def decode_token(token: str, context=None):
payload = {}
def __verify_payload(payload: Dict):
user = get_user_by_payload(payload)
jti = ""
try:
jti = payload["jti"]
except:
raise jwt.MissingRequiredClaimError("jti")
if (not user.jtis.filter(value=jti).exists()):
raise jwt.InvalidTokenError("Token expired by user-logout request")
try:
payload = jwt_decode(token, context)
__verify_payload(payload)
except jwt.ExpiredSignature:
raise exceptions.JSONWebTokenExpired()
except jwt.DecodeError as e:
print(e)
raise exceptions.JSONWebTokenError('Error decoding signature')
except jwt.InvalidTokenError as j:
print(j)
raise exceptions.JSONWebTokenError('Invalid token')
return payload
def resolve(self, next, root, info, **kwargs):
request = info.context
if needs_live_client_jwt_verification(request):
token = get_live_client_authorization(request)
decodedToken = jwt_decode(token)
do_additional_token_verification(decodedToken)
elif needs_additional_jwt_verification(request):
token = get_http_authorization(info.context)
decodedToken = jwt_decode(token)
do_additional_token_verification(decodedToken)
if not hasattr(request, "user"):
request.user = AnonymousUser()
return super().resolve(next, root, info, **kwargs)
def mutate(self, info, token, password1, password2):
email = None
# result = settings.PASSWORD_NOT_RESET_ERROR
result = settings.KO
errors_list = []
if password1 is None or len(password1.strip()) == 0:
errors_list.append(settings.PASSWORD1_REQUIRED_ERROR)
if password2 is None or len(password2.strip()) == 0:
errors_list.append(settings.PASSWORD2_REQUIRED_ERROR)
if password1 != password2:
errors_list.append(settings.PASSWORDS_NOT_MATCH_ERROR)
else:
password_pattern = re.compile(settings.PASSWORD_REGEX_PATTERN)
if password_pattern.match(password1) is None:
errors_list.append(settings.PASSWORD_REGEX_ERROR)
if token is None or len(token.strip()) == 0:
errors_list.append(settings.TOKEN_REQUIRED_ERROR)
else:
try:
payload = jwt_decode(token)
email = payload.get('email')
if email is None or len(email.strip()) == 0:
raise Exception()
user = None
try:
user = get_user_model().objects.get(email=email)
except get_user_model().DoesNotExist:
errors_list.append(settings.ACCOUNT_DOES_NOT_EXIST_ERROR)
if user is not None:
if not user.is_active:
errors_list.append(settings.ACCOUNT_INACTIVE_ERROR)
elif token != user.last_token:
errors_list.append(settings.TOKEN_NOT_MATCH_ERROR)
elif user.is_used_last_token:
errors_list.append(settings.TOKEN_USED_ERROR)
if len(errors_list) == 0:
# https://django-graphql-jwt.domake.io/en/stable/settings.html#pyjwt
user.set_password(password1)
user.is_used_last_token = True
user.save()
# result = settings.PASSWORD_RESET
result = settings.OK
except ExpiredSignatureError:
errors_list.append(settings.EXPIRED_TOKEN_ERROR)
except Exception:
errors_list.append(settings.TOKEN_ERROR)
return ResetPassword(email=email, result=result, errors=errors_list)
def mutate(self, info, token):
old_email = None
new_email = None
# result = settings.EMAIL_NOT_UPDATED_ERROR
result = settings.KO
errors_list = []
if token is None or len(token.strip()) == 0:
errors_list.append(settings.TOKEN_REQUIRED_ERROR)
else:
try:
payload = jwt_decode(token)
old_email = payload.get('email')
new_email = payload.get('new_email')
email_pattern = re.compile(settings.EMAIL_REGEX_PATTERN)
if old_email is None or len(old_email.strip()) == 0 \
or new_email is None or len(new_email.strip()) == 0 is None:
raise Exception()
elif email_pattern.match(new_email) is None:
errors_list.append(settings.EMAIL_REGEX_ERROR)
elif get_user_model().objects.filter(
email__iexact=new_email).exists():
errors_list.append(settings.EMAIL_ALREADY_REGISTERED_ERROR)
