def get_user(token): try: validated_token = JWTAuthentication().get_validated_token(token) user = JWTAuthentication().get_user(validated_token) return user except Exception as e: return AnonymousUser()
def validate(self, attrs): refresh = RefreshToken(attrs['refresh']) data = {'access': str(refresh.access_token)} if settings.SIMPLE_JWT['ROTATE_REFRESH_TOKENS']: if settings.SIMPLE_JWT['BLACKLIST_AFTER_ROTATION']: try: # Attempt to blacklist the given refresh token refresh.blacklist() except AttributeError: # If blacklist app not installed, `blacklist` method will # not be present pass refresh.set_jti() refresh.set_exp() data['refresh'] = str(refresh) jwt_obj = JWTAuthentication() user = jwt_obj.get_user(refresh.access_token) user_serializer = UserSerializer(user) data['user'] = user_serializer.data data['token_expire_at'] = refresh.access_token.get('exp') data['refresh_token_expire_at'] = refresh.get('exp') return data
def delete(self, request): """ Deletes a list of given landzones :author Munir Safi :since 2020-11-19 :param {request} the incoming rest_framework http request object """ if request.headers.get('Authorization', None) is not None: header_token = request.headers['Authorization'].split(' ')[1] jwt_object = JWTAuthentication() valid_token = jwt_object.get_validated_token(header_token) user_email = jwt_object.get_user(valid_token) AuthUser = get_user_model() user = AuthUser.objects.get(email=user_email) for landzone_uuid in request.data: zone = LandZone.objects.get(uuid=landzone_uuid) if zone.owner == user: zone.delete() else: return Response( { 'message': 'You are attempting to delete an area that you have no privelages for' }, status=status.HTTP_401_UNAUTHORIZED) return Response(status=status.HTTP_200_OK) else: return Response( {'message': 'You must be logged in to delete a zone!'}, status=status.HTTP_401_UNAUTHORIZED)
def post(self, request): """ Save the landzones a user submits :author Munir Safi :since 2020-11-14 :param {request} the incoming rest_framework http request object """ if request.headers.get('Authorization', None) is not None: header_token = request.headers['Authorization'].split(' ')[1] jwt_object = JWTAuthentication() valid_token = jwt_object.get_validated_token(header_token) user_email = jwt_object.get_user(valid_token) AuthUser = get_user_model() user = AuthUser.objects.get(email=user_email) for landzone in request.data['landzones']: if landzone.get('geoJSON', None) is not None: land_zone = LandZone(geo_json=landzone['geoJSON'], owner=user) land_zone.save() else: return Response( { 'message': 'You must include a \'geoJSON\' property in your array of objects' }, status=status.HTTP_400_BAD_REQUEST) return Response(status=status.HTTP_200_OK) else: return Response( {'message': 'You must be logged in to register a new zone!'}, status=status.HTTP_401_UNAUTHORIZED)
def get(self, request): header = JWTAuthentication().get_header(request) raw_token = JWTAuthentication.get_raw_token(self, header) validated_token = JWTAuthentication().get_validated_token(raw_token) user = JWTAuthentication.get_user(self, validated_token) # print(user.created_at) return Response( { "email": user.email, "name": user.name, "username": user.username, "is_superuser": user.is_superuser, "is_staff": user.is_staff, "is_verified": user.is_verified, # "created_at": user.created_at, # "updated_at": user.updated_at, # 'tokens': user.tokens, }, status=status.HTTP_200_OK)
def _check_login_social_simple_jwt_only(self, url, data, token_type): resp = self.client.post(url, data) self.assertEqual(resp.status_code, 200) # check token valid jwt_auth = JWTAuthentication() token_instance = jwt_auth.get_validated_token(resp.data['token']) self.assertEqual(token_instance['token_type'], token_type)
def get_authenticators(self): auth_head = get_authorization_header(self.request) ah = jwt.get_header(self, request=self.request) token = jwt.get_raw_token(self, header=auth_head) return [auth() for auth in self.authentication_classes]
def recipes_detail(request, pk): JWT = JWTAuthentication() request_data = JWT.authenticate( request) ##returns a tuple with user, token print(request_data[0]) user = request_data[0] try: recipe = Recipe.objects.get(pk=pk) except Recipe.DoesNotExist: return Response(status=status.HTTP_404_NOT_FOUND) if request.method == 'GET': serializer = RecipeSerializer(recipe) return Response(serializer.data) elif request.method == 'PUT': serializer = RecipeSerializer(recipe, data=request.data) if serializer.is_valid(): serializer.save(user=user) return Response(serializer.data) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) elif request.method == 'DELETE': recipe.delete() return Response(status=status.HTTP_204_NO_CONTENT)
def format_data(self, data): JWT_authenticator = JWTAuthentication() # decode token user, _ = JWT_authenticator.authenticate(self.request) data['user'] = user.id data['date'] = format_date(data['date']) return data
