def test_post_form_failing_jwt_auth_changed_user_secret_key(self):
"""
Ensure changin secret key on USER level makes tokens invalid
"""
# fine tune settings
api_settings.JWT_GET_USER_SECRET_KEY = get_jwt_secret
tmp_user = CustomUser.objects.create(email='*****@*****.**')
payload = utils.jwt_payload_handler(tmp_user)
token = utils.jwt_encode_handler(payload)
auth = 'JWT {0}'.format(token)
response = self.csrf_client.post(
'/jwt/', {'example': 'example'}, HTTP_AUTHORIZATION=auth, format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
# change token, verify
tmp_user.jwt_secret = uuid.uuid4()
tmp_user.save()
response = self.csrf_client.post(
'/jwt/', {'example': 'example'}, HTTP_AUTHORIZATION=auth)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
# revert api settings
api_settings.JWT_GET_USER_SECRET_KEY = DEFAULTS['JWT_GET_USER_SECRET_KEY']
def get_token(self, obj):
#jwt_payload_handler = jwt_payload_handler
#jwt_encode_handler = settings.JWT_ENCODE_HANDLER
payload = jwt_payload_handler(obj)
token = jwt_encode_handler(payload)
return token
def post(self, request):
access_token_url = 'https://accounts.google.com/o/oauth2/token'
people_api_url = 'https://www.googleapis.com/plus/v1/people/me/openIdConnect'
payload = dict(client_id=request.data['clientId'],
redirect_uri=request.data['redirectUri'],
client_secret=settings.SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET,
code=request.data['code'],
grant_type='authorization_code')
# Step 1. Exchange authorization code for access token.
r = requests.post(access_token_url, data=payload)
token = json.loads(r.text)
headers = {'Authorization': 'Bearer {0}'.format(token['access_token'])}
# Step 2. Retrieve information about the current user.
r = requests.get(people_api_url, headers=headers)
profile = json.loads(r.text)
user = None
if 'email' in profile:
try:
user = User.objects.get(email=profile['email'])
except User.DoesNotExist:
pass
if not user:
user = User.objects.create(username=profile['email'], first_name=profile['given_name'],
last_name=profile['family_name'], email=profile['email'])
Better.objects.create(user=user)
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
return Response({'token': token.decode('unicode_escape')},
status=status.HTTP_200_OK)
def test_jwt_payload_handler(self):
payload = utils.jwt_payload_handler(self.user)
self.assertTrue(isinstance(payload, dict))
self.assertEqual(payload['user_id'], self.user.pk)
self.assertEqual(payload['email'], self.email)
self.assertEqual(payload['username'], self.username)
self.assertTrue('exp' in payload)
def test_jwt_encode(self):
payload = utils.jwt_payload_handler(self.user)
token = utils.jwt_encode_handler(payload)
payload_data = base64url_decode(token.split('.')[1].encode('utf-8'))
payload_from_token = json.loads(payload_data.decode('utf-8'))
self.assertEqual(payload_from_token, payload)
def custom_jwt_payload_handler(user):
payload = jwt_payload_handler(user)
