Python get_jwt_issuers примеры использования

Пример #1

Файл: decoder.py Проект: CredoEducation/edx-drf-extensions

def _decode_and_verify_token(token, jwt_issuer):
    options = {
        'require': ["exp", "iat"],
        'verify_exp': api_settings.JWT_VERIFY_EXPIRATION,
        'verify_aud': settings.JWT_AUTH.get('JWT_VERIFY_AUDIENCE', True),
        'verify_iss':
        False,  # TODO (ARCH-204): manually verify until issuer is configured correctly.
        'verify_signature': False,  # Verified with JWS already
    }

    decoded_token = jwt.decode(
        token,
        jwt_issuer['SECRET_KEY'],
        options=options,
        leeway=api_settings.JWT_LEEWAY,
        audience=jwt_issuer['AUDIENCE'],
        issuer=jwt_issuer['ISSUER'],
        algorithms=[api_settings.JWT_ALGORITHM],
    )

    # TODO (ARCH-204): verify issuer manually until it is properly configured.
    token_issuer = decoded_token.get('iss')
    issuer_matched = any(issuer['ISSUER'] == token_issuer
                         for issuer in get_jwt_issuers())
    if not issuer_matched:
        logger.info('Token decode failed due to mismatched issuer [%s]',
                    token_issuer)
        raise jwt.InvalidTokenError('%s is not a valid issuer.' % token_issuer)

    return decoded_token

Пример #2

Файл: decoder.py Проект: edx/edx-drf-extensions

def _decode_and_verify_token(token, jwt_issuer):
    options = {
        'require_exp': True,
        'require_iat': True,

        'verify_exp': api_settings.JWT_VERIFY_EXPIRATION,
        'verify_aud': settings.JWT_AUTH.get('JWT_VERIFY_AUDIENCE', True),
        'verify_iss': False,  # TODO (ARCH-204): manually verify until issuer is configured correctly.
        'verify_signature': False,  # Verified with JWS already
    }

    decoded_token = jwt.decode(
        token,
        jwt_issuer['SECRET_KEY'],
        api_settings.JWT_VERIFY,
        options=options,
        leeway=api_settings.JWT_LEEWAY,
        audience=jwt_issuer['AUDIENCE'],
        issuer=jwt_issuer['ISSUER'],
        algorithms=[api_settings.JWT_ALGORITHM],
    )

    # TODO (ARCH-204): verify issuer manually until it is properly configured.
    token_issuer = decoded_token.get('iss')
    issuer_matched = any(issuer['ISSUER'] == token_issuer for issuer in get_jwt_issuers())
    if not issuer_matched:
        logger.info('Token decode failed due to mismatched issuer [%s]', token_issuer)
        raise jwt.InvalidTokenError('%s is not a valid issuer.', token_issuer)

    return decoded_token

Пример #3

Файл: test_settings.py Проект: guoyu07/edx-drf-extensions

    def test_get_deprecated_jwt_issuers(self):
        """
        Verify the get_jwt_issuers operation returns the deprecated issuer information when current
        issuers are not configured for the system.
        """
        _deprecated = [{
            'ISSUER': settings.JWT_AUTH['JWT_ISSUER'],
            'SECRET_KEY': settings.JWT_AUTH['JWT_SECRET_KEY'],
            'AUDIENCE': settings.JWT_AUTH['JWT_AUDIENCE'],
        }]

        mock_call = 'edx_rest_framework_extensions.settings._get_current_jwt_issuers'
        with mock.patch(mock_call, mock.Mock(return_value=None)):
            with warnings.catch_warnings(record=True) as warning_list:
                self.assertEqual(get_jwt_issuers(), _deprecated)
                warnings.simplefilter("default")
                self.assertEqual(len(warning_list), 1)
                self.assertTrue(
                    issubclass(warning_list[-1].category, DeprecationWarning))
                msg = "'JWT_ISSUERS' list not defined, checking for deprecated settings."
                self.assertIn(msg, str(warning_list[-1].message))

Пример #4

def jwt_decode_handler(token):
    """
    Decodes a JSON Web Token (JWT).

    Notes:
        * Requires "exp" and "iat" claims to be present in the token's payload.
        * Supports multiple issuer decoding via settings.JWT_AUTH['JWT_ISSUERS'] (see below)
        * Aids debugging by logging DecodeError and InvalidTokenError log entries when decoding fails.

    Examples:
        Use with `djangorestframework-jwt <https://getblimp.github.io/django-rest-framework-jwt/>`_, by changing
        your Django settings:

        .. code-block:: python

            JWT_AUTH = {
                'JWT_DECODE_HANDLER': 'edx_rest_framework_extensions.utils.jwt_decode_handler',
                'JWT_ISSUER': 'https://the.jwt.issuer',
                'JWT_SECRET_KEY': 'the-jwt-secret-key',  (defaults to settings.SECRET_KEY)
                'JWT_AUDIENCE': 'the-jwt-audience',
            }

        Enable multi-issuer support by specifying a list of dictionaries as settings.JWT_AUTH['JWT_ISSUERS']:

        .. code-block:: python

            JWT_ISSUERS = [
                    {
                        'ISSUER': 'test-issuer-1',
                        'SECRET_KEY': 'test-secret-key-1',
                        'AUDIENCE': 'test-audience-1',
                    },
                    {
                        'ISSUER': 'test-issuer-2',
                        'SECRET_KEY': 'test-secret-key-2',
                        'AUDIENCE': 'test-audience-2',
                    }
                ]

    Args:
        token (str): JWT to be decoded.

    Returns:
        dict: Decoded JWT payload.

    Raises:
        MissingRequiredClaimError: Either the exp or iat claims is missing from the JWT payload.
        InvalidTokenError: Decoding fails.
    """

    options = {
        'verify_exp': api_settings.JWT_VERIFY_EXPIRATION,
        'verify_aud': settings.JWT_AUTH.get('JWT_VERIFY_AUDIENCE', True),
        'require_exp': True,
        'require_iat': True,
    }

    for jwt_issuer in get_jwt_issuers():
        try:
            decoded = jwt.decode(token,
                                 jwt_issuer['SECRET_KEY'],
                                 api_settings.JWT_VERIFY,
                                 options=options,
                                 leeway=api_settings.JWT_LEEWAY,
                                 audience=jwt_issuer['AUDIENCE'],
                                 issuer=jwt_issuer['ISSUER'],
                                 algorithms=[api_settings.JWT_ALGORITHM])
            return decoded
        except jwt.InvalidTokenError:
            msg = "Token decode failed for issuer '{issuer}'".format(
                issuer=jwt_issuer['ISSUER'])
            logger.info(msg, exc_info=True)

    msg = 'All combinations of JWT issuers and secret keys failed to validate the token.'
    logger.error(msg)
    raise jwt.InvalidTokenError(msg)

Пример #5

Файл: test_settings.py Проект: guoyu07/edx-drf-extensions

 def test_get_current_jwt_issuers(self):
     """
     Verify the get_jwt_issuers operation returns the current issuer information when configured
     """
     self.assertEqual(get_jwt_issuers(), settings.JWT_AUTH['JWT_ISSUERS'])