def test_fresh_jwt_required(client): url = '/fresh-jwt-required' # only fresh token allowed token = AuthJWT.create_access_token(identity='test') response = client.get( url, headers={"Authorization": f"Bearer {token.decode('utf-8')}"}) assert response.status_code == 401 assert response.json() == {'detail': 'Fresh token required'} token = AuthJWT.create_access_token(identity='test', fresh=True) response = client.get( url, headers={"Authorization": f"Bearer {token.decode('utf-8')}"}) assert response.status_code == 200 assert response.json() == {'hello': 'world'}
def get_token(Authorize: AuthJWT = Depends()): access_token = Authorize.create_access_token(subject=1, fresh=True) refresh_token = Authorize.create_refresh_token(subject=1) Authorize.set_access_cookies(access_token) Authorize.set_refresh_cookies(refresh_token) return {"access": access_token, "refresh": refresh_token}
def test_jwt_required(client): url = '/jwt-required' token = AuthJWT.create_access_token(identity='test') response = client.get( url, headers={"Authorization": f"Bearer {token.decode('utf-8')}"}) assert response.status_code == 200 assert response.json() == {'hello': 'world'}
async def get_access_token( db: Session = Depends(deps.get_db), *, user: schemas.UserLoginForm, Authorize: AuthJWT = Depends(), ) -> dict: user = crud.user.authenticate( db, email=user.email, password=user.password, ) if not user: raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail=AuthError.INCORRECT_CREDS, ) elif not crud.user.is_active(user): raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail=AuthError.INACTIVE_USER, ) access_token = Authorize.create_access_token(subject=user.email) refresh_token = Authorize.create_refresh_token(subject=user.email) return { 'access_token': access_token, 'refresh_token': refresh_token, 'token_type': 'bearer', }
def login(user: User, Authorize: AuthJWT = Depends()): if user.username != "test" or user.password != "test": raise HTTPException(status_code=401, detail="Bad username or password") # subject identifier for who this token is for example id or username from database access_token = Authorize.create_access_token(subject=user.username) return {"access_token": access_token}
def login( user: schemas.UserCreate, db: Session = Depends(get_db), Authorize: AuthJWT = Depends(), ): crud.prune_blacklist(db) _user = (db.query(models.User).filter( models.User.username == user.username.casefold()).first()) if _user is not None and crud.verify_password(user.password, _user.hashed_password): # Create Tokens access_token = Authorize.create_access_token(subject=user.username) refresh_token = Authorize.create_refresh_token(subject=user.username) # Assign cookies Authorize.set_access_cookies(access_token) Authorize.set_refresh_cookies(refresh_token) return { "login": "******", "username": _user.username, "access_token": access_token, } else: raise HTTPException(status_code=400, detail="Invalid Username or Password.")
def login(response: Response, user: UserLogin, Authorize: AuthJWT = Depends()): try: session = SessionLocal() UserObj = get_user_object(user.email) if UserObj: x = y if ProjectUtils.authenticate_user(UserObj, user.password): access_token = Authorize.create_access_token( subject=UserObj.email, expires_time=datetime.timedelta(days=365), user_claims={ "roles": [UserObj.role_name(session).role_name] }) session.close() response.status_code = status.HTTP_200_OK return { Statuses.status_code: Statuses.HTTP_200_OK, Statuses.status: Statuses.success, "access_token": access_token, Statuses.type: Statuses.bearer } else: raise HTTPException(status_code=401, detail="Bad username or password") raise HTTPException(status_code=401, detail="Bad username or password") except Exception as exc: if str(exc).strip() == "": raise HTTPException(status_code=401, detail="Bad username or password") ProjectUtils.print_log_msg(exc, ProjectUtils.EXCEPTION) return { Statuses.status_code: Statuses.HTTP_500_INTERNAL_SERVER_ERROR, Statuses.status: Statuses.exception, Statuses.description: str(exc) }
async def login_user(user_data: dict, Authorize: AuthJWT) -> dict: user = await user_collection.find_one( {'user_name': user_data['user_name']}) user_id = user['_id'] user_name = user['user_name'] # print(user_id) # print(user_name) # expiratiom of tokens access_token_expire = datetime.timedelta(minutes=15) refresh_token_expire = datetime.timedelta(days=1) if (user is None) or (not auth_handler.get_verify_password( user_data['password'], user['password'])): raise HTTPException(status_code=401, detail='Invalid username and/or password') access_token = Authorize.create_access_token( subject=user['user_name'], expires_time=access_token_expire) refresh_token = Authorize.create_refresh_token(subject=user['user_name']) # refresh_token = Authorize.create_refresh_token( # subject=user['user_name'], expires_time=refresh_token_expire) return { 'access_token': access_token, 'refresh_token': refresh_token, 'user_name': str(user_name), '_id': str(user_id) }
