def post(self, request, token): try: a = SlidingToken(token) a.blacklist() return redirect("https://www.w3schools.com") except TokenError: return HttpResponse("Token has been blacklisted")
def test_get_validated_token(self): # Should raise AuthenticationFailed if token not valid token = AuthToken() token.set_exp(lifetime=-timedelta(days=1)) with self.assertRaises(AuthenticationFailed): self.backend.get_validated_token(str(token)) # Otherwise, should return validated token token.set_exp() self.assertEqual( self.backend.get_validated_token(str(token)).payload, token.payload) # Should not accept tokens not included in AUTH_TOKEN_CLASSES sliding_token = SlidingToken() with override_api_settings(AUTH_TOKEN_CLASSES=( 'rest_framework_simplejwt.tokens.AccessToken', )): with self.assertRaises(AuthenticationFailed) as e: self.backend.get_validated_token(str(sliding_token)) self.assertIn('AccessToken: Token has wrong type', e.exception.detail) # Should accept tokens included in AUTH_TOKEN_CLASSES access_token = AccessToken() sliding_token = SlidingToken() with override_api_settings(AUTH_TOKEN_CLASSES=( 'rest_framework_simplejwt.tokens.AccessToken', 'rest_framework_simplejwt.tokens.SlidingToken', )): self.backend.get_validated_token(str(access_token)) self.backend.get_validated_token(str(sliding_token))
def test_it_should_return_401_if_token_has_refresh_period_expired(self): token = SlidingToken() token.set_exp(api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM, lifetime=-timedelta(seconds=1)) res = self.view_post(data={'token': str(token)}) self.assertEqual(res.status_code, 401) self.assertEqual(res.data['code'], 'token_not_valid')
def post(self, request): token = request.META.get("HTTP_AUTHORIZATION", '').split()[1] try: tokens = SlidingToken(token) tokens.check_blacklist() return HttpResponse('the token is blackListed') except TokenError: return HttpResponse('the token is already blacklisted')
def test_it_should_raise_token_error_if_token_has_refresh_period_expired(self): token = SlidingToken() token.set_exp(api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM, lifetime=-timedelta(days=1)) s = TokenRefreshSlidingSerializer(data={'token': str(token)}) with self.assertRaises(TokenError) as e: s.is_valid() self.assertIn("'{}' claim has expired".format(api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM), e.exception.args[0])
def test_it_should_return_400_if_token_has_refresh_period_expired(self): token = SlidingToken() token.set_exp(api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM, lifetime=-timedelta(seconds=1)) res = self.view_post(data={'token': str(token)}) self.assertEqual(res.status_code, 400) self.assertIn('non_field_errors', res.data) self.assertIn( "'{}' claim has expired".format( api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM), res.data['non_field_errors'][0])
def test_it_should_not_validate_if_token_has_refresh_period_expired(self): token = SlidingToken() token.set_exp(api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM, lifetime=-timedelta(days=1)) s = TokenRefreshSlidingSerializer(data={'token': str(token)}) self.assertFalse(s.is_valid()) self.assertIn('non_field_errors', s.errors) self.assertIn( "'{}' claim has expired".format( api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM), s.errors['non_field_errors'][0])
def test_it_should_return_401_if_token_invalid(self): token = SlidingToken() del token['exp'] res = self.view_post(data={'token': str(token)}) self.assertEqual(res.status_code, 401) self.assertEqual(res.data['code'], 'token_not_valid') token.set_exp(lifetime=-timedelta(seconds=1)) res = self.view_post(data={'token': str(token)}) self.assertEqual(res.status_code, 401) self.assertEqual(res.data['code'], 'token_not_valid')
def test_it_should_return_401_if_token_invalid(self): token = SlidingToken() del token["exp"] res = self.view_post(data={"token": str(token)}) self.assertEqual(res.status_code, 401) self.assertEqual(res.data["code"], "token_not_valid") token.set_exp(lifetime=-timedelta(seconds=1)) res = self.view_post(data={"token": str(token)}) self.assertEqual(res.status_code, 401) self.assertEqual(res.data["code"], "token_not_valid")
def test_it_should_return_400_if_token_invalid(self): token = SlidingToken() del token['exp'] res = self.view_post(data={'token': str(token)}) self.assertEqual(res.status_code, 400) self.assertIn('non_field_errors', res.data) self.assertIn("has no 'exp' claim", res.data['non_field_errors'][0]) token.set_exp(lifetime=-timedelta(seconds=1)) res = self.view_post(data={'token': str(token)}) self.assertEqual(res.status_code, 400) self.assertIn('non_field_errors', res.data) self.assertIn('invalid or expired', res.data['non_field_errors'][0])
