def test_fresh_jwt_required(client):
url = '/fresh-jwt-required'
# only fresh token allowed
token = AuthJWT.create_access_token(identity='test')
response = client.get(
url, headers={"Authorization": f"Bearer {token.decode('utf-8')}"})
assert response.status_code == 401
assert response.json() == {'detail': 'Fresh token required'}
token = AuthJWT.create_access_token(identity='test', fresh=True)
response = client.get(
url, headers={"Authorization": f"Bearer {token.decode('utf-8')}"})
assert response.status_code == 200
assert response.json() == {'hello': 'world'}
def get_token(Authorize: AuthJWT = Depends()):
access_token = Authorize.create_access_token(subject=1, fresh=True)
refresh_token = Authorize.create_refresh_token(subject=1)
Authorize.set_access_cookies(access_token)
Authorize.set_refresh_cookies(refresh_token)
return {"access": access_token, "refresh": refresh_token}
def test_jwt_required(client):
url = '/jwt-required'
token = AuthJWT.create_access_token(identity='test')
response = client.get(
url, headers={"Authorization": f"Bearer {token.decode('utf-8')}"})
assert response.status_code == 200
assert response.json() == {'hello': 'world'}
async def get_access_token(
db: Session = Depends(deps.get_db),
*,
user: schemas.UserLoginForm,
Authorize: AuthJWT = Depends(),
) -> dict:
user = crud.user.authenticate(
db,
email=user.email,
password=user.password,
)
if not user:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=AuthError.INCORRECT_CREDS,
)
elif not crud.user.is_active(user):
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=AuthError.INACTIVE_USER,
)
access_token = Authorize.create_access_token(subject=user.email)
refresh_token = Authorize.create_refresh_token(subject=user.email)
return {
'access_token': access_token,
'refresh_token': refresh_token,
'token_type': 'bearer',
}
def login(user: User, Authorize: AuthJWT = Depends()):
if user.username != "test" or user.password != "test":
raise HTTPException(status_code=401, detail="Bad username or password")
# subject identifier for who this token is for example id or username from database
access_token = Authorize.create_access_token(subject=user.username)
return {"access_token": access_token}
def login(
user: schemas.UserCreate,
db: Session = Depends(get_db),
Authorize: AuthJWT = Depends(),
):
crud.prune_blacklist(db)
_user = (db.query(models.User).filter(
models.User.username == user.username.casefold()).first())
if _user is not None and crud.verify_password(user.password,
_user.hashed_password):
# Create Tokens
access_token = Authorize.create_access_token(subject=user.username)
refresh_token = Authorize.create_refresh_token(subject=user.username)
# Assign cookies
Authorize.set_access_cookies(access_token)
Authorize.set_refresh_cookies(refresh_token)
return {
"login": "******",
"username": _user.username,
"access_token": access_token,
}
else:
raise HTTPException(status_code=400,
detail="Invalid Username or Password.")
def login(response: Response, user: UserLogin, Authorize: AuthJWT = Depends()):
try:
session = SessionLocal()
UserObj = get_user_object(user.email)
if UserObj:
x = y
if ProjectUtils.authenticate_user(UserObj, user.password):
access_token = Authorize.create_access_token(
subject=UserObj.email,
expires_time=datetime.timedelta(days=365),
user_claims={
"roles": [UserObj.role_name(session).role_name]
})
session.close()
response.status_code = status.HTTP_200_OK
return {
Statuses.status_code: Statuses.HTTP_200_OK,
Statuses.status: Statuses.success,
"access_token": access_token,
Statuses.type: Statuses.bearer
}
else:
raise HTTPException(status_code=401,
detail="Bad username or password")
raise HTTPException(status_code=401, detail="Bad username or password")
except Exception as exc:
if str(exc).strip() == "":
raise HTTPException(status_code=401,
detail="Bad username or password")
ProjectUtils.print_log_msg(exc, ProjectUtils.EXCEPTION)
return {
Statuses.status_code: Statuses.HTTP_500_INTERNAL_SERVER_ERROR,
Statuses.status: Statuses.exception,
Statuses.description: str(exc)
}
async def login_user(user_data: dict, Authorize: AuthJWT) -> dict:
user = await user_collection.find_one(
{'user_name': user_data['user_name']})
user_id = user['_id']
user_name = user['user_name']
# print(user_id)
# print(user_name)
# expiratiom of tokens
access_token_expire = datetime.timedelta(minutes=15)
refresh_token_expire = datetime.timedelta(days=1)
if (user is None) or (not auth_handler.get_verify_password(
user_data['password'], user['password'])):
raise HTTPException(status_code=401,
detail='Invalid username and/or password')
access_token = Authorize.create_access_token(
subject=user['user_name'], expires_time=access_token_expire)
refresh_token = Authorize.create_refresh_token(subject=user['user_name'])
# refresh_token = Authorize.create_refresh_token(
# subject=user['user_name'], expires_time=refresh_token_expire)
return {
'access_token': access_token,