def get_cookie(Authorize: AuthJWT = Depends()): access_token = Authorize.create_access_token(subject='test',fresh=True) refresh_token = Authorize.create_refresh_token(subject='test') Authorize.set_access_cookies(access_token) Authorize.set_refresh_cookies(refresh_token) return {"msg":"Successfully login"}
def login(user: User): if user.username != 'test' or user.password != 'test': raise HTTPException(status_code=401,detail='Bad username or password') # Identity can be any data that is json serializable access_token = AuthJWT.create_access_token(identity=user.username) return access_token
def all_token_response(Authorize: AuthJWT = Depends()): access_token = Authorize.create_access_token(subject=1, fresh=True) refresh_token = Authorize.create_refresh_token(subject=1) response = JSONResponse(content={"msg": "all token"}) Authorize.set_access_cookies(access_token, response) Authorize.set_refresh_cookies(refresh_token, response) return response
def login(user: User, Authorize: AuthJWT = Depends()): if user.username != 'test' or user.password != 'test': raise HTTPException(status_code=401, detail='Bad username or password') # identity must be between string or integer access_token = Authorize.create_access_token(identity=user.username) return {"access_token": access_token}
def login(user: User.UserAuth, Authorize: AuthJWT = Depends()): actual_user = User.get(username=user.username) if not bcrypt.checkpw(user.password, actual_user.password): raise HTTPException(status_code=401, detail="Bad username or password") access_token = Authorize.create_access_token(subject=user.username) return {"access_token": access_token}
def login(user: User, Authorize: AuthJWT = Depends()): if user.username != "test" or user.password != "test": raise HTTPException(status_code=401, detail="Bad username or password") access_token = Authorize.create_access_token(subject=user.username) refresh_token = Authorize.create_refresh_token(subject=user.username) return {"access_token": access_token, "refresh_token": refresh_token}
async def refresh_token(Authorize: AuthJWT = Depends()): Authorize.jwt_refresh_token_required() current_user = Authorize.get_jwt_identity() ret = { 'access_token': AuthJWT.create_access_token(identity=current_user) } return ret
def test_verified_token(client,monkeypatch,encoded_token): monkeypatch.setenv("AUTHJWT_SECRET_KEY","secret-key") monkeypatch.setenv("AUTHJWT_ACCESS_TOKEN_EXPIRES","1") reset_config() # DecodeError response = client.get('/protected',headers={"Authorization":"Bearer test"}) assert response.status_code == 422 assert response.json() == {'detail': 'Not enough segments'} # InvalidSignatureError token = jwt.encode({'some': 'payload'}, 'secret', algorithm='HS256') response = client.get('/protected',headers={"Authorization":f"Bearer {token.decode('utf-8')}"}) assert response.status_code == 422 assert response.json() == {'detail': 'Signature verification failed'} # ExpiredSignatureError token = AuthJWT.create_access_token(identity='test') time.sleep(2) response = client.get('/protected',headers={"Authorization":f"Bearer {token.decode('utf-8')}"}) assert response.status_code == 422 assert response.json() == {'detail': 'Signature has expired'} # InvalidAlgorithmError token = jwt.encode({'some': 'payload'}, 'secret', algorithm='HS384') response = client.get('/protected',headers={"Authorization":f"Bearer {token.decode('utf-8')}"}) assert response.status_code == 422 assert response.json() == {'detail': 'The specified alg value is not allowed'} response = client.get('/protected',headers={"Authorization":f"Bearer {encoded_token.decode('utf-8')}"}) assert response.status_code == 200 assert response.json() == {'hello':'world'}
def test_denylist_enabled_without_callback(client): # set authjwt_secret_key for create token class SettingsOne(BaseSettings): authjwt_secret_key: str = "secret-key" # AuthJWT denylist won't trigger if value not True authjwt_denylist_enabled: bool = False @AuthJWT.load_config def get_settings_one(): return SettingsOne() Authorize = AuthJWT() token = Authorize.create_access_token(subject='test') response = client.get('/protected', headers={"Authorization": f"Bearer {token}"}) assert response.status_code == 200 class SettingsTwo(BaseSettings): authjwt_secret_key: str = "secret-key" authjwt_denylist_enabled: bool = True authjwt_denylist_token_checks: list = ["access"] @AuthJWT.load_config def get_settings_two(): return SettingsTwo() with pytest.raises(RuntimeError, match=r"@AuthJWT.token_in_denylist_loader"): response = client.get('/protected', headers={"Authorization": f"Bearer {token}"})
