def _verify_token_is_fresh(jwt_header, jwt_data):
fresh = jwt_data["fresh"]
if isinstance(fresh, bool):
if not fresh:
raise FreshTokenRequired("Fresh token required", jwt_header,
jwt_data)
else:
now = datetime.timestamp(datetime.now(timezone.utc))
if fresh < now:
raise FreshTokenRequired("Fresh token required", jwt_header,
jwt_data)
def wrapper(*args, **kwargs):
if request.method not in config.exempt_methods:
jwt_data = _decode_jwt_from_request(request_type='access')
ctx_stack.top.jwt = jwt_data
fresh = jwt_data['fresh']
if isinstance(fresh, bool):
if not fresh:
raise FreshTokenRequired('Fresh token required')
else:
now = timegm(datetime.utcnow().utctimetuple())
if fresh < now:
raise FreshTokenRequired('Fresh token required')
verify_token_claims(jwt_data)
_load_user(jwt_data[config.identity_claim_key])
return fn(*args, **kwargs)
def wrapper(*args, **kwargs):
jwt_data = _decode_jwt_from_request(request_type='access')
ctx_stack.top.jwt = jwt_data
fresh = jwt_data['fresh']
if isinstance(fresh, bool):
if not fresh:
raise FreshTokenRequired('Fresh token required')
else:
now = timegm(datetime.utcnow().utctimetuple())
if fresh < now:
raise FreshTokenRequired('Fresh token required')
if not verify_token_claims(jwt_data[config.user_claims_key]):
raise UserClaimsVerificationError(
'User claims verification failed')
_load_user(jwt_data[config.identity_claim_key])
return fn(*args, **kwargs)
def wrapper(*args, **kwargs):
# Check if the token is fresh
jwt_data = _decode_jwt_from_request(request_type='access')
if not jwt_data['fresh']:
raise FreshTokenRequired('Fresh token required')
ctx_stack.top.jwt = jwt_data
_load_user(jwt_data['identity'])
return fn(*args, **kwargs)
def verify_fresh_jwt_in_request():
"""
Ensure that the requester has a valid and fresh access token. Raises an
appropiate exception if there is no token, the token is invalid, or the
token is not marked as fresh.
"""
if request.method not in config.exempt_methods:
jwt_data = _decode_jwt_from_request(request_type='access')
ctx_stack.top.jwt = jwt_data
fresh = jwt_data['fresh']
if isinstance(fresh, bool):
if not fresh:
raise FreshTokenRequired('Fresh token required')
else:
now = timegm(datetime.utcnow().utctimetuple())
if fresh < now:
raise FreshTokenRequired('Fresh token required')
verify_token_claims(jwt_data)
_load_user(jwt_data[config.identity_claim_key])
def wrapper(*args, **kwargs):
# Check if the token is fresh
jwt_data = _decode_jwt_from_request(request_type='access')
if not jwt_data['fresh']:
raise FreshTokenRequired('Fresh token required')
# Save the jwt in the context so that it can be accessed later by
# the various endpoints that is using this decorator
ctx_stack.top.jwt = jwt_data
return fn(*args, **kwargs)
def wrapper(*args, **kwargs):
jwt_data = _decode_jwt_from_request(request_type='access')
ctx_stack.top.jwt = jwt_data
if not jwt_data['fresh']:
raise FreshTokenRequired('Fresh token required')
if not verify_token_claims(jwt_data[config.user_claims]):
raise UserClaimsVerificationError(
'User claims verification failed')
_load_user(jwt_data[config.identity_claim])
return fn(*args, **kwargs)
def wrapper(*args, **kwargs):
# Attempt to decode the token
jwt_data = _decode_jwt_from_request()
# Verify this is an access token
if jwt_data['type'] != 'access':
raise WrongTokenError('Only access tokens can access this endpoint')
# If blacklisting is enabled, see if this token has been revoked
blacklist_enabled = get_blacklist_enabled()
if blacklist_enabled:
check_if_token_revoked(jwt_data)
# Check if the token is fresh
if not jwt_data['fresh']:
raise FreshTokenRequired('Fresh token required')
# Save the jwt in the context so that it can be accessed later by
# the various endpoints that is using this decorator
ctx_stack.top.jwt_identity = jwt_data['identity']
ctx_stack.top.jwt_user_claims = jwt_data['user_claims']
return fn(*args, **kwargs)