def authenticate_credentials(self, payload): """ Returns an active user that matches the payload's user id and email. """ # User = get_user_model() username = jwt_get_username_from_payload(payload) if not username: # msg = _('Invalid payload.') msg = _('认证信息不合法.') # raise exceptions.AuthenticationFailed(msg) logger.debug('==========================>'.format(msg)) raise AuthenticationInfoHasExpiredError(msg) try: user = Users.objects.get(nick_name=username) except Users.DoesNotExist: # msg = _('Invalid signature.') msg = _('签名不合法.') # raise exceptions.AuthenticationFailed(msg) raise AuthenticationInfoHasExpiredError(msg) if not user.is_active: # msg = _('User account is disabled.') msg = _('用户身份未激活.') # raise exceptions.AuthenticationFailed(msg) raise AuthenticationInfoHasExpiredError(msg) return user
def initial(self, request, *args, **kwargs): super(CloudEnterpriseCenterView, self).initial(request, *args, **kwargs) if not os.getenv("IS_PUBLIC", False): return try: oauth_service = OAuthServices.objects.get(oauth_type="enterprisecenter", ID=1) pre_enterprise_center = os.getenv("PRE_ENTERPRISE_CENTER", None) if pre_enterprise_center: oauth_service = OAuthServices.objects.get(name=pre_enterprise_center, oauth_type="enterprisecenter") oauth_user = UserOAuthServices.objects.get(service_id=oauth_service.ID, user_id=self.user.user_id) except OAuthServices.DoesNotExist: raise NotFound("enterprise center oauth server not found") except UserOAuthServices.DoesNotExist: msg = _('用户身份未在企业中心认证') raise AuthenticationInfoHasExpiredError(msg) self.oauth_instance = get_oauth_instance(oauth_service.oauth_type, oauth_service, oauth_user) if not self.oauth_instance: msg = _('未找到企业中心OAuth服务类型') raise AuthenticationInfoHasExpiredError(msg)
def authenticate(self, request): """ Returns a two-tuple of `User` and token if a valid signature has been supplied using JWT-based authentication. Otherwise returns `None`. """ # update request authentication info jwt_value = self.get_jwt_value(request) if jwt_value is None: msg = _('未提供验证信息') raise AuthenticationInfoHasExpiredError(msg) # Check if the jwt is expired.If not, reset the expire time jwt_manager = JwtManager() if not jwt_manager.exists(jwt_value): raise AuthenticationInfoHasExpiredError("token expired") # if have SSO login modules if settings.MODULES.get('SSO_LOGIN', None): sso_user_id = request.COOKIES.get('uid') sso_user_token = jwt_value if not sso_user_id or not sso_user_token: msg = _("Cookie信息里面应该包含Token和用户uid") raise AuthenticationInfoHasExpiredError(msg) if sso_user_id == 'null' or sso_user_token == 'null': msg = _("Cookie信息里面应该包含Token和用户uid") raise AuthenticationInfoHasExpiredError(msg) try: user = Users.objects.get(sso_user_id=sso_user_id) return user, None except Users.DoesNotExist: msg = _('认证信息错误') raise AuthenticationInfoHasExpiredError(msg) else: try: payload = jwt_decode_handler(jwt_value) except jwt.ExpiredSignature: msg = _('认证信息已过期') raise AuthenticationInfoHasExpiredError(msg) except jwt.DecodeError: msg = _('认证信息错误') raise AuthenticationInfoHasExpiredError(msg) except jwt.InvalidTokenError: msg = _('认证信息错误,请求Token不合法') raise AuthenticationInfoHasExpiredError(msg) user = self.authenticate_credentials(payload) jwt_manager.set(jwt_value, user.user_id) return user, jwt_value