def get_user_by_context(context: WSGIRequest): if not context.user.is_authenticated: raise GraphQLError('User is anonymous') token = context.headers['Authorization'].replace('Bearer ', '') user = get_user_by_token(token, context) return user
def authenticate(self, request=None, **credentials): if request is None: return None token = get_jwt_cookie(request) if token is not None: user = get_user_by_token(token) return user return None
def resolve(self, next, root, info, **args): headers = info.context.headers if 'Authorization' in headers.keys() and len(headers['Authorization']): token = headers['Authorization'].split(' ')[1] user = get_user_by_token(token) info.context.user = user return next(root, info, **args)
def get_user(request: HttpRequest): try: return shortcuts.get_user_by_token( request.headers.get("Authorization", "").replace("Bearer ", "")) except Exception as e: print(f"get user exc {e}") t = request.headers.get("Authorization", "").replace("Bearer ", "") print(f"jwt was: {t}") return AnonymousUser()
def _get_user(self, token): user = get_user_by_token(token) if user is None: raise exceptions.JSONWebTokenError(_("User does not exists")) if not user.is_authenticated: raise exceptions.JSONWebTokenError( _("Invalid authentication credentials")) return user
def authenticate(self, request=None, **kwargs): if request is None or getattr(request, "_jwt_token_auth", False): return None token = get_credentials(request, **kwargs) try: # +++ if token is not None: return get_user_by_token(token, request) except JSONWebTokenError: # +++ pass # +++ return None
def mutate(self, info, code): errors = list() user = None try: token = info.context.headers['AUTHORIZATION'].split(' ')[1] user = get_user_by_token(token) except (JSONWebTokenError, IndexError, KeyError): errors.append("Auth token isn't valid.") return VerifyUserMutation(errors=errors, user=None) if user.last_verification_code == code: user.is_verified = True user.save() else: errors.append('Code is incorrect.') return VerifyUserMutation(errors=errors, user=None) return VerifyUserMutation(errors=errors, user=user)
def subscribe(root, info, token, discussion_id, **kwargs): user = get_user_by_token(token) if user is None: raise PermissionError( 'You do not have the permission to perform this action') try: discussion = Discussion.objects.get(pk=discussion_id) except Discussion.DoesNotExist: return 'This discussion does not exist' if discussion.sender != user and discussion.receiver != user: raise PermissionError( 'You do not have the permission to perform this action') group_name = f'discussion@{discussion.id}' return [group_name]
def test_jwt_auth(self): """ Test that a JWT for the correct user can be created using an API Token """ response = self.client.execute(f""" query {{ jwtToken( token: "{self.token.token}" ) {{ jwtToken refreshToken }} }} """) jwt_token = response.data['jwtToken']['jwtToken'] self.assertEqual(get_user_by_token(jwt_token), self.user, "user not being correctly encoded into jwt")
def resolve_new_message(self, info, token, room_id, **kwargs): user = shortcuts.get_user_by_token(token) user_id = user.pk room = Room.objects.get(pk=room_id) room.members.get(pk=user.pk) source = Subject() def handler(event): if event is not None: source.on_next(event) pubsub = redis_client.pubsub() pubsub.subscribe(**{f'room-{room_id}': handler}) pubsub.run_in_thread(sleep_time=0.001) return source.filter(lambda event: isinstance(event['data'], bytes))\ .map(lambda event: json.loads(event['data'].decode()))\ .filter(lambda event: event['type'] == 'NEW_MESSAGE')\ .map(lambda event: Message.objects.get(pk=event['pk']))\ .filter(lambda message: message.room.pk == room_id)
def receive_json(self, content): if content['type'] == 'auth': token = content['text'] user = get_user_by_token(token) Client.objects.create(channel_name=self.channel_name, user=user)
def test_get_token(self): token = shortcuts.get_token(self.user) user = shortcuts.get_user_by_token(token) self.assertEqual(user, self.user)
