async def login(Authorization: AuthJWT = Depends()): # add previous access jwt token to denylist saved_token = redis_denylist.get('saved_token') redis_denylist.setex( Authorization.get_raw_jwt(saved_token)['jti'], settings.ACCESS_TOKEN_EXPIRE_MINUTES * 60, 'true') Authorization.jwt_refresh_token_required() # add previous refresh jwt token to denylist redis_denylist.setex(Authorization.get_raw_jwt()['jti'], settings.REFRESH_TOKER_EXPIRE_MINUTES * 60, 'true') subject = Authorization.get_jwt_subject() return create_token_pair(Authorization, subject)
def logout(Authorize: AuthJWT = Depends()): """ Mark token as unusable """ jti = Authorize.get_raw_jwt()['jti'] app.denyTokenList.append(jti) return {"msg": "Successfully logged out"}
async def get_refresh_token(Authorize: AuthJWT = Depends()): """ Use refresh token to update access and refresh token """ Authorize.jwt_refresh_token_required() raw_jwt = Authorize.get_raw_jwt() return create_tokens(Authorize, **raw_jwt)
async def get_current_user(request: Request, response: Response, db_session: Session = Depends(get_db), Authorize: AuthJWT = Depends()): try: Authorize.jwt_required() except Exception as e: traceback.print_exc() raise token = Authorize.get_raw_jwt() # admin user admin = token.get('admin', False) if admin: user = get_admin_user_by_email(db_session, token.get('sub')) if user is None: raise CREDENTIALS_EXCEPTION return user filer = token.get('filer', False) if filer: user = get_filer_user_by_email(db_session, token.get('sub')) if user is None: raise CREDENTIALS_EXCEPTION return user raise CREDENTIALS_EXCEPTION
async def access_test(Authorization: AuthJWT = Depends()): try: Authorization.jwt_required() token_id = Authorization.get_raw_jwt()['jti'] logger.info(f'autorization passed with {token_id}') return {'status': 'OK'} except RevokedTokenError as e: raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Token has been revoked")
def auth_jwt_decode_refresh_token( auth_jwt: AuthJWT = Depends(), ) -> JWTToken: try: auth_jwt.jwt_refresh_token_required() payload = auth_jwt.get_raw_jwt() return JWTRefreshToken(**payload) except Exception: raise UnauthorizedError(message="JWT Format Error")
def access_revoke(Authorize: AuthJWT = Depends()): Authorize.jwt_required() # Store the tokens in redis with the value true for revoked. # We can also set an expires time on these tokens in redis, # so they will get automatically removed after they expire. jti = Authorize.get_raw_jwt()['jti'] redis_conn.setex(jti, ACCESS_EXPIRES, 'true') return {"msg": "Access token revoked"}
def auth_jwt_decode_oauth_state( auth_jwt: AuthJWT, state: Optional[str], ) -> Optional[JWTOAuthToken]: payload = auth_jwt.get_raw_jwt(state) if payload: try: return JWTOAuthToken(**payload) except Exception: raise UnauthorizedError(message="JWT Format Error") return None
async def websocket(websocket: WebSocket, csrf_token: str = Query(...), Authorize: AuthJWT = Depends()): await websocket.accept() try: Authorize.jwt_required("websocket",websocket=websocket,csrf_token=csrf_token) # Authorize.jwt_optional("websocket",websocket=websocket,csrf_token=csrf_token) # Authorize.jwt_refresh_token_required("websocket",websocket=websocket,csrf_token=csrf_token) # Authorize.fresh_jwt_required("websocket",websocket=websocket,csrf_token=csrf_token) await websocket.send_text("Successfully Login!") decoded_token = Authorize.get_raw_jwt() await websocket.send_text(f"Here your decoded token: {decoded_token}") except AuthJWTException as err: await websocket.send_text(err.message) await websocket.close()
def auth_jwt_decode_access_token_optional( auth_jwt: AuthJWT = Depends(), scheme: HTTPAuthorizationCredentials = Depends(jwt_scheme) # scheme is only used for authorization in swagger UI ) -> Optional[JWTAccessToken]: auth_jwt.jwt_optional() payload = auth_jwt.get_raw_jwt() if not payload: return None try: return JWTAccessToken(**payload) except Exception: raise UnauthorizedError(message="JWT Format Error")
async def refresh_tokens(Authorize: AuthJWT = Depends()): Authorize.jwt_refresh_token_required() current_user = Authorize.get_jwt_subject() jti = Authorize.get_raw_jwt()['jti'] access_token = Authorize.create_access_token(subject=current_user) refresh_token = Authorize.create_refresh_token(subject=current_user) if not DEBUG_LOGIN: app.state.redis.revoke_tokens(jti) app.state.redis.save_tokens(Authorize.get_jti(access_token), Authorize.get_jti(refresh_token)) return {"access_token": access_token, "refresh_token": refresh_token, "result": True}
