def validate_token(self, request): header = self.get_header(request) if header is None: raise InvalidToken(_('Authentication Require Authorization Header')) raw_token = self.get_raw_token(header) if raw_token is None: raise InvalidToken(_('Invalid Authorization Header')) validated_token = self.get_validated_token(raw_token) if validated_token.get("server_key", None) != settings.SERVER_KEY: raise InvalidToken(_('Token contained no recognizable server key')) return validated_token
def checkUserRefreshToken(user_id, refresh_token): """ check refresh token against the one stored in the db """ if user_id is None: return InvalidToken( 'No user found who would have possessed this token', code='no_user_found') user = UserModel.objects.get(id=user_id) # validate the token against the one stored in the db (user object) if not refresh_token or refresh_token != user.refresh_token: raise InvalidToken( 'Token mismatch: the token stored in cookie does not match the token in database', code='token_mismatch')
def post(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) try: serializer.is_valid(raise_exception=True) except TokenError as e: raise InvalidToken(e.args[0]) user = User.objects.get(email=request.data['email']) req = request req.user = user if user.is_donor: profile_serializer = DonorProfileSerializer( instance=user.donor_profile, context={'request': req}) res = { **serializer.validated_data, 'profile': profile_serializer.data } return Response(res, status=status.HTTP_200_OK) else: profile_serializer = SeekerProfileSerializer( instance=user.seeker_profile, context={'request': req}) res = { **serializer.validated_data, 'profile': profile_serializer.data } return Response(res, status=status.HTTP_200_OK)
def refresh(self, request, *args, **kwargs): serializer = CustomTokenRefreshSerializer(data=request.data, context=self.get_serializer_context()) try: serializer.is_valid(raise_exception=True) except AuthenticationFailed: return Response({'message': 'wrong username password'}, status=status.HTTP_401_UNAUTHORIZED) except TokenError as e: raise InvalidToken(e.args[0]) data = serializer.validated_data refresh_token = data access_token = data.access_token access_expires = access_token.current_time + access_token.lifetime refresh_expires = refresh_token.current_time + refresh_token.lifetime access_token_string = str(access_token) header_payload = '.'.join(access_token_string.split('.')[0:2]) signature = access_token_string.split('.')[2] response = Response(access_token.payload, status=status.HTTP_200_OK) host = self.get_host(request) secure = not settings.DEBUG response.set_cookie('header.payload', value=header_payload, expires=access_expires, secure=secure, domain=host) response.set_cookie('signature', value=signature, httponly=True, secure=secure, domain=host) response.set_cookie('refresh', value=str(refresh_token), expires=refresh_expires, httponly=True, secure=secure, domain=host) return response
def get_user(self, validated_token): """ Attempts to find and return a user using the given validated token. """ try: user_id = validated_token[api_settings.USER_ID_CLAIM] except KeyError: raise InvalidToken(_('Token contained no recognizable user identification')) print(user_id) print(type(user_id)) try: print(api_settings.USER_ID_FIELD) print("we printed the user_id field") user = User.objects.get(**{api_settings.USER_ID_FIELD: user_id}) except User.DoesNotExist: print("heuhreuhrue??") raise AuthenticationFailed(_('User not found'), code='user_not_found') if not user.is_active: raise AuthenticationFailed(_('User is inactive'), code='user_inactive') print("we are returning the user??") return user
def change_password(self, request, *args, **kwargs): requested_user = get_object_or_404( self.get_queryset(), pk=kwargs.get("pk") ) requesting_user = request.user if not requested_user == requesting_user: raise PermissionDenied # make sure that the request payload is valid serializer = PasswordChangeSerializer( requested_user, data=request.data, context=self.get_serializer_context() ) serializer.is_valid(raise_exception=True) serializer.save() # find all refresh tokens of the user and blacklist them try: tokens = OutstandingToken.objects.filter( user=requested_user, blacklistedtoken__isnull=True ) for token in tokens: token = RefreshToken(token.token) token.blacklist() except TokenError as e: raise InvalidToken(e.args[0]) return Response(status=status.HTTP_205_RESET_CONTENT)