async def refresh(user: User = Depends(get_active_user_from_cookie), Authorize: AuthJWT = Depends()): try: # set the user group if user.account_type == 'admin': user_claims = {'admin': True} admin_logger.info(f"Admin refresh token: {user.email}") elif user.account_type == 'filer': user_claims = {'filer': True} user_logger.info(f"User refresh token: {user.email}") elif user.account_type == 'public': user_claims = {'public': True} user_logger.info(f"Public refresh token: {user.email}") access_token = Authorize.create_access_token(subject=user.email, user_claims=user_claims) refresh_token = Authorize.create_refresh_token(subject=user.email, user_claims=user_claims) Authorize.set_refresh_cookies(refresh_token) return {"success": True, "access_token": access_token} except Exception as e: logger.exception(traceback.format_exc()) handle_exc(e)
def create_token_for_user(Authorize: AuthJWT, user_id: str) -> Dict: response = RedirectResponse( f'{Config["routes"]["client"]}/login_callback?user_id={user_id}') access_token = Authorize.create_access_token(subject=user_id) refresh_token = Authorize.create_refresh_token(subject=user_id) Authorize.set_access_cookies(access_token, response) Authorize.set_refresh_cookies(refresh_token, response) return response
def refresh(Authorize: AuthJWT = Depends()): Authorize.jwt_refresh_token_required() current_user = Authorize.get_jwt_identity() return { 'access_token': Authorize.create_access_token(identity=current_user, fresh=False) }
def login(user: User, Authorize: AuthJWT = Depends()): if user.username != "test" or user.password != "test": raise HTTPException(status_code=401, detail="Bad username or password") # Create the tokens and passing to set_access_cookies or set_refresh_cookies access_token = Authorize.create_access_token(subject=user.username) return {"msg": "Successfully logged in", "access_token": access_token}
def refresh(Authorize: AuthJWT = Depends()): Authorize.jwt_refresh_token_required() current_user = Authorize.get_jwt_subject() new_access_token = Authorize.create_access_token(subject=current_user) Authorize.set_access_cookies(new_access_token) return {"refresh": "successful", "access_token": new_access_token}
def refresh_token(Authorize: AuthJWT = Depends()): """ - Retreive current user using JWT token """ Authorize.jwt_refresh_token_required() current_user = Authorize.get_jwt_identity() ret = {'access_token': AuthJWT.create_access_token(identity=current_user)} return current_user
def refresh(Authorize: AuthJWT = Depends()): Authorize.jwt_refresh_token_required() current_user = Authorize.get_jwt_subject() new_access_token = Authorize.create_access_token(subject=current_user) Authorize.set_access_cookies(new_access_token) return {"msg": "The token has been refresh"}
def refresh(Authorize: AuthJWT = Depends()): Authorize.jwt_refresh_token_required() current_token = Authorize.get_jwt_subject() new_access_token = Authorize.create_access_token( subject=str(current_token)) # Set the JWT cookies in the response Authorize.set_access_cookies(new_access_token) return {"msg": "The token has been refresh"}
def login(user: User, Authorize: AuthJWT = Depends()): if user.username != "test" or user.password != "test": raise HTTPException(status_code=401,detail="Bad username or password") # You can be passing custom claim to argument user_claims # in function create_access_token() or create refresh token() another_claims = {"foo": ["fiz","baz"]} access_token = Authorize.create_access_token(subject=user.username,user_claims=another_claims) return {"access_token": access_token}
def create_access_and_refresh_tokens(user_id: str, Authorize: AuthJWT): try: access_token = Authorize.create_access_token(subject=user_id) Authorize.set_access_cookies(access_token) refresh_token = Authorize.create_refresh_token(subject=user_id) Authorize.set_refresh_cookies(refresh_token) except: raise HTTPException( status_code=500, detail=f"Error while trying to create and refresh tokens")
async def get_refresh_token(db: Session = Depends(deps.get_db), Authorize: AuthJWT = Depends()) -> dict: Authorize.jwt_refresh_token_required() current_user = Authorize.get_jwt_subject() new_access_token = Authorize.create_access_token(subject=current_user) return { 'access_token': new_access_token, 'token_type': 'bearer', }
def login(user: User, Authorize: AuthJWT = Depends()): if user.username != "test" or user.password != "test": raise HTTPException(status_code=401, detail="Bad username or password") # You can define different algorithm when create a token access_token = Authorize.create_access_token(subject=user.username, algorithm="HS384") refresh_token = Authorize.create_refresh_token(subject=user.username, algorithm="HS512") return {"access_token": access_token, "refresh_token": refresh_token}
def login(user: User, Authorize: AuthJWT = Depends()): if user.username != 'test' or user.password != 'test': raise HTTPException(status_code=401, detail='Bad username or password') ret = { 'access_token': Authorize.create_access_token(identity=user.username), 'refresh_token': Authorize.create_refresh_token(identity=user.username) } return ret