def get(self, request): try: # JWT Token Authentication token = get_authorization_header(request).decode('UTF-8').split( 'Bearer')[1] if token is None or token == "null" or token.strip() == "": raise exceptions.AuthenticationFailed( 'Authorization Header or Token is missing on Request Headers' ) decoded = jwt.decode(token.strip(), settings.JWT_AUTH['JWT_SECRET_KEY']) employee_detail = Employee.objects.filter( manager_id=decoded['user_id']) serializer = EmployeeSerializer(employee_detail, many=True) return Response({ "status": 200, "EmployeeData": serializer.data }, status=status.HTTP_200_OK) except: return Response({ "status": 404, }, status=status.HTTP_404_NOT_FOUND)
def patch(self, request): token = get_authorization_header(request).decode('UTF-8').split( 'Bearer')[1] if token is None or token == "null" or token.strip() == "": raise exceptions.AuthenticationFailed( 'Authorization Header or Token is missing on Request Headers') decoded = jwt.decode(token.strip(), settings.JWT_AUTH['JWT_SECRET_KEY']) updateData = json.loads(request.body) try: getEmployee = Employee.objects.get(manager_id=decoded['user_id'], id=updateData['id']) serializer = EmployeeSerializer(getEmployee, data=updateData, partial=True) if serializer.is_valid(raise_exception=True): serializer.save() return Response( { "status": 200, "message": "Updated Successfully" }, status=status.HTTP_200_OK) except: return Response({"message": "Not Found"}, status=status.HTTP_400_BAD_REQUEST)
def get_jwt_value(request): """ Description: 用於獲取前端傳來的認證權杖(token) Parameters: request: DRF.request對象 return: bytes: b'<token>' """ # 元素為字節類型,auth => [b'jwt', b'<token>'] auth = get_authorization_header(request).split() # 在setting.py中,可以自定義設定,auth_header_prefix => jwt auth_header_prefix = api_settings.JWT_AUTH_HEADER_PREFIX.lower() if not auth: # 若在Headers中沒有得到Authorization則執行 if api_settings.JWT_AUTH_COOKIE: return request.COOKIES.get(api_settings.JWT_AUTH_COOKIE) return None if auth[0].decode(encoding='UTF-8', errors='strict').lower() != auth_header_prefix: # 判斷前綴是否相同 return None if len(auth) == 1: msg = _('無效的Authorization請求頭,格式須為「JWT <token>」') raise exceptions.AuthenticationFailed(msg) elif len(auth) > 2: msg = _('無效的Authorization請求頭,格式須為「JWT <token>」') raise exceptions.AuthenticationFailed(msg) return auth[1]
def post(self, request): token = get_authorization_header(request).decode('UTF-8').split( 'Bearer')[1] if token is None or token == "null" or token.strip() == "": raise exceptions.AuthenticationFailed( 'Authorization Header or Token is missing on Request Headers') decoded = jwt.decode(token.strip(), settings.JWT_AUTH['JWT_SECRET_KEY']) manager_Obj = Manager.objects.get(id=decoded['user_id']) employee_detail = { "manager": manager_Obj.id, "firstName": request.data['firstName'], "lastName": request.data['lastName'], "email": request.data['email'], "mobile": request.data['mobile'], "password": request.data['password'], "address": request.data['address'], "dob": request.data['dob'], "company": request.data['company'], "city": request.data['city'], } serializer = EmployeeSerializer(data=employee_detail, many=False) if serializer.is_valid(raise_exception=True): serializer.save() return Response( { "status": 201, "message": "Employee Created Successfully", "data": serializer.data }, status=status.HTTP_201_CREATED)
def authenticate(self, request): """ The `authenticate` method is called on every request regardless of whether the endpoint requires authentication. `authenticate` has two possible return values: 1) `None` - We return `None` if we do not wish to authenticate. Usually this means we know authentication will fail. An example of this is when the request does not include a token in the headers. 2) `(user, token)` - We return a user/token combination when authentication is successful. If neither case is met, that means there's an error and we do not return anything. We simple raise the `AuthenticationFailed` exception and let Django REST Framework handle the rest. """ request.user = None # `auth_header` should be an array with two elements: 1) the name of # the authentication header (in this case, "Token") and 2) the JWT # that we should authenticate against. auth_header = authentication.get_authorization_header(request).split() auth_header_prefix = self.authentication_header_prefix.lower() if not auth_header: return None if len(auth_header) == 1: # Invalid token header. No credentials provided. Do not attempt to # authenticate. return None elif len(auth_header) > 2: # Invalid token header. The Token string should not contain spaces. Do # not attempt to authenticate. return None # The JWT library we're using can't handle the `byte` type, which is # commonly used by standard libraries in Python 3. To get around this, # we simply have to decode `prefix` and `token`. This does not make for # clean code, but it is a good decision because we would get an error # if we didn't decode these values. prefix = auth_header[0].decode('utf-8') token = auth_header[1].decode('utf-8') # if prefix.lower() != auth_header_prefix: # The auth header prefix is not what we expected. Do not attempt to # authenticate. # return None # By now, we are sure there is a *chance* that authentication will # succeed. We delegate the actual credentials authentication to the # method below. return self.authenticate_credentials(request, token)