def post(self, request, format=None): # check token refresh valid serializer = TokenRefreshSerializer(data=request.data) try: serializer.is_valid(raise_exception=True) except TokenError as e: raise InvalidToken(e.args[0]) response = Response() """ send http only cookies """ data = serializer._validated_data payload = {"access": data["access"], "refresh": data["refresh"]} tomorrow = datetime.now() + datetime.timedelta(days=1) expires = datetime.strftime(tomorrow, "%a, %d-%b-%Y %H:%M:%S GMT") response.set_cookie( key=settings.SIMPLE_JWT["AUTH_COOKIE"], value=data["access"], expires=expires, secure=settings.SIMPLE_JWT["AUTH_COOKIE_SECURE"], httponly=settings.SIMPLE_JWT["AUTH_COOKIE_HTTP_ONLY"], samesite=settings.SIMPLE_JWT["AUTH_COOKIE_SAMESITE"], ) response.data = {"Messege": "refresh Success", "data": payload} response.status_code = status.HTTP_200_OK return response
def _create(self, serializer_class, request): ''' creates a token based on request.data using serializer_class ''' serializer = serializer_class(data=request.data) try: serializer.is_valid(raise_exception=True) except TokenError as e: raise InvalidToken(e.args[0]) user = User(pk=serializer.user.pk) groups = [] for i in serializer.user.printer_groups.all(): d = i.__dict__ print(d) d.pop("_state") d["uuid"] = d.pop("id") groups.append(d) request.user = serializer.user user_serializer = UserSerializer(context={"request": request}, instance=serializer.user) return Response({ **user_serializer.data, **serializer.validated_data, "groups": groups }) return Response(serializer.validated_data, status=status.HTTP_200_OK)
def post(self, request, *args, **kwargs): ''' Get Refresh Token from cookie, and pass it to the serializer. ''' refresh_token = request.COOKIES['refresh_token'] request.data['refresh'] = refresh_token serializer = self.get_serializer(data=request.data) try: serializer.is_valid(raise_exception=True) except TokenError as e: # InvalidToken raises 401 if Refresh Token is invalid raise InvalidToken(e.args[0]) response = Response(serializer.validated_data, status=status.HTTP_200_OK) # Move the new Refresh Token to a cookie. new_refresh_token = response.data.pop('refresh') response.set_cookie(key="refresh_token", value=new_refresh_token, httponly=True, secure=False) return response
def get_user(self, validated_token): """ Attempts to find and return a user using the given validated token. """ try: user_id = validated_token[api_settings.USER_ID_CLAIM] except KeyError: raise InvalidToken( _('Token contained no recognizable user identification')) try: user = User.objects.get(**{api_settings.USER_ID_FIELD: user_id}) except User.DoesNotExist: raise AuthenticationFailed(_('User not found'), code='user_not_found') if not user.is_active: raise AuthenticationFailed(_('User is inactive'), code='user_inactive') if not user.password[-10:] == validated_token['hash']: raise AuthenticationFailed(_('User changed password'), code='user_inactive') return user
def post(self, request, *args, **kwargs): try: refresh = request.COOKIES['jwt'] except TokenError as e: raise InvalidToken(e.args[0]) except KeyError: raise NotAuthenticated() serializer = self.get_serializer(data={"refresh":refresh}) try: serializer.is_valid(raise_exception=True) except TokenError as e: raise InvalidToken(e.args[0]) return Response(serializer.validated_data, status=status.HTTP_200_OK)
def get_user(self, validated_token): """ Attempts to find and return a user using the given validated token. """ try: user_id = validated_token[api_settings.USER_ID_CLAIM] except KeyError: raise InvalidToken( _("Token contained no recognizable user identification")) try: user = User.objects.get(**{api_settings.USER_ID_FIELD: user_id}) except User.DoesNotExist: raise AuthenticationFailed(_("User not found"), code="user_not_found") if not user.is_active: raise AuthenticationFailed(_("User is inactive"), code="user_inactive") if not "access_token_secret" in validated_token: raise AuthenticationFailed( _("Bad Token used. Get new access Token"), code="get_new_access_token") if (not user.profile.access_token_secret == validated_token["access_token_secret"]): raise AuthenticationFailed( _("Bad Token used. Get new access Token"), code="get_new_access_token") return user
