def test_invalid_header_prefix(self): headers = { jwt_settings.JWT_AUTH_HEADER_NAME: 'INVALID token', } request = self.request_factory.get('/', **headers) authorization_header = utils.get_http_authorization(request) self.assertIsNone(authorization_header)
def test_get_authorization_header(self): headers = { jwt_settings.JWT_AUTH_HEADER_NAME: f'{jwt_settings.JWT_AUTH_HEADER_PREFIX} {self.token}', } request = self.request_factory.get('/', **headers) authorization_header = utils.get_http_authorization(request) self.assertEqual(authorization_header, self.token)
def test_get_authorization_cookie(self): headers = { jwt_settings.JWT_AUTH_HEADER_NAME: f'{jwt_settings.JWT_AUTH_HEADER_PREFIX} {self.token}', } request = self.request_factory.get('/', **headers) request.COOKIES[jwt_settings.JWT_COOKIE_NAME] = self.token authorization_cookie = utils.get_http_authorization(request) self.assertEqual(authorization_cookie, self.token)
def resolve(self, next, root, info, **kwargs): request = info.context if needs_live_client_jwt_verification(request): token = get_live_client_authorization(request) decodedToken = jwt_decode(token) do_additional_token_verification(decodedToken) elif needs_additional_jwt_verification(request): token = get_http_authorization(info.context) decodedToken = jwt_decode(token) do_additional_token_verification(decodedToken) if not hasattr(request, "user"): request.user = AnonymousUser() return super().resolve(next, root, info, **kwargs)
def authenticate(self, request: Request) -> Optional[Tuple[User, dict]]: """ Returns a tuple of `User` and a JSON web token if the signature for the token supplied in JWT-based authentication is valid. Otherwise, returns `None`. """ jwt_value = get_http_authorization(request) if jwt_value is None: return None try: payload = get_payload(jwt_value) except (JSONWebTokenExpired, JSONWebTokenError) as e: raise exceptions.AuthenticationFailed(str(e)) try: user = get_user_by_payload(payload) except JSONWebTokenError: raise exceptions.AuthenticationFailed(_("Invalid payload")) return user, payload
def needs_additional_jwt_verification(request): is_anonymous = not hasattr(request, 'user') or request.user.is_anonymous return is_anonymous and get_http_authorization(request) is not None