def test_decode_audience_missing(self):
payload = utils.jwt_payload(self.user)
token = utils.jwt_encode(payload)
with override_jwt_settings(JWT_AUDIENCE='test'):
with self.assertRaises(exceptions.JSONWebTokenError):
utils.get_payload(token)
def test_payload_decode_audience_missing(self):
payload = utils.jwt_payload(self.user)
token = utils.jwt_encode(payload)
with override_settings(JWT_AUDIENCE='test'):
with self.assertRaises(GraphQLJWTError):
utils.get_payload(token)
def test_payload_decode_audience_missing(self):
payload = utils.jwt_payload(self.user)
token = utils.jwt_encode(payload)
with override_jwt_settings(JWT_AUDIENCE='test'):
with self.assertRaises(GraphQLJWTError):
utils.get_payload(token)
def token_is_expired(token):
ret = False
try:
get_payload(token)
except JSONWebTokenError:
ret = True
except JSONWebTokenExpired:
ret = True
return ret
def mutate_and_get_payload(cls, root, info, token, **kwargs):
"""
Overloaded to determine the owener form the payload and return it.
"""
payload = get_payload(token, info.context)
user = User.objects.get(email=payload["email"])
return cls(payload=payload, user=user)
def authenticate(self, request=None, **kwargs):
if request is None:
try:
username = kwargs.get('username')
group = kwargs.get('group')
if group.searh_user(username):
return User(username=username)
return None
except:
return None
token = get_credentials(request, **kwargs)
if token is not None:
payload = get_payload(token, request)
return get_user_by_payload(payload)
try:
username = kwargs[get_user_model().USERNAME_FIELD]
password = kwargs["password"]
auth = AuthenticationDB.objects.get(name='AuthenticationDB')
if auth.validate_user(username=username, password=password):
return User(username=username)
return None
except:
return None
def validate(self, attrs):
# Get and check payload
try:
payload = get_payload(attrs["token"])
except (JSONWebTokenExpired, JSONWebTokenError) as e:
raise serializers.ValidationError(str(e))
# Get and check user by payload
try:
user = get_user_by_payload(payload)
except JSONWebTokenError as e:
raise serializers.ValidationError(str(e))
# Get and check "origIat"
orig_iat = payload.get("origIat")
if not orig_iat:
raise serializers.ValidationError(_("origIat field is required"))
if jwt_refresh_expired_handler(orig_iat):
raise serializers.ValidationError(_("Refresh has expired"))
new_payload = jwt_payload_handler(user)
new_payload["origIat"] = orig_iat
refresh_expires_in = (
orig_iat +
jwt_settings.JWT_REFRESH_EXPIRATION_DELTA.total_seconds())
token = jwt_encode_handler(new_payload)
return {
"token": token,
"payload": new_payload,
"refresh_expires_in": refresh_expires_in,
}
def test_token_auth(self):
response = self.execute({
'username': self.user.get_username(),
'password': '******',
})
payload = get_payload(response.data['tokenAuth']['token'])
self.assertEqual(self.user.get_username(), payload['username'])
def test_token_auth(self):
response = self.execute({
'username': self.user.get_username(),
'password': '******',
})
payload = get_payload(response.data['tokenAuth']['token'])
self.assertEqual(self.user.get_username(), payload['username'])
def test_token_auth(self):
response = self.execute({
self.user.USERNAME_FIELD: self.user.get_username(),
'password': '******',
})
token = response.cookies.get(jwt_settings.JWT_COOKIE_NAME).value
payload = get_payload(token)
self.assertEqual(token, response.data['tokenAuth']['token'])
self.assertUsernameIn(payload)
def test_token_auth(self):
response = self.execute({
self.user.USERNAME_FIELD:
self.user.get_username(),
'password':
'******',
})
payload = get_payload(response.data['tokenAuth']['token'])
self.assertUsernameIn(payload)
def test_token_auth(self):
response = self.execute({
self.user.USERNAME_FIELD:
self.user.get_username(),
'password':
'******',
})
data = response.data['tokenAuth']
payload = get_payload(data['token'])
refresh_token = get_refresh_token(data['refreshToken'])
self.assertUsernameIn(payload)
self.assertEqual(refresh_token.user, self.user)
def test_refresh(self):
with back_to_the_future(seconds=1):
response = self.execute({
'token': self.token,
})
data = response.data['refreshToken']
token = data['token']
payload = get_payload(token)
self.assertNotEqual(token, self.token)
self.assertUsernameIn(data['payload'])
self.assertEqual(payload['origIat'], self.payload['origIat'])
self.assertGreater(payload['exp'], self.payload['exp'])
def authenticate(self,
request=None,
username=None,
password=None,
**kwargs):
if request is None:
