def test_refresh_token_after_changing_jwt_secret(self, client, user): refresh_token = str(RefreshToken.for_user(user)) user.update(jwt_secret=uuid.uuid4()) response = client.post(TOKEN_REFRESH_URL, { 'refresh': refresh_token, }) assert response.status_code == status.HTTP_200_OK auth_backend = JWTAuthentication() access = auth_backend.get_validated_token(response.data['access']) with pytest.raises(AuthenticationFailed): auth_backend.get_user(access)
def post(self, request): """ Save the landzones a user submits :author Munir Safi :since 2020-11-14 :param {request} the incoming rest_framework http request object """ if request.headers.get('Authorization', None) is not None: header_token = request.headers['Authorization'].split(' ')[1] jwt_object = JWTAuthentication() valid_token = jwt_object.get_validated_token(header_token) user_email = jwt_object.get_user(valid_token) AuthUser = get_user_model() user = AuthUser.objects.get(email=user_email) for landzone in request.data['landzones']: if landzone.get('geoJSON', None) is not None: land_zone = LandZone(geo_json=landzone['geoJSON'], owner=user) land_zone.save() else: return Response( { 'message': 'You must include a \'geoJSON\' property in your array of objects' }, status=status.HTTP_400_BAD_REQUEST) return Response(status=status.HTTP_200_OK) else: return Response( {'message': 'You must be logged in to register a new zone!'}, status=status.HTTP_401_UNAUTHORIZED)
def post(self, request): """ Validates the current user, then updates their password using the new given password :author Munir Safi :since 2020-11-14 :param {request} the incoming rest_framework http request object """ if request.headers.get('Authorization', None) is not None: header_token = request.headers['Authorization'].split(' ')[1] jwt_object = JWTAuthentication() valid_token = jwt_object.get_validated_token(header_token) user_email = jwt_object.get_user(valid_token) AuthUser = get_user_model() user = AuthUser.objects.get(email=user_email) user.set_password(request.data['password']) user.save() refresh = RefreshToken.for_user(user) return Response({ 'refresh': str(refresh), 'access': str(refresh.access_token) }) else: return Response( { 'message': 'Cannot change user password if no user is active' }, status=status.HTTP_400_BAD_REQUEST)
def has_permission(self, request, view): jwt_object = JWTAuthentication() header = jwt_object.get_header(request) raw_token = jwt_object.get_raw_token(header) validated_token = jwt_object.get_validated_token(raw_token) user = jwt_object.get_user(validated_token) return user.is_staff
def validate(self, attrs): refresh = RefreshToken(attrs['refresh']) data = {'access': str(refresh.access_token)} if settings.SIMPLE_JWT['ROTATE_REFRESH_TOKENS']: if settings.SIMPLE_JWT['BLACKLIST_AFTER_ROTATION']: try: # Attempt to blacklist the given refresh token refresh.blacklist() except AttributeError: # If blacklist app not installed, `blacklist` method will # not be present pass refresh.set_jti() refresh.set_exp() data['refresh'] = str(refresh) jwt_obj = JWTAuthentication() user = jwt_obj.get_user(refresh.access_token) user_serializer = UserSerializer(user) data['user'] = user_serializer.data data['token_expire_at'] = refresh.access_token.get('exp') data['refresh_token_expire_at'] = refresh.get('exp') return data
def delete(self, request): """ Deletes a list of given landzones :author Munir Safi :since 2020-11-19 :param {request} the incoming rest_framework http request object """ if request.headers.get('Authorization', None) is not None: header_token = request.headers['Authorization'].split(' ')[1] jwt_object = JWTAuthentication() valid_token = jwt_object.get_validated_token(header_token) user_email = jwt_object.get_user(valid_token) AuthUser = get_user_model() user = AuthUser.objects.get(email=user_email) for landzone_uuid in request.data: zone = LandZone.objects.get(uuid=landzone_uuid) if zone.owner == user: zone.delete() else: return Response( { 'message': 'You are attempting to delete an area that you have no privelages for' }, status=status.HTTP_401_UNAUTHORIZED) return Response(status=status.HTTP_200_OK) else: return Response( {'message': 'You must be logged in to delete a zone!'}, status=status.HTTP_401_UNAUTHORIZED)