def getUnameFromJWT(req): auth = get_authorization_header(req).split() jwt_value = auth[1] payload = jwt_decode_handler(jwt_value) uname = jwt_get_username_from_payload(payload) return uname
def update(self, request, *args, **kwargs): # print(jwt_decode_handler(get_authorization_header(request).split()[1].decode('utf-8')).get('user_id')) instance = self.get_object() jwt_decode_handler = api_settings.JWT_DECODE_HANDLER jwt = get_authorization_header(request).split()[1].decode('utf-8') user = jwt_decode_handler(jwt) user_id = user.get('user_id') if instance.pk != user_id: return Response({'message': 'Unauthorized'}, status=status.HTTP_401_UNAUTHORIZED) return super().update(request, *args, **kwargs)
def delete(self, request, pk, format=None): token = get_authorization_header(request).decode('UTF-8').split( 'Bearer')[1] if token is None or token == "null" or token.strip() == "": raise exceptions.AuthenticationFailed( 'Authorization Header or Token is missing on Request Headers') decoded = jwt.decode(token.strip(), settings.JWT_AUTH['JWT_SECRET_KEY']) try: employee = Employee.objects.get(manager_id=decoded['user_id'], pk=pk) employee.delete() return Response({'status': 200}, status=status.HTTP_200_OK) except: return Response({'status': 404}, status=status.HTTP_404_NOT_FOUND)
def inner(request, *args, **kwargs): auth = get_authorization_header(request) jwt_decode_handler = api_settings.JWT_DECODE_HANDLER if not auth: return HttpResponse(status=403) try: payload = jwt_decode_handler(auth) # 出现jwt解析异常,直接抛出异常,代表非法用户,也可以返回None,作为游客处理 except jwt.ExpiredSignature: return HttpResponse(status=403) except: return HttpResponse(status=403) user_id = payload.get("user_id") user = User.objects.get(pk=user_id) request.user = user return func(request, *args, **kwargs)
def authenticate(self, request): # 采用drf获取token的手段 - HTTP_AUTHORIZATION - Authorization token = get_authorization_header(request) if not token: raise AuthenticationFailed('Authorization 字段是必须的') # 可以添加反扒措施:原功能是token有前缀 # drf-jwt认证校验算法 try: payload = jwt_decode_handler(token) except jwt.ExpiredSignature: raise AuthenticationFailed('签名过期') except jwt.InvalidTokenError: raise AuthenticationFailed('非法用户') user = self.authenticate_credentials(payload) # 将认证结果丢该drf return user, token
def authenticate(self, request): jwt_value = get_authorization_header(request) if not jwt_value: raise AuthenticationFailed('Authorization 字段是必须的') try: payload = jwt_decode_handler(jwt_value) except jwt.ExpiredSignature: raise AuthenticationFailed('签名过期') except jwt.InvalidTokenError: raise AuthenticationFailed('非法用户') username = jwt_get_username_from_payload(payload) print(username) user = User.objects.filter(username=username).first() print(user) return user, jwt_value
def post(self, request): data = request.data logger.info( '{_class} {method} {object} {data}'.format( method=stack()[0][3], _class=self.__class__.__name__, object=model, data=data) ) authorization = get_authorization_header(request) if authorization: context = { 'message': 'THERE IS CURRENTLY A USER HAS ALREADY LOGGED IN.', 'status': 400 } return make_response(context) is_valid = UserSerializer(data=data).is_valid() if not is_valid: email = data.get('email', '') user = User.objects.filter(email=email).first() if user and user.is_active: context = { 'status': 400, 'message': 'THIS EMAIL IS ALREADY IN USED.' } return make_response(context) data['password'] = make_password(data['password']) user, _ = User.objects.update_or_create( email=data.get('email', ''), defaults=data ) user.is_active = True user.save() user_serialized = UserSerializer(user, many=False) context = { 'data': user_serialized.data, 'message': 'OK', 'status': 200 } return make_response(context)
def authenticate(self, request): # 获取token token = get_authorization_header(request) if not token: raise AuthenticationFailed("Token 认证失败!") try: payload = jwt_decode_handler(token) except jwt.exceptions.ExpiredSignatureError: raise AuthenticationFailed("Token 失效") except jwt.exceptions.DecodeError: raise AuthenticationFailed("非法的 Token") user = User.get_by_id(payload["user_id"]) if user: return user, token else: raise AuthenticationFailed("没有此用户,请联系管理员!")
