def test_post_form_failing_jwt_auth_changed_user_secret_key(self): """ Ensure changin secret key on USER level makes tokens invalid """ # fine tune settings api_settings.JWT_GET_USER_SECRET_KEY = get_jwt_secret tmp_user = CustomUser.objects.create(email='*****@*****.**') payload = utils.jwt_payload_handler(tmp_user) token = utils.jwt_encode_handler(payload) auth = 'JWT {0}'.format(token) response = self.csrf_client.post( '/jwt/', {'example': 'example'}, HTTP_AUTHORIZATION=auth, format='json') self.assertEqual(response.status_code, status.HTTP_200_OK) # change token, verify tmp_user.jwt_secret = uuid.uuid4() tmp_user.save() response = self.csrf_client.post( '/jwt/', {'example': 'example'}, HTTP_AUTHORIZATION=auth) self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) # revert api settings api_settings.JWT_GET_USER_SECRET_KEY = DEFAULTS['JWT_GET_USER_SECRET_KEY']
def get_token(self, obj): #jwt_payload_handler = jwt_payload_handler #jwt_encode_handler = settings.JWT_ENCODE_HANDLER payload = jwt_payload_handler(obj) token = jwt_encode_handler(payload) return token
def post(self, request): access_token_url = 'https://accounts.google.com/o/oauth2/token' people_api_url = 'https://www.googleapis.com/plus/v1/people/me/openIdConnect' payload = dict(client_id=request.data['clientId'], redirect_uri=request.data['redirectUri'], client_secret=settings.SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET, code=request.data['code'], grant_type='authorization_code') # Step 1. Exchange authorization code for access token. r = requests.post(access_token_url, data=payload) token = json.loads(r.text) headers = {'Authorization': 'Bearer {0}'.format(token['access_token'])} # Step 2. Retrieve information about the current user. r = requests.get(people_api_url, headers=headers) profile = json.loads(r.text) user = None if 'email' in profile: try: user = User.objects.get(email=profile['email']) except User.DoesNotExist: pass if not user: user = User.objects.create(username=profile['email'], first_name=profile['given_name'], last_name=profile['family_name'], email=profile['email']) Better.objects.create(user=user) payload = jwt_payload_handler(user) token = jwt_encode_handler(payload) return Response({'token': token.decode('unicode_escape')}, status=status.HTTP_200_OK)
def test_jwt_payload_handler(self): payload = utils.jwt_payload_handler(self.user) self.assertTrue(isinstance(payload, dict)) self.assertEqual(payload['user_id'], self.user.pk) self.assertEqual(payload['email'], self.email) self.assertEqual(payload['username'], self.username) self.assertTrue('exp' in payload)
def test_jwt_encode(self): payload = utils.jwt_payload_handler(self.user) token = utils.jwt_encode_handler(payload) payload_data = base64url_decode(token.split('.')[1].encode('utf-8')) payload_from_token = json.loads(payload_data.decode('utf-8')) self.assertEqual(payload_from_token, payload)
def custom_jwt_payload_handler(user): payload = jwt_payload_handler(user) # payload['token'] = user. tokens = Token.objects.filter(user=user) if len(tokens) > 0: payload['token'] = tokens[0].key return payload
def test_jwt_payload_handler_no_email_address(self): user = CustomUserWithoutEmail.objects.create(username=self.username) payload = utils.jwt_payload_handler(user) self.assertTrue(isinstance(payload, dict)) self.assertFalse(hasattr(payload, 'email')) self.assertEqual(payload['user_id'], self.user.pk) self.assertEqual(payload['username'], self.username) self.assertTrue('exp' in payload)
def test_jwt_decode_verify_exp(self): api_settings.JWT_VERIFY_EXPIRATION = False payload = utils.jwt_payload_handler(self.user) payload['exp'] = 1 token = utils.jwt_encode_handler(payload) utils.jwt_decode_handler(token) api_settings.JWT_VERIFY_EXPIRATION = True
