def is_authenticated(self, request, **kwargs):
"""
Finds the user and checks their API key.
Should return either ``True`` if allowed, ``False`` if not or an
``HttpResponse`` if you need something custom.
"""
try:
json_web_token = self.extract_credentials(request)
payload = jwt_decode_handler(json_web_token)
username = payload.get('username')
except DecodeError:
return self._unauthorized()
User = get_user_model()
try:
lookup_kwargs = {'username': username}
user = User.objects.get(**lookup_kwargs)
except (User.DoesNotExist, User.MultipleObjectsReturned):
return self._unauthorized()
if not self.check_active(user):
return False
request.user = user
return True
def test_jwt_login_json_with_username(self):
"""
Ensure JWT login view using JSON POST works with only username and password.
"""
response = self.client.post(self.login_url,
json.dumps(self.login_data_with_username),
content_type='application/json')
self.assertEqual(response.status_code, 200)
response_content = json.loads(smart_text(response.content))
decoded_payload = utils.jwt_decode_handler(response_content['token'])
self.assertEqual(decoded_payload['username'], self.username)
def test_refresh(self):
"""
Ensure JWT refresh view using JSON POST works.
"""
data = {"token": utils.jwt_encode_handler(self.payload)}
response = self.client.post(self.refresh_auth_token_url,
data,
content_type="application/json")
decoded_payload = utils.jwt_decode_handler(response.json()["token"])
self.assertEqual(response.status_code, 200)
self.assertEqual(decoded_payload["username"], self.username)
def test_login(self):
"""
Ensure JWT login view using JSON POST works.
"""
response = self.client.post(
self.auth_token_url, self.data, content_type="application/json"
)
response_content = response.json()
expires_in = response_content["expires_in"]
self.assertEqual(expires_in, settings.JWT_EXPIRATION_DELTA.total_seconds())
decoded_payload = utils.jwt_decode_handler(response_content["token"])
self.assertEqual(response.status_code, 200)
self.assertEqual(decoded_payload["username"], self.username)
def test_jwt_login_json(self):
"""
Ensure JWT login view using JSON POST works.
"""
response = self.client.post('/auth-token/',
json.dumps(self.data),
content_type='application/json')
response_content = json.loads(smart_text(response.content))
decoded_payload = utils.jwt_decode_handler(response_content['token'])
self.assertEqual(response.status_code, 200)
self.assertEqual(decoded_payload['username'], self.username)
def test_jwt_login_json(self):
"""
Ensure JWT login view using JSON POST works.
"""
response = self.client.post(
'/auth-token/',
json.dumps(self.data),
content_type='application/json'
)
response_content = json.loads(smart_text(response.content))
decoded_payload = utils.jwt_decode_handler(response_content['token'])
self.assertEqual(response.status_code, 200)
self.assertEqual(decoded_payload['username'], self.username)
def test_jwt_login_with_expired_token(self):
"""
Ensure JWT login view works even if expired token is provided
"""
payload = utils.jwt_payload_handler(self.user)
payload['exp'] = 1
token = utils.jwt_encode_handler(payload)
auth = 'Bearer {0}'.format(token)
response = self.client.post(self.login_url,
json.dumps(self.login_data_with_username),
content_type='application/json',
HTTP_AUTHORIZATION=auth)
self.assertEqual(response.status_code, 200)
response_content = json.loads(smart_text(response.content))
decoded_payload = utils.jwt_decode_handler(response_content['token'])
self.assertEqual(decoded_payload['username'], self.username)
def authenticate(token):
"""
Tries to authenticate user based on the supplied token. It also checks
the token structure and validity.
Based on jwt_auth.JSONWebTokenAuthMixin.authenticate
"""
try:
payload = jwt_decode_handler(token)
except jwt.ExpiredSignature:
msg = 'Signature has expired.'
raise exceptions.AuthenticationFailed(msg)
except jwt.DecodeError:
msg = 'Error decoding signature.'
raise exceptions.AuthenticationFailed(msg)
user = authenticate_credentials(payload)
return user
def authenticate(token):
"""
Tries to authenticate user based on the supplied token. It also checks
the token structure and validity.
Based on jwt_auth.JSONWebTokenAuthMixin.authenticate
"""
try:
payload = jwt_decode_handler(token)
except jwt.ExpiredSignature:
msg = 'Signature has expired.'
raise exceptions.AuthenticationFailed(msg)
except jwt.DecodeError:
msg = 'Error decoding signature.'
raise exceptions.AuthenticationFailed(msg)
user = authenticate_credentials(payload)
return user
def test_login_with_expired_token(self):
"""
Ensure JWT login view works even if expired token is provided
"""
payload = utils.jwt_payload_handler(self.user)
payload["exp"] = 1
token = utils.jwt_encode_handler(payload)
auth = "Bearer {0}".format(token)
response = self.client.post(
self.auth_token_url,
self.data,
content_type="application/json",
HTTP_AUTHORIZATION=auth,
)
response_content = response.json()
decoded_payload = utils.jwt_decode_handler(response_content["token"])
self.assertEqual(response.status_code, 200)
self.assertEqual(decoded_payload["username"], self.username)
def process_response(request, response):
if 'HTTP_AUTHORIZATION' in request.META:
try:
auth_indicator = JSONWebTokenAuthMixin().authenticate(request)
except AuthenticationFailed as e:
logging.exception(e)
return response
if auth_indicator is None:
return response
token = auth_indicator[1]
token = jwt_decode_handler(token)
exp = token['exp']
exp = datetime.fromtimestamp(exp)
if exp - timedelta(0, 3600) < datetime.now():
# expiring in one hour
# renew the token
from jwt_auth import settings
token['exp'] = datetime.utcnow() + settings.JWT_EXPIRATION_DELTA
token = jwt_encode_handler(token)
newtoken = settings.JWT_AUTH_HEADER_PREFIX + " " + token
response['HTTP_AUTHORIZATION'] = newtoken
return response
def test_jwt_login_with_expired_token(self):
"""
Ensure JWT login view works even if expired token is provided
"""
payload = utils.jwt_payload_handler(self.user)
payload['exp'] = 1
token = utils.jwt_encode_handler(payload)
auth = 'Bearer {0}'.format(token)
response = self.client.post(
'/auth-token/',
json.dumps(self.data),
content_type='application/json',
HTTP_AUTHORIZATION=auth
)
response_content = json.loads(smart_text(response.content))
decoded_payload = utils.jwt_decode_handler(response_content['token'])
self.assertEqual(response.status_code, 200)
self.assertEqual(decoded_payload['username'], self.username)