'refresh_token': refresh_token,
'user_name': str(user_name),
'_id': str(user_id)
}
def get_cookie(Authorize: AuthJWT = Depends()):
access_token = Authorize.create_access_token(subject='test',fresh=True)
refresh_token = Authorize.create_refresh_token(subject='test')
Authorize.set_access_cookies(access_token)
Authorize.set_refresh_cookies(refresh_token)
return {"msg":"Successfully login"}
def login(user: User):
if user.username != 'test' or user.password != 'test':
raise HTTPException(status_code=401,detail='Bad username or password')
# Identity can be any data that is json serializable
access_token = AuthJWT.create_access_token(identity=user.username)
return access_token
def all_token_response(Authorize: AuthJWT = Depends()):
access_token = Authorize.create_access_token(subject=1, fresh=True)
refresh_token = Authorize.create_refresh_token(subject=1)
response = JSONResponse(content={"msg": "all token"})
Authorize.set_access_cookies(access_token, response)
Authorize.set_refresh_cookies(refresh_token, response)
return response
def login(user: User, Authorize: AuthJWT = Depends()):
if user.username != 'test' or user.password != 'test':
raise HTTPException(status_code=401, detail='Bad username or password')
# identity must be between string or integer
access_token = Authorize.create_access_token(identity=user.username)
return {"access_token": access_token}
def login(user: User.UserAuth, Authorize: AuthJWT = Depends()):
actual_user = User.get(username=user.username)
if not bcrypt.checkpw(user.password, actual_user.password):
raise HTTPException(status_code=401, detail="Bad username or password")
access_token = Authorize.create_access_token(subject=user.username)
return {"access_token": access_token}
def login(user: User, Authorize: AuthJWT = Depends()):
if user.username != "test" or user.password != "test":
raise HTTPException(status_code=401, detail="Bad username or password")
access_token = Authorize.create_access_token(subject=user.username)
refresh_token = Authorize.create_refresh_token(subject=user.username)
return {"access_token": access_token, "refresh_token": refresh_token}
async def refresh_token(Authorize: AuthJWT = Depends()):
Authorize.jwt_refresh_token_required()
current_user = Authorize.get_jwt_identity()
ret = {
'access_token': AuthJWT.create_access_token(identity=current_user)
}
return ret
def test_verified_token(client,monkeypatch,encoded_token):
monkeypatch.setenv("AUTHJWT_SECRET_KEY","secret-key")
monkeypatch.setenv("AUTHJWT_ACCESS_TOKEN_EXPIRES","1")
reset_config()
# DecodeError
response = client.get('/protected',headers={"Authorization":"Bearer test"})
assert response.status_code == 422
assert response.json() == {'detail': 'Not enough segments'}
# InvalidSignatureError
token = jwt.encode({'some': 'payload'}, 'secret', algorithm='HS256')
response = client.get('/protected',headers={"Authorization":f"Bearer {token.decode('utf-8')}"})
assert response.status_code == 422
assert response.json() == {'detail': 'Signature verification failed'}
# ExpiredSignatureError
token = AuthJWT.create_access_token(identity='test')
time.sleep(2)
response = client.get('/protected',headers={"Authorization":f"Bearer {token.decode('utf-8')}"})
assert response.status_code == 422
assert response.json() == {'detail': 'Signature has expired'}
# InvalidAlgorithmError
token = jwt.encode({'some': 'payload'}, 'secret', algorithm='HS384')
response = client.get('/protected',headers={"Authorization":f"Bearer {token.decode('utf-8')}"})
assert response.status_code == 422
assert response.json() == {'detail': 'The specified alg value is not allowed'}
response = client.get('/protected',headers={"Authorization":f"Bearer {encoded_token.decode('utf-8')}"})
assert response.status_code == 200
assert response.json() == {'hello':'world'}
def test_denylist_enabled_without_callback(client):
# set authjwt_secret_key for create token
class SettingsOne(BaseSettings):
authjwt_secret_key: str = "secret-key"
# AuthJWT denylist won't trigger if value not True
authjwt_denylist_enabled: bool = False
@AuthJWT.load_config
def get_settings_one():
return SettingsOne()
Authorize = AuthJWT()
token = Authorize.create_access_token(subject='test')
response = client.get('/protected',
headers={"Authorization": f"Bearer {token}"})
assert response.status_code == 200
class SettingsTwo(BaseSettings):
authjwt_secret_key: str = "secret-key"
authjwt_denylist_enabled: bool = True
authjwt_denylist_token_checks: list = ["access"]
@AuthJWT.load_config
def get_settings_two():
return SettingsTwo()
with pytest.raises(RuntimeError,
match=r"@AuthJWT.token_in_denylist_loader"):
response = client.get('/protected',
headers={"Authorization": f"Bearer {token}"})
async def refresh(user: User = Depends(get_active_user_from_cookie),
Authorize: AuthJWT = Depends()):
try:
# set the user group
if user.account_type == 'admin':
user_claims = {'admin': True}
admin_logger.info(f"Admin refresh token: {user.email}")
