def validate(self, attrs): refresh = RefreshToken(attrs["refresh"]) user_model = get_user_model() if not user_model.objects.get(id=refresh.get("user_id")).state == "A": raise PermissionDenied( detail="Your account is deactivated. Contact support." ) data = {"access": str(refresh.access_token)} if api_settings.ROTATE_REFRESH_TOKENS: if api_settings.BLACKLIST_AFTER_ROTATION: try: # Attempt to blacklist the given refresh token refresh.blacklist() except AttributeError: # If blacklist app not installed, `blacklist` method will # not be present pass refresh.set_jti() refresh.set_exp() data["refresh"] = str(refresh) return data
def validate(self, attrs): refresh = attrs['refresh'] try: token = OutstandingToken.objects.get(token=refresh) except OperationalError: pass else: conn = RedisExecutor(token.user, self.context['request']) conn.validate() refresh = RefreshToken(refresh) data = {'access': str(refresh.access_token)} if api_settings.ROTATE_REFRESH_TOKENS: if api_settings.BLACKLIST_AFTER_ROTATION: try: # Attempt to blacklist the given refresh token refresh.blacklist() except AttributeError: # If blacklist app not installed, `blacklist` method will # not be present pass refresh.set_jti() refresh.set_exp() data['refresh'] = str(refresh) return data
def validate(self, attrs): refresh = RefreshToken(attrs['refresh']) data = {'access': str(refresh.access_token)} # override start if attrs['app_id'] != 'ENGLISH': # 403を返す raise exceptions.PermissionDenied( detail="app_id is not correct. Please confirm.") # override end if api_settings.ROTATE_REFRESH_TOKENS: if api_settings.BLACKLIST_AFTER_ROTATION: try: # Attempt to blacklist the given refresh token refresh.blacklist() except AttributeError: # If blacklist app not installed, `blacklist` method will # not be present pass refresh.set_jti() refresh.set_exp() # override start(\( ⁰⊖⁰)/) # access_tokenにstudent_uuidをつめる access = refresh.access_token access['student_uuid'] = '029183-73638-uuid~~' data['access'] = str(access) # override end ٩( 'ω' )و data['refresh'] = str(refresh) return data
def validate(self, attrs): refresh = RefreshToken(attrs["refresh"]) user_id = refresh.payload["user_id"] # обновляем payload токенов refresh.payload.update(self.get_user_info(user_id)) data = {"access": str(refresh.access_token)} if api_settings.ROTATE_REFRESH_TOKENS: if api_settings.BLACKLIST_AFTER_ROTATION: try: # Attempt to blacklist the given refresh token refresh.blacklist() except AttributeError: # If blacklist app not installed, `blacklist` method will # not be present pass refresh.set_jti() refresh.set_exp() data["refresh"] = str(refresh) return data
def validate(self, attrs): token = self.get_token_from_cookie() if token is None: raise serializers.ValidationError( "No refresh token cookie found" ) refresh = RefreshToken(token) data = { "access": str(refresh.access_token), "access_expires": refresh.access_token["exp"] } if jwt_settings.BLACKLIST_AFTER_ROTATION: try: # Attempt to blacklist the given refresh token refresh.blacklist() except AttributeError: # If blacklist app not installed, `blacklist` method will # not be present pass refresh.set_jti() refresh.set_exp() data['refresh'] = str(refresh) data['refresh_expires'] = refresh["exp"] return data
def validate(self, attrs): refresh = RefreshToken(attrs['refresh']) data = {'access': str(refresh.access_token)} if settings.SIMPLE_JWT['ROTATE_REFRESH_TOKENS']: if settings.SIMPLE_JWT['BLACKLIST_AFTER_ROTATION']: try: # Attempt to blacklist the given refresh token refresh.blacklist() except AttributeError: # If blacklist app not installed, `blacklist` method will # not be present pass refresh.set_jti() refresh.set_exp() data['refresh'] = str(refresh) jwt_obj = JWTAuthentication() user = jwt_obj.get_user(refresh.access_token) user_serializer = UserSerializer(user) data['user'] = user_serializer.data data['token_expire_at'] = refresh.access_token.get('exp') data['refresh_token_expire_at'] = refresh.get('exp') return data
