def get(self, request):
try:
# JWT Token Authentication
token = get_authorization_header(request).decode('UTF-8').split(
'Bearer')[1]
if token is None or token == "null" or token.strip() == "":
raise exceptions.AuthenticationFailed(
'Authorization Header or Token is missing on Request Headers'
)
decoded = jwt.decode(token.strip(),
settings.JWT_AUTH['JWT_SECRET_KEY'])
employee_detail = Employee.objects.filter(
manager_id=decoded['user_id'])
serializer = EmployeeSerializer(employee_detail, many=True)
return Response({
"status": 200,
"EmployeeData": serializer.data
},
status=status.HTTP_200_OK)
except:
return Response({
"status": 404,
},
status=status.HTTP_404_NOT_FOUND)
def patch(self, request):
token = get_authorization_header(request).decode('UTF-8').split(
'Bearer')[1]
if token is None or token == "null" or token.strip() == "":
raise exceptions.AuthenticationFailed(
'Authorization Header or Token is missing on Request Headers')
decoded = jwt.decode(token.strip(),
settings.JWT_AUTH['JWT_SECRET_KEY'])
updateData = json.loads(request.body)
try:
getEmployee = Employee.objects.get(manager_id=decoded['user_id'],
id=updateData['id'])
serializer = EmployeeSerializer(getEmployee,
data=updateData,
partial=True)
if serializer.is_valid(raise_exception=True):
serializer.save()
return Response(
{
"status": 200,
"message": "Updated Successfully"
},
status=status.HTTP_200_OK)
except:
return Response({"message": "Not Found"},
status=status.HTTP_400_BAD_REQUEST)
def get_jwt_value(request):
"""
Description:
用於獲取前端傳來的認證權杖(token)
Parameters:
request: DRF.request對象
return:
bytes: b'<token>'
"""
# 元素為字節類型,auth => [b'jwt', b'<token>']
auth = get_authorization_header(request).split()
# 在setting.py中,可以自定義設定,auth_header_prefix => jwt
auth_header_prefix = api_settings.JWT_AUTH_HEADER_PREFIX.lower()
if not auth:
# 若在Headers中沒有得到Authorization則執行
if api_settings.JWT_AUTH_COOKIE:
return request.COOKIES.get(api_settings.JWT_AUTH_COOKIE)
return None
if auth[0].decode(encoding='UTF-8',
errors='strict').lower() != auth_header_prefix:
# 判斷前綴是否相同
return None
if len(auth) == 1:
msg = _('無效的Authorization請求頭,格式須為「JWT <token>」')
raise exceptions.AuthenticationFailed(msg)
elif len(auth) > 2:
msg = _('無效的Authorization請求頭,格式須為「JWT <token>」')
raise exceptions.AuthenticationFailed(msg)
return auth[1]
def post(self, request):
token = get_authorization_header(request).decode('UTF-8').split(
'Bearer')[1]
if token is None or token == "null" or token.strip() == "":
raise exceptions.AuthenticationFailed(
'Authorization Header or Token is missing on Request Headers')
decoded = jwt.decode(token.strip(),
settings.JWT_AUTH['JWT_SECRET_KEY'])
manager_Obj = Manager.objects.get(id=decoded['user_id'])
employee_detail = {
"manager": manager_Obj.id,
"firstName": request.data['firstName'],
"lastName": request.data['lastName'],
"email": request.data['email'],
"mobile": request.data['mobile'],
"password": request.data['password'],
"address": request.data['address'],
"dob": request.data['dob'],
"company": request.data['company'],
"city": request.data['city'],
}
serializer = EmployeeSerializer(data=employee_detail, many=False)
if serializer.is_valid(raise_exception=True):
serializer.save()
return Response(
{
"status": 201,
"message": "Employee Created Successfully",
"data": serializer.data
},
status=status.HTTP_201_CREATED)
def authenticate(self, request):
"""
The `authenticate` method is called on every request regardless of
whether the endpoint requires authentication.
`authenticate` has two possible return values:
1) `None` - We return `None` if we do not wish to authenticate. Usually
this means we know authentication will fail. An example of
this is when the request does not include a token in the
headers.
2) `(user, token)` - We return a user/token combination when
authentication is successful.
If neither case is met, that means there's an error
and we do not return anything.
We simple raise the `AuthenticationFailed`
exception and let Django REST Framework
handle the rest.
