen permission
author. If you change source code in order to activate PRO features -
YOU MAY BE SUBJECT TO HEAVY CIVIL PENALTIES. THESE INCLUDE MONETARY
DAMAGES, COURT COSTS, AND ATTORNEYS FEES INCURRED
Please read LICENSE.md for more information.
"""
delta = 60 # seconds
initialize(sanic_app,
authenticate=authenticate,
configuration_class=AxConfiguration,
refresh_token_enabled=True,
store_refresh_token=store_refresh_token,
retrieve_refresh_token=retrieve_refresh_token,
retrieve_user=retrieve_user,
expiration_delta=delta,
cookie_access_token_name='ax_auth',
cookie_set=True,
cookie_strict=False,
login_redirect_url='/signin',
secret=secret)
with ax_model.scoped_session("init_auth - ERROR") as db_session:
apply_lise(db_session)
# Write cache form Everyone group
asyncio.get_event_loop().run_until_complete(write_perm_cache(
db_session=db_session, user_guid=None))
# Write cache for dynamic roles
asyncio.get_event_loop().run_until_complete(write_dynamic_roles_cache(
db_session=db_session))
user = await User.find_one({"username": username})
if user is None:
raise exceptions.AuthenticationFailed("User not found.")
if password != user.password:
raise exceptions.AuthenticationFailed("Password is incorrect.")
return user
async def setup_movie_index(app, loop):
data = json.load(open("scripts/imdb.json", "r"))
await Movie.insert_many(data)
await Movie.create_index([('name', pymongo.TEXT)], name='search_index')
print(data)
pass
async def scope_extender(user, *args, **kwargs):
print(user)
return [user.role,]
if __name__ == "__main__":
# app.register_listener(setup_movie_index,
# 'before_server_start')
initialize(app, authenticate=authenticate,add_scopes_to_payload=scope_extender)
app.blueprint(users)
app.blueprint(movies)
app.run(host="0.0.0.0", port=8000, debug=True)
initialize(
app,
authenticate=authenticate,
# refresh_token_enabled=True,
# store_refresh_token=store_refresh_token,
# retrieve_refresh_token=retrieve_refresh_token,
url_prefix='/v1/api/authentication',
secret='fgkjhfkhgkfhkghfjdkgher5545458fjighui',
# verify_exp = False,
## 标头令牌
authorization_header='Authorization',
authorization_header_prefix='Bearer',
# Cookie令牌
# cookie_domain - 更改与cooke关联的域(默认为'')
# cookie_httponly - 是否在cookie上设置httponly标志(默认为True) 如果你是使用Cookie来传递JWTs,那么建议您不要不禁用cookie_httponly。这样做意味着客户端上运行的任何javascript都可以访问令牌。
# cookie_access_token_name - 为访问令牌存储cookie的名称
# cookie_refresh_token_name - 存储用于刷新令牌的cookie的名称
cookie_set=True,
# cookie_domain='mydomain.com',
cookie_httponly=False,
cookie_access_token_name='some-token',
cookie_strict=False,
# 设置过期时间, 默认30分钟
# 访问令牌有效的时间长度。由于无法撤销访问令牌,因此建议将此时间段保持为短,并启用刷新令牌(可以撤销)以检索新的访问令牌。
# 设置为一分钟
expiration_delta=60,
)
#
#
# class MyResponses(Responses):
#
# @staticmethod
# def exception_response(request, exception):
# exception_message = str(exception)
# return json({
# 'error': True,
# 'message': f'You encountered an exception: {exception_message}'
# }, status=exception.status_code)
i = initialize(
app,
refresh_token_enabled=True,
expiration_delta=EXPIRATION_DELTA,
url_prefix="/api_user/v1/auth",
class_views=(
('/register', Register),
# ("/check_phone", CheckRegisteredParm),
("/login", MyAuthenticateEndpoint),
("/logout", LogoutEndpoint),
("/refresh_token", MyRefreshEndpoint),
("/captcha", Captcha)),
authentication_class=MyAuthentication,
# cookie_domain="sendMe.com",
)
if __name__ == "__main__":
# app.run(host="0.0.0.0", port=9999)
app.run(host="0.0.0.0", port=9999, debug=True)
def test_initialize_compat():
app = Sanic("sanic-jwt-test")
initialize(app, lambda: True)
assert True
from sanic_jwt import initialize
from app import create_app
from app.users.auth import authenticate, retrieve_user, extend_payload, store_refresh_token, retrieve_refresh_token
app = create_app()
initialize(app,
url_prefix='/token',
authenticate=authenticate,
retrieve_user=retrieve_user,
extend_payload=extend_payload,
refresh_token_enabled=True,
store_refresh_token=store_refresh_token,
retrieve_refresh_token=retrieve_refresh_token)
if __name__ == "__main__":
HOST, PORT, DEBUG = app.config['HOST'], app.config['PORT'], app.config[
'DEBUG']
app.run(host=HOST, port=PORT, debug=DEBUG)
async def authenticate(request, *args, **kwargs):
username = request.json.get("username", None)
password = request.json.get("password", None)
if not username or not password:
raise exceptions.AuthenticationFailed("Missing username or password.")
