def validate_token(self, request):
header = self.get_header(request)
if header is None:
raise InvalidToken(_('Authentication Require Authorization Header'))
raw_token = self.get_raw_token(header)
if raw_token is None:
raise InvalidToken(_('Invalid Authorization Header'))
validated_token = self.get_validated_token(raw_token)
if validated_token.get("server_key", None) != settings.SERVER_KEY:
raise InvalidToken(_('Token contained no recognizable server key'))
return validated_token
def checkUserRefreshToken(user_id, refresh_token):
"""
check refresh token against the one stored in the db
"""
if user_id is None:
return InvalidToken(
'No user found who would have possessed this token',
code='no_user_found')
user = UserModel.objects.get(id=user_id)
# validate the token against the one stored in the db (user object)
if not refresh_token or refresh_token != user.refresh_token:
raise InvalidToken(
'Token mismatch: the token stored in cookie does not match the token in database',
code='token_mismatch')
def post(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
try:
serializer.is_valid(raise_exception=True)
except TokenError as e:
raise InvalidToken(e.args[0])
user = User.objects.get(email=request.data['email'])
req = request
req.user = user
if user.is_donor:
profile_serializer = DonorProfileSerializer(
instance=user.donor_profile, context={'request': req})
res = {
**serializer.validated_data, 'profile': profile_serializer.data
}
return Response(res, status=status.HTTP_200_OK)
else:
profile_serializer = SeekerProfileSerializer(
instance=user.seeker_profile, context={'request': req})
res = {
**serializer.validated_data, 'profile': profile_serializer.data
}
return Response(res, status=status.HTTP_200_OK)
def refresh(self, request, *args, **kwargs):
serializer = CustomTokenRefreshSerializer(data=request.data, context=self.get_serializer_context())
try:
serializer.is_valid(raise_exception=True)
except AuthenticationFailed:
return Response({'message': 'wrong username password'}, status=status.HTTP_401_UNAUTHORIZED)
except TokenError as e:
raise InvalidToken(e.args[0])
data = serializer.validated_data
refresh_token = data
access_token = data.access_token
access_expires = access_token.current_time + access_token.lifetime
refresh_expires = refresh_token.current_time + refresh_token.lifetime
access_token_string = str(access_token)
header_payload = '.'.join(access_token_string.split('.')[0:2])
signature = access_token_string.split('.')[2]
response = Response(access_token.payload, status=status.HTTP_200_OK)
host = self.get_host(request)
secure = not settings.DEBUG
response.set_cookie('header.payload', value=header_payload, expires=access_expires, secure=secure, domain=host)
response.set_cookie('signature', value=signature, httponly=True, secure=secure, domain=host)
response.set_cookie('refresh', value=str(refresh_token), expires=refresh_expires, httponly=True, secure=secure,
domain=host)
return response
def get_user(self, validated_token):
"""
Attempts to find and return a user using the given validated token.
"""
try:
user_id = validated_token[api_settings.USER_ID_CLAIM]
except KeyError:
raise InvalidToken(_('Token contained no recognizable user identification'))
print(user_id)
print(type(user_id))
try:
print(api_settings.USER_ID_FIELD)
print("we printed the user_id field")
user = User.objects.get(**{api_settings.USER_ID_FIELD: user_id})
except User.DoesNotExist:
print("heuhreuhrue??")
raise AuthenticationFailed(_('User not found'), code='user_not_found')
if not user.is_active:
raise AuthenticationFailed(_('User is inactive'), code='user_inactive')
print("we are returning the user??")
