def test_create_jwt(self):
user = User.objects.create_user(**USER_CHI)
token = user.create_jwt()
try:
api_settings.JWT_DECODE_HANDLER(token)
# on success, the lines bellow will not run
except (ExpiredSignature, DecodeError): # pragma: no cover
self.assertTrue(False) # pragma: no cover
bad_token = f'{token}_taint'
with self.assertRaises(DecodeError):
api_settings.JWT_DECODE_HANDLER(bad_token)
def test_create_jwt(self):
user = User.objects.create_user(**USER_VASCO)
token = user.create_jwt()
try:
api_settings.JWT_DECODE_HANDLER(token)
except (ExpiredSignature, DecodeError):
self.assertTrue(False)
bad_token = f'{token}_taint'
with self.assertRaises(DecodeError):
api_settings.JWT_DECODE_HANDLER(bad_token)
def get(self, request):
token = request.META['HTTP_AUTHORIZATION'][4:]
username = api_settings.JWT_DECODE_HANDLER(token)['username']
notifications = Notification.objects(admin_by=username)
notifications = list(map(self.filter, notifications))
return HttpResponse(json.dumps(notifications),
content_type='application/json')
def get_user_from_auth_header(self, request):
try:
auth_keyword, token = get_authorization_header(request).split()
jwt_header, claims, signature = token.split('.')
try:
payload = api_settings.JWT_DECODE_HANDLER(token)
try:
user_id = api_settings.JWT_PAYLOAD_GET_USER_ID_HANDLER(
payload)
if user_id:
user = User.objects.get(pk=user_id, is_active=True)
return user
else:
msg = 'Invalid payload'
return None
except User.DoesNotExist:
msg = 'Invalid signature'
return None
except jwt.ExpiredSignature:
msg = 'Signature has expired.'
return None
except jwt.DecodeError:
msg = 'Error decoding signature.'
return None
except ValueError:
return None
def side_effect(url, json):
self.assertIn(url, expected_subscribers)
self.assertIn('token', json)
payload = api_settings.JWT_DECODE_HANDLER(json['token'])
self.assertEqual(payload['uuid'], self.user_vasco.uuid)
self.assertEqual(payload['username'], self.user_vasco.username)
return mock
def get(self, request):
token = request.META['HTTP_AUTHORIZATION'][4:]
username = api_settings.JWT_DECODE_HANDLER(token)['username']
nit = Enterprise.objects.filter(admin_by__username=username)[0].nit
routes = Route.objects(enterprise=nit)
routes = list(map(self.filter, routes))
return HttpResponse(json.dumps(routes),
content_type='application/json')
def test_can_invalidate_token_when_changing_settings_secret_key(
factories, settings):
settings.SECRET_KEY = "test1"
user = factories["users.User"]()
jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER
jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER
payload = jwt_payload_handler(user)
payload = jwt_encode_handler(payload)
# this should work
api_settings.JWT_DECODE_HANDLER(payload)
# now we update the secret key
settings.SECRET_KEY = "test2"
# token should be invalid
with pytest.raises(DecodeError):
api_settings.JWT_DECODE_HANDLER(payload)
def test_can_invalidate_token_when_changing_user_secret_key(factories):
user = factories["users.User"]()
u1 = user.secret_key
jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER
jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER
payload = jwt_payload_handler(user)
payload = jwt_encode_handler(payload)
# this should work
api_settings.JWT_DECODE_HANDLER(payload)
# now we update the secret key
user.update_secret_key()
user.save()
assert user.secret_key != u1
# token should be invalid
with pytest.raises(DecodeError):
api_settings.JWT_DECODE_HANDLER(payload)
def load(self):
"""
We load the data from the key itself instead of fetching from
some external data store. Opposite of _get_session_key(),
raises BadSignature if signature fails.
"""
try:
return api_settings.JWT_DECODE_HANDLER(self.session_key)
except Exception:
# BadSignature, ValueError, or unpickling exceptions. If any of
# these happen, reset the session.
self.create()
return {}
def validate(self, data):
try:
payload = api_settings.JWT_DECODE_HANDLER(data['token'])
except (ExpiredSignature, DecodeError):
raise serializers.ValidationError("Invalid Token field.")
if 'uuid' not in payload:
raise serializers.ValidationError("Invalid payload (no uuid).")
if len(payload['uuid']) != self.Meta.model.UUID_LEN:
raise serializers.ValidationError("Invalid payload (bad uuid).")
if self.Meta.model.objects.filter(
external_uuid=payload['uuid']).exists():
raise serializers.ValidationError(
"Invalid payload (existing uuid).")
data['uuid'] = payload['uuid']
data['name'] = payload.get(
'username', '') # use username to initialize profile.name
return data
def decode(token) -> dict:
return api_settings.JWT_DECODE_HANDLER(token)
def jwt_decode_token(cls, *args, **kwargs):
return api_settings.JWT_DECODE_HANDLER(*args, **kwargs)
def get_uid_from_jwt(request):
auth = JSONWebTokenAuthentication()
jwt_value = auth.get_jwt_value(request)
payload = api_settings.JWT_DECODE_HANDLER(jwt_value)
return payload['user_id']