# payload['token'] = user.
tokens = Token.objects.filter(user=user)
if len(tokens) > 0:
payload['token'] = tokens[0].key
return payload
def test_jwt_payload_handler_no_email_address(self):
user = CustomUserWithoutEmail.objects.create(username=self.username)
payload = utils.jwt_payload_handler(user)
self.assertTrue(isinstance(payload, dict))
self.assertFalse(hasattr(payload, 'email'))
self.assertEqual(payload['user_id'], self.user.pk)
self.assertEqual(payload['username'], self.username)
self.assertTrue('exp' in payload)
def test_jwt_decode_verify_exp(self):
api_settings.JWT_VERIFY_EXPIRATION = False
payload = utils.jwt_payload_handler(self.user)
payload['exp'] = 1
token = utils.jwt_encode_handler(payload)
utils.jwt_decode_handler(token)
api_settings.JWT_VERIFY_EXPIRATION = True
def setUp(self):
self.client = APIClient()
self.username = '******'
self.email = '*****@*****.**'
self.password='******'
self.user = User.objects.create_user(self.email, self.password, username=self.username)
payload = utils.jwt_payload_handler(self.user)
token = utils.jwt_encode_handler(payload)
self.auth = 'Token {0}'.format(token)
def test_authjwt_method(subscription, expect):
if expect is True:
payload = jwt_payload_handler(user=subscription.subscriber)
token = jwt_encode_handler(payload)
else:
token = "fdksal;j"
value = auth.authjwt_method(token)
assert bool(value) is expect
def create_token(self, user, exp=None, orig_iat=None):
payload = utils.jwt_payload_handler(user)
if exp:
payload['exp'] = exp
if orig_iat:
payload['orig_iat'] = timegm(orig_iat.utctimetuple())
token = utils.jwt_encode_handler(payload)
return token
def test_jwt_payload_handler(self):
payload = utils.jwt_payload_handler(self.user)
pytest.deprecated_call(utils.jwt_payload_handler, self.user)
self.assertTrue(isinstance(payload, dict))
self.assertEqual(payload["user_id"], self.user.pk)
self.assertEqual(payload["email"], self.email)
self.assertEqual(payload["username"], self.username)
self.assertTrue("exp" in payload)
def test_post_json_passing_jwt_auth(self):
"""
Ensure POSTing JSON over JWT auth with correct credentials
passes and does not require CSRF
"""
payload = utils.jwt_payload_handler(self.user)
token = utils.jwt_encode_handler(payload)
auth = "JWT {0}".format(token)
response = self.csrf_client.post("/jwt/", {"example": "example"}, HTTP_AUTHORIZATION=auth, format="json")
self.assertEqual(response.status_code, status.HTTP_200_OK)
def post(self, request):
from lazysignup.models import LazyUser
user, username = LazyUser.objects.create_lazy_user()
user.first_name = 'Guest' + str(random.randint(1, 200))
user.save()
betting_funds = random.randint(10, 60)
Better.objects.create(user=user, points=betting_funds)
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
return Response({'token': token, 'name': user.first_name,
'betting_funds': betting_funds },
status=status.HTTP_200_OK)
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.save()
re_dict = serializer.data
payload = jwt_payload_handler(user)
re_dict["token"] = jwt_encode_handler(payload)
re_dict["user"] = user
headers = self.get_success_headers(serializer.data)
return Response(re_dict, status=status.HTTP_201_CREATED, headers=headers)
def test_post_form_passing_jwt_auth(self):
"""
Ensure POSTing json over JWT auth with correct credentials
passes and does not require CSRF
"""
payload = utils.jwt_payload_handler(self.user)
token = utils.jwt_encode_handler(payload)
auth = 'JWT {0}'.format(token)
response = self.csrf_client.post(
'/jwt/', {'example': 'example'}, HTTP_AUTHORIZATION=auth)
self.assertEqual(response.status_code, status.HTTP_200_OK)
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = self.perform_create(serializer)
re_dict = serializer.data
payload = jwt_payload_handler(user)
re_dict['token'] = jwt_encode_handler(payload)
re_dict['username'] = user.name if user.name else user.username
headers = self.get_success_headers(serializer.data)
return Response(re_dict, status=status.HTTP_201_CREATED, headers=headers)
def validate(self, attrs):
user = authenticate(**attrs)
if not user:
# 认证失败
raise serializers.ValidationError('用户名或密码错误!')