def get(self, request): header = JWTAuthentication().get_header(request) raw_token = JWTAuthentication.get_raw_token(self, header) validated_token = JWTAuthentication().get_validated_token(raw_token) user = JWTAuthentication.get_user(self, validated_token) # print(user.created_at) return Response( { "email": user.email, "name": user.name, "username": user.username, "is_superuser": user.is_superuser, "is_staff": user.is_staff, "is_verified": user.is_verified, # "created_at": user.created_at, # "updated_at": user.updated_at, # 'tokens': user.tokens, }, status=status.HTTP_200_OK)
def get_user_from_access_token_or_401(access_token): jwt_authenticaton = JWTAuthentication() validated_token = jwt_authenticaton.get_validated_token(access_token) try: return jwt_authenticaton.get_user(validated_token) except AuthenticationFailed: raise NotAuthenticated401
def validate(self, attrs): data = super().validate(attrs) jwt_object = JWTAuthentication() validated_token = jwt_object.get_validated_token(attrs.get('token')) user = jwt_object.get_user(validated_token) user_serializer = UserSerializer(user) data['user'] = user_serializer.data return data
def get_user_for_token(token_key): try: jwt_object = JWTAuthentication() validated_token = jwt_object.get_validated_token(token_key) user = jwt_object.get_user(validated_token) return user except Token.DoesNotExist: return AnonymousUser()
def authenticate_from_token(request): jwt_object = JWTAuthentication() header = jwt_object.get_header(request) raw_token = jwt_object.get_raw_token(header) validated_token = jwt_object.get_validated_token(raw_token) user = jwt_object.get_user(validated_token) request.data["user"] = user.id return request
def process_view(self, request, view_func, view_args, view_kwargs): jwt_object = JWTAuthentication() header = jwt_object.get_header(request) if header is not None: raw_token = jwt_object.get_raw_token(header) validated_token = jwt_object.get_validated_token(raw_token) request.user = jwt_object.get_user(validated_token) return None return Response({'error': "Invalid Token"}, status=200)
def get_current_user(request): jwt_obj = JWTAuthentication() val_token = jwt_obj.get_validated_token( request.META.get('HTTP_AUTHORIZATION').replace('JWT ', '')) user = jwt_obj.get_user(val_token) return JsonResponse({ "uid": user.id, "username": user.username, "is_staff": user.is_staff })
def helper_jwt_get_user(self, request): """ www_authenticate_realm = 'api' HelperJwtGetUser(self, request) 이런식으로 사용하여 토큰에서 user정보를 찾아내는 uitll입니다. """ JWToken_user = j.get_user( self, j.get_validated_token(self, request.headers['Authorization'].split(' ')[1])) return JWToken_user
def __call__(self, request): try: access_token = request.COOKIES["token-access"] refresh_token = request.COOKIES["token-refresh"] except: print("cookies not set") access_token = False refresh_token = False try: permanent_token = request.COOKIES["token-permanent"] except: print("permanent cookie not set") permanent_token = False if permanent_token: # token = Token.objects.get(key=permanent_token) # user = User.objects.get(key=token.user_id) request.META["HTTP_AUTHORIZATION"] = "Token " + permanent_token response = self.get_response(request) elif access_token and refresh_token: jwt = JWTAuthentication() try: validated_token = jwt.get_validated_token(access_token) user = jwt.get_user(validated_token) except: user = False print("invalid credentials but i need this silent so the user can still log in") if not "login/" in request.path : if request.COOKIES.get("warning") == "false" or request.COOKIES.get("warning") == None: response = JsonResponse({"detail" : "Your credentials are invalid, this authentication requires a login after 10 minutes of inactivity please log in again, if you dont you will continue as anonymous"}, status = 401) response.set_cookie("warning", "true") return response if user: request.META["HTTP_AUTHORIZATION"] = "Bearer " + access_token response = self.get_response(request) refresh = RefreshToken.for_user(user) response.set_cookie("token-access", str(refresh.access_token)) response.set_cookie("token-refresh", str(refresh)) response.set_cookie("warning", "false") else: response = self.get_response(request) else: response = self.get_response(request) return response
def test_refresh_token(self, client, user): refresh_token = str(RefreshToken.for_user(user)) response = client.post(TOKEN_REFRESH_URL, { 'refresh': refresh_token, }) assert response.status_code == status.HTTP_200_OK assert 'access' in response.data assert 'refresh' in response.data auth_backend = JWTAuthentication() access = auth_backend.get_validated_token(response.data['access']) assert auth_backend.get_user(access) == user