def post(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) try: serializer.is_valid(raise_exception=True) except TokenError as e: raise InvalidToken(e.args[0]) resp = Response(serializer.validated_data, status=status.HTTP_200_OK) # TODO: this should probably be pulled from the token exp expiration = ( dt.datetime.utcnow() + jwt_settings.REFRESH_TOKEN_LIFETIME ) resp.set_cookie( settings.JWT_COOKIE_NAME, serializer.validated_data["refresh"], expires=expiration, secure=settings.JWT_COOKIE_SECURE, httponly=True, samesite=settings.JWT_COOKIE_SAMESITE ) return resp
def get_user(self, validated_token): """ Attempts to find and return a user using the given validated token. """ try: user_id = validated_token[api_settings.USER_ID_CLAIM] except KeyError: raise InvalidToken( _('Token contained no recognizable user identification')) try: values = {api_settings.USER_ID_FIELD: user_id} user = User.objects.get(**values) except User.DoesNotExist: if settings.SIMPLE_JWT.get('CREATE_USER', False): user = User.objects.create(password=str(uuid4()), **values) else: raise AuthenticationFailed(_('User not found'), code='user_not_found') if not user.is_active: raise AuthenticationFailed(_('User is inactive'), code='user_inactive') return user
def validate_token(self, value): token = EmailVerificationToken(token=value) try: token.verify() except TokenError: raise InvalidToken({'details': 'The token is not valid.'}) return token
def get_user(self, validated_token): try: user_id = validated_token[api_settings.USER_ID_CLAIM] except KeyError: raise InvalidToken(_('Token contained no recognizable user identification')) return user_id
def get(self, request): try: token = request.GET.get('token') payload = jwt.decode(token, settings.SECRET_KEY, algorithms=["HS256"]) user = User.objects.get(id=payload['user_id']) if user.id != payload['user_id']: raise InvalidToken('The token is invalid') if user.is_verified: raise PermissionDenied( 'Your account has been previously verified') if not user.is_verified: user.is_verified = True user.save() response = { 'success': True, 'message': 'Successfully verified user' } return Response(response, status=status.HTTP_200_OK) except jwt.ExpiredSignatureError: response = {'success': False, 'message': 'Token Expired'} return Response(response, status=status.HTTP_404_NOT_FOUND) # if user tampered with the token except jwt.DecodeError: response = {'success': False, 'message': 'Invalid Token'} return Response(response, status=status.HTTP_404_NOT_FOUND)
def get_user(self, validated_token): """ Attempts to find and return a user using the given validated token. """ try: user_id = validated_token[api_settings.USER_ID_CLAIM] except KeyError: raise InvalidToken( _('Token contained no recognizable user identification')) from KeyError user_model = get_user_model() try: user = user_model.objects.get( **{api_settings.USER_ID_FIELD: user_id}) except user_model.DoesNotExist: raise AuthenticationFailed( _('User not found'), code='user_not_found') from user_model.DoesNotExist if not user.is_active: raise AuthenticationFailed( _('User is inactive'), code='user_inactive') if not user.has_finished_onboarding and not user.is_admin: raise HasNotFinishedOnboarding(detail={ 'detail': 'User hasn\'t finished the onboarding', 'onboarding_session': user.onboarding_session }) return user
