def validate(self, attrs): # Check if token is invalid or expired refresh = RefreshToken(attrs['refresh']) # Check if session with token exists jti = refresh[api_settings.JTI_CLAIM] if not TokenSession.objects.filter(jti=jti).exists(): raise TokenError(_('Token is not whitelisted')) TokenSession.objects.filter(jti=jti).delete() refresh.set_jti() refresh.set_exp() return self.whitelist(refresh)
def get_validated_token(self, raw_token, refresh_token=None): """ Validates an encoded JSON web token and returns a validated token wrapper object. """ messages = [] for AuthToken in api_settings.AUTH_TOKEN_CLASSES: try: if refresh_token is None: return AuthToken(raw_token) else: return AuthToken(raw_token), None except TokenError as e: if refresh_token is None: messages.append({ 'token_class': AuthToken.__name__, 'token_type': AuthToken.token_type, 'message': e.args[0] }) else: try: refresh = RefreshToken(refresh_token) new_tokens = {'access': str(refresh.access_token)} if api_settings.ROTATE_REFRESH_TOKENS: if api_settings.BLACKLIST_AFTER_ROTATION: try: # Attempt to blacklist the given refresh token refresh.blacklist() except AttributeError as e: messages.append({'Error:': e.args[0]}) refresh.set_jti() refresh.set_exp() new_tokens['refresh'] = str(refresh) return AuthToken(new_tokens['access']), new_tokens except Exception as e: messages.append({'Error:': e.args[0]}) raise InvalidToken({ 'detail': _('Given token not valid for any token type'), 'messages': messages, })
def test_it_should_raise_token_error_if_token_invalid(self): token = RefreshToken() del token['exp'] s = TokenVerifySerializer(data={'token': str(token)}) with self.assertRaises(TokenError) as e: s.is_valid() self.assertIn("has no 'exp' claim", e.exception.args[0]) token.set_exp(lifetime=-timedelta(days=1)) s = TokenVerifySerializer(data={'token': str(token)}) with self.assertRaises(TokenError) as e: s.is_valid() self.assertIn('invalid or expired', e.exception.args[0])
def validate(self, attrs): refresh = RefreshToken(attrs['refresh']) data = {'access': str(refresh.access_token)} if api_settings.ROTATE_REFRESH_TOKENS: if api_settings.BLACKLIST_AFTER_ROTATION: try: # Attempt to blacklist the given refresh token refresh.blacklist() except AttributeError: # If blacklist app not installed, `blacklist` method will # not be present pass refresh.set_jti() refresh.set_exp() data['refresh'] = str(refresh) return data
def save_model(self, request, obj, form, change): if obj.user: refresh = RefreshToken() # custom claims refresh["client"] = "pyintelowl" refresh["user_id"] = obj.user.id # overwrite lifetime/expiry refresh.set_exp( lifetime=jwt_settings.get("PYINTELOWL_TOKEN_LIFETIME", None)) token = OutstandingToken.objects.create( user=obj.user, jti=refresh.payload["jti"], token=str(refresh), created_at=refresh.current_time, expires_at=datetime_from_epoch(refresh["exp"]), ) return token return None
def validate(self, attrs): # wrap the given refresh token as a RefreshToken object refresh = RefreshToken(attrs["refresh"]) # create response data data = {"access": str(refresh.access_token)} if jwt_settings["ROTATE_REFRESH_TOKENS"]: blacklisted_token = None if jwt_settings["BLACKLIST_AFTER_ROTATION"]: try: # Attempt to blacklist the given refresh token blacklisted_token, _ = refresh.blacklist() except AttributeError: # If blacklist app not installed, `blacklist` method will # not be present pass # rotate refresh token refresh.set_jti() if refresh.get("client", False) == "pyintelowl": refresh.set_exp( lifetime=jwt_settings.get("PYINTELOWL_TOKEN_LIFETIME", None) ) else: refresh.set_exp() data["refresh"] = str(refresh) # PATCHED - Create Outstanding Token in the db if blacklisted_token: user = blacklisted_token.token.user if user: OutstandingToken.objects.create( user=user, jti=refresh.payload["jti"], token=str(refresh), created_at=refresh.current_time, expires_at=datetime_from_epoch(refresh["exp"]), ) return data
def validate(self, attrs): refresh = RefreshToken(attrs['refresh']) data = { 'access': str(refresh.access_token), 'expires_in': refresh.access_token.get('exp', '') } if api_settings.ROTATE_REFRESH_TOKENS: if api_settings.BLACKLIST_AFTER_ROTATION: try: refresh.blacklist() except AttributeError: pass refresh.set_jti() refresh.set_exp() data['refresh'] = str(refresh) return data
def post(self, request, format=None): if request.method == "POST": ref_token = request.data.get("refresh_token") try: reftokenModel = RefreshToken( ref_token) # RefreshToken(token=ref_token) except TokenError: return Response( { 'success': False, "message": "Token is invalid or expired. Do a full login" }, status=HTTPStatus.HTTP_400_BAD_REQUEST) data = { 'access': str(reftokenModel.access_token), 'refresh': ref_token } if api_settings.ROTATE_REFRESH_TOKENS: if api_settings.BLACKLIST_AFTER_ROTATION: try: reftokenModel.blacklist() except AttributeError: pass reftokenModel.set_jti() reftokenModel.set_exp() data['refresh'] = str(reftokenModel) return Response( { 'token': data['access'], 'refresh_token': data['refresh'], "token_type": "Bearer" }, status=HTTPStatus.HTTP_200_OK) else: status_code = HTTPStatus.METHOD_NOT_ALLOWED response = JsonResponse({'success': 'false'}, status=status_code) return response
def mutate(cls, context, info, **input): refresh = RefreshToken(input['refreshToken']) if settings.SIMPLE_JWT.get('ROTATE_REFRESH_TOKENS'): if settings.SIMPLE_JWT.get('BLACKLIST_AFTER_ROTATION'): try: # Attempt to blacklist the given refresh token refresh.blacklist() except AttributeError: # If blacklist app not installed, `blacklist` method will not be present pass refresh.set_jti() refresh.set_exp() access_token = token_backend.encode(refresh.access_token.payload) refresh_token = token_backend.encode(refresh.payload) return Tokens( accessToken=access_token, refreshToken=refresh_token )
def validate(self, attrs): refresh = RefreshToken(attrs['refresh']) data = {'access': str(refresh.access_token)} if api_settings.ROTATE_REFRESH_TOKENS: if api_settings.BLACKLIST_AFTER_ROTATION: try: # Attempt to blacklist the given refresh token refresh.blacklist() except AttributeError: # If blacklist app not installed, `blacklist` method will # not be present pass refresh.set_jti() refresh.set_exp() data['refresh'] = str(refresh) decoded = jwt.decode(data['access'], settings.SECRET_KEY) user = User.objects.get(id=decoded['user_id']) data['user'] = UserSerializer(user).data return data
def validate(self, attrs): refresh = RefreshToken(attrs["refresh"]) data = {"access": str(refresh.access_token)} if api_settings.ROTATE_REFRESH_TOKENS: if api_settings.BLACKLIST_AFTER_ROTATION: try: # Attempt to blacklist the given refresh token refresh.blacklist() except AttributeError: # If blacklist app not installed, `blacklist` method will # not be present pass refresh.set_jti() refresh.set_exp() data["refresh"] = str(refresh) # Updating users active status User.objects.filter(id=refresh["user_id"]).update(last_login=localtime(now())) return data