user = username_table.get(username, None)
if user is None:
raise exceptions.AuthenticationFailed("User not found.")
if password != user.password:
raise exceptions.AuthenticationFailed("Password is incorrect.")
return user
app = Sanic(__name__)
# initialize(app, authenticate=authenticate, cookie_set=True)
initialize(
app,
authenticate=authenticate,
cookie_set=True,
path_to_retrieve_user='******',
path_to_verify='/my_verify',
path_to_refresh='/my_refresh',
)
if __name__ == "__main__":
app.run(port=8888)
def test_configuration_initialize_method_default():
try:
app = Sanic("sanic-jwt-test")
initialize(app, authenticate=lambda: True)
except Exception as e:
pytest.fail("Raised exception: {}".format(e))
def test_initialize_compat():
app = Sanic()
initialize(app, lambda: True)
assert True
async def authenticate(request, *args, **kwargs):
username = request.json.get("username", None)
password = request.json.get("password", None)
if not username or not password:
raise exceptions.AuthenticationFailed("Missing username or password.")
user = username_table.get(username, None)
if user is None:
raise exceptions.AuthenticationFailed("User not found.")
if password != user.password:
raise exceptions.AuthenticationFailed("Password is incorrect.")
return user
app = Sanic()
initialize(
app,
authenticate=authenticate,
cookie_set=True,
cookie_split=True,
)
if __name__ == "__main__":
app.run(host="127.0.0.1", port=8888)
from sanic import Sanic
from sanic.request import Request
from sanic.response import json
from sanic_jwt import initialize
from sanic_restful import Api
from src.auth import authenticate
from src.definitions import ApiError, BadRequestError
from src.resources import PolyDataResource, PolyDataResourceList
app = Sanic("Polyrize Interview Server")
api = Api(app)
initialize(app, authenticate=authenticate, url_prefix="/api/auth")
def build_error_response(message, status_code, error_code, **kwargs):
return json({
"error": error_code,
"message": message,
**kwargs
},
status=status_code)
# Handle exceptions
@app.exception(Exception)
def handle_error(request: Request, e):
if isinstance(e, ApiError):
return build_error_response(message=e.message,
status_code=e.status_code,
error_code=e.error_code)
from sanic import Sanic
from sanic.response import json
from sanic_jwt import initialize
from sanic_jwt.decorators import scoped
app = Sanic("sanic-jwt-test")
initialize(app, authenticate=lambda: True)
@app.route("/scoped_empty")
@scoped("something")
async def scoped(request):
return json({"scoped": True})
class TestEndpointsScoped(object):
def test_scoped_empty(self):
_, response = app.test_client.get("/scoped_empty")
assert response.status == 401
assert response.json.get("exception") == "Unauthorized"
assert "Authorization header not present." in response.json.get(
"reasons")
from sanic import Sanic
from sanic.response import json
from sanic.views import HTTPMethodView
from sanic_jwt import exceptions
from sanic_jwt import initialize
from sanic_jwt import protected
from api import api
from auth import authenticate, retrieve_user
current_api_version = 1
app = Sanic(__file__)
app.blueprint(api, version=current_api_version)
initialize(app,
authenticate=authenticate,
retrieve_user=retrieve_user,
url_prefix=f'/v{current_api_version}/api/auth')
if __name__ == '__main__':
app.run(host='127.0.0.1', port=8888)
async def options(self, request):
return response.text("", status=204)
async def post(self, request):
# create a magic login token and email it to the user
response = {"magic-token": "123456789"}
return json(response)
app = Sanic()
initialize(
app,
authenticate=lambda: True,
class_views=[(
"/magic-login",
MagicLoginHandler,
) # The path will be relative to the url prefix
# (which defaults to /auth)
],
)
class TestEndpointsExtra(object):
def dispatch(self, path, method):
method = getattr(app.test_client, method)
request, response = method(path)
return request, response
def get(self, path):
return self.dispatch(path, "get")
raise exceptions.AuthenticationFailed("Missing username or password.")
user = username_table.get(username, None)
if user is None:
raise exceptions.AuthenticationFailed("User not found.")
if password != user.password:
raise exceptions.AuthenticationFailed("Password is incorrect.")