"""
request.user = None
# `auth_header` should be an array with two elements: 1) the name of
# the authentication header (in this case, "Token") and 2) the JWT
# that we should authenticate against.
auth_header = authentication.get_authorization_header(request).split()
auth_header_prefix = self.authentication_header_prefix.lower()
if not auth_header:
return None
if len(auth_header) == 1:
# Invalid token header. No credentials provided. Do not attempt to
# authenticate.
return None
elif len(auth_header) > 2:
# Invalid token header. The Token string should not contain spaces. Do
# not attempt to authenticate.
return None
# The JWT library we're using can't handle the `byte` type, which is
# commonly used by standard libraries in Python 3. To get around this,
# we simply have to decode `prefix` and `token`. This does not make for
# clean code, but it is a good decision because we would get an error
# if we didn't decode these values.
prefix = auth_header[0].decode('utf-8')
token = auth_header[1].decode('utf-8')
# if prefix.lower() != auth_header_prefix:
# The auth header prefix is not what we expected. Do not attempt to
# authenticate.
# return None
# By now, we are sure there is a *chance* that authentication will
# succeed. We delegate the actual credentials authentication to the
# method below.
return self.authenticate_credentials(request, token)
def getUnameFromJWT(req):
auth = get_authorization_header(req).split()
jwt_value = auth[1]
payload = jwt_decode_handler(jwt_value)
uname = jwt_get_username_from_payload(payload)
return uname
def update(self, request, *args, **kwargs):
# print(jwt_decode_handler(get_authorization_header(request).split()[1].decode('utf-8')).get('user_id'))
instance = self.get_object()
jwt_decode_handler = api_settings.JWT_DECODE_HANDLER
jwt = get_authorization_header(request).split()[1].decode('utf-8')
user = jwt_decode_handler(jwt)
user_id = user.get('user_id')
if instance.pk != user_id:
return Response({'message': 'Unauthorized'}, status=status.HTTP_401_UNAUTHORIZED)
return super().update(request, *args, **kwargs)
def delete(self, request, pk, format=None):
token = get_authorization_header(request).decode('UTF-8').split(
'Bearer')[1]
if token is None or token == "null" or token.strip() == "":
raise exceptions.AuthenticationFailed(
'Authorization Header or Token is missing on Request Headers')
decoded = jwt.decode(token.strip(),
settings.JWT_AUTH['JWT_SECRET_KEY'])
try:
employee = Employee.objects.get(manager_id=decoded['user_id'],
pk=pk)
employee.delete()
return Response({'status': 200}, status=status.HTTP_200_OK)
except:
return Response({'status': 404}, status=status.HTTP_404_NOT_FOUND)
def inner(request, *args, **kwargs):
auth = get_authorization_header(request)
jwt_decode_handler = api_settings.JWT_DECODE_HANDLER
if not auth:
return HttpResponse(status=403)
try:
payload = jwt_decode_handler(auth)
# 出现jwt解析异常,直接抛出异常,代表非法用户,也可以返回None,作为游客处理
except jwt.ExpiredSignature:
return HttpResponse(status=403)
except:
return HttpResponse(status=403)
user_id = payload.get("user_id")
user = User.objects.get(pk=user_id)
request.user = user
return func(request, *args, **kwargs)
def authenticate(self, request):
# 采用drf获取token的手段 - HTTP_AUTHORIZATION - Authorization
token = get_authorization_header(request)
if not token:
raise AuthenticationFailed('Authorization 字段是必须的')
# 可以添加反扒措施:原功能是token有前缀
# drf-jwt认证校验算法
try:
payload = jwt_decode_handler(token)
except jwt.ExpiredSignature:
raise AuthenticationFailed('签名过期')
except jwt.InvalidTokenError:
raise AuthenticationFailed('非法用户')
user = self.authenticate_credentials(payload)
# 将认证结果丢该drf
return user, token
def authenticate(self, request):
jwt_value = get_authorization_header(request)
if not jwt_value:
raise AuthenticationFailed('Authorization 字段是必须的')
try:
payload = jwt_decode_handler(jwt_value)
except jwt.ExpiredSignature:
raise AuthenticationFailed('签名过期')
except jwt.InvalidTokenError:
raise AuthenticationFailed('非法用户')
username = jwt_get_username_from_payload(payload)
print(username)
user = User.objects.filter(username=username).first()
print(user)
return user, jwt_value
def post(self, request):
data = request.data
logger.info(
'{_class} {method} {object} {data}'.format(
method=stack()[0][3], _class=self.__class__.__name__,
object=model,
data=data)
)
authorization = get_authorization_header(request)
if authorization:
context = {
'message': 'THERE IS CURRENTLY A USER HAS ALREADY LOGGED IN.',
'status': 400
}
return make_response(context)
is_valid = UserSerializer(data=data).is_valid()
if not is_valid:
email = data.get('email', '')
user = User.objects.filter(email=email).first()
if user and user.is_active:
context = {
'status': 400,
'message': 'THIS EMAIL IS ALREADY IN USED.'