else:
user = None
try:
user = get_user_model().objects.get(email=old_email)
except get_user_model().DoesNotExist:
errors_list.append(
settings.ACCOUNT_DOES_NOT_EXIST_ERROR)
if user is not None:
if not user.is_active:
errors_list.append(settings.ACCOUNT_INACTIVE_ERROR)
elif token != user.last_token:
errors_list.append(settings.TOKEN_NOT_MATCH_ERROR)
elif user.is_used_last_token:
errors_list.append(settings.TOKEN_USED_ERROR)
if len(errors_list) == 0:
user.email = new_email.lower()
user.is_used_last_token = True
user.save()
# result = settings.EMAIL_UPDATED
result = settings.OK
except ExpiredSignatureError:
errors_list.append(settings.EXPIRED_TOKEN_ERROR)
except Exception:
errors_list.append(settings.TOKEN_ERROR)
return UpdateEmail(old_email=old_email,
new_email=new_email,
result=result,
errors=errors_list)
def mutate(info, token, uid):
try:
uid = force_bytes(urlsafe_base64_decode(uid))
user = User.objects.get(pk=uid)
except (TypeError, ValueError, OverflowError, User.DoesNotExist):
return Activate(success=False,
errors=['user', 'No such user found'])
if user is not None and jwt_decode(token):
user.is_confirmed = True
user.save()
login(info.context, user)
return Activate(success=True)
return Activate(success=False, errors=['user', 'User is invalid'])
def __call__(self, scope):
headers = dict(scope['headers'])
token = "NOTOKEN"
for item in headers[b'cookie'].split():
keyValue = str(item).split("=")
if keyValue[0] == "b'token":
token = keyValue[1][:-1]
break
if token == "NOTOKEN":
raise Exception("Authentication error")
else:
username = jwt_decode(token)['username']
scope['user'] = User.objects.get(username=username)
return self.inner(scope)
def test_rsa_jwt(self):
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend(),
)
public_key = private_key.public_key()
payload = utils.jwt_payload(self.user)
with override_jwt_settings(JWT_PUBLIC_KEY=public_key,
JWT_PRIVATE_KEY=private_key,
JWT_ALGORITHM='RS256'):
token = utils.jwt_encode(payload)
decoded = utils.jwt_decode(token)
self.assertEqual(payload, decoded)
def __call__(self, scope):
""" Return user(or AnonymousUser) that tries to connect to websockets """
headers = dict(scope['headers'])
user = None
if b'cookie' in headers:
cookie = headers[b'cookie'].decode("utf-8")
result = re.search(r'authorization=[\w.-]+', cookie)
if result:
token = result.group(0).split('=')[1]
email = utils.jwt_decode(token)['email']
user = get_user_model().objects.get(email=email)
if user:
scope['user'] = user
else:
scope['user'] = AnonymousUser()
return self.inner(scope)
def mutate(self, info, token):
email = None
# result = settings.USER_NOT_ACTIVATED_ERROR
result = settings.KO
errors_list = []
if token is None or len(token.strip()) == 0:
errors_list.append(settings.TOKEN_REQUIRED_ERROR)
else:
try:
payload = jwt_decode(token)
email = payload.get('email')
if email is None or len(email.strip()) == 0:
raise Exception()
user = None
try:
user = get_user_model().objects.get(email=email.lower())
except get_user_model().DoesNotExist:
errors_list.append(settings.ACCOUNT_DOES_NOT_EXIST_ERROR)
if user is not None:
if user.is_active:
errors_list.append(settings.ACCOUNT_ACTIVE_ERROR)
elif token != user.last_token:
raise Exception(settings.TOKEN_NOT_MATCH_ERROR)
elif user.is_used_last_token:
errors_list.append(settings.TOKEN_USED_ERROR)
if len(errors_list) == 0:
user.is_active = True
user.is_used_last_token = True
user.save()
# result = settings.USER_ACTIVATED
result = settings.OK
except ExpiredSignatureError:
errors_list.append(settings.EXPIRED_TOKEN_ERROR)
except Exception:
errors_list.append(settings.TOKEN_ERROR)
return ActivateAccount(email=email, result=result, errors=errors_list)
