def get_user(token):
try:
validated_token = JWTAuthentication().get_validated_token(token)
user = JWTAuthentication().get_user(validated_token)
return user
except Exception as e:
return AnonymousUser()
def validate(self, attrs):
refresh = RefreshToken(attrs['refresh'])
data = {'access': str(refresh.access_token)}
if settings.SIMPLE_JWT['ROTATE_REFRESH_TOKENS']:
if settings.SIMPLE_JWT['BLACKLIST_AFTER_ROTATION']:
try:
# Attempt to blacklist the given refresh token
refresh.blacklist()
except AttributeError:
# If blacklist app not installed, `blacklist` method will
# not be present
pass
refresh.set_jti()
refresh.set_exp()
data['refresh'] = str(refresh)
jwt_obj = JWTAuthentication()
user = jwt_obj.get_user(refresh.access_token)
user_serializer = UserSerializer(user)
data['user'] = user_serializer.data
data['token_expire_at'] = refresh.access_token.get('exp')
data['refresh_token_expire_at'] = refresh.get('exp')
return data
def delete(self, request):
"""
Deletes a list of given landzones
:author Munir Safi
:since 2020-11-19
:param {request} the incoming rest_framework http request object
"""
if request.headers.get('Authorization', None) is not None:
header_token = request.headers['Authorization'].split(' ')[1]
jwt_object = JWTAuthentication()
valid_token = jwt_object.get_validated_token(header_token)
user_email = jwt_object.get_user(valid_token)
AuthUser = get_user_model()
user = AuthUser.objects.get(email=user_email)
for landzone_uuid in request.data:
zone = LandZone.objects.get(uuid=landzone_uuid)
if zone.owner == user:
zone.delete()
else:
return Response(
{
'message':
'You are attempting to delete an area that you have no privelages for'
},
status=status.HTTP_401_UNAUTHORIZED)
return Response(status=status.HTTP_200_OK)
else:
return Response(
{'message': 'You must be logged in to delete a zone!'},
status=status.HTTP_401_UNAUTHORIZED)
def post(self, request):
"""
Save the landzones a user submits
:author Munir Safi
:since 2020-11-14
:param {request} the incoming rest_framework http request object
"""
if request.headers.get('Authorization', None) is not None:
header_token = request.headers['Authorization'].split(' ')[1]
jwt_object = JWTAuthentication()
valid_token = jwt_object.get_validated_token(header_token)
user_email = jwt_object.get_user(valid_token)
AuthUser = get_user_model()
user = AuthUser.objects.get(email=user_email)
for landzone in request.data['landzones']:
if landzone.get('geoJSON', None) is not None:
land_zone = LandZone(geo_json=landzone['geoJSON'],
owner=user)
land_zone.save()
else:
return Response(
{
'message':
'You must include a \'geoJSON\' property in your array of objects'
},
status=status.HTTP_400_BAD_REQUEST)
return Response(status=status.HTTP_200_OK)
else:
return Response(
{'message': 'You must be logged in to register a new zone!'},
status=status.HTTP_401_UNAUTHORIZED)
def get(self, request):
header = JWTAuthentication().get_header(request)
raw_token = JWTAuthentication.get_raw_token(self, header)
validated_token = JWTAuthentication().get_validated_token(raw_token)
user = JWTAuthentication.get_user(self, validated_token)
# print(user.created_at)
return Response(
{
"email": user.email,
"name": user.name,
"username": user.username,
"is_superuser": user.is_superuser,
"is_staff": user.is_staff,
"is_verified": user.is_verified,
# "created_at": user.created_at,
# "updated_at": user.updated_at,
# 'tokens': user.tokens,
},
status=status.HTTP_200_OK)
def _check_login_social_simple_jwt_only(self, url, data, token_type):
resp = self.client.post(url, data)
self.assertEqual(resp.status_code, 200)
# check token valid
jwt_auth = JWTAuthentication()
token_instance = jwt_auth.get_validated_token(resp.data['token'])
self.assertEqual(token_instance['token_type'], token_type)
def _check_login_social_simple_jwt_only(self, url, data, token_type):