return user
def change_password(self, request, *args, **kwargs):
requested_user = get_object_or_404(
self.get_queryset(), pk=kwargs.get("pk")
)
requesting_user = request.user
if not requested_user == requesting_user:
raise PermissionDenied
# make sure that the request payload is valid
serializer = PasswordChangeSerializer(
requested_user,
data=request.data,
context=self.get_serializer_context()
)
serializer.is_valid(raise_exception=True)
serializer.save()
# find all refresh tokens of the user and blacklist them
try:
tokens = OutstandingToken.objects.filter(
user=requested_user, blacklistedtoken__isnull=True
)
for token in tokens:
token = RefreshToken(token.token)
token.blacklist()
except TokenError as e:
raise InvalidToken(e.args[0])
return Response(status=status.HTTP_205_RESET_CONTENT)
def post(self, request, format=None):
# check token refresh valid
serializer = TokenRefreshSerializer(data=request.data)
try:
serializer.is_valid(raise_exception=True)
except TokenError as e:
raise InvalidToken(e.args[0])
response = Response()
""" send http only cookies """
data = serializer._validated_data
payload = {"access": data["access"], "refresh": data["refresh"]}
tomorrow = datetime.now() + datetime.timedelta(days=1)
expires = datetime.strftime(tomorrow, "%a, %d-%b-%Y %H:%M:%S GMT")
response.set_cookie(
key=settings.SIMPLE_JWT["AUTH_COOKIE"],
value=data["access"],
expires=expires,
secure=settings.SIMPLE_JWT["AUTH_COOKIE_SECURE"],
httponly=settings.SIMPLE_JWT["AUTH_COOKIE_HTTP_ONLY"],
samesite=settings.SIMPLE_JWT["AUTH_COOKIE_SAMESITE"],
)
response.data = {"Messege": "refresh Success", "data": payload}
response.status_code = status.HTTP_200_OK
return response
def _create(self, serializer_class, request):
'''
creates a token based on request.data using serializer_class
'''
serializer = serializer_class(data=request.data)
try:
serializer.is_valid(raise_exception=True)
except TokenError as e:
raise InvalidToken(e.args[0])
user = User(pk=serializer.user.pk)
groups = []
for i in serializer.user.printer_groups.all():
d = i.__dict__
print(d)
d.pop("_state")
d["uuid"] = d.pop("id")
groups.append(d)
request.user = serializer.user
user_serializer = UserSerializer(context={"request": request},
instance=serializer.user)
return Response({
**user_serializer.data,
**serializer.validated_data, "groups": groups
})
return Response(serializer.validated_data, status=status.HTTP_200_OK)
def post(self, request, *args, **kwargs):
'''
Get Refresh Token from cookie, and pass it to the serializer.
'''
refresh_token = request.COOKIES['refresh_token']
request.data['refresh'] = refresh_token
serializer = self.get_serializer(data=request.data)
try:
serializer.is_valid(raise_exception=True)
except TokenError as e:
# InvalidToken raises 401 if Refresh Token is invalid
raise InvalidToken(e.args[0])
response = Response(serializer.validated_data,
status=status.HTTP_200_OK)
# Move the new Refresh Token to a cookie.
new_refresh_token = response.data.pop('refresh')
response.set_cookie(key="refresh_token",
value=new_refresh_token,
httponly=True,
secure=False)
return response
def get_user(self, validated_token):
"""
Attempts to find and return a user using the given validated token.
"""
try:
user_id = validated_token[api_settings.USER_ID_CLAIM]
except KeyError:
raise InvalidToken(
_('Token contained no recognizable user identification'))
try:
user = User.objects.get(**{api_settings.USER_ID_FIELD: user_id})
except User.DoesNotExist:
raise AuthenticationFailed(_('User not found'),
code='user_not_found')
if not user.is_active:
raise AuthenticationFailed(_('User is inactive'),
code='user_inactive')
if not user.password[-10:] == validated_token['hash']:
raise AuthenticationFailed(_('User changed password'),
code='user_inactive')
return user
def post(self, request, *args, **kwargs):
try:
refresh = request.COOKIES['jwt']
except TokenError as e:
raise InvalidToken(e.args[0])
except KeyError:
raise NotAuthenticated()
serializer = self.get_serializer(data={"refresh":refresh})
try:
serializer.is_valid(raise_exception=True)
except TokenError as e:
raise InvalidToken(e.args[0])
return Response(serializer.validated_data, status=status.HTTP_200_OK)
def get_user(self, validated_token):
"""
Attempts to find and return a user using the given validated token.