def validate(self, attrs): refresh = RefreshToken(attrs['refresh']) data = { 'access': str(refresh.access_token), # This field has been added # This was an necessary override to insure simple experience 'expires': refresh.access_token.payload['exp'] } if api_settings.ROTATE_REFRESH_TOKENS: if api_settings.BLACKLIST_AFTER_ROTATION: try: # Attempt to blacklist the given refresh token refresh.blacklist() except AttributeError: # If blacklist app not installed, `blacklist` method will # not be present pass refresh.set_jti() refresh.set_exp() data['refresh'] = str(refresh) return data
def validate(self, attrs): try: refresh = RefreshToken(attrs['token_refresh']) except Exception as err: raise ValidationError('无效的token_refresh内容') data = {'token': str(refresh.access_token)} refresh.blacklist() # 将使用的token_refresh加入黑名单,旧值只能刷新一次。 refresh.set_jti() refresh.set_exp() data['token_refresh'] = str(refresh) return data
def validate(self, attrs): # Check if token is invalid or expired refresh = RefreshToken(attrs['refresh']) # Check if session with token exists jti = refresh[api_settings.JTI_CLAIM] if not TokenSession.objects.filter(jti=jti).exists(): raise TokenError(_('Token is not whitelisted')) TokenSession.objects.filter(jti=jti).delete() refresh.set_jti() refresh.set_exp() return self.whitelist(refresh)
def get_validated_token(self, raw_token, refresh_token=None): """ Validates an encoded JSON web token and returns a validated token wrapper object. """ messages = [] for AuthToken in api_settings.AUTH_TOKEN_CLASSES: try: if refresh_token is None: return AuthToken(raw_token) else: return AuthToken(raw_token), None except TokenError as e: if refresh_token is None: messages.append({ 'token_class': AuthToken.__name__, 'token_type': AuthToken.token_type, 'message': e.args[0] }) else: try: refresh = RefreshToken(refresh_token) new_tokens = {'access': str(refresh.access_token)} if api_settings.ROTATE_REFRESH_TOKENS: if api_settings.BLACKLIST_AFTER_ROTATION: try: # Attempt to blacklist the given refresh token refresh.blacklist() except AttributeError as e: messages.append({'Error:': e.args[0]}) refresh.set_jti() refresh.set_exp() new_tokens['refresh'] = str(refresh) return AuthToken(new_tokens['access']), new_tokens except Exception as e: messages.append({'Error:': e.args[0]}) raise InvalidToken({ 'detail': _('Given token not valid for any token type'), 'messages': messages, })
def validate(self, attrs): refresh = RefreshToken(attrs['refresh']) data = {'access': str(refresh.access_token)} if api_settings.ROTATE_REFRESH_TOKENS: if api_settings.BLACKLIST_AFTER_ROTATION: try: # Attempt to blacklist the given refresh token refresh.blacklist() except AttributeError: # If blacklist app not installed, `blacklist` method will # not be present pass refresh.set_jti() refresh.set_exp() data['refresh'] = str(refresh) return data