resp = self.client.post(url, data)
self.assertEqual(resp.status_code, 200)
# check token valid
jwt_auth = JWTAuthentication()
token_instance = jwt_auth.get_validated_token(resp.data['token'])
self.assertEqual(token_instance['token_type'], token_type)
def get_authenticators(self): auth_head = get_authorization_header(self.request) ah = jwt.get_header(self, request=self.request) token = jwt.get_raw_token(self, header=auth_head) return [auth() for auth in self.authentication_classes]
def recipes_detail(request, pk):
JWT = JWTAuthentication()
request_data = JWT.authenticate(
request) ##returns a tuple with user, token
print(request_data[0])
user = request_data[0]
try:
recipe = Recipe.objects.get(pk=pk)
except Recipe.DoesNotExist:
return Response(status=status.HTTP_404_NOT_FOUND)
if request.method == 'GET':
serializer = RecipeSerializer(recipe)
return Response(serializer.data)
elif request.method == 'PUT':
serializer = RecipeSerializer(recipe, data=request.data)
if serializer.is_valid():
serializer.save(user=user)
return Response(serializer.data)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
elif request.method == 'DELETE':
recipe.delete()
return Response(status=status.HTTP_204_NO_CONTENT)
def format_data(self, data):
JWT_authenticator = JWTAuthentication()
# decode token
user, _ = JWT_authenticator.authenticate(self.request)
data['user'] = user.id
data['date'] = format_date(data['date'])
return data
def post(self, request):
"""
Validates the current user, then updates their password using the new
given password
:author Munir Safi
:since 2020-11-14
:param {request} the incoming rest_framework http request object
"""
if request.headers.get('Authorization', None) is not None:
header_token = request.headers['Authorization'].split(' ')[1]
jwt_object = JWTAuthentication()
valid_token = jwt_object.get_validated_token(header_token)
user_email = jwt_object.get_user(valid_token)
AuthUser = get_user_model()
user = AuthUser.objects.get(email=user_email)
user.set_password(request.data['password'])
user.save()
refresh = RefreshToken.for_user(user)
return Response({
'refresh': str(refresh),
'access': str(refresh.access_token)
})
else:
return Response(
{
'message':
'Cannot change user password if no user is active'
},
status=status.HTTP_400_BAD_REQUEST)
def get_user_for_token(token_key):
try:
jwt_object = JWTAuthentication()
validated_token = jwt_object.get_validated_token(token_key)
user = jwt_object.get_user(validated_token)
return user
except Token.DoesNotExist:
return AnonymousUser()
def validate(self, attrs):
data = super().validate(attrs)
jwt_object = JWTAuthentication()
validated_token = jwt_object.get_validated_token(attrs.get('token'))
user = jwt_object.get_user(validated_token)
user_serializer = UserSerializer(user)
data['user'] = user_serializer.data
return data
def get_user_from_access_token_or_401(access_token):
jwt_authenticaton = JWTAuthentication()
validated_token = jwt_authenticaton.get_validated_token(access_token)
try:
return jwt_authenticaton.get_user(validated_token)
except AuthenticationFailed:
raise NotAuthenticated401
def get_jwt_payload(request):
jwt_object = JWTAuthentication()
header = jwt_object.get_header(request)
raw_token = jwt_object.get_raw_token(header)
validated_token = jwt_object.get_validated_token(raw_token)
token_backend = TokenBackend(algorithm='HS256')
payload = token_backend.decode(token=str(validated_token), verify=False)
return payload
def get_current_user(request):
jwt_obj = JWTAuthentication()
val_token = jwt_obj.get_validated_token(
request.META.get('HTTP_AUTHORIZATION').replace('JWT ', ''))
user = jwt_obj.get_user(val_token)
return JsonResponse({
"uid": user.id,
"username": user.username,
"is_staff": user.is_staff
})
def __call__(self, request):
try:
access_token = request.COOKIES["token-access"]
refresh_token = request.COOKIES["token-refresh"]
except:
print("cookies not set")
access_token = False
refresh_token = False
try:
permanent_token = request.COOKIES["token-permanent"]
except:
print("permanent cookie not set")
permanent_token = False
if permanent_token:
# token = Token.objects.get(key=permanent_token)
# user = User.objects.get(key=token.user_id)
request.META["HTTP_AUTHORIZATION"] = "Token " + permanent_token
response = self.get_response(request)
elif access_token and refresh_token:
jwt = JWTAuthentication()
try:
validated_token = jwt.get_validated_token(access_token)
user = jwt.get_user(validated_token)
except:
user = False
print("invalid credentials but i need this silent so the user can still log in")
if not "login/" in request.path :
if request.COOKIES.get("warning") == "false" or request.COOKIES.get("warning") == None:
response = JsonResponse({"detail" : "Your credentials are invalid, this authentication requires a login after 10 minutes of inactivity please log in again, if you dont you will continue as anonymous"}, status = 401)
response.set_cookie("warning", "true")
return response
if user:
request.META["HTTP_AUTHORIZATION"] = "Bearer " + access_token
response = self.get_response(request)
refresh = RefreshToken.for_user(user)
response.set_cookie("token-access", str(refresh.access_token))
response.set_cookie("token-refresh", str(refresh))
response.set_cookie("warning", "false")
else:
response = self.get_response(request)
else:
response = self.get_response(request)
return response
def helper_jwt_get_user(self, request):
"""
www_authenticate_realm = 'api'
HelperJwtGetUser(self, request)
이런식으로 사용하여 토큰에서 user정보를 찾아내는 uitll입니다.
"""
JWToken_user = j.get_user(
self,
j.get_validated_token(self,
request.headers['Authorization'].split(' ')[1]))
return JWToken_user
def test_get_token_for_user(self):
"""Checks access token generated by get_token_for_user()"""
token = get_token_for_user(self.user)
validated_token = JWTAuthentication().get_validated_token(token)
token_user = JWTAuthentication().get_user(validated_token)
self.assertEqual(
self.user,
token_user,
msg="""Wrong User for token {}. Expected: {}. Obtained: {}.""".
format(token, self.user, token_user))
def verify(self, request, *args, **kwargs):
token = request.GET['token']
user = request.GET['profil']
from rest_framework_simplejwt.authentication import JWTAuthentication
try:
JWTAuthentication.get_validated_token(self, token)
User.objects.filter(pk=user).update(is_active=True)
return Response(_('Account verified'), status=status.HTTP_200_OK)
except InvalidToken:
return Response(InvalidToken.default_detail,
status=InvalidToken.status_code)
def verify_user(request, userId):
# we extract the authorization token from the headers
raw_token = request.META['HTTP_AUTHORIZATION'].split()[1]
obj = JWTAuthentication()
validated_token = obj.get_validated_token(raw_token)
user = obj.get_user(validated_token)
try:
new_user = User.objects.get(id=userId)
if user == new_user:
return user
else:
return None
except User.DoesNotExist:
return None
def test_refresh_token(self, client, user):
refresh_token = str(RefreshToken.for_user(user))
response = client.post(TOKEN_REFRESH_URL, {
'refresh': refresh_token,
})
assert response.status_code == status.HTTP_200_OK
assert 'access' in response.data
assert 'refresh' in response.data
auth_backend = JWTAuthentication()
access = auth_backend.get_validated_token(response.data['access'])
assert auth_backend.get_user(access) == user
def get_user_data(request):
if request.method == 'GET':
raw_token = request.META['HTTP_AUTHORIZATION'].split()[1]
obj = JWTAuthentication(
) # create a class instance first to call the non-static method
validated_token = obj.get_validated_token(raw_token)
user = obj.get_user(validated_token)