# 认证通过
payload = jwt_payload_handler(user)
jwt_token = jwt_encode_handler(payload)
return {"user": user, "token": jwt_token}
def test_post_form_passing_jwt_auth(self):
"""
Ensure POSTing form over JWT auth with correct credentials
passes and does not require CSRF
"""
payload = utils.jwt_payload_handler(self.user)
token = utils.jwt_encode_handler(payload)
auth = 'JWT {0}'.format(token)
response = self.csrf_client.post(
'/jwt/', {'example': 'example'}, HTTP_AUTHORIZATION=auth)
self.assertEqual(response.status_code, status.HTTP_200_OK)
def request_remember(request):
email = request.data['email']
user_obj = UserCustom.objects.get(email=email)
payload = jwt_payload_handler(user_obj)
token = jwt.encode(payload, SECRET_KEY)
subject = 'Reset Your NUS Scheduler Account Password'
message = 'Please click the link below to reset your password.'
email_from = settings.EMAIL_HOST_USER
recipient_list = [email, ]
link = 'https://nus-scheduler.netlify.app/reset/' + email + '/' + token.decode('utf8')
message = message + '\r\n' + link
send_mail(subject, message, email_from, recipient_list, fail_silently=False)
return Response(status=status.HTTP_200_OK)
def validate(self, attrs):
# 多方式登录
user_obj = self._many_login(**attrs)
# 签发token
payload = jwt_payload_handler(user_obj)
token = jwt_encode_handler(payload)
# 将信息保存
self.username = user_obj.username
self.is_admin = user_obj.is_admin
self.token = token
return attrs
def test_post_passing_jwt_auth_with_oauth2_priority(self):
"""
Ensure POSTing over JWT auth with correct credentials
passes and does not require CSRF when OAuth2Authentication
has priority on authentication_classes
"""
payload = utils.jwt_payload_handler(self.user)
token = utils.jwt_encode_handler(payload)
auth = "JWT {0}".format(token)
response = self.csrf_client.post("/oauth2-jwt/", {"example": "example"}, HTTP_AUTHORIZATION=auth, format="json")
self.assertEqual(response.status_code, status.HTTP_200_OK, response)
def validate(self, attrs):
# 1.身份认证
user = authenticate(username=attrs.get('username'),
password=attrs.get('password'))
if not user:
return serializers.ValidationError("用户名或密码错误")
# 2.token签发
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
# 3.返回有效数据
return {"user": user, "token": token}
def validate(self, attrs):
username = attrs['username']
password = attrs['password']
# 1.传统认证用户名密码
user = authenticate(username=username, password=password)
if not user:
raise serializers.ValidationError('传统认证不通过')
# 签发token
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
return {"user": user, "token": token}
def validate(self, attrs):
usr = attrs.get("usr")
pwd = attrs.get("pwd")
if usr and re.match(REGEX_MOBILE, usr):
user = User.objects.filter(mobile=usr).first()
else:
user = User.objects.filter(username=usr).first()
if user and user.check_password(pwd):
self.token = jwt_encode_handler(jwt_payload_handler(user))
return attrs
raise serializers.ValidationError({"data": "登陆信息不可用"})
def get_user_token(request):
"""
Custom Function to get user token
"""
jwt_payload_handler = Settings.JWT_PAYLOAD_HANDLER
jwt_encode_handler = Settings.JWT_ENCODE_HANDLER
payload = jwt_payload_handler(user=request.user)
token = jwt_encode_handler(payload)
return Response({
"token": token,
"success": True,
})
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.save()
re_dict = serializer.data
payload = jwt_payload_handler(user)
re_dict["token"] = jwt_encode_handler(payload)
