def test_create_jwt(self): user = User.objects.create_user(**USER_CHI) token = user.create_jwt() try: api_settings.JWT_DECODE_HANDLER(token) # on success, the lines bellow will not run except (ExpiredSignature, DecodeError): # pragma: no cover self.assertTrue(False) # pragma: no cover bad_token = f'{token}_taint' with self.assertRaises(DecodeError): api_settings.JWT_DECODE_HANDLER(bad_token)
def test_create_jwt(self): user = User.objects.create_user(**USER_VASCO) token = user.create_jwt() try: api_settings.JWT_DECODE_HANDLER(token) except (ExpiredSignature, DecodeError): self.assertTrue(False) bad_token = f'{token}_taint' with self.assertRaises(DecodeError): api_settings.JWT_DECODE_HANDLER(bad_token)
def get(self, request): token = request.META['HTTP_AUTHORIZATION'][4:] username = api_settings.JWT_DECODE_HANDLER(token)['username'] notifications = Notification.objects(admin_by=username) notifications = list(map(self.filter, notifications)) return HttpResponse(json.dumps(notifications), content_type='application/json')
def get_user_from_auth_header(self, request): try: auth_keyword, token = get_authorization_header(request).split() jwt_header, claims, signature = token.split('.') try: payload = api_settings.JWT_DECODE_HANDLER(token) try: user_id = api_settings.JWT_PAYLOAD_GET_USER_ID_HANDLER( payload) if user_id: user = User.objects.get(pk=user_id, is_active=True) return user else: msg = 'Invalid payload' return None except User.DoesNotExist: msg = 'Invalid signature' return None except jwt.ExpiredSignature: msg = 'Signature has expired.' return None except jwt.DecodeError: msg = 'Error decoding signature.' return None except ValueError: return None
def side_effect(url, json): self.assertIn(url, expected_subscribers) self.assertIn('token', json) payload = api_settings.JWT_DECODE_HANDLER(json['token']) self.assertEqual(payload['uuid'], self.user_vasco.uuid) self.assertEqual(payload['username'], self.user_vasco.username) return mock
def get(self, request): token = request.META['HTTP_AUTHORIZATION'][4:] username = api_settings.JWT_DECODE_HANDLER(token)['username'] nit = Enterprise.objects.filter(admin_by__username=username)[0].nit routes = Route.objects(enterprise=nit) routes = list(map(self.filter, routes)) return HttpResponse(json.dumps(routes), content_type='application/json')
def test_can_invalidate_token_when_changing_settings_secret_key( factories, settings): settings.SECRET_KEY = "test1" user = factories["users.User"]() jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER payload = jwt_payload_handler(user) payload = jwt_encode_handler(payload) # this should work api_settings.JWT_DECODE_HANDLER(payload) # now we update the secret key settings.SECRET_KEY = "test2" # token should be invalid with pytest.raises(DecodeError): api_settings.JWT_DECODE_HANDLER(payload)
def test_can_invalidate_token_when_changing_user_secret_key(factories): user = factories["users.User"]() u1 = user.secret_key jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER payload = jwt_payload_handler(user) payload = jwt_encode_handler(payload) # this should work api_settings.JWT_DECODE_HANDLER(payload) # now we update the secret key user.update_secret_key() user.save() assert user.secret_key != u1 # token should be invalid with pytest.raises(DecodeError): api_settings.JWT_DECODE_HANDLER(payload)
def load(self): """ We load the data from the key itself instead of fetching from some external data store. Opposite of _get_session_key(), raises BadSignature if signature fails. """ try: return api_settings.JWT_DECODE_HANDLER(self.session_key) except Exception: # BadSignature, ValueError, or unpickling exceptions. If any of # these happen, reset the session. self.create() return {}
def validate(self, data): try: payload = api_settings.JWT_DECODE_HANDLER(data['token']) except (ExpiredSignature, DecodeError): raise serializers.ValidationError("Invalid Token field.") if 'uuid' not in payload: raise serializers.ValidationError("Invalid payload (no uuid).") if len(payload['uuid']) != self.Meta.model.UUID_LEN: raise serializers.ValidationError("Invalid payload (bad uuid).") if self.Meta.model.objects.filter( external_uuid=payload['uuid']).exists(): raise serializers.ValidationError( "Invalid payload (existing uuid).") data['uuid'] = payload['uuid'] data['name'] = payload.get( 'username', '') # use username to initialize profile.name return data
def decode(token) -> dict: return api_settings.JWT_DECODE_HANDLER(token)
def jwt_decode_token(cls, *args, **kwargs): return api_settings.JWT_DECODE_HANDLER(*args, **kwargs)
def get_uid_from_jwt(request): auth = JSONWebTokenAuthentication() jwt_value = auth.get_jwt_value(request) payload = api_settings.JWT_DECODE_HANDLER(jwt_value) return payload['user_id']