def setUp(self): self.client = APIClient() self.username = '******' self.email = '*****@*****.**' self.password='******' self.user = User.objects.create_user(self.email, self.password, username=self.username) payload = utils.jwt_payload_handler(self.user) token = utils.jwt_encode_handler(payload) self.auth = 'Token {0}'.format(token)
def test_authjwt_method(subscription, expect): if expect is True: payload = jwt_payload_handler(user=subscription.subscriber) token = jwt_encode_handler(payload) else: token = "fdksal;j" value = auth.authjwt_method(token) assert bool(value) is expect
def create_token(self, user, exp=None, orig_iat=None): payload = utils.jwt_payload_handler(user) if exp: payload['exp'] = exp if orig_iat: payload['orig_iat'] = timegm(orig_iat.utctimetuple()) token = utils.jwt_encode_handler(payload) return token
def test_jwt_payload_handler(self): payload = utils.jwt_payload_handler(self.user) pytest.deprecated_call(utils.jwt_payload_handler, self.user) self.assertTrue(isinstance(payload, dict)) self.assertEqual(payload["user_id"], self.user.pk) self.assertEqual(payload["email"], self.email) self.assertEqual(payload["username"], self.username) self.assertTrue("exp" in payload)
def test_post_json_passing_jwt_auth(self): """ Ensure POSTing JSON over JWT auth with correct credentials passes and does not require CSRF """ payload = utils.jwt_payload_handler(self.user) token = utils.jwt_encode_handler(payload) auth = "JWT {0}".format(token) response = self.csrf_client.post("/jwt/", {"example": "example"}, HTTP_AUTHORIZATION=auth, format="json") self.assertEqual(response.status_code, status.HTTP_200_OK)
def post(self, request): from lazysignup.models import LazyUser user, username = LazyUser.objects.create_lazy_user() user.first_name = 'Guest' + str(random.randint(1, 200)) user.save() betting_funds = random.randint(10, 60) Better.objects.create(user=user, points=betting_funds) payload = jwt_payload_handler(user) token = jwt_encode_handler(payload) return Response({'token': token, 'name': user.first_name, 'betting_funds': betting_funds }, status=status.HTTP_200_OK)
def create(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) user = serializer.save() re_dict = serializer.data payload = jwt_payload_handler(user) re_dict["token"] = jwt_encode_handler(payload) re_dict["user"] = user headers = self.get_success_headers(serializer.data) return Response(re_dict, status=status.HTTP_201_CREATED, headers=headers)
def test_post_form_passing_jwt_auth(self): """ Ensure POSTing json over JWT auth with correct credentials passes and does not require CSRF """ payload = utils.jwt_payload_handler(self.user) token = utils.jwt_encode_handler(payload) auth = 'JWT {0}'.format(token) response = self.csrf_client.post( '/jwt/', {'example': 'example'}, HTTP_AUTHORIZATION=auth) self.assertEqual(response.status_code, status.HTTP_200_OK)
def create(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) user = self.perform_create(serializer) re_dict = serializer.data payload = jwt_payload_handler(user) re_dict['token'] = jwt_encode_handler(payload) re_dict['username'] = user.name if user.name else user.username headers = self.get_success_headers(serializer.data) return Response(re_dict, status=status.HTTP_201_CREATED, headers=headers)
def validate(self, attrs): user = authenticate(**attrs) if not user: # 认证失败 raise serializers.ValidationError('用户名或密码错误!') # 认证通过 payload = jwt_payload_handler(user) jwt_token = jwt_encode_handler(payload) return {"user": user, "token": jwt_token}
def test_post_form_passing_jwt_auth(self): """ Ensure POSTing form over JWT auth with correct credentials passes and does not require CSRF """ payload = utils.jwt_payload_handler(self.user) token = utils.jwt_encode_handler(payload) auth = 'JWT {0}'.format(token) response = self.csrf_client.post( '/jwt/', {'example': 'example'}, HTTP_AUTHORIZATION=auth) self.assertEqual(response.status_code, status.HTTP_200_OK)