re_dict["user"] = user
headers = self.get_success_headers(serializer.data)
return Response(re_dict,
status=status.HTTP_201_CREATED,
headers=headers)
def post(self, request, *args, **kwargs):
username = request.data['username']
password = request.data['password']
user = authenticate(username=username, password=password)
if user:
payload = jwt_payload_handler(user)
jwt_token = json.dumps({
'token':
jwt.encode(payload, settings.SECRET_KEY).decode('utf-8')
})
update_last_login(None, user)
return HttpResponse(jwt_token, status=200)
else:
return HttpResponse(InvalidCredentialsError(), status=400)
def post(self, request):
user = request.data
serializer = UserSerializer(data=user)
serializer.is_valid(raise_exception=True)
serializer.save()
email = request.data['email']
password = request.data['password']
user = User.objects.get(email=email, password=password)
token = jwt.encode(jwt_payload_handler(user), settings.SECRET_KEY)
user_details = {'token': token}
return Response(user_details, status=status.HTTP_201_CREATED)
def test_create_product(self):
"""
test product
"""
# generate token
payload = utils.jwt_payload_handler(self.user)
token = utils.jwt_encode_handler(payload)
auth = 'JWT {0}'.format(token)
# content
content = \
[
{
"name": "Latte",
"category": "royal_test"
},
{
"name": "Cappuccino",
"category": "royal_test"
},
{
"name": "Espresso",
"category": "royal_test"
},
{
"name": "Tea",
"category": "royal_test"
},
{
"name": "Hot chocolate",
"category": "royal_test"
},
{
"name": "Cookie",
"category": "royal_test"
}
]
# response
response = self.csrf_client.post(main_settings.BASE_URL +
'/api/create_product/',
content,
HTTP_AUTHORIZATION=auth,
format='json')
# check response status code
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(Product.objects.count(), 12)
def test_create_refresth_token(self):
data = {
'app': 'gandolf'
}
self.client.credentials(
HTTP_AUTHORIZATION='JWT ' + utils.jwt_encode_handler(
utils.jwt_payload_handler(self.user)))
response = self.client.post(self.list_url, data, format='json')
self.assertEqual(
response.status_code,
status.HTTP_201_CREATED,
(response.status_code, response.content)
)
self.assertEqual(response.data['user'], self.user.pk)
self.assertEqual(response.data['app'], data['app'])
def authenticate(self, user):
"""
Authenticates the given user
:param user: User to authenticate
:type user: inventorum.ebay.apps.accounts.models.EbayUserModel
"""
payload = utils.jwt_payload_handler(user)
self.token = utils.jwt_encode_handler(payload)
credentials = {
'HTTP_AUTHORIZATION': 'JWT %s' % self.token
}
self.client.credentials(**credentials)
def get(self, request):
try:
if request.user.is_active:
payload = jwt_payload_handler(
request.user) # todo: Is deprecated
jwt_token = utilities.jwt_response_payload_handler(
jwt_encode_handler(payload), user=request.user)
return responses.SuccessResponse(jwt_token).send()
else:
raise authnz_exceptions.CustomException(
detail=_('This user is inactive, contact us.'))
except authnz_exceptions.CustomException as e:
return responses.ErrorResponse(message=e.detail,
status=e.status_code).send()
def validate_token(self, token):
if self._check_payload(token) is True:
return token
refresh_token = JSONWebTokenAuthentication().get_jwt_value(
self.context['request'])
try:
payload = jwt_decode_handler(refresh_token)
if 'refresh' not in payload:
raise AuthenticationFailed(_('Token type is wrong.'))