}
return make_response(context)
data['password'] = make_password(data['password'])
user, _ = User.objects.update_or_create(
email=data.get('email', ''),
defaults=data
)
user.is_active = True
user.save()
user_serialized = UserSerializer(user, many=False)
context = {
'data': user_serialized.data,
'message': 'OK',
'status': 200
}
return make_response(context)
def authenticate(self, request):
# 获取token
token = get_authorization_header(request)
if not token:
raise AuthenticationFailed("Token 认证失败!")
try:
payload = jwt_decode_handler(token)
except jwt.exceptions.ExpiredSignatureError:
raise AuthenticationFailed("Token 失效")
except jwt.exceptions.DecodeError:
raise AuthenticationFailed("非法的 Token")
user = User.get_by_id(payload["user_id"])
if user:
return user, token
else:
raise AuthenticationFailed("没有此用户,请联系管理员!")
def has_permission(self, request, view):
# 获取,查询
token = get_authorization_header(request)
if not token:
return False
try:
payload = jwt_decode_handler(token)
except DecodeError as e:
print(1, e)
return False
except ExpiredSignatureError:
raise False
user = User.get_by_id(payload["user_id"])
if not user:
return False
if user.is_superuser:
return True
path = request.path
if "?" in path:
path = path.split("?")[0]
roles = request.user.roles.filter(status=True)
# 得到所有的访问权限
permissions = UrlPermission.objects.none()
for role in roles:
permissions |= role.permission.only("title",
"method").filter(status=True)
# 逻辑是循环所有 url 与 当前 url 做比对
for p in permissions:
# 必须路径匹配,然后 url 必须
if p.url in path:
if p.url == path and path == "/":
return True
if p.url != "/" and (p.method == request.method
or p.get_method_display() == "ALL"):
return True
else:
return False
def get(self, req):
auth = get_authorization_header(req).split()
jwt_value = auth[1]
payload = jwt_decode_handler(jwt_value)
username = jwt_get_username_from_payload(payload)
user_id = jwt_get_user_id_from_paylaod(payload)
# (user, token) = JSONWebTokenAuthentication().authenticate(request)
# msg = 'user = '******', token = ' + token
# auth = get_authorization_header(request).split()
# token = auth[1]
# token_text = token.decode('ascii')
msg = 'username = '******', user_id = ' + str(user_id)
print(msg)
# msg = 'Yo ' + payload.get('username') + ', ' + payload.get('token')
return Response({'msg': msg})
def authenticate(self, request):
# 认证通过,返回user,auth
# 认证失败,返回None
# auth = request.META.get('HTTP_AUTHORIZATION') # 前台用auth携带token
# 通过前台传过来的请求头中获取auth
token = get_authorization_header(request)[4:]
if not token:
raise AuthenticationFailed('Authorization 字段是必须的')
try:
payload = jwt_decode_handler(token)
# 出现jwt解析异常,直接抛出异常,代表非法用户,也可以返回None,作为游客处理
except jwt.ExpiredSignature:
raise AuthenticationFailed('token已过期')
except:
raise AuthenticationFailed('token非法')
user = self.authenticate_credentials(payload)
return (user, token)
def authenticate(self, request):
authorization_header = get_authorization_header(request)
if not authorization_header:
raise exceptions.AuthenticationFailed('缺失JWT请求头')
jwt_value = JSONWebTokenAuthentication().get_jwt_value(request)
if jwt_value is None:
return None
try:
payload = jwt_decode_handler(jwt_value)
except jwt.ExpiredSignature:
raise exceptions.AuthenticationFailed('Signature has expired.')
except (jwt.DecodeError, User.DoesNotExist):
raise exceptions.AuthenticationFailed('Error decoding signature.')