def has_permission(self, request, view): # 获取,查询 token = get_authorization_header(request) if not token: return False try: payload = jwt_decode_handler(token) except DecodeError as e: print(1, e) return False except ExpiredSignatureError: raise False user = User.get_by_id(payload["user_id"]) if not user: return False if user.is_superuser: return True path = request.path if "?" in path: path = path.split("?")[0] roles = request.user.roles.filter(status=True) # 得到所有的访问权限 permissions = UrlPermission.objects.none() for role in roles: permissions |= role.permission.only("title", "method").filter(status=True) # 逻辑是循环所有 url 与 当前 url 做比对 for p in permissions: # 必须路径匹配,然后 url 必须 if p.url in path: if p.url == path and path == "/": return True if p.url != "/" and (p.method == request.method or p.get_method_display() == "ALL"): return True else: return False
def get(self, req): auth = get_authorization_header(req).split() jwt_value = auth[1] payload = jwt_decode_handler(jwt_value) username = jwt_get_username_from_payload(payload) user_id = jwt_get_user_id_from_paylaod(payload) # (user, token) = JSONWebTokenAuthentication().authenticate(request) # msg = 'user = '******', token = ' + token # auth = get_authorization_header(request).split() # token = auth[1] # token_text = token.decode('ascii') msg = 'username = '******', user_id = ' + str(user_id) print(msg) # msg = 'Yo ' + payload.get('username') + ', ' + payload.get('token') return Response({'msg': msg})
def authenticate(self, request): # 认证通过,返回user,auth # 认证失败,返回None # auth = request.META.get('HTTP_AUTHORIZATION') # 前台用auth携带token # 通过前台传过来的请求头中获取auth token = get_authorization_header(request)[4:] if not token: raise AuthenticationFailed('Authorization 字段是必须的') try: payload = jwt_decode_handler(token) # 出现jwt解析异常,直接抛出异常,代表非法用户,也可以返回None,作为游客处理 except jwt.ExpiredSignature: raise AuthenticationFailed('token已过期') except: raise AuthenticationFailed('token非法') user = self.authenticate_credentials(payload) return (user, token)
def authenticate(self, request): authorization_header = get_authorization_header(request) if not authorization_header: raise exceptions.AuthenticationFailed('缺失JWT请求头') jwt_value = JSONWebTokenAuthentication().get_jwt_value(request) if jwt_value is None: return None try: payload = jwt_decode_handler(jwt_value) except jwt.ExpiredSignature: raise exceptions.AuthenticationFailed('Signature has expired.') except (jwt.DecodeError, User.DoesNotExist): raise exceptions.AuthenticationFailed('Error decoding signature.') except jwt.InvalidTokenError: raise exceptions.AuthenticationFailed() user = self.authenticate_credentials(payload) return user, jwt_value
def authenticate(self, request): try: auth = get_authorization_header(request) except TypeError: return None, None jwt_decode_handler = api_settings.JWT_DECODE_HANDLER if not auth: return None, None try: payload = jwt_decode_handler(auth) # 出现jwt解析异常,直接抛出异常,代表非法用户,也可以返回None,作为游客处理 except jwt.ExpiredSignature: return None, None except: return None, None user = self.authenticate_credentials(payload) print(user) return (user, auth)
def get_jwt_value(self, request): auth = authentication.get_authorization_header(request).split() auth_header_prefix = "bearer" if not auth: if api_settings.JWT_AUTH_COOKIE: return request.COOKIES.get(api_settings.JWT_AUTH_COOKIE) return None if smart_text(auth[0].lower()) != auth_header_prefix: return None if len(auth) == 1: msg = _("Invalid Authorization header. No credentials provided.") raise exceptions.AuthenticationFailed(msg) elif len(auth) > 2: msg = _("Invalid Authorization header. Credentials string " "should not contain spaces.") raise exceptions.AuthenticationFailed(msg) return auth[1]