def test_it_should_not_validate_if_token_invalid(self): token = SlidingToken() del token['exp'] s = TokenRefreshSlidingSerializer(data={'token': str(token)}) self.assertFalse(s.is_valid()) self.assertIn('non_field_errors', s.errors) self.assertIn("has no 'exp' claim", s.errors['non_field_errors'][0]) token.set_exp(lifetime=-timedelta(days=1)) s = TokenRefreshSlidingSerializer(data={'token': str(token)}) self.assertFalse(s.is_valid()) self.assertIn('non_field_errors', s.errors) self.assertIn('invalid or expired', s.errors['non_field_errors'][0])
def test_it_should_return_401_if_token_has_no_refresh_exp_claim(self): token = SlidingToken() del token[api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM] res = self.view_post(data={'token': str(token)}) self.assertEqual(res.status_code, 401) self.assertEqual(res.data['code'], 'token_not_valid')
def get_token(self, obj): request = self.context.get('request') if request: auth_login(request, obj) # 主要为了记录last_login的, 其他的作用待研究 else: print('request is None, 请在代码手动传入, 否则无法自动登录') return str(SlidingToken.for_user(request.user))
def get(self, request, format=None): #print(dir(request)) #Token.for_user(request.user) #print(self.serializer_class.get_token(request.user)) #print(SlidingToken.for_user(request.user)) return Response({'token': str(SlidingToken.for_user(request.user))})
def test_it_should_update_token_exp_claim_if_everything_ok(self): now = aware_utcnow() token = SlidingToken() exp = now + api_settings.SLIDING_TOKEN_LIFETIME - timedelta(seconds=1) token.set_exp(from_time=now, lifetime=api_settings.SLIDING_TOKEN_LIFETIME - timedelta(seconds=1)) # View returns 200 res = self.view_post(data={'token': str(token)}) self.assertEqual(res.status_code, 200) # Expiration claim has moved into future new_token = SlidingToken(res.data['token']) new_exp = datetime_from_epoch(new_token['exp']) self.assertTrue(exp < new_exp)
def patch(self, request, email): data = JSONParser().parse(request) try: if email == getEmail(request) and getEmail( request) == data['email']: print('yes') password = make_password(data['password']) user = UserAccounts.objects.filter(email=data['email']) user.update(password=password) token = request.META.get('HTTP_AUTHORIZATION', '').split()[1] a = SlidingToken(token) a.blacklist() return JsonResponse({'msg': 'success'}) else: return JsonResponse({'msg': 'Fail'}) except TokenError: return JsonResponse({'msg': 'error'})
def test_it_should_not_validate_if_token_has_wrong_type(self): token = SlidingToken() token[api_settings.TOKEN_TYPE_CLAIM] = 'wrong_type' s = TokenRefreshSlidingSerializer(data={'token': str(token)}) self.assertFalse(s.is_valid()) self.assertIn('non_field_errors', s.errors) self.assertIn("wrong type", s.errors['non_field_errors'][0])
def test_it_should_update_token_exp_claim_if_everything_ok(self): old_token = SlidingToken() lifetime = api_settings.SLIDING_TOKEN_LIFETIME - timedelta(seconds=1) old_exp = old_token.current_time + lifetime old_token.set_exp(lifetime=lifetime) # Serializer validates s = TokenRefreshSlidingSerializer(data={'token': str(old_token)}) self.assertTrue(s.is_valid()) # Expiration claim has moved into future new_token = SlidingToken(s.validated_data['token']) new_exp = datetime_from_epoch(new_token['exp']) self.assertTrue(old_exp < new_exp)
def test_init(self): # Should set sliding refresh claim and token type claim token = SlidingToken() self.assertEqual( token[api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM], datetime_to_epoch(token.current_time + api_settings.SLIDING_TOKEN_REFRESH_LIFETIME), ) self.assertEqual(token[api_settings.TOKEN_TYPE_CLAIM], 'sliding')
def test_it_should_raise_token_error_if_token_has_wrong_type(self): token = SlidingToken() token[api_settings.TOKEN_TYPE_CLAIM] = 'wrong_type' s = TokenRefreshSlidingSerializer(data={'token': str(token)}) with self.assertRaises(TokenError) as e: s.is_valid() self.assertIn("wrong type", e.exception.args[0])
def test_it_should_raise_token_error_if_token_has_no_refresh_exp_claim(self): token = SlidingToken() del token[api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM] s = TokenRefreshSlidingSerializer(data={'token': str(token)}) with self.assertRaises(TokenError) as e: s.is_valid() self.assertIn("has no '{}' claim".format(api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM), e.exception.args[0])
def test_it_should_not_validate_if_token_invalid(self): token = SlidingToken() del token['exp'] s = TokenRefreshSlidingSerializer(data={'token': str(token)}) with self.assertRaises(TokenError) as e: s.is_valid() self.assertIn("has no 'exp' claim", e.exception.args[0]) token.set_exp(lifetime=-timedelta(days=1)) s = TokenRefreshSlidingSerializer(data={'token': str(token)}) with self.assertRaises(TokenError) as e: s.is_valid() self.assertIn('invalid or expired', e.exception.args[0])