except jwt.InvalidTokenError:
raise exceptions.AuthenticationFailed()
user = self.authenticate_credentials(payload)
return user, jwt_value
def authenticate(self, request):
try:
auth = get_authorization_header(request)
except TypeError:
return None, None
jwt_decode_handler = api_settings.JWT_DECODE_HANDLER
if not auth:
return None, None
try:
payload = jwt_decode_handler(auth)
# 出现jwt解析异常,直接抛出异常,代表非法用户,也可以返回None,作为游客处理
except jwt.ExpiredSignature:
return None, None
except:
return None, None
user = self.authenticate_credentials(payload)
print(user)
return (user, auth)
def get_jwt_value(self, request):
auth = authentication.get_authorization_header(request).split()
auth_header_prefix = "bearer"
if not auth:
if api_settings.JWT_AUTH_COOKIE:
return request.COOKIES.get(api_settings.JWT_AUTH_COOKIE)
return None
if smart_text(auth[0].lower()) != auth_header_prefix:
return None
if len(auth) == 1:
msg = _("Invalid Authorization header. No credentials provided.")
raise exceptions.AuthenticationFailed(msg)
elif len(auth) > 2:
msg = _("Invalid Authorization header. Credentials string "
"should not contain spaces.")
raise exceptions.AuthenticationFailed(msg)
return auth[1]
def authenticate(self, request):
jwt_value = get_authorization_header(request)
if not jwt_value:
raise AuthenticationFailed('Authorization 字段是必须的')
try:
payload = jwt_decode_handler(jwt_value)
token_key = CACHE_PREFIX + jwt_value.decode()
timeout = cache.ttl(token_key)
if timeout == 0:
raise AuthenticationFailed('Token失效,请重新登录')
else:
cache.set(token_key, jwt_value, CACHE_TIMEOUT)
except jwt.ExpiredSignature:
raise AuthenticationFailed('Token失效,请重新登录')
except ConnectionError:
raise AuthenticationFailed('redis服务器未启动!')
except jwt.InvalidTokenError:
raise AuthenticationFailed('非法用户')
user = self.authenticate_credentials(payload)
return user, jwt_value
def get(self, request, *args, **kwargs):
logger.info(
'{_class} {method} {object}'.format(
method=stack()[0][3], _class=self.__class__.__name__,
object=model)
)
authorization = get_authorization_header(request)
current_token = ''
if authorization:
current_token = authorization.split()[1]
if not current_token:
context = {
'message': "ANONYMOUS USER.",
'status': 400
}
return make_response(context)
user = request.user
if user.is_anonymous:
context = {
'message': 'ANONYMOUS USER.',
'status': 404,
}
return make_response(context)
if not user.is_online:
context = {
'message': 'ANONYMOUS USER.',
'status': 404,
}
return make_response(context)
context = {
'message': 'OK',
'status': 200,
'data': UserSerializer(user).data
}
return make_response(context)
def get(self, request):
logger.info(
'{_class} {method} {object}'.format(
method=stack()[0][3], _class=self.__class__.__name__,
object=model)
)
authorization = get_authorization_header(request)
current_token = ''
if authorization:
current_token = authorization.split()[1]
if not current_token:
context = {
'message': "ANONYMOUS USER.",
'status': 400
}
return make_response(context)
current_user = request.user
user = User.objects.filter(pk=current_user.pk).first()
if not user.is_online:
context = {
'message': "ANONYMOUS USER.",
'status': 400
}
return make_response(context)
token = Token.objects.filter(user=user).first()
token.delete()
user.is_online = False
user.save()
context = {
'message': "LOGOUT SUCCESSFULLY.",
'status': 200,
'data': UserSerializer(user).data
}
return make_response(context)
def put(self, request):
data = request.data
logger.info(
'{_class} {method} {object} {data}'.format(
method=stack()[0][3], _class=self.__class__.__name__,
object=model,
data=data)
)
authorization = get_authorization_header(request)
current_token = ''
if authorization:
current_token = authorization.split()[1]
if not current_token:
context = {
'message': "ANONYMOUS USER.",
'status': 400
}
return make_response(context)
current_user = request.user
if current_user.is_anonymous:
context = {
'message': 'ANONYMOUS USER.',
'status': 400
}
return make_response(context)
user = User.objects.filter(pk=current_user.pk).first()
if not user.is_online:
context = {
'message': 'ANONYMOUS USER.',
'status': 400
}
return make_response(context)
email = data.get('email', '')
if user.email != email and len(User.objects.filter(email=email)) == 1:
context = {
'message': 'THIS EMAIL IS ALREADY IN USED.',
'status': 400,
'data': data
}
return make_response(context)
password = make_password(data.get('password', user.password))
first_name = data.get('first_name', user.first_name)
last_name = data.get('last_name', user.last_name)
user.update(email=email,
password=password,
first_name=first_name,
last_name=last_name)
user_serialized = UserSerializer(user)
context = {
'message': 'OK',
'status': 200,
'data': user_serialized.data
}
return make_response(context)