async def websocket_jwt_optional_cookies( websocket: WebSocket, csrf_token: str = Query(...), Authorize: AuthJWT = Depends() ): await websocket.accept() try: Authorize.jwt_optional("websocket",websocket=websocket,csrf_token=csrf_token) decoded_token = Authorize.get_raw_jwt() if decoded_token: await websocket.send_text("hello world") await websocket.send_text("hello anonym") except AuthJWTException as err: await websocket.send_text(err.message) await websocket.close()
def verify_token_and_domain( request: Request, Authorize: AuthJWT = Depends(), dummy=Depends(HTTPBearer()) ) -> RawJwt: """ Check JWT access token and domain, if domain from request anf from token are equal, than pass the validation. Argument dummy needs only for generating the documentation. """ domain = request.base_url.hostname Authorize.jwt_required() raw_jwt = Authorize.get_raw_jwt() user_domain = raw_jwt.get('domain') if domain != user_domain: raise HTTPException(401) return raw_jwt
def delete_user_profile_picture(Authorize: AuthJWT = Depends(), db: Session = Depends(get_db)): Authorize.jwt_required() user_id = Authorize.get_jwt_subject() user_name = Authorize.get_raw_jwt()["username"] dbuser = userCRUD.get(db, user_id) if not user_name: raise HTTPException(500, "Failed to get username from JWT") profile_picture = get_default_profile_picture(user_name) dbuser = userCRUD.update_profile_picture(db, user_id=user_id, image=profile_picture) return JSONResponse({"success": True})
async def get_active_user_from_cookie(request: Request, db_session: Session = Depends(get_db), Authorize: AuthJWT = Depends()): Authorize.jwt_refresh_token_required() token = Authorize.get_raw_jwt() # admin user admin = token.get('admin', False) if admin: user = get_admin_user_by_email(db_session, token.get('sub')) if user is None or not user.active: raise CREDENTIALS_EXCEPTION return user filer = token.get('filer', False) if filer: user = get_filer_user_by_email(db_session, token.get('sub')) if user is None or not user.active: raise CREDENTIALS_EXCEPTION return user raise CREDENTIALS_EXCEPTION
def refresh_revoke(Authorize: AuthJWT = Depends()): Authorize.jwt_refresh_token_required() jti = Authorize.get_raw_jwt()['jti'] redis_conn.setex(jti, settings.refresh_expires, 'true') return {"detail": "Refresh token has been revoke"}
async def refresh_token_revoke(Authorize: AuthJWT = Depends()): Authorize.jwt_refresh_token_required() jti = Authorize.get_raw_jwt()['jti'] conn_redis.setex(jti,REFRESH_EXPIRES,"true") return {"message":"Refresh token revoked."}
async def access_token_revoke(Authorize: AuthJWT = Depends()): Authorize.jwt_required() jti = Authorize.get_raw_jwt()['jti'] conn_redis.setex(jti,ACCESS_EXPIRES,"true") return {"message":"Access token revoked."}
def add_to_deny(Authorize: AuthJWT, token: str = None): jti = Authorize.get_raw_jwt(token)["jti"] denylist.add(jti)
def refresh_revoke(Authorize: AuthJWT = Depends()): Authorize.jwt_refresh_token_required() jti = Authorize.get_raw_jwt()['jti'] blacklist.add(jti) return {"msg": "Refresh token revoked"}
def access_revoke(Authorize: AuthJWT = Depends()): Authorize.jwt_required() jti = Authorize.get_raw_jwt()['jti'] blacklist.add(jti) return {"msg": "Access token revoked"}
def user(Authorize: AuthJWT = Depends()): Authorize.jwt_required() foo_claims = Authorize.get_raw_jwt()['foo'] return {"foo": foo_claims}
def refresh_revoke(Authorize: AuthJWT = Depends()): Authorize.jwt_refresh_token_required() jti = Authorize.get_raw_jwt()['jti'] denylist.add(jti) return {"detail": "Refresh token has been revoke"}
def raw_token(Authorize: AuthJWT = Depends()): Authorize.jwt_required() return Authorize.get_raw_jwt()
async def logout(Authorize: AuthJWT = Depends()): Authorize.jwt_required() app.state.redis.revoke_tokens(Authorize.get_raw_jwt()['jti']) return {"status": "ok", "msg": "logged out", "result": True}
def refresh_revoke(Authorize: AuthJWT = Depends()): Authorize.jwt_refresh_token_required() jti = Authorize.get_raw_jwt()['jti'] redis_conn.setex(jti, REFRESH_EXPIRES, 'true') return {"msg": "Refresh token revoked"}