elif user.account_type == 'filer':
user_claims = {'filer': True}
user_logger.info(f"User refresh token: {user.email}")
elif user.account_type == 'public':
user_claims = {'public': True}
user_logger.info(f"Public refresh token: {user.email}")
access_token = Authorize.create_access_token(subject=user.email,
user_claims=user_claims)
refresh_token = Authorize.create_refresh_token(subject=user.email,
user_claims=user_claims)
Authorize.set_refresh_cookies(refresh_token)
return {"success": True, "access_token": access_token}
except Exception as e:
logger.exception(traceback.format_exc())
handle_exc(e)
def create_token_for_user(Authorize: AuthJWT, user_id: str) -> Dict:
response = RedirectResponse(
f'{Config["routes"]["client"]}/login_callback?user_id={user_id}')
access_token = Authorize.create_access_token(subject=user_id)
refresh_token = Authorize.create_refresh_token(subject=user_id)
Authorize.set_access_cookies(access_token, response)
Authorize.set_refresh_cookies(refresh_token, response)
return response
def refresh(Authorize: AuthJWT = Depends()):
Authorize.jwt_refresh_token_required()
current_user = Authorize.get_jwt_identity()
return {
'access_token':
Authorize.create_access_token(identity=current_user, fresh=False)
}
def login(user: User, Authorize: AuthJWT = Depends()):
if user.username != "test" or user.password != "test":
raise HTTPException(status_code=401, detail="Bad username or password")
# Create the tokens and passing to set_access_cookies or set_refresh_cookies
access_token = Authorize.create_access_token(subject=user.username)
return {"msg": "Successfully logged in", "access_token": access_token}
def refresh(Authorize: AuthJWT = Depends()):
Authorize.jwt_refresh_token_required()
current_user = Authorize.get_jwt_subject()
new_access_token = Authorize.create_access_token(subject=current_user)
Authorize.set_access_cookies(new_access_token)
return {"refresh": "successful", "access_token": new_access_token}
def refresh_token(Authorize: AuthJWT = Depends()):
"""
- Retreive current user using JWT token
"""
Authorize.jwt_refresh_token_required()
current_user = Authorize.get_jwt_identity()
ret = {'access_token': AuthJWT.create_access_token(identity=current_user)}
return current_user
def refresh(Authorize: AuthJWT = Depends()):
Authorize.jwt_refresh_token_required()
current_user = Authorize.get_jwt_subject()
new_access_token = Authorize.create_access_token(subject=current_user)
Authorize.set_access_cookies(new_access_token)
return {"msg": "The token has been refresh"}
def refresh(Authorize: AuthJWT = Depends()):
Authorize.jwt_refresh_token_required()
current_token = Authorize.get_jwt_subject()
new_access_token = Authorize.create_access_token(
subject=str(current_token))
# Set the JWT cookies in the response
Authorize.set_access_cookies(new_access_token)
return {"msg": "The token has been refresh"}
def login(user: User, Authorize: AuthJWT = Depends()):
if user.username != "test" or user.password != "test":
raise HTTPException(status_code=401,detail="Bad username or password")
# You can be passing custom claim to argument user_claims
# in function create_access_token() or create refresh token()
another_claims = {"foo": ["fiz","baz"]}
access_token = Authorize.create_access_token(subject=user.username,user_claims=another_claims)
return {"access_token": access_token}
def create_access_and_refresh_tokens(user_id: str, Authorize: AuthJWT):
try:
access_token = Authorize.create_access_token(subject=user_id)
Authorize.set_access_cookies(access_token)
refresh_token = Authorize.create_refresh_token(subject=user_id)
Authorize.set_refresh_cookies(refresh_token)
except:
raise HTTPException(
status_code=500,
detail=f"Error while trying to create and refresh tokens")
async def get_refresh_token(db: Session = Depends(deps.get_db),
Authorize: AuthJWT = Depends()) -> dict:
Authorize.jwt_refresh_token_required()
current_user = Authorize.get_jwt_subject()
new_access_token = Authorize.create_access_token(subject=current_user)
return {
'access_token': new_access_token,
'token_type': 'bearer',
}
def login(user: User, Authorize: AuthJWT = Depends()):
if user.username != "test" or user.password != "test":
raise HTTPException(status_code=401, detail="Bad username or password")
# You can define different algorithm when create a token
access_token = Authorize.create_access_token(subject=user.username,
algorithm="HS384")
refresh_token = Authorize.create_refresh_token(subject=user.username,
algorithm="HS512")
return {"access_token": access_token, "refresh_token": refresh_token}
def login(user: User, Authorize: AuthJWT = Depends()):
if user.username != 'test' or user.password != 'test':
raise HTTPException(status_code=401, detail='Bad username or password')
ret = {
'access_token': Authorize.create_access_token(identity=user.username),
'refresh_token': Authorize.create_refresh_token(identity=user.username)
}
return ret