def validate(self, attrs): # wrap the given refresh token as a RefreshToken object refresh = RefreshToken(attrs["refresh"]) # create response data data = {"access": str(refresh.access_token)} if jwt_settings["ROTATE_REFRESH_TOKENS"]: blacklisted_token = None if jwt_settings["BLACKLIST_AFTER_ROTATION"]: try: # Attempt to blacklist the given refresh token blacklisted_token, _ = refresh.blacklist() except AttributeError: # If blacklist app not installed, `blacklist` method will # not be present pass # rotate refresh token refresh.set_jti() if refresh.get("client", False) == "pyintelowl": refresh.set_exp( lifetime=jwt_settings.get("PYINTELOWL_TOKEN_LIFETIME", None) ) else: refresh.set_exp() data["refresh"] = str(refresh) # PATCHED - Create Outstanding Token in the db if blacklisted_token: user = blacklisted_token.token.user if user: OutstandingToken.objects.create( user=user, jti=refresh.payload["jti"], token=str(refresh), created_at=refresh.current_time, expires_at=datetime_from_epoch(refresh["exp"]), ) return data
def validate(self, attrs): refresh = RefreshToken(attrs['refresh']) data = { 'access': str(refresh.access_token), 'expires_in': refresh.access_token.get('exp', '') } if api_settings.ROTATE_REFRESH_TOKENS: if api_settings.BLACKLIST_AFTER_ROTATION: try: refresh.blacklist() except AttributeError: pass refresh.set_jti() refresh.set_exp() data['refresh'] = str(refresh) return data
def post(self, request, format=None): if request.method == "POST": ref_token = request.data.get("refresh_token") try: reftokenModel = RefreshToken( ref_token) # RefreshToken(token=ref_token) except TokenError: return Response( { 'success': False, "message": "Token is invalid or expired. Do a full login" }, status=HTTPStatus.HTTP_400_BAD_REQUEST) data = { 'access': str(reftokenModel.access_token), 'refresh': ref_token } if api_settings.ROTATE_REFRESH_TOKENS: if api_settings.BLACKLIST_AFTER_ROTATION: try: reftokenModel.blacklist() except AttributeError: pass reftokenModel.set_jti() reftokenModel.set_exp() data['refresh'] = str(reftokenModel) return Response( { 'token': data['access'], 'refresh_token': data['refresh'], "token_type": "Bearer" }, status=HTTPStatus.HTTP_200_OK) else: status_code = HTTPStatus.METHOD_NOT_ALLOWED response = JsonResponse({'success': 'false'}, status=status_code) return response
def mutate(cls, context, info, **input): refresh = RefreshToken(input['refreshToken']) if settings.SIMPLE_JWT.get('ROTATE_REFRESH_TOKENS'): if settings.SIMPLE_JWT.get('BLACKLIST_AFTER_ROTATION'): try: # Attempt to blacklist the given refresh token refresh.blacklist() except AttributeError: # If blacklist app not installed, `blacklist` method will not be present pass refresh.set_jti() refresh.set_exp() access_token = token_backend.encode(refresh.access_token.payload) refresh_token = token_backend.encode(refresh.payload) return Tokens( accessToken=access_token, refreshToken=refresh_token )
def validate(self, attrs): refresh = RefreshToken(attrs['refresh']) data = {'access': str(refresh.access_token)} if api_settings.ROTATE_REFRESH_TOKENS: if api_settings.BLACKLIST_AFTER_ROTATION: try: # Attempt to blacklist the given refresh token refresh.blacklist() except AttributeError: # If blacklist app not installed, `blacklist` method will # not be present pass refresh.set_jti() refresh.set_exp() data['refresh'] = str(refresh) decoded = jwt.decode(data['access'], settings.SECRET_KEY) user = User.objects.get(id=decoded['user_id']) data['user'] = UserSerializer(user).data return data
def validate(self, attrs): refresh = RefreshToken(attrs["refresh"]) data = {"access": str(refresh.access_token)} if api_settings.ROTATE_REFRESH_TOKENS: if api_settings.BLACKLIST_AFTER_ROTATION: try: # Attempt to blacklist the given refresh token refresh.blacklist() except AttributeError: # If blacklist app not installed, `blacklist` method will # not be present pass refresh.set_jti() refresh.set_exp() data["refresh"] = str(refresh) # Updating users active status User.objects.filter(id=refresh["user_id"]).update(last_login=localtime(now())) return data