def request_remember(request): email = request.data['email'] user_obj = UserCustom.objects.get(email=email) payload = jwt_payload_handler(user_obj) token = jwt.encode(payload, SECRET_KEY) subject = 'Reset Your NUS Scheduler Account Password' message = 'Please click the link below to reset your password.' email_from = settings.EMAIL_HOST_USER recipient_list = [email, ] link = 'https://nus-scheduler.netlify.app/reset/' + email + '/' + token.decode('utf8') message = message + '\r\n' + link send_mail(subject, message, email_from, recipient_list, fail_silently=False) return Response(status=status.HTTP_200_OK)
def validate(self, attrs): # 多方式登录 user_obj = self._many_login(**attrs) # 签发token payload = jwt_payload_handler(user_obj) token = jwt_encode_handler(payload) # 将信息保存 self.username = user_obj.username self.is_admin = user_obj.is_admin self.token = token return attrs
def test_post_passing_jwt_auth_with_oauth2_priority(self): """ Ensure POSTing over JWT auth with correct credentials passes and does not require CSRF when OAuth2Authentication has priority on authentication_classes """ payload = utils.jwt_payload_handler(self.user) token = utils.jwt_encode_handler(payload) auth = "JWT {0}".format(token) response = self.csrf_client.post("/oauth2-jwt/", {"example": "example"}, HTTP_AUTHORIZATION=auth, format="json") self.assertEqual(response.status_code, status.HTTP_200_OK, response)
def validate(self, attrs): # 1.身份认证 user = authenticate(username=attrs.get('username'), password=attrs.get('password')) if not user: return serializers.ValidationError("用户名或密码错误") # 2.token签发 payload = jwt_payload_handler(user) token = jwt_encode_handler(payload) # 3.返回有效数据 return {"user": user, "token": token}
def validate(self, attrs): username = attrs['username'] password = attrs['password'] # 1.传统认证用户名密码 user = authenticate(username=username, password=password) if not user: raise serializers.ValidationError('传统认证不通过') # 签发token payload = jwt_payload_handler(user) token = jwt_encode_handler(payload) return {"user": user, "token": token}
def validate(self, attrs): usr = attrs.get("usr") pwd = attrs.get("pwd") if usr and re.match(REGEX_MOBILE, usr): user = User.objects.filter(mobile=usr).first() else: user = User.objects.filter(username=usr).first() if user and user.check_password(pwd): self.token = jwt_encode_handler(jwt_payload_handler(user)) return attrs raise serializers.ValidationError({"data": "登陆信息不可用"})
def get_user_token(request): """ Custom Function to get user token """ jwt_payload_handler = Settings.JWT_PAYLOAD_HANDLER jwt_encode_handler = Settings.JWT_ENCODE_HANDLER payload = jwt_payload_handler(user=request.user) token = jwt_encode_handler(payload) return Response({ "token": token, "success": True, })
def post(self, request, *args, **kwargs): username = request.data['username'] password = request.data['password'] user = authenticate(username=username, password=password) if user: payload = jwt_payload_handler(user) jwt_token = json.dumps({ 'token': jwt.encode(payload, settings.SECRET_KEY).decode('utf-8') }) update_last_login(None, user) return HttpResponse(jwt_token, status=200) else: return HttpResponse(InvalidCredentialsError(), status=400)
def post(self, request): user = request.data serializer = UserSerializer(data=user) serializer.is_valid(raise_exception=True) serializer.save() email = request.data['email'] password = request.data['password'] user = User.objects.get(email=email, password=password) token = jwt.encode(jwt_payload_handler(user), settings.SECRET_KEY) user_details = {'token': token} return Response(user_details, status=status.HTTP_201_CREATED)