def test_access_token(self, client, user): response = client.post(LOGIN_URL, { 'email': user.email, 'password': DEFAULT_USER_PASSWORD, }) assert response.status_code == status.HTTP_200_OK assert 'access' in response.data assert 'refresh' in response.data auth_backend = JWTAuthentication() access = auth_backend.get_validated_token(response.data['access']) assert auth_backend.get_user(access) == user
async def authenticate(self, query): query = (parse.parse_qs(query.decode('utf-8'))) auth_token = query.get('Authentication', '')[-1].split(' ')[-1] authentication = JWTAuthentication() try: user = authentication.get_user( authentication.get_validated_token(auth_token)) self.scope['user'] = user except InvalidToken: await self.accept() await self.send(text_data=json.dumps({'message': 'bad_token'})) await self.close() return False return True
def verify_user(request, userId): # we extract the authorization token from the headers raw_token = request.META['HTTP_AUTHORIZATION'].split()[1] obj = JWTAuthentication() validated_token = obj.get_validated_token(raw_token) user = obj.get_user(validated_token) try: new_user = User.objects.get(id=userId) if user == new_user: return user else: return None except User.DoesNotExist: return None
def get_user_data(request): if request.method == 'GET': raw_token = request.META['HTTP_AUTHORIZATION'].split()[1] obj = JWTAuthentication( ) # create a class instance first to call the non-static method validated_token = obj.get_validated_token(raw_token) user = obj.get_user(validated_token) if user: data = {} user_data = UserSerializer(user).data return Response({'user': user_data, 'msg': 'success'}, status=200) else: return Response({'msg': 'user not found'}, status=404)
def __call__(self, scope): headers = dict(scope["headers"]) # Close old database connections to prevent usage of timed out connections close_old_connections() if b"authorization" in headers: try: key, value = headers[b"authorization"].decode().split() if key == "Token": jwt_auth = JWTAuthentication() token = jwt_auth.self.get_validated_token(value) user = jwt_auth.get_user(token) scope["user"] = user except (InvalidToken, AuthenticationFailed): scope["user"] = AnonymousUser() return self.inner(scope)
def get_user(scope): close_old_connections() query_string = parse_qs(scope['query_string'].decode()) token = query_string.get('token') if not token: return AnonymousUser() try: jwt_obj = JWTAuthentication() access_token = AccessToken(token[0]) user = jwt_obj.get_user(access_token) except ObjectDoesNotExist as e: return AnonymousUser() if not user.is_active: return AnonymousUser() return user
def get(self, request): token = request.GET.get('token') try: jwt_object = JWTAuthentication() # raw_token = jwt_object.get_raw_token(token) validated_token = jwt_object.get_validated_token(token) user = jwt_object.get_user(validated_token) print("This is the username" + user.username) if not user.is_verified: user.is_verified = True user.save() return Response({'email': 'Successfully activated'}, status=status.HTTP_200_OK) except jwt.ExpiredSignatureError as identifier: return Response({'error': 'Activation Expired'}, status=status.HTTP_400_BAD_REQUEST) except jwt.exceptions.DecodeError as identifier: return Response({'error': 'Invalid token'}, status=status.HTTP_400_BAD_REQUEST)
def preview_private_picture(request, type, picture_id): try: token = request.GET.get('access_token') jWTAuthentication = JWTAuthentication() validated_token = jWTAuthentication.get_validated_token( raw_token=token) user = jWTAuthentication.get_user(validated_token=validated_token) picture = Picture.objects.get(id=picture_id) response = HttpResponse(content_type='image/jpg') response[ 'X-Sendfile'] = '/var/www/static.phographe.marc-antoinea.fr/{}/{}.jpg'.format( type, picture_id) return response except: return HttpResponseForbidden()
def chek_and_return(request): jwt_object = JWTAuthentication() header = jwt_object.get_header(request) raw_token = jwt_object.get_raw_token(header) validated_token = jwt_object.get_validated_token(raw_token) user = jwt_object.get_user(validated_token) user = User.objects.get(username=user).id data = request.data """ remember old state, set to mutable, сhange the values, set mutable flag back """ _mutable = data._mutable data._mutable = True data['user'] = str(user) data._mutable = _mutable # print(data) return data