user = get_user_model().objects.get(uuid=payload['uuid'])
except (AuthenticationFailed, get_user_model().DoesNotExist,
InvalidAlgorithmError, ExpiredSignatureError,
DecodeError) as ex:
raise AuthenticationFailed(ex)
return jwt_encode_handler(jwt_payload_handler(user))
def test_post_passing_jwt_auth_with_oauth2_priority(self):
"""
Ensure POSTing over JWT auth with correct credentials
passes and does not require CSRF when OAuth2Authentication
has priority on authentication_classes
"""
payload = utils.jwt_payload_handler(self.user)
token = utils.jwt_encode_handler(payload)
auth = 'JWT {0}'.format(token)
response = self.csrf_client.post(
'/oauth2-jwt/', {'example': 'example'},
HTTP_AUTHORIZATION=auth, format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK, response)
def validate(self, attrs):
user = authenticate(**attrs)
if not user:
#用户对象为None,传统用户身份认证失败
raise serializers.ValidationError("传统身份认证失败,请检查用户名和密码是否正确")
#2.检验通过,颁发jwt_token
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
return {
'user':user,
'token':token,
}
def test_create_refresth_token(self):
data = {
'app': 'gandolf'
}
self.client.credentials(
HTTP_AUTHORIZATION='JWT ' + utils.jwt_encode_handler(
utils.jwt_payload_handler(self.user)))
response = self.client.post(self.list_url, data, format='json')
self.assertEqual(
response.status_code,
status.HTTP_201_CREATED,
(response.status_code, response.content)
)
self.assertEqual(response.data['user'], self.user.pk)
self.assertEqual(response.data['app'], data['app'])
def validate(self, attrs):
username = attrs['username']
password = attrs['password']
# 1、进行传统身份认证
user = authenticate(username=username, password=password)
if not user:
raise serializers.ValidationError("传统身份校验失败!")
# 2、如果通过,生成token
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
# 3、返回有效数据
return {"user": user, "token": token}
def user_jwt_payload_handler(user, elevated_token=None):
payload = jwt_payload_handler(user)
payload.pop('username')
payload.pop('email')
try:
payload['identity_token'] = IdentityToken.objects.get(user=user).key
except IdentityToken.DoesNotExist:
raise AuthenticationFailed('Identity token does not exist!')
payload['elevated_token'] = elevated_token
payload['user_permissions'] = get_user_permissions_string_list(user)
payload['service_permissions'] = get_user_service_permissions_string_list(
user)
return payload
def test_jwt_login_with_expired_token(self):
"""
Ensure JWT login view works even if expired token is provided
"""
payload = utils.jwt_payload_handler(self.user)
payload['exp'] = 1
token = utils.jwt_encode_handler(payload)
auth = 'JWT {0}'.format(token)
client = APIClient(enforce_csrf_checks=True)
response = client.post(
'/auth-token/', self.data,
HTTP_AUTHORIZATION=auth, format='json')
self.assertTrue(response.status_code, status.HTTP_200_OK)
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
try:
user = self.perform_create(serializer)
payload = jwt_payload_handler(user)
serializer.data["token"] = jwt_encode_handler(payload)
serializer.data[
"name"] = user.nick_name if user.nick_name else user.username
headers = self.get_success_headers(serializer.data)
data = {'msg': 'success'}
except:
headers = {}
data = {'msg': 'fail'}
return Response(data, status=status.HTTP_201_CREATED, headers=headers)
def post(self, request, backend, *args, **kwargs):
try:
serialized_data = self.serializer_class(data=request.data)
if serialized_data.is_valid(raise_exception=True):
token = serialized_data.data['token']
if backend.lower() == 'google':
try:
resp_user = id_token.verify_oauth2_token(
token, google_requests.Request(),
settings.GOOGLE_OAUTH_ID)
except Exception as e:
return responses.ErrorResponse(
message='Error in google open auth',
dev_error=str(e),
status=400).send()
if resp_user['iss'] not in [
'accounts.google.com',
'https://accounts.google.com'
]:
raise authnz_exceptions.CustomException(
detail=_('Google Wrong issuer.'))
if not resp_user.get('email') or not resp_user.get('given_name') or \
not resp_user.get('family_name') or not resp_user.get('picture'):
raise authnz_exceptions.CustomException(detail=_(
'Scope need to have email, given name, family, picture'
))
email = resp_user['email'].lower()
try:
user = User.objects.get(profile__email=email)
except User.DoesNotExist as e:
user = transactions.open_auth_user_creator(
email, resp_user['given_name'],
resp_user['family_name'], resp_user['picture'])
else:
raise authnz_exceptions.CustomException(
detail=_('Wrong backend'))
if user.is_active:
payload = jwt_payload_handler(user) # todo: Is deprecated
jwt_token = utilities.jwt_response_payload_handler(
jwt_encode_handler(payload), user=user)
else:
raise authnz_exceptions.CustomException(detail=_(
'Your user account is deactivated, contact us for more information.'