def authenticate(self, request): jwt_value = get_authorization_header(request) if not jwt_value: raise AuthenticationFailed('Authorization 字段是必须的') try: payload = jwt_decode_handler(jwt_value) token_key = CACHE_PREFIX + jwt_value.decode() timeout = cache.ttl(token_key) if timeout == 0: raise AuthenticationFailed('Token失效,请重新登录') else: cache.set(token_key, jwt_value, CACHE_TIMEOUT) except jwt.ExpiredSignature: raise AuthenticationFailed('Token失效,请重新登录') except ConnectionError: raise AuthenticationFailed('redis服务器未启动!') except jwt.InvalidTokenError: raise AuthenticationFailed('非法用户') user = self.authenticate_credentials(payload) return user, jwt_value
def get(self, request, *args, **kwargs): logger.info( '{_class} {method} {object}'.format( method=stack()[0][3], _class=self.__class__.__name__, object=model) ) authorization = get_authorization_header(request) current_token = '' if authorization: current_token = authorization.split()[1] if not current_token: context = { 'message': "ANONYMOUS USER.", 'status': 400 } return make_response(context) user = request.user if user.is_anonymous: context = { 'message': 'ANONYMOUS USER.', 'status': 404, } return make_response(context) if not user.is_online: context = { 'message': 'ANONYMOUS USER.', 'status': 404, } return make_response(context) context = { 'message': 'OK', 'status': 200, 'data': UserSerializer(user).data } return make_response(context)
def get(self, request): logger.info( '{_class} {method} {object}'.format( method=stack()[0][3], _class=self.__class__.__name__, object=model) ) authorization = get_authorization_header(request) current_token = '' if authorization: current_token = authorization.split()[1] if not current_token: context = { 'message': "ANONYMOUS USER.", 'status': 400 } return make_response(context) current_user = request.user user = User.objects.filter(pk=current_user.pk).first() if not user.is_online: context = { 'message': "ANONYMOUS USER.", 'status': 400 } return make_response(context) token = Token.objects.filter(user=user).first() token.delete() user.is_online = False user.save() context = { 'message': "LOGOUT SUCCESSFULLY.", 'status': 200, 'data': UserSerializer(user).data } return make_response(context)
def put(self, request): data = request.data logger.info( '{_class} {method} {object} {data}'.format( method=stack()[0][3], _class=self.__class__.__name__, object=model, data=data) ) authorization = get_authorization_header(request) current_token = '' if authorization: current_token = authorization.split()[1] if not current_token: context = { 'message': "ANONYMOUS USER.", 'status': 400 } return make_response(context) current_user = request.user if current_user.is_anonymous: context = { 'message': 'ANONYMOUS USER.', 'status': 400 } return make_response(context) user = User.objects.filter(pk=current_user.pk).first() if not user.is_online: context = { 'message': 'ANONYMOUS USER.', 'status': 400 } return make_response(context) email = data.get('email', '') if user.email != email and len(User.objects.filter(email=email)) == 1: context = { 'message': 'THIS EMAIL IS ALREADY IN USED.', 'status': 400, 'data': data } return make_response(context) password = make_password(data.get('password', user.password)) first_name = data.get('first_name', user.first_name) last_name = data.get('last_name', user.last_name) user.update(email=email, password=password, first_name=first_name, last_name=last_name) user_serialized = UserSerializer(user) context = { 'message': 'OK', 'status': 200, 'data': user_serialized.data } return make_response(context)