"""
try:
user_id = validated_token[api_settings.USER_ID_CLAIM]
except KeyError:
raise InvalidToken(
_("Token contained no recognizable user identification"))
try:
user = User.objects.get(**{api_settings.USER_ID_FIELD: user_id})
except User.DoesNotExist:
raise AuthenticationFailed(_("User not found"),
code="user_not_found")
if not user.is_active:
raise AuthenticationFailed(_("User is inactive"),
code="user_inactive")
if not "access_token_secret" in validated_token:
raise AuthenticationFailed(
_("Bad Token used. Get new access Token"),
code="get_new_access_token")
if (not user.profile.access_token_secret
== validated_token["access_token_secret"]):
raise AuthenticationFailed(
_("Bad Token used. Get new access Token"),
code="get_new_access_token")
return user
def post(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
try:
serializer.is_valid(raise_exception=True)
except TokenError as e:
raise InvalidToken(e.args[0])
resp = Response(serializer.validated_data, status=status.HTTP_200_OK)
# TODO: this should probably be pulled from the token exp
expiration = (
dt.datetime.utcnow() + jwt_settings.REFRESH_TOKEN_LIFETIME
)
resp.set_cookie(
settings.JWT_COOKIE_NAME,
serializer.validated_data["refresh"],
expires=expiration,
secure=settings.JWT_COOKIE_SECURE,
httponly=True,
samesite=settings.JWT_COOKIE_SAMESITE
)
return resp
def get_user(self, validated_token):
"""
Attempts to find and return a user using the given validated token.
"""
try:
user_id = validated_token[api_settings.USER_ID_CLAIM]
except KeyError:
raise InvalidToken(
_('Token contained no recognizable user identification'))
try:
values = {api_settings.USER_ID_FIELD: user_id}
user = User.objects.get(**values)
except User.DoesNotExist:
if settings.SIMPLE_JWT.get('CREATE_USER', False):
user = User.objects.create(password=str(uuid4()), **values)
else:
raise AuthenticationFailed(_('User not found'),
code='user_not_found')
if not user.is_active:
raise AuthenticationFailed(_('User is inactive'),
code='user_inactive')
return user
def validate_token(self, value):
token = EmailVerificationToken(token=value)
try:
token.verify()
except TokenError:
raise InvalidToken({'details': 'The token is not valid.'})
return token
def get_user(self, validated_token):
try:
user_id = validated_token[api_settings.USER_ID_CLAIM]
except KeyError:
raise InvalidToken(_('Token contained no recognizable user identification'))
return user_id
def get(self, request):
try:
token = request.GET.get('token')
payload = jwt.decode(token,
settings.SECRET_KEY,
algorithms=["HS256"])
user = User.objects.get(id=payload['user_id'])
if user.id != payload['user_id']:
raise InvalidToken('The token is invalid')
if user.is_verified:
raise PermissionDenied(
'Your account has been previously verified')
if not user.is_verified:
user.is_verified = True
user.save()
response = {
'success': True,
'message': 'Successfully verified user'
}
return Response(response, status=status.HTTP_200_OK)
except jwt.ExpiredSignatureError:
response = {'success': False, 'message': 'Token Expired'}
return Response(response, status=status.HTTP_404_NOT_FOUND)
# if user tampered with the token
except jwt.DecodeError:
response = {'success': False, 'message': 'Invalid Token'}
return Response(response, status=status.HTTP_404_NOT_FOUND)
def get_user(self, validated_token):
"""
Attempts to find and return a user using the given validated token.