))
return responses.SuccessResponse(jwt_token).send()
except authnz_exceptions.CustomException as e:
return responses.ErrorResponse(message=e.detail,
status=e.status_code).send()
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.save()
headers = self.get_success_headers(serializer.data)
payload = jwt_payload_handler(user)
response_data = {
'token': jwt_encode_handler(payload),
'user': serializer.data,
}
return Response(response_data,
status=status.HTTP_201_CREATED,
headers=headers)
def test_get_refresh_token_list(self):
self.client.credentials(
HTTP_AUTHORIZATION='JWT ' +
utils.jwt_encode_handler(utils.jwt_payload_handler(self.user)))
response = self.client.get(self.list_url)
self.assertEqual(len(response.data), 1)
resp0 = response.data[0]
self.assertEqual(self.token.key, resp0['key'])
self.client.force_authenticate(self.user1)
response = self.client.get(self.list_url)
self.assertEqual(len(response.data), 1)
resp0 = response.data[0]
self.assertEqual(self.token1.key, resp0['key'])
self.assertEqual(RefreshToken.objects.count(), 2)
def test_jwt_login_with_expired_token(self):
"""
Ensure JWT login view works even if expired token is provided
"""
payload = utils.jwt_payload_handler(self.user)
payload['exp'] = 1
token = utils.jwt_encode_handler(payload)
auth = 'JWT {0}'.format(token)
client = APIClient(enforce_csrf_checks=True)
response = client.post('/auth-token/',
self.data,
HTTP_AUTHORIZATION=auth,
format='json')
self.assertTrue(response.status_code, status.HTTP_200_OK)
def post(self, request, format=None):
parser = JSONParser().parse(request)
jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER
jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER
if parser['username'] and parser['password']:
user = auth_authenticate(username=parser['username'], password=parser['password'])
if user:
payload = jwt_payload_handler(user)
else:
logger.error("JWT generation failed for the user:{0}, exception-{1}".format(parser['username'], {'error': 'unautorized user'}))
return Response(data={'error': 'invalid authentication key'}, status=status.HTTP_401_UNAUTHORIZED)
else:
return Response(data={'error': 'password and username required'}, status=status.HTTP_400_BAD_REQUEST)
token = jwt_encode_handler(payload)
logger.info("JWT is sent to registered user:{0}".format(parser['username']))
return Response(data={'token': token}, status=status.HTTP_200_OK)
def test_delete_refresth_token(self):
self.client.credentials(
HTTP_AUTHORIZATION='JWT ' + utils.jwt_encode_handler(
utils.jwt_payload_handler(self.user)))
response = self.client.delete(self.detail_url)
self.assertEqual(
response.status_code,
status.HTTP_204_NO_CONTENT,
(response.status_code, response.content)
)
response = self.client.delete(self.detail_url1)
self.assertEqual(
response.status_code,
status.HTTP_404_NOT_FOUND,
(response.status_code, response.content)
)
def test_delete_refresth_token(self):
self.client.credentials(
HTTP_AUTHORIZATION='JWT ' + utils.jwt_encode_handler(
utils.jwt_payload_handler(self.user)))
response = self.client.delete(self.detail_url)
self.assertEqual(
response.status_code,
status.HTTP_204_NO_CONTENT,
(response.status_code, response.content)
)
response = self.client.delete(self.detail_url1)
self.assertEqual(
response.status_code,
status.HTTP_404_NOT_FOUND,
(response.status_code, response.content)
)
def test_post_expired_token_failing_jwt_auth(self):
"""
Ensure POSTing over JWT auth with expired token fails
"""
payload = utils.jwt_payload_handler(self.user)
payload["exp"] = 1
token = utils.jwt_encode_handler(payload)
auth = "JWT {0}".format(token)
response = self.csrf_client.post("/jwt/", {"example": "example"}, HTTP_AUTHORIZATION=auth, format="json")
msg = "Signature has expired."