def test_get_validated_token(self): # Should raise InvalidToken if token not valid token = AuthToken() token.set_exp(lifetime=-timedelta(days=1)) with self.assertRaises(InvalidToken): self.backend.get_validated_token(str(token)) # Otherwise, should return validated token token.set_exp() self.assertEqual( self.backend.get_validated_token(str(token)).payload, token.payload ) # Should not accept tokens not included in AUTH_TOKEN_CLASSES sliding_token = SlidingToken() with override_api_settings( AUTH_TOKEN_CLASSES=("rest_framework_simplejwt.tokens.AccessToken",) ): with self.assertRaises(InvalidToken) as e: self.backend.get_validated_token(str(sliding_token)) messages = e.exception.detail["messages"] self.assertEqual(1, len(messages)) self.assertEqual( { "token_class": "AccessToken", "token_type": "access", "message": "Token has wrong type", }, messages[0], ) # Should accept tokens included in AUTH_TOKEN_CLASSES access_token = AccessToken() sliding_token = SlidingToken() with override_api_settings( AUTH_TOKEN_CLASSES=( "rest_framework_simplejwt.tokens.AccessToken", "rest_framework_simplejwt.tokens.SlidingToken", ) ): self.backend.get_validated_token(str(access_token)) self.backend.get_validated_token(str(sliding_token))
def test_it_should_not_validate_if_token_has_no_refresh_exp_claim(self): token = SlidingToken() del token[api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM] s = TokenRefreshSlidingSerializer(data={'token': str(token)}) self.assertFalse(s.is_valid()) self.assertIn('non_field_errors', s.errors) self.assertIn( "has no '{}' claim".format( api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM), s.errors['non_field_errors'][0])
def _token_get_user_id(token): """ The TokenUser class assumes tokens will have a recognizable user identifier claim. """ try: Token = SlidingToken(token) assert api_settings.USER_ID_CLAIM in Token return TokenUser(Token).id except: raise InvalidJwtToken(detail='Token 失效')
def test_it_should_return_400_if_token_has_no_refresh_exp_claim(self): token = SlidingToken() del token[api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM] res = self.view_post(data={'token': str(token)}) self.assertEqual(res.status_code, 400) self.assertIn('non_field_errors', res.data) self.assertIn( "has no '{}' claim".format( api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM), res.data['non_field_errors'][0])
def test_it_should_accept_and_verify_any_type_of_token(self): access_token = AccessToken() refresh_token = RefreshToken() sliding_token = SlidingToken() for t in (access_token, refresh_token, sliding_token): untyped_token = UntypedToken(str(t)) self.assertEqual( t.payload, untyped_token.payload, )
def test_sliding_tokens_are_added_to_outstanding_list(self): token = SlidingToken.for_user(self.user) qs = OutstandingToken.objects.all() outstanding_token = qs.first() self.assertEqual(qs.count(), 1) self.assertEqual(outstanding_token.user, self.user) self.assertEqual(outstanding_token.jti, token['jti']) self.assertEqual(outstanding_token.token, str(token)) self.assertEqual(outstanding_token.created_at, token.current_time) self.assertEqual(outstanding_token.expires_at, datetime_from_epoch(token['exp']))
def validate(self, attrs): """ 2019/08/30 :param attrs: :return: """ requested_cookies = self.context['request'].COOKIES try: token = SlidingToken(requested_cookies['JWT']) except Exception: raise exceptions.APIException("Invalid token") # Check that the timestamp in the "refresh_exp" claim has not # passed token.check_exp(api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM) # Update the "exp" claim token.set_exp() refreshed_token = jwt.decode( str(token).encode('utf-8'), settings.SECRET_KEY) requested_refresh_token = jwt.decode( requested_cookies['SESSION'].encode('utf-8'), settings.SECRET_KEY) return { 'token': str(token), 'session_token': str( _session_token_generator(user_info=requested_refresh_token, exp=refreshed_token['exp'])) }
def test_it_should_produce_a_json_web_token_when_valid(self): s = TokenObtainSlidingSerializer(context=MagicMock(), data={ TokenObtainSlidingSerializer.username_field: self.username, 'password': self.password, }) self.assertTrue(s.is_valid()) self.assertIn('token', s.validated_data) # Expecting token type claim to be correct for sliding token. If this # is the case, instantiating a `SlidingToken` instance with encoded # token should not raise an exception. SlidingToken(s.validated_data['token'])