return user
app = Sanic(name='bluefin')
sanic_jwt = initialize(app, authenticate=authenticate,
expiration_delta=(60 * 60),
secret=secret,
retrieve_user=retrieve_user,
)
# .......
@app.route("/hello")
async def test(request):
return json({"hello": "world"})
@app.route("/protected")
@protected()
async def protected(request):
return json({"protected": True})
user = username_table.get(username, None)
if user is None:
raise exceptions.AuthenticationFailed("User not found.")
if password != user.password:
raise exceptions.AuthenticationFailed("Password is incorrect.")
return user
app = Sanic()
initialize(
app,
authenticate=authenticate,
store_refresh_token=store_refresh_token,
retrieve_refresh_token=retrieve_refresh_token,
retrieve_user=retrieve_user,
)
app.config.SANIC_JWT_REFRESH_TOKEN_ENABLED = True
app.config.SANIC_JWT_CLAIM_ISS = 'foo:bar'
app.config.SANIC_JWT_CLAIM_IAT = True
app.config.SANIC_JWT_CLAIM_NBF = True
app.config.SANIC_JWT_CLAIM_AUD = 'bar:foo'
class User(object):
def __init__(self, id, username, password):
setattr(self, 'user_id', id)
self.username = username
self.password = password
result = await logic.auth_user(username, password)
result = j.loads(result)['result']
if result['status'] == "failed":
raise exceptions.AuthenticationFailed("User not found.")
elif result['status'] == "success":
if result['auth'] == True:
user = User(user_id=username, username=username, password=password)
return user
else:
raise exceptions.AuthenticationFailed("Password is incorrect")
app = Sanic()
initialize(app,
authenticate=authenticate,
url_prefix="/api/auth",
secret="secret")
CORS(app)
@app.route("/", methods=['GET', 'POST', 'OPTIONS'])
@protected()
async def test(request):
# print(jwt_decode(request.headers['authorization'][7:], "secret"))
print(request.json)
return json({"Neko": "Gram!"})
@app.route("/api/register", methods=["GET"])
async def register(request):
template = env.get_template('register.html')
async def authenticate(request, *args, **kwargs):
username = request.json.get("username", None)
password = request.json.get("password", None)
if not username or not password:
raise exceptions.AuthenticationFailed("Missing username or password.")
user = username_table.get(username, None)
if user is None:
raise exceptions.AuthenticationFailed("User not found.")
if password != user.password:
raise exceptions.AuthenticationFailed("Password is incorrect.")
return user
app = Sanic()
initialize(
app,
authenticate=authenticate,
public_key=public_key,
private_key=private_key,
algorithm="RS256",
) # or RS384 or RS512
if __name__ == "__main__":
app.run(host="127.0.0.1", port=8888)
return json(response, 401)
@app.exception(UserDeleteException)
async def delete_user_exceptin_handle(request, exception):
response = {
"reasons": [str(exception)],
"exception": StatusCode.DELETE_USER_FAILED.name
}
return json(response, 401)
initialize(app,
authenticate=authenticate,
retrieve_user=retrieve_user,
url_prefix='/v1/api/auth')
def load_banner():
"""load the banner"""
with open('banner.txt', 'r', encoding='utf-8') as f:
banner = f.read()
print(banner)
app.blueprint(user_route)
if __name__ == '__main__':
load_banner()
port = int(Config.get_instance().get('http.port', 80))
password = request.json.get("password", None)
if not username or not password:
raise exceptions.AuthenticationFailed("Missing username or password.")
user = await User.find_one({
"username": username,
"password": hash_password(password)
})
if user is None:
raise exceptions.AuthenticationFailed("Credentials aren't valid")
return JWTUser(str(user["_id"]), user["username"], user["password"])
initialize(app, authenticate=authenticate)
class PostsView(HTTPMethodView):
decorators = [protected()]
async def post(self, request: Request):
title = request.json.get("title")
if title is None or not title:
abort(400, "'title' is required")
now = time.time()
post = await Post.insert_one({"title": title, "createdAt": now})
return json({
"title": title,
"createdAt": now,
"id": str(post.inserted_id)
async def retrieve_user(request, payload, *args, **kwargs):
if payload:
user_id = payload.get('user_id', None)
if user_id is not None:
return userid_table.get('user_id')
else:
return None
async def my_scope_extender(user, *args, **kwargs):
return user.scopes
app = Sanic()
app.config.SANIC_JWT_HANDLER_PAYLOAD_SCOPES = my_scope_extender
initialize(app, authenticate=authenticate, retrieve_user=retrieve_user)
# initialize(app, authenticate=authenticate, retrieve_user=retrieve_user, add_scopes_to_payload=my_scope_extender)
@app.route("/")
async def test(request):
return json({"hello": "world"})
@app.route("/protected")
@protected()
async def protected_route(request):
return json({"protected": True, "scoped": False})
@app.route("/protected/scoped/1")