class TokenObtainPairView(__TokenObtainPairView): serializer_class = CustomTokenObtainPairSerializer @swagger_auto_schema( operation_summary="Create Token", operation_description="Takes a set of user credentials " "and returns an access and refresh JSON web" "token pair to prove the authentication of " "those credentials.<br>" "When the 'only' argument is set to 'access', " "only an access token will be returned.", security=[], query_serializer=CustomTokenObtainPairSerializer.query_serializer(), responses={ status.HTTP_200_OK: ObtainSchema(), status.HTTP_401_UNAUTHORIZED: "Invalid Credentials" }) def post(self, request: Request, *args, **kwargs): data = request.data if o := request.query_params.get("only", None): data["only"] = o serializer = self.get_serializer(data=data) try: serializer.is_valid(raise_exception=True) except TokenError as e: raise InvalidToken(e.args[0]) return Response(serializer.validated_data, status=status.HTTP_200_OK)
def get_validated_token(self, raw_token): messages = [] for AuthToken in api_settings.AUTH_TOKEN_CLASSES: try: auth_token = AuthToken(raw_token) token = raw_token.decode("utf-8") decoded_token = jwt.decode(token, settings.SECRET_KEY, algorithms=["HS256"]) all_logout_date = int( self.get_user(auth_token).all_logout.strip() or 0) if all_logout_date > int( decoded_token["issued"]) and all_logout_date != 0: messages.append({ "token_class": AuthToken.__name__, "token_type": AuthToken.token_type, "message": "Token has Expired!!!", }) else: return auth_token except TokenError as e: messages.append({ "token_class": AuthToken.__name__, "token_type": AuthToken.token_type, "message": e.args[0], }) raise InvalidToken({ "detail": ("Given token not valid for any token type"), "messages": messages, })
def post(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) try: serializer.is_valid(raise_exception=True) except TokenError as e: raise InvalidToken(e.args[0]) return R.success(serializer.validated_data)
def delete(self, request, *args, **kwargs): serializer = TokenDestroySchema(data=request.data) serializer.is_valid(raise_exception=True) try: token = RefreshToken(serializer.validated_data.get("refresh")) token.blacklist() except TokenError as e: raise InvalidToken(e.args[0]) return Response(status=status.HTTP_205_RESET_CONTENT)
def get_validated_token(self, raw_token): token = super().get_validated_token(raw_token) if is_token_blacklisted(token['jti']): raise InvalidToken({ 'detail': _('Given token blacklisted'), }) return token
def create(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) try: serializer.is_valid(raise_exception=True) except TokenError as e: raise InvalidToken(e.args[0]) return Response(serializer.validated_data, status=status.HTTP_200_OK)
def get_access_token_from_refresh_token(self,request): serializer = TokenRefreshSerializer(data = request.data) try: serializer.is_valid(raise_exception=True) except TokenError as e: raise InvalidToken(e.args[0]) return Response(serializer.validated_data,status = status.HTTP_200_OK)
def post(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) try: serializer.is_valid(raise_exception=True) except TokenError as e: raise InvalidToken(e.args[0]) access_log.info(f"User {serializer._kwargs['data']['username']} successfully logged in") return Response(serializer.validated_data, status=200)
def extract_refresh_token(self): request = self.context['request'] if 'refresh' in request.data and request.data['refresh'] != '': return request.data['refresh'] cookie_name = getattr(settings, 'JWT_AUTH_REFRESH_COOKIE', None) if cookie_name and cookie_name in request.COOKIES: return request.COOKIES.get(cookie_name) else: from rest_framework_simplejwt.exceptions import InvalidToken raise InvalidToken('No valid refresh token found.')
def post(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) try: serializer.is_valid(raise_exception=True) except TokenError as e: raise InvalidToken(e.args[0]) token_response = serializer.validated_data response = {'token': token_response['access']} return Response(response, status=status.HTTP_200_OK)
def refresh(self, request): serializer = TokenRefreshSerializer(data=request.data, context={'request': request}) try: serializer.is_valid(raise_exception=True) except TokenError as e: raise InvalidToken(e.args[0]) return Response(serializer.validated_data, status=status.HTTP_200_OK)
def post(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) try: serializer.is_valid(raise_exception=True) except TokenError as e: raise InvalidToken(e.args[0]) serializer.save() return Response(status=status.HTTP_204_NO_CONTENT)