def __call__(self, request): session_created = False has_token = False # add user request.user = SimpleLazyObject(lambda: get_user(request)) token = get_credentials(request) if token is not None and token != '' and token != 'None' and \ not token_is_expired(token): user = get_user_by_token(token, request) request.user = user has_token = True # add session if not hasattr(request, 'session'): session_engine = import_module(settings.SESSION_ENGINE) session_key = request.COOKIES.get(settings.SESSION_COOKIE_NAME) # if the session cannot be saved, start with an empty session try: request.session = session_engine.SessionStore(session_key) request.session.save() session_created = True except UpdateError: response = redirect(request.get_full_path()) response.delete_cookie( settings.SESSION_COOKIE_NAME, path=settings.SESSION_COOKIE_PATH, domain=settings.SESSION_COOKIE_DOMAIN, ) response.delete_cookie(jwt_settings.JWT_COOKIE_NAME) patch_vary_headers(response, ('Cookie',)) return response max_age = request.session.get_expiry_age() expires_time = time.time() + max_age anti_expires_time = cookie_date(time.time() - max_age) cookie_expires = cookie_date(expires_time) if request.session.get_expire_at_browser_close(): max_age = None cookie_expires = None if token and token_is_expired(token): cookie_token = request.COOKIES.get(jwt_settings.JWT_COOKIE_NAME) session_key = request.COOKIES.get(settings.SESSION_COOKIE_NAME) if cookie_token and cookie_token != '""': try: user = get_user_from_session_key(session_key) request.user = user refresh_token_lazy(request.user) token = get_token(request.user) refresh_token_rotated.send( sender=SRIJWTAuthMiddleware, request=request, refresh_token=self, ) signals.token_issued.send( sender=SRIJWTAuthMiddleware, request=request, user=request.user) except ObjectDoesNotExist: ## fallback solution response = redirect(request.get_full_path()) delete_jwt_cookie(request, response) patch_vary_headers(response, ('Cookie',)) return response # process response with inner middleware response = self.get_response(request) if request.user.is_authenticated and not has_token: token = get_token(request.user) signals.token_issued.send( sender=SRIJWTAuthMiddleware, request=request, user=request.user) # if token is expired, refresh it if token_is_expired(token): refresh_token_lazy(request.user) token = get_token(request.user) refresh_token_rotated.send( sender=SRIJWTAuthMiddleware, request=request, refresh_token=self, ) signals.token_issued.send( sender=SRIJWTAuthMiddleware, request=request, user=request.user) #expires = datetime.utcnow() + jwt_settings.JWT_EXPIRATION_DELTA response.set_cookie( jwt_settings.JWT_COOKIE_NAME, token, domain=settings.COOKIE_DOMAIN, max_age=max_age, expires=cookie_expires, secure=settings.JWT_COOKIE_SECURE or None, httponly=settings.JWT_COOKIE_HTTPONLY or None, samesite='Lax', ) patch_vary_headers(response, ('Cookie',)) accessed = request.session.accessed modified = request.session.modified empty = request.session.is_empty() # we'll force the session cookie creation if: # * we have a valid token but we didn't have a session for the user # * the session was not created because the user is logged in create_session_cookie = token and session_created \ or token and not request.user.is_authenticated if settings.SESSION_COOKIE_NAME in request.COOKIES and empty: response.delete_cookie( settings.SESSION_COOKIE_NAME, path=settings.SESSION_COOKIE_PATH, domain=settings.SESSION_COOKIE_DOMAIN, ) response.delete_cookie(jwt_settings.JWT_COOKIE_NAME) patch_vary_headers(response, ('Cookie',)) else: if accessed: patch_vary_headers(response, ('Cookie',)) try: SESSION_SAVE_EVERY_REQUEST = settings.SESSION_SAVE_EVERY_REQUEST except AttributeError: SESSION_SAVE_EVERY_REQUEST = None if (modified or SESSION_SAVE_EVERY_REQUEST) and not empty or create_session_cookie: # Save the session data and refresh the client cookie. # Skip session save for 500 responses, refs #3881. if response.status_code != 500: try: request.session.save() except UpdateError: raise SuspiciousOperation( "The request's session was deleted before the " "request completed. The user may have logged " "out in a concurrent request, for example." ) response.set_cookie( settings.SESSION_COOKIE_NAME, request.session.session_key, max_age=max_age, expires=cookie_expires, domain=settings.SESSION_COOKIE_DOMAIN, path=settings.SESSION_COOKIE_PATH, secure=settings.SESSION_COOKIE_SECURE or None, httponly=settings.SESSION_COOKIE_HTTPONLY or None, samesite='Strict', ) return response
def assert_token(self, token, user): user = User.objects.get(username=user.username) self.assertEqual(len(token), 157) self.assertEqual(get_user_by_token(token), user)