try:
group = kwargs.get('group')
if group.searh_user(username):
return User(username=username)
return None
except:
return None
token = get_credentials(request, **kwargs)
if token is not None:
payload = get_payload(token, request)
username = jwt_settings.JWT_PAYLOAD_GET_USERNAME_HANDLER(payload)
ldap_user = _LDAPUser(self,
username=username.strip(),
request=request)
if self.settings.USER_SEARCH is not None:
user_dn = ldap_user._search_for_user_dn()
elif self.settings.USER_DN_TEMPLATE is not None:
user_dn = ldap_user._construct_simple_user_dn()
else:
user_dn = None
if user_dn is not None:
try:
result_search = ldap_user.connection.search_s(user_dn, 0)
if len(result_search) == 1 and result_search is not None:
return User(username=username)
return None
except:
return None
if password or self.settings.PERMIT_EMPTY_PASSWORD:
ldap_user = _LDAPUser(self,
username=username.strip(),
request=request)
user = self.authenticate_ldap_user(ldap_user, password)
else:
logger.debug('Rejecting empty password for {}'.format(username))
user = None
return user
def test_refresh(self):
with mock.patch('graphql_jwt.utils.datetime') as datetime_mock:
datetime_mock.utcnow.return_value =\
datetime.utcnow() + timedelta(seconds=1)
response = self.execute({
'token': self.token,
})
data = response.data['refreshToken']
token = data['token']
self.assertNotEqual(self.token, token)
self.assertEqual(self.user.get_username(), data['payload']['username'])
payload = get_payload(token)
self.assertEqual(self.payload['orig_iat'], payload['orig_iat'])
def test_refresh(self):
with mock.patch('graphql_jwt.utils.datetime') as datetime_mock:
datetime_mock.utcnow.return_value =\
datetime.utcnow() + timedelta(seconds=1)
response = self.execute({
'token': self.token,
})
data = response.data['refreshToken']
token = data['token']
self.assertNotEqual(self.token, token)
self.assertEqual(self.user.get_username(), data['payload']['username'])
payload = get_payload(token)
self.assertEqual(self.payload['orig_iat'], payload['orig_iat'])
def test_refresh_token(self):
with back_to_the_future(seconds=1):
response = self.execute({
'refreshToken': self.refresh_token.token,
})
data = response.data['refreshToken']
token = data['token']
refresh_token = get_refresh_token(data['refreshToken'])
payload = get_payload(token)
self.assertNotEqual(token, self.token)
self.assertGreater(payload['exp'], self.payload['exp'])
self.assertNotEqual(refresh_token.token, self.refresh_token.token)
self.assertEqual(refresh_token.user, self.user)
self.assertGreater(refresh_token.created, self.refresh_token.created)
def authenticate(self, request: Request) -> Optional[Tuple[User, dict]]:
"""
Returns a tuple of `User` and a JSON web token if the signature for the
token supplied in JWT-based authentication is valid. Otherwise, returns
`None`.
"""
jwt_value = get_http_authorization(request)
if jwt_value is None:
return None
try:
payload = get_payload(jwt_value)
except (JSONWebTokenExpired, JSONWebTokenError) as e:
raise exceptions.AuthenticationFailed(str(e))
try:
user = get_user_by_payload(payload)
except JSONWebTokenError:
raise exceptions.AuthenticationFailed(_("Invalid payload"))
return user, payload
def validate(self, attrs):
try:
payload = get_payload(attrs["token"])
except (JSONWebTokenExpired, JSONWebTokenError) as e:
raise serializers.ValidationError(str(e))
return {"payload": payload}
def test_decode_error(self):
with self.assertRaises(exceptions.JSONWebTokenError):
utils.get_payload('invalid')
def test_payload_expired_signature(self):
payload = utils.jwt_payload(self.user)
token = utils.jwt_encode(payload)
with self.assertRaises(GraphQLJWTError):
utils.get_payload(token)
def test_expired_signature(self):
payload = utils.jwt_payload(self.user)
token = utils.jwt_encode(payload)
with self.assertRaises(exceptions.JSONWebTokenExpired):
utils.get_payload(token)
def test_payload_decode_error(self):
with self.assertRaises(GraphQLJWTError):
utils.get_payload('invalid')
def test_payload_expired_signature(self):
payload = utils.jwt_payload(self.user)
token = utils.jwt_encode(payload)
with self.assertRaises(GraphQLJWTError):
utils.get_payload(token)
def get_user_by_token(token, context=None):
payload = get_payload(token, context)
return get_user_by_payload(payload)
def test_payload_decode_error(self):
with self.assertRaises(GraphQLJWTError):
utils.get_payload('invalid')
def get_token(user: UserModel, context=None):
payload = get_payload(user, context)
return jwt_encode(payload, context)