self.assertEqual(response.data["detail"], msg)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response["WWW-Authenticate"], 'JWT realm="api"')
def validate(self, attrs):
# 1、实现传统身份认证
username = attrs.get("username")
password = attrs.get("password")
# 传统身份认证成功之后,返回用户对象
user = authenticate(username=username, password=password)
if not user or not user.is_active:
# 用户验证不通过,用户已经注销
raise serializers.ValidationError("传统身份认证失败!")
# 2、签发token,返回有效数据
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
return {'user': user, 'token': token}
def test_get_refresh_token_list(self):
self.client.credentials(
HTTP_AUTHORIZATION='JWT ' + utils.jwt_encode_handler(
utils.jwt_payload_handler(self.user)))
response = self.client.get(self.list_url)
self.assertEqual(len(response.data), 1)
resp0 = response.data[0]
self.assertEqual(self.token.key, resp0['key'])
self.client.force_authenticate(self.user1)
response = self.client.get(self.list_url)
self.assertEqual(len(response.data), 1)
resp0 = response.data[0]
self.assertEqual(self.token1.key, resp0['key'])
self.assertEqual(RefreshToken.objects.count(), 2)
def post(self, request, format=None):
username = request.data['username']
password = request.data['password']
usergo = authenticate(username=username, password=password)
if usergo is not None:
# auth_login(request,usergo)
if usergo.is_active:
payload = jwt_payload_handler(usergo)
token = jwt_encode_handler(payload)
response_data = jwt_response_payload_handler(token, usergo)
return Response(response_data, status=status.HTTP_200_OK)
else:
content = {"non_field_errors": ["用户账户已禁用。"]}
return Response(content, status=status.HTTP_400_BAD_REQUEST)
else:
content = {"non_field_errors": ["无法使用提供的认证信息登录。"]}
return Response(content, status=status.HTTP_400_BAD_REQUEST)
def test_different_auth_header_prefix(self):
"""
Ensure using a different setting for `JWT_AUTH_HEADER_PREFIX` and
with correct credentials passes.
"""
api_settings.JWT_AUTH_HEADER_PREFIX = "Bearer"
payload = utils.jwt_payload_handler(self.user)
token = utils.jwt_encode_handler(payload)
auth = "Bearer {0}".format(token)
response = self.csrf_client.post("/jwt/", {"example": "example"}, HTTP_AUTHORIZATION=auth, format="json")
self.assertEqual(response.status_code, status.HTTP_200_OK)
# Restore original settings
api_settings.JWT_AUTH_HEADER_PREFIX = DEFAULTS["JWT_AUTH_HEADER_PREFIX"]
def validate(self, attrs):
"""验证用户名和密码"""
user = authenticate(**attrs)
if not user:
raise serializers.ValidationError("用户名或密码错误")
user_payload = jwt_payload_handler(user)
jwt_token = jwt_encode_handler(user_payload)
# 返回有效数据
return {
'username': user.username,
'user_id': user.id,
'token': jwt_token
}
def test_post_expired_token_failing_jwt_auth(self):
"""
Ensure POSTing over JWT auth with expired token fails
"""
payload = utils.jwt_payload_handler(self.user)
payload['exp'] = 1
token = utils.jwt_encode_handler(payload)
auth = 'JWT {0}'.format(token)
response = self.csrf_client.post(
'/jwt/', {'example': 'example'},
HTTP_AUTHORIZATION=auth, format='json')
msg = 'Signature has expired.'
