def get_jwt_claim_attribute_map(self): """ Returns a mapping of JWT claims to user model attributes. Returns dict """ return get_setting('JWT_PAYLOAD_USER_ATTRIBUTE_MAPPING')
def authenticate(self, request): try: user_and_auth = super(JwtAuthentication, self).authenticate(request) is_anonymous_access_rollout_enabled = get_setting( ENABLE_ANONYMOUS_ACCESS_ROLLOUT) # Use Django Setting for rollout to coordinate with frontend-auth changes for # anonymous access being available across MFEs. if not is_anonymous_access_rollout_enabled: return user_and_auth # Unauthenticated, CSRF validation not required if not user_and_auth: return user_and_auth # Not using JWT cookies, CSRF validation not required use_jwt_cookie_requested = request.META.get(USE_JWT_COOKIE_HEADER) if not use_jwt_cookie_requested: return user_and_auth self.enforce_csrf(request) # CSRF passed validation with authenticated user return user_and_auth except Exception as ex: # Errors in production do not need to be logged (as they may be noisy), # but debug logging can help quickly resolve issues during development. logger.debug(ex) raise
def get_jwt_claim_mergeable_attributes(self): """ Returns a list of user model attributes that should be merged into from the JWT. Returns list """ return get_setting('JWT_PAYLOAD_MERGEABLE_USER_ATTRIBUTES')
def test_get_setting(self): """ Verify the function returns the value of the specified setting from the EDX_DRF_EXTENSIONS dict. """ _settings = {'some-setting': 'some-value', 'another-one': False} with override_settings(EDX_DRF_EXTENSIONS=_settings): for key, value in _settings.items(): self.assertEqual(get_setting(key), value)
def process_view(self, request, view_func, view_args, view_kwargs): # pylint: disable=unused-argument """ Reconstitute the full JWT and add a new cookie on the request object. """ assert hasattr( request, 'session' ), "The Django authentication middleware requires session middleware to be installed. Edit your MIDDLEWARE setting to insert 'django.contrib.sessions.middleware.SessionMiddleware'." # noqa E501 line too long use_jwt_cookie_requested = request.META.get(USE_JWT_COOKIE_HEADER) header_payload_cookie = request.COOKIES.get( jwt_cookie_header_payload_name()) signature_cookie = request.COOKIES.get(jwt_cookie_signature_name()) is_set_request_user_for_jwt_cookie_enabled = get_setting( ENABLE_SET_REQUEST_USER_FOR_JWT_COOKIE) if use_jwt_cookie_requested and is_set_request_user_for_jwt_cookie_enabled: # DRF does not set request.user until process_response. This makes it available in process_view. # For more info, see https://github.com/jpadilla/django-rest-framework-jwt/issues/45#issuecomment-74996698 request.user = SimpleLazyObject( lambda: _get_user_from_jwt(request, view_func)) if not use_jwt_cookie_requested: metric_value = 'not-requested' elif header_payload_cookie and signature_cookie: # Reconstitute JWT auth cookie if split cookies are available and jwt cookie # authentication was requested by the client. request.COOKIES[jwt_cookie_name()] = '{}{}{}'.format( header_payload_cookie, JWT_DELIMITER, signature_cookie, ) metric_value = 'success' elif header_payload_cookie or signature_cookie: # Log unexpected case of only finding one cookie. if not header_payload_cookie: log_message, metric_value = self._get_missing_cookie_message_and_metric( jwt_cookie_header_payload_name()) if not signature_cookie: log_message, metric_value = self._get_missing_cookie_message_and_metric( jwt_cookie_signature_name()) log.warning(log_message) else: metric_value = 'missing-both' log.warning( 'Both JWT auth cookies missing. JWT auth cookies will not be reconstituted.' ) monitoring.set_custom_metric('request_jwt_cookie', metric_value)
def get_user_info_url(self): """ Returns the URL, hosted by the OAuth2 provider, from which user information can be pulled. """ return get_setting('OAUTH2_USER_INFO_URL')