def post(self, request): """ Validates the current user, then updates their password using the new given password :author Munir Safi :since 2020-11-14 :param {request} the incoming rest_framework http request object """ if request.headers.get('Authorization', None) is not None: header_token = request.headers['Authorization'].split(' ')[1] jwt_object = JWTAuthentication() valid_token = jwt_object.get_validated_token(header_token) user_email = jwt_object.get_user(valid_token) AuthUser = get_user_model() user = AuthUser.objects.get(email=user_email) user.set_password(request.data['password']) user.save() refresh = RefreshToken.for_user(user) return Response({ 'refresh': str(refresh), 'access': str(refresh.access_token) }) else: return Response( { 'message': 'Cannot change user password if no user is active' }, status=status.HTTP_400_BAD_REQUEST)
def get_user_for_token(token_key): try: jwt_object = JWTAuthentication() validated_token = jwt_object.get_validated_token(token_key) user = jwt_object.get_user(validated_token) return user except Token.DoesNotExist: return AnonymousUser()
def validate(self, attrs): data = super().validate(attrs) jwt_object = JWTAuthentication() validated_token = jwt_object.get_validated_token(attrs.get('token')) user = jwt_object.get_user(validated_token) user_serializer = UserSerializer(user) data['user'] = user_serializer.data return data
def get_user_from_access_token_or_401(access_token): jwt_authenticaton = JWTAuthentication() validated_token = jwt_authenticaton.get_validated_token(access_token) try: return jwt_authenticaton.get_user(validated_token) except AuthenticationFailed: raise NotAuthenticated401
def get_jwt_payload(request): jwt_object = JWTAuthentication() header = jwt_object.get_header(request) raw_token = jwt_object.get_raw_token(header) validated_token = jwt_object.get_validated_token(raw_token) token_backend = TokenBackend(algorithm='HS256') payload = token_backend.decode(token=str(validated_token), verify=False) return payload
def get_current_user(request): jwt_obj = JWTAuthentication() val_token = jwt_obj.get_validated_token( request.META.get('HTTP_AUTHORIZATION').replace('JWT ', '')) user = jwt_obj.get_user(val_token) return JsonResponse({ "uid": user.id, "username": user.username, "is_staff": user.is_staff })
def __call__(self, request): try: access_token = request.COOKIES["token-access"] refresh_token = request.COOKIES["token-refresh"] except: print("cookies not set") access_token = False refresh_token = False try: permanent_token = request.COOKIES["token-permanent"] except: print("permanent cookie not set") permanent_token = False if permanent_token: # token = Token.objects.get(key=permanent_token) # user = User.objects.get(key=token.user_id) request.META["HTTP_AUTHORIZATION"] = "Token " + permanent_token response = self.get_response(request) elif access_token and refresh_token: jwt = JWTAuthentication() try: validated_token = jwt.get_validated_token(access_token) user = jwt.get_user(validated_token) except: user = False print("invalid credentials but i need this silent so the user can still log in") if not "login/" in request.path : if request.COOKIES.get("warning") == "false" or request.COOKIES.get("warning") == None: response = JsonResponse({"detail" : "Your credentials are invalid, this authentication requires a login after 10 minutes of inactivity please log in again, if you dont you will continue as anonymous"}, status = 401) response.set_cookie("warning", "true") return response if user: request.META["HTTP_AUTHORIZATION"] = "Bearer " + access_token response = self.get_response(request) refresh = RefreshToken.for_user(user) response.set_cookie("token-access", str(refresh.access_token)) response.set_cookie("token-refresh", str(refresh)) response.set_cookie("warning", "false") else: response = self.get_response(request) else: response = self.get_response(request) return response
def helper_jwt_get_user(self, request): """ www_authenticate_realm = 'api' HelperJwtGetUser(self, request) 이런식으로 사용하여 토큰에서 user정보를 찾아내는 uitll입니다. """ JWToken_user = j.get_user( self, j.get_validated_token(self, request.headers['Authorization'].split(' ')[1])) return JWToken_user
def test_get_token_for_user(self): """Checks access token generated by get_token_for_user()""" token = get_token_for_user(self.user) validated_token = JWTAuthentication().get_validated_token(token) token_user = JWTAuthentication().get_user(validated_token) self.assertEqual( self.user, token_user, msg="""Wrong User for token {}. Expected: {}. Obtained: {}.""". format(token, self.user, token_user))
def verify(self, request, *args, **kwargs): token = request.GET['token'] user = request.GET['profil'] from rest_framework_simplejwt.authentication import JWTAuthentication try: JWTAuthentication.get_validated_token(self, token) User.objects.filter(pk=user).update(is_active=True) return Response(_('Account verified'), status=status.HTTP_200_OK) except InvalidToken: return Response(InvalidToken.default_detail, status=InvalidToken.status_code)