self.assertEqual(response.data['detail'], msg)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response['WWW-Authenticate'], 'JWT realm="api"')
def post(self, request):
access_token_url = 'https://graph.facebook.com/v2.3/oauth/access_token'
people_api_url = 'https://graph.facebook.com/v2.3/me'
payload = dict(client_id=request.data['clientId'],
redirect_uri=request.data['redirectUri'],
client_secret=settings.SOCIAL_AUTH_FACEBOOK_SECRET,
code=request.data['code'],
scope='email',
)
# Step 1. Exchange authorization code for access token.
r = requests.post(access_token_url, data=payload)
token = json.loads(r.text)
headers = {'Authorization': 'Bearer {0}'.format(token['access_token']), 'scope': 'email'}
# Step 2. Retrieve information about the current user.
r = requests.get(people_api_url, headers=headers)
profile = json.loads(r.text)
user = None
if 'email' in profile:
try:
user = User.objects.get(email=profile['email'])
except User.DoesNotExist:
pass
else:
try:
user = User.objects.get(email=profile['id'] + '@facebook.com')
except User.DoesNotExist:
pass
profile['email'] = profile['id'] + '@facebook.com'
if not user:
user = User.objects.create(username=profile['email'],
first_name=profile['name'].split()[0],
last_name=profile['name'].split()[1],
email=profile['email'])
Better.objects.create(user=user)
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
return Response({'token': token.decode('unicode_escape')},
status=status.HTTP_200_OK)
def generate_token(user):
"""
Generate a JWT for the user.
The token generally contains the following:
{
"username": "******",
"orig_iat": 1441902926,
"user_id": 5,
"email": "*****@*****.**",
"exp": 1442507726
}
"""
payload = jwt_payload_handler(user)
return {
'token': jwt_encode_handler(payload),
}
def test_post_form_passing_jwt_auth(self):
"""
Ensure POSTing form over JWT auth with correct credentials
passes and does not require CSRF
"""
payload = utils.jwt_payload_handler(self.user)
token = utils.jwt_encode_handler(payload)
auth = 'JWT {0}'.format(token)
response = self.csrf_client.post(
'/jwt/', {'example': 'example'}, HTTP_AUTHORIZATION=auth)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.content, b'mockview-post')
# Ensure `authenticate` returned the decoded payload.
self.assertEqual(response.wsgi_request.user, self.user)
payload = response.wsgi_request.auth
self.assertIsInstance(payload, dict)
self.assertEqual(set(payload.keys()), {
'user_id', 'username', 'exp', 'email'})
def post(self, request):
serialized = UserSerializer(data=request.DATA)
if serialized.is_valid():
try:
User.objects.get(email=serialized.data['email'])
return Response({'error': 'User with same email already exists.'},
status=status.HTTP_400_BAD_REQUEST)
except User.DoesNotExist:
pass
user = User.objects.create_user(
serialized.data['username'],
serialized.data['email'],
serialized.data['password'],
first_name=serialized.data['username']
)
Better.objects.create(user=user)
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
return Response({'token': token.decode('unicode_escape')},
status=status.HTTP_201_CREATED)
else:
return Response(serialized._errors, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
access_token_url = 'https://graph.facebook.com/v2.4/oauth/access_token'
people_api_url = 'https://graph.facebook.com/v2.4/me?fields=id,email,name'
payload = dict(client_id=request.data['clientId'],
redirect_uri=request.data['redirectUri'],
client_secret=settings.SOCIAL_AUTH_FACEBOOK_SECRET,
code=request.data['code'],
scope='email',
)
# Step 1. Exchange authorization code for access token.
r = requests.post(access_token_url, data=payload)
token = json.loads(r.text)
headers = {'Authorization': 'Bearer {0}'.format(token['access_token']), 'scope': 'email'}
# Step 2. Retrieve information about the current user.
r = requests.get(people_api_url, headers=headers)
profile = json.loads(r.text)
user = self.get_or_create_user(profile)
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
return Response({'token': token.decode('unicode_escape')}, status=status.HTTP_200_OK)
