def _validate_jwt_data(self, data, access_type):
"""
Validates that the data for a jwt token is valid
"""
MissingClaimError.require_condition(
'jti' in data,
'Token is missing jti claim',
)
BlacklistedError.require_condition(
not self.is_blacklisted(data['jti']),
'Token has a blacklisted jti',
)
MissingClaimError.require_condition(
'id' in data,
'Token is missing id field',
)
MissingClaimError.require_condition(
'exp' in data,
'Token is missing exp claim',
)
MissingClaimError.require_condition(
REFRESH_EXPIRATION_CLAIM in data,
'Token is missing {} claim'.format(REFRESH_EXPIRATION_CLAIM),
)
moment = pendulum.now('UTC').int_timestamp
if access_type == AccessType.access:
MisusedRegistrationToken.require_condition(
IS_REGISTRATION_TOKEN_CLAIM not in data,
"registration token used for access")
ExpiredAccessError.require_condition(
moment <= data['exp'],
'access permission has expired',
)
elif access_type == AccessType.refresh:
MisusedRegistrationToken.require_condition(
IS_REGISTRATION_TOKEN_CLAIM not in data,
"registration token used for refresh")
EarlyRefreshError.require_condition(
moment > data['exp'],
'access permission for token has not expired. may not refresh',
)
ExpiredRefreshError.require_condition(
moment <= data[REFRESH_EXPIRATION_CLAIM],
'refresh permission for token has expired',
)
elif access_type == AccessType.register:
ExpiredAccessError.require_condition(
moment <= data['exp'],
'register permission has expired',
)
InvalidRegistrationToken.require_condition(
IS_REGISTRATION_TOKEN_CLAIM in data,
"invalid registration token used for verification")
def _validate_jwt_data(self, data, access_type):
"""
Validates that the data for a jwt token is valid
"""
MissingClaimError.require_condition(
'jti' in data,
'Token is missing jti claim',
)
BlacklistedError.require_condition(
not self.is_blacklisted(data['jti']),
'Token has a blacklisted jti',
)
MissingClaimError.require_condition(
'id' in data,
'Token is missing id field',
)
MissingClaimError.require_condition(
'exp' in data,
'Token is missing exp claim',
)
MissingClaimError.require_condition(
'rf_exp' in data,
'Token is missing rf_exp claim',
)
moment = pendulum.now('UTC').int_timestamp
if access_type == AccessType.access:
ExpiredAccessError.require_condition(
moment <= data['exp'],
'access permission has expired',
)
elif access_type == AccessType.refresh:
EarlyRefreshError.require_condition(
moment > data['exp'],
'access permission for token has not expired. may not refresh',
)
ExpiredRefreshError.require_condition(
moment <= data['rf_exp'],
'refresh permission for token has expired',
)
def _validate_jwt_data(self, data, access_type):
"""
Validates that the data for a jwt token is valid
"""
MissingClaimError.require_condition(
"jti" in data,
"Token is missing jti claim",
)
BlacklistedError.require_condition(
not self.is_blacklisted(data["jti"]),
"Token has a blacklisted jti",
)
MissingClaimError.require_condition(
"id" in data,
"Token is missing id field",
)
MissingClaimError.require_condition(
"exp" in data,
"Token is missing exp claim",
)
MissingClaimError.require_condition(
REFRESH_EXPIRATION_CLAIM in data,
"Token is missing {} claim".format(REFRESH_EXPIRATION_CLAIM),
)
moment = pendulum.now("UTC").int_timestamp
if access_type == AccessType.access:
MisusedRegistrationToken.require_condition(
IS_REGISTRATION_TOKEN_CLAIM not in data,
"registration token used for access",
)
MisusedResetToken.require_condition(
IS_RESET_TOKEN_CLAIM not in data,
"password reset token used for access",
)
ExpiredAccessError.require_condition(
moment <= data["exp"],
"access permission has expired",
)
elif access_type == AccessType.refresh:
MisusedRegistrationToken.require_condition(
IS_REGISTRATION_TOKEN_CLAIM not in data,
"registration token used for refresh",
)
MisusedResetToken.require_condition(
IS_RESET_TOKEN_CLAIM not in data,
"password reset token used for refresh",
)
EarlyRefreshError.require_condition(
moment > data["exp"],
"access permission for token has not expired. may not refresh",
)
ExpiredRefreshError.require_condition(
moment <= data[REFRESH_EXPIRATION_CLAIM],
"refresh permission for token has expired",
)
elif access_type == AccessType.register:
ExpiredAccessError.require_condition(
moment <= data["exp"],
"register permission has expired",
)
InvalidRegistrationToken.require_condition(
IS_REGISTRATION_TOKEN_CLAIM in data,
"invalid registration token used for verification",
)
MisusedResetToken.require_condition(
IS_RESET_TOKEN_CLAIM not in data,
"password reset token used for registration",
)
elif access_type == AccessType.reset:
MisusedRegistrationToken.require_condition(
IS_REGISTRATION_TOKEN_CLAIM not in data,
"registration token used for reset",
)
ExpiredAccessError.require_condition(
moment <= data["exp"],
"reset permission has expired",
)
InvalidResetToken.require_condition(
IS_RESET_TOKEN_CLAIM in data,
"invalid reset token used for verification",
)