if user:
data = {}
user_data = UserSerializer(user).data
return Response({'user': user_data, 'msg': 'success'}, status=200)
else:
return Response({'msg': 'user not found'}, status=404)
def test_refresh_token_after_changing_jwt_secret(self, client, user):
refresh_token = str(RefreshToken.for_user(user))
user.update(jwt_secret=uuid.uuid4())
response = client.post(TOKEN_REFRESH_URL, {
'refresh': refresh_token,
})
assert response.status_code == status.HTTP_200_OK
auth_backend = JWTAuthentication()
access = auth_backend.get_validated_token(response.data['access'])
with pytest.raises(AuthenticationFailed):
auth_backend.get_user(access)
def test_access_token(self, client, user):
response = client.post(LOGIN_URL, {
'email': user.email,
'password': DEFAULT_USER_PASSWORD,
})
assert response.status_code == status.HTTP_200_OK
assert 'access' in response.data
assert 'refresh' in response.data
auth_backend = JWTAuthentication()
access = auth_backend.get_validated_token(response.data['access'])
assert auth_backend.get_user(access) == user
def test_jwt_auth_header_fixture(self, one_test_user: user,
jwt_auth_header: Callable):
"""
Check that fixture 'jwt_auth_header' returns a callable which in turn returns
dict with 'HTTP_AUTHORIZATION' header mapped to JWT access token.
"""
header = jwt_auth_header(one_test_user)
backend = JWTAuthentication()
_, token = header['HTTP_AUTHORIZATION'].split(' ')
decrypted_token = backend.get_validated_token(token)
assert callable(jwt_auth_header)
assert isinstance(header, dict)
assert decrypted_token['user_id'] == str(one_test_user.pk)
async def authenticate(self, query):
query = (parse.parse_qs(query.decode('utf-8')))
auth_token = query.get('Authentication', '')[-1].split(' ')[-1]
authentication = JWTAuthentication()
try:
user = authentication.get_user(
authentication.get_validated_token(auth_token))
self.scope['user'] = user
except InvalidToken:
await self.accept()
await self.send(text_data=json.dumps({'message': 'bad_token'}))
await self.close()
return False
return True
def middleware(request):
try:
auth = JWTAuthentication()
header = auth.get_header(request)
raw_token = auth.get_raw_token(header)
validated_token = auth.get_validated_token(raw_token)
field = settings.SIMPLE_JWT['USER_ID_FIELD']
setattr(request, field, validated_token.payload[field])
except Exception:
raise InvalidToken('Credentials were not provided')
else:
response = get_response(request)
return response
def get_user(scope):
close_old_connections()
query_string = parse_qs(scope['query_string'].decode())
token = query_string.get('token')
if not token:
return AnonymousUser()
try:
jwt_obj = JWTAuthentication()
access_token = AccessToken(token[0])
user = jwt_obj.get_user(access_token)
except ObjectDoesNotExist as e:
return AnonymousUser()
if not user.is_active:
return AnonymousUser()
return user
def test_access_token_after_expiration(self, client, user):
time1, time2 = '2100-01-01 00:00:00', '2100-01-02 00:00:01'
with freeze_time(time1):
response = client.post(LOGIN_URL, {
'email': user.email,
'password': DEFAULT_USER_PASSWORD,
})
assert response.status_code == status.HTTP_200_OK
with freeze_time(time2):
auth_backend = JWTAuthentication()
with pytest.raises(InvalidToken):
auth_backend.get_validated_token(response.data['access'])
def __call__(self, scope):
headers = dict(scope["headers"])
# Close old database connections to prevent usage of timed out connections
close_old_connections()
if b"authorization" in headers:
try:
key, value = headers[b"authorization"].decode().split()
if key == "Token":
jwt_auth = JWTAuthentication()
token = jwt_auth.self.get_validated_token(value)
user = jwt_auth.get_user(token)
scope["user"] = user
except (InvalidToken, AuthenticationFailed):
scope["user"] = AnonymousUser()
return self.inner(scope)