def verify_user(request, userId): # we extract the authorization token from the headers raw_token = request.META['HTTP_AUTHORIZATION'].split()[1] obj = JWTAuthentication() validated_token = obj.get_validated_token(raw_token) user = obj.get_user(validated_token) try: new_user = User.objects.get(id=userId) if user == new_user: return user else: return None except User.DoesNotExist: return None
def test_refresh_token(self, client, user): refresh_token = str(RefreshToken.for_user(user)) response = client.post(TOKEN_REFRESH_URL, { 'refresh': refresh_token, }) assert response.status_code == status.HTTP_200_OK assert 'access' in response.data assert 'refresh' in response.data auth_backend = JWTAuthentication() access = auth_backend.get_validated_token(response.data['access']) assert auth_backend.get_user(access) == user
def get_user_data(request): if request.method == 'GET': raw_token = request.META['HTTP_AUTHORIZATION'].split()[1] obj = JWTAuthentication( ) # create a class instance first to call the non-static method validated_token = obj.get_validated_token(raw_token) user = obj.get_user(validated_token) if user: data = {} user_data = UserSerializer(user).data return Response({'user': user_data, 'msg': 'success'}, status=200) else: return Response({'msg': 'user not found'}, status=404)
def test_refresh_token_after_changing_jwt_secret(self, client, user): refresh_token = str(RefreshToken.for_user(user)) user.update(jwt_secret=uuid.uuid4()) response = client.post(TOKEN_REFRESH_URL, { 'refresh': refresh_token, }) assert response.status_code == status.HTTP_200_OK auth_backend = JWTAuthentication() access = auth_backend.get_validated_token(response.data['access']) with pytest.raises(AuthenticationFailed): auth_backend.get_user(access)
def test_access_token(self, client, user): response = client.post(LOGIN_URL, { 'email': user.email, 'password': DEFAULT_USER_PASSWORD, }) assert response.status_code == status.HTTP_200_OK assert 'access' in response.data assert 'refresh' in response.data auth_backend = JWTAuthentication() access = auth_backend.get_validated_token(response.data['access']) assert auth_backend.get_user(access) == user
def test_jwt_auth_header_fixture(self, one_test_user: user, jwt_auth_header: Callable): """ Check that fixture 'jwt_auth_header' returns a callable which in turn returns dict with 'HTTP_AUTHORIZATION' header mapped to JWT access token. """ header = jwt_auth_header(one_test_user) backend = JWTAuthentication() _, token = header['HTTP_AUTHORIZATION'].split(' ') decrypted_token = backend.get_validated_token(token) assert callable(jwt_auth_header) assert isinstance(header, dict) assert decrypted_token['user_id'] == str(one_test_user.pk)
async def authenticate(self, query): query = (parse.parse_qs(query.decode('utf-8'))) auth_token = query.get('Authentication', '')[-1].split(' ')[-1] authentication = JWTAuthentication() try: user = authentication.get_user( authentication.get_validated_token(auth_token)) self.scope['user'] = user except InvalidToken: await self.accept() await self.send(text_data=json.dumps({'message': 'bad_token'})) await self.close() return False return True
def middleware(request): try: auth = JWTAuthentication() header = auth.get_header(request) raw_token = auth.get_raw_token(header) validated_token = auth.get_validated_token(raw_token) field = settings.SIMPLE_JWT['USER_ID_FIELD'] setattr(request, field, validated_token.payload[field]) except Exception: raise InvalidToken('Credentials were not provided') else: response = get_response(request) return response
def get_user(scope): close_old_connections() query_string = parse_qs(scope['query_string'].decode()) token = query_string.get('token') if not token: return AnonymousUser() try: jwt_obj = JWTAuthentication() access_token = AccessToken(token[0]) user = jwt_obj.get_user(access_token) except ObjectDoesNotExist as e: return AnonymousUser() if not user.is_active: return AnonymousUser() return user
def test_access_token_after_expiration(self, client, user): time1, time2 = '2100-01-01 00:00:00', '2100-01-02 00:00:01' with freeze_time(time1): response = client.post(LOGIN_URL, { 'email': user.email, 'password': DEFAULT_USER_PASSWORD, }) assert response.status_code == status.HTTP_200_OK with freeze_time(time2): auth_backend = JWTAuthentication() with pytest.raises(InvalidToken): auth_backend.get_validated_token(response.data['access'])
def __call__(self, scope): headers = dict(scope["headers"]) # Close old database connections to prevent usage of timed out connections close_old_connections() if b"authorization" in headers: try: key, value = headers[b"authorization"].decode().split() if key == "Token": jwt_auth = JWTAuthentication() token = jwt_auth.self.get_validated_token(value) user = jwt_auth.get_user(token) scope["user"] = user except (InvalidToken, AuthenticationFailed): scope["user"] = AnonymousUser() return self.inner(scope)