def _decode_jwt_from_request(locations, fresh, refresh=False): # Figure out what locations to look for the JWT in this request if isinstance(locations, str): locations = [locations] if not locations: locations = config.token_location # Get the decode functions in the order specified by locations. get_encoded_token_functions = [] for location in locations: if location == "cookies": get_encoded_token_functions.append( lambda: _decode_jwt_from_cookies(refresh)) elif location == "query_string": get_encoded_token_functions.append(_decode_jwt_from_query_string) elif location == "headers": get_encoded_token_functions.append(_decode_jwt_from_headers) elif location == "json": get_encoded_token_functions.append( lambda: _decode_jwt_from_json(refresh)) else: raise RuntimeError(f"'{location}' is not a valid location") # Try to find the token from one of these locations. It only needs to exist # in one place to be valid (not every location). errors = [] decoded_token = None jwt_header = None for get_encoded_token_function in get_encoded_token_functions: try: encoded_token, csrf_token = get_encoded_token_function() decoded_token = decode_token(encoded_token, csrf_token) jwt_header = get_unverified_jwt_headers(encoded_token) break except NoAuthorizationError as e: errors.append(str(e)) # Do some work to make a helpful and human readable error message if no # token was found in any of the expected locations. if not decoded_token: if len(locations) > 1: err_msg = "Missing JWT in {start_locs} or {end_locs} ({details})".format( start_locs=", ".join(locations[:-1]), end_locs=locations[-1], details="; ".join(errors), ) raise NoAuthorizationError(err_msg) else: raise NoAuthorizationError(errors[0]) # Additional verifications provided by this extension verify_token_type(decoded_token, refresh) if fresh: _verify_token_is_fresh(jwt_header, decoded_token) verify_token_not_blocklisted(jwt_header, decoded_token) custom_verification_for_token(jwt_header, decoded_token) return decoded_token, jwt_header
def _decode_jwt_from_request(token_type, locations, fresh): # All the places we can get a JWT from in this request get_encoded_token_functions = [] # Get locations in the order specified by the decorator or JWT_TOKEN_LOCATION # configuration. if not locations: locations = config.token_location # Add the functions in the order specified by locations. for location in locations: if location == "cookies": get_encoded_token_functions.append( lambda: _decode_jwt_from_cookies(token_type)) if location == "query_string": get_encoded_token_functions.append(_decode_jwt_from_query_string) if location == "headers": get_encoded_token_functions.append(_decode_jwt_from_headers) if location == "json": get_encoded_token_functions.append( lambda: _decode_jwt_from_json(token_type)) # Try to find the token from one of these locations. It only needs to exist # in one place to be valid (not every location). errors = [] decoded_token = None jwt_header = None for get_encoded_token_function in get_encoded_token_functions: try: encoded_token, csrf_token = get_encoded_token_function() decoded_token = decode_token(encoded_token, csrf_token) jwt_header = get_unverified_jwt_headers(encoded_token) break except NoAuthorizationError as e: errors.append(str(e)) # Do some work to make a helpful and human readable error message if no # token was found in any of the expected locations. if not decoded_token: if len(locations) > 1: err_msg = "Missing JWT in {start_locs} or {end_locs} ({details})".format( start_locs=", ".join(locations[:-1]), end_locs=locations[-1], details="; ".join(errors), ) raise NoAuthorizationError(err_msg) else: raise NoAuthorizationError(errors[0]) # Additional verifications provided by this extension verify_token_type(decoded_token, expected_type=token_type) if fresh: _verify_token_is_fresh(jwt_header, decoded_token) verify_token_not_blocklisted(jwt_header, decoded_token, token_type) custom_verification_for_token(jwt_header, decoded_token) return decoded_token, jwt_header
def _decode_jwt_from_request(request_type): # All the places we can get a JWT from in this request get_encoded_token_functions = [] locations = config.token_location # add the functions in the order specified in JWT_TOKEN_LOCATION for location in locations: if location == "cookies": get_encoded_token_functions.append( lambda: _decode_jwt_from_cookies(request_type)) if location == "query_string": get_encoded_token_functions.append(_decode_jwt_from_query_string) if location == "headers": get_encoded_token_functions.append(_decode_jwt_from_headers) if location == "json": get_encoded_token_functions.append( lambda: _decode_jwt_from_json(request_type)) # Try to find the token from one of these locations. It only needs to exist # in one place to be valid (not every location). errors = [] decoded_token = None jwt_header = None for get_encoded_token_function in get_encoded_token_functions: try: encoded_token, csrf_token = get_encoded_token_function() decoded_token = decode_token(encoded_token, csrf_token) jwt_header = get_unverified_jwt_headers(encoded_token) break except NoAuthorizationError as e: errors.append(str(e)) # Do some work to make a helpful and human readable error message if no # token was found in any of the expected locations. if not decoded_token: token_locations = config.token_location multiple_jwt_locations = len(token_locations) != 1 if multiple_jwt_locations: err_msg = "Missing JWT in {start_locs} or {end_locs} ({details})".format( start_locs=", ".join(token_locations[:-1]), end_locs=token_locations[-1], details="; ".join(errors), ) raise NoAuthorizationError(err_msg) else: raise NoAuthorizationError(errors[0]) verify_token_type(decoded_token, expected_type=request_type) verify_token_not_blacklisted(decoded_token, request_type) return decoded_token, jwt_header