def __call__(self, scope): cookies = [x[1] for x in scope['headers'] if 'cookie' in str(x[0])][0] token = None for x in str(cookies).split(';'): if 'X-Authentication' in str(x): token = re.sub('[\']', '', x.split('=')[1]) print(token) assert (token, 'No token received!') jwt_auth = JWTAuthentication() validated_token = jwt_auth.get_validated_token(token) user = jwt_auth.get_user(validated_token) # user = GetTogetherUser.objects.get(pk=token.user.pk) # Return the inner application directly and let it run everything else return self.inner(dict(scope, user=user))
def put(self, request): """ Updates a list of given landzones :author Munir Safi :since 2020-11-19 :param {request} the incoming rest_framework http request object """ if request.headers.get('Authorization', None) is not None: header_token = request.headers['Authorization'].split(' ')[1] jwt_object = JWTAuthentication() valid_token = jwt_object.get_validated_token(header_token) user_email = jwt_object.get_user(valid_token) AuthUser = get_user_model() user = AuthUser.objects.get(email=user_email) for landzone in request.data['landzones']: if landzone.get('geoJSON', None) is not None: zone = LandZone.objects.get(uuid=landzone.get('uuid')) if zone.owner == user: zone.geo_json = landzone.get('geoJSON') zone.save() else: return Response( { 'message': 'You are attempting to modify an area that you have no privelages for' }, status=status.HTTP_401_UNAUTHORIZED) else: return Response( { 'message': 'You must include a \'geoJSON\' property in your array of objects' }, status=status.HTTP_400_BAD_REQUEST) return Response(status=status.HTTP_200_OK) else: return Response( {'message': 'You must be logged in to update a zone!'}, status=status.HTTP_401_UNAUTHORIZED)
def __call__(self, scope): if scope['query_string']: query_string = scope['query_string'].decode('utf-8') if query_string.startswith('token='): try: print("token OK") token = query_string.replace('token=', '') print("token is %s" % token) auth = JWTAuthentication() validated_token = auth.get_validated_token(token) scope['user'] = auth.get_user(validated_token) print("user is %s" % scope['user'].username) close_old_connections() except InvalidToken: scope['user'] = AnonymousUser() print("token invalid") else: print("no QS") return self.inner(scope)
def post(self, request): """ Validates the current user, then updates their profile using the new values provided :author Munir Safi :since 2020-11-14 :param {request} the incoming rest_framework http request object """ if request.headers.get('Authorization', None) is not None: header_token = request.headers['Authorization'].split(' ')[1] jwt_object = JWTAuthentication() valid_token = jwt_object.get_validated_token(header_token) user_email = jwt_object.get_user(valid_token) AuthUser = get_user_model() user = AuthUser.objects.get(email=user_email) editable_fields = user.get_editable_fields() print(request.data) for field, value in request.data.items(): if field in editable_fields: setattr(user, field, value) user.save() refresh = AuthUserToken.for_user(user) return Response({ 'refresh': str(refresh), 'access': str(refresh.access_token) }) else: return Response( {'message': 'Cannot update profile if no user is active'}, status=status.HTTP_400_BAD_REQUEST)
def chek_and_return(request): jwt_object = JWTAuthentication() header = jwt_object.get_header(request) raw_token = jwt_object.get_raw_token(header) validated_token = jwt_object.get_validated_token(raw_token) user = jwt_object.get_user(validated_token) user = User.objects.get(username=user).profile.id data = request.data # now = datetime.datetime.now().date time_date = datetime.datetime.strptime(data['start_time'], '%H:%M:%S').time() print('time_date ***** ', time_date) end_time = datetime.time(time_date.hour + 1, time_date.minute, time_date.second) chek_busy = busy_time(date=data['start_date'], time=time_date, master=data['master'], end_t=end_time) if chek_busy['busy_status'] == True: return False else: end_time = datetime.time(time_date.hour + 1, time_date.minute, time_date.second) print(end_time) """ remember old state, set to mutable, сhange the values, set mutable flag back """ _mutable = data._mutable data._mutable = True data['profile'] = str(user) data['end_time'] = end_time data._mutable = _mutable print(data) return data