def is_authenticated(self, request, **kwargs): """ Finds the user and checks their API key. Should return either ``True`` if allowed, ``False`` if not or an ``HttpResponse`` if you need something custom. """ try: json_web_token = self.extract_credentials(request) payload = jwt_decode_handler(json_web_token) username = payload.get('username') except DecodeError: return self._unauthorized() User = get_user_model() try: lookup_kwargs = {'username': username} user = User.objects.get(**lookup_kwargs) except (User.DoesNotExist, User.MultipleObjectsReturned): return self._unauthorized() if not self.check_active(user): return False request.user = user return True
def test_jwt_login_json_with_username(self): """ Ensure JWT login view using JSON POST works with only username and password. """ response = self.client.post(self.login_url, json.dumps(self.login_data_with_username), content_type='application/json') self.assertEqual(response.status_code, 200) response_content = json.loads(smart_text(response.content)) decoded_payload = utils.jwt_decode_handler(response_content['token']) self.assertEqual(decoded_payload['username'], self.username)
def test_refresh(self): """ Ensure JWT refresh view using JSON POST works. """ data = {"token": utils.jwt_encode_handler(self.payload)} response = self.client.post(self.refresh_auth_token_url, data, content_type="application/json") decoded_payload = utils.jwt_decode_handler(response.json()["token"]) self.assertEqual(response.status_code, 200) self.assertEqual(decoded_payload["username"], self.username)
def test_login(self): """ Ensure JWT login view using JSON POST works. """ response = self.client.post( self.auth_token_url, self.data, content_type="application/json" ) response_content = response.json() expires_in = response_content["expires_in"] self.assertEqual(expires_in, settings.JWT_EXPIRATION_DELTA.total_seconds()) decoded_payload = utils.jwt_decode_handler(response_content["token"]) self.assertEqual(response.status_code, 200) self.assertEqual(decoded_payload["username"], self.username)
def test_jwt_login_json(self): """ Ensure JWT login view using JSON POST works. """ response = self.client.post('/auth-token/', json.dumps(self.data), content_type='application/json') response_content = json.loads(smart_text(response.content)) decoded_payload = utils.jwt_decode_handler(response_content['token']) self.assertEqual(response.status_code, 200) self.assertEqual(decoded_payload['username'], self.username)
def test_jwt_login_json(self): """ Ensure JWT login view using JSON POST works. """ response = self.client.post( '/auth-token/', json.dumps(self.data), content_type='application/json' ) response_content = json.loads(smart_text(response.content)) decoded_payload = utils.jwt_decode_handler(response_content['token']) self.assertEqual(response.status_code, 200) self.assertEqual(decoded_payload['username'], self.username)
def test_jwt_login_with_expired_token(self): """ Ensure JWT login view works even if expired token is provided """ payload = utils.jwt_payload_handler(self.user) payload['exp'] = 1 token = utils.jwt_encode_handler(payload) auth = 'Bearer {0}'.format(token) response = self.client.post(self.login_url, json.dumps(self.login_data_with_username), content_type='application/json', HTTP_AUTHORIZATION=auth) self.assertEqual(response.status_code, 200) response_content = json.loads(smart_text(response.content)) decoded_payload = utils.jwt_decode_handler(response_content['token']) self.assertEqual(decoded_payload['username'], self.username)
def authenticate(token): """ Tries to authenticate user based on the supplied token. It also checks the token structure and validity. Based on jwt_auth.JSONWebTokenAuthMixin.authenticate """ try: payload = jwt_decode_handler(token) except jwt.ExpiredSignature: msg = 'Signature has expired.' raise exceptions.AuthenticationFailed(msg) except jwt.DecodeError: msg = 'Error decoding signature.' raise exceptions.AuthenticationFailed(msg) user = authenticate_credentials(payload) return user
def test_login_with_expired_token(self): """ Ensure JWT login view works even if expired token is provided """ payload = utils.jwt_payload_handler(self.user) payload["exp"] = 1 token = utils.jwt_encode_handler(payload) auth = "Bearer {0}".format(token) response = self.client.post( self.auth_token_url, self.data, content_type="application/json", HTTP_AUTHORIZATION=auth, ) response_content = response.json() decoded_payload = utils.jwt_decode_handler(response_content["token"]) self.assertEqual(response.status_code, 200) self.assertEqual(decoded_payload["username"], self.username)
def process_response(request, response): if 'HTTP_AUTHORIZATION' in request.META: try: auth_indicator = JSONWebTokenAuthMixin().authenticate(request) except AuthenticationFailed as e: logging.exception(e) return response if auth_indicator is None: return response token = auth_indicator[1] token = jwt_decode_handler(token) exp = token['exp'] exp = datetime.fromtimestamp(exp) if exp - timedelta(0, 3600) < datetime.now(): # expiring in one hour # renew the token from jwt_auth import settings token['exp'] = datetime.utcnow() + settings.JWT_EXPIRATION_DELTA token = jwt_encode_handler(token) newtoken = settings.JWT_AUTH_HEADER_PREFIX + " " + token response['HTTP_AUTHORIZATION'] = newtoken return response
def test_jwt_login_with_expired_token(self): """ Ensure JWT login view works even if expired token is provided """ payload = utils.jwt_payload_handler(self.user) payload['exp'] = 1 token = utils.jwt_encode_handler(payload) auth = 'Bearer {0}'.format(token) response = self.client.post( '/auth-token/', json.dumps(self.data), content_type='application/json', HTTP_AUTHORIZATION=auth ) response_content = json.loads(smart_text(response.content)) decoded_payload = utils.jwt_decode_handler(response_content['token']) self.assertEqual(response.status_code, 200) self.assertEqual(decoded_payload['username'], self.username)