"""
try:
user_id = validated_token[api_settings.USER_ID_CLAIM]
except KeyError:
raise InvalidToken(
_('Token contained no recognizable user identification')) from KeyError
user_model = get_user_model()
try:
user = user_model.objects.get(
**{api_settings.USER_ID_FIELD: user_id})
except user_model.DoesNotExist:
raise AuthenticationFailed(
_('User not found'), code='user_not_found') from user_model.DoesNotExist
if not user.is_active:
raise AuthenticationFailed(
_('User is inactive'), code='user_inactive')
if not user.has_finished_onboarding and not user.is_admin:
raise HasNotFinishedOnboarding(detail={
'detail': 'User hasn\'t finished the onboarding',
'onboarding_session': user.onboarding_session
})
return user
class TokenObtainPairView(__TokenObtainPairView):
serializer_class = CustomTokenObtainPairSerializer
@swagger_auto_schema(
operation_summary="Create Token",
operation_description="Takes a set of user credentials "
"and returns an access and refresh JSON web"
"token pair to prove the authentication of "
"those credentials.<br>"
"When the 'only' argument is set to 'access', "
"only an access token will be returned.",
security=[],
query_serializer=CustomTokenObtainPairSerializer.query_serializer(),
responses={
status.HTTP_200_OK: ObtainSchema(),
status.HTTP_401_UNAUTHORIZED: "Invalid Credentials"
})
def post(self, request: Request, *args, **kwargs):
data = request.data
if o := request.query_params.get("only", None):
data["only"] = o
serializer = self.get_serializer(data=data)
try:
serializer.is_valid(raise_exception=True)
except TokenError as e:
raise InvalidToken(e.args[0])
return Response(serializer.validated_data, status=status.HTTP_200_OK)
def get_validated_token(self, raw_token):
messages = []
for AuthToken in api_settings.AUTH_TOKEN_CLASSES:
try:
auth_token = AuthToken(raw_token)
token = raw_token.decode("utf-8")
decoded_token = jwt.decode(token,
settings.SECRET_KEY,
algorithms=["HS256"])
all_logout_date = int(
self.get_user(auth_token).all_logout.strip() or 0)
if all_logout_date > int(
decoded_token["issued"]) and all_logout_date != 0:
messages.append({
"token_class": AuthToken.__name__,
"token_type": AuthToken.token_type,
"message": "Token has Expired!!!",
})
else:
return auth_token
except TokenError as e:
messages.append({
"token_class": AuthToken.__name__,
"token_type": AuthToken.token_type,
"message": e.args[0],
})
raise InvalidToken({
"detail": ("Given token not valid for any token type"),
"messages":
messages,
})
def post(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
try:
serializer.is_valid(raise_exception=True)
except TokenError as e:
raise InvalidToken(e.args[0])
return R.success(serializer.validated_data)
def delete(self, request, *args, **kwargs):
serializer = TokenDestroySchema(data=request.data)
serializer.is_valid(raise_exception=True)
try:
token = RefreshToken(serializer.validated_data.get("refresh"))
token.blacklist()
except TokenError as e:
raise InvalidToken(e.args[0])
return Response(status=status.HTTP_205_RESET_CONTENT)
def get_validated_token(self, raw_token):
token = super().get_validated_token(raw_token)
if is_token_blacklisted(token['jti']):
raise InvalidToken({
'detail': _('Given token blacklisted'),
})
return token
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
try:
serializer.is_valid(raise_exception=True)
except TokenError as e:
raise InvalidToken(e.args[0])
return Response(serializer.validated_data, status=status.HTTP_200_OK)
def get_access_token_from_refresh_token(self,request):
serializer = TokenRefreshSerializer(data = request.data)
try:
serializer.is_valid(raise_exception=True)
except TokenError as e:
raise InvalidToken(e.args[0])
return Response(serializer.validated_data,status = status.HTTP_200_OK)
def post(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
try:
serializer.is_valid(raise_exception=True)
except TokenError as e:
raise InvalidToken(e.args[0])
access_log.info(f"User {serializer._kwargs['data']['username']} successfully logged in")
return Response(serializer.validated_data, status=200)
def extract_refresh_token(self):
request = self.context['request']
if 'refresh' in request.data and request.data['refresh'] != '':
return request.data['refresh']
cookie_name = getattr(settings, 'JWT_AUTH_REFRESH_COOKIE', None)
if cookie_name and cookie_name in request.COOKIES:
return request.COOKIES.get(cookie_name)
else:
from rest_framework_simplejwt.exceptions import InvalidToken
raise InvalidToken('No valid refresh token found.')
def post(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
try:
serializer.is_valid(raise_exception=True)
except TokenError as e:
raise InvalidToken(e.args[0])
token_response = serializer.validated_data
response = {'token': token_response['access']}
return Response(response, status=status.HTTP_200_OK)
def refresh(self, request):
serializer = TokenRefreshSerializer(data=request.data,
context={'request': request})
try:
serializer.is_valid(raise_exception=True)
except TokenError as e:
raise InvalidToken(e.args[0])
return Response(serializer.validated_data, status=status.HTTP_200_OK)
def post(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
try:
serializer.is_valid(raise_exception=True)
except TokenError as e:
raise InvalidToken(e.args[0])
serializer.save()
return Response(status=status.HTTP_204_NO_CONTENT)