def test_create_product(self): """ test product """ # generate token payload = utils.jwt_payload_handler(self.user) token = utils.jwt_encode_handler(payload) auth = 'JWT {0}'.format(token) # content content = \ [ { "name": "Latte", "category": "royal_test" }, { "name": "Cappuccino", "category": "royal_test" }, { "name": "Espresso", "category": "royal_test" }, { "name": "Tea", "category": "royal_test" }, { "name": "Hot chocolate", "category": "royal_test" }, { "name": "Cookie", "category": "royal_test" } ] # response response = self.csrf_client.post(main_settings.BASE_URL + '/api/create_product/', content, HTTP_AUTHORIZATION=auth, format='json') # check response status code self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(Product.objects.count(), 12)
def test_create_refresth_token(self): data = { 'app': 'gandolf' } self.client.credentials( HTTP_AUTHORIZATION='JWT ' + utils.jwt_encode_handler( utils.jwt_payload_handler(self.user))) response = self.client.post(self.list_url, data, format='json') self.assertEqual( response.status_code, status.HTTP_201_CREATED, (response.status_code, response.content) ) self.assertEqual(response.data['user'], self.user.pk) self.assertEqual(response.data['app'], data['app'])
def authenticate(self, user): """ Authenticates the given user :param user: User to authenticate :type user: inventorum.ebay.apps.accounts.models.EbayUserModel """ payload = utils.jwt_payload_handler(user) self.token = utils.jwt_encode_handler(payload) credentials = { 'HTTP_AUTHORIZATION': 'JWT %s' % self.token } self.client.credentials(**credentials)
def get(self, request): try: if request.user.is_active: payload = jwt_payload_handler( request.user) # todo: Is deprecated jwt_token = utilities.jwt_response_payload_handler( jwt_encode_handler(payload), user=request.user) return responses.SuccessResponse(jwt_token).send() else: raise authnz_exceptions.CustomException( detail=_('This user is inactive, contact us.')) except authnz_exceptions.CustomException as e: return responses.ErrorResponse(message=e.detail, status=e.status_code).send()
def validate_token(self, token): if self._check_payload(token) is True: return token refresh_token = JSONWebTokenAuthentication().get_jwt_value( self.context['request']) try: payload = jwt_decode_handler(refresh_token) if 'refresh' not in payload: raise AuthenticationFailed(_('Token type is wrong.')) user = get_user_model().objects.get(uuid=payload['uuid']) except (AuthenticationFailed, get_user_model().DoesNotExist, InvalidAlgorithmError, ExpiredSignatureError, DecodeError) as ex: raise AuthenticationFailed(ex) return jwt_encode_handler(jwt_payload_handler(user))
def test_post_passing_jwt_auth_with_oauth2_priority(self): """ Ensure POSTing over JWT auth with correct credentials passes and does not require CSRF when OAuth2Authentication has priority on authentication_classes """ payload = utils.jwt_payload_handler(self.user) token = utils.jwt_encode_handler(payload) auth = 'JWT {0}'.format(token) response = self.csrf_client.post( '/oauth2-jwt/', {'example': 'example'}, HTTP_AUTHORIZATION=auth, format='json') self.assertEqual(response.status_code, status.HTTP_200_OK, response)
def validate(self, attrs): user = authenticate(**attrs) if not user: #用户对象为None,传统用户身份认证失败 raise serializers.ValidationError("传统身份认证失败,请检查用户名和密码是否正确") #2.检验通过,颁发jwt_token payload = jwt_payload_handler(user) token = jwt_encode_handler(payload) return { 'user':user, 'token':token, }
def validate(self, attrs): username = attrs['username'] password = attrs['password'] # 1、进行传统身份认证 user = authenticate(username=username, password=password) if not user: raise serializers.ValidationError("传统身份校验失败!") # 2、如果通过,生成token payload = jwt_payload_handler(user) token = jwt_encode_handler(payload) # 3、返回有效数据 return {"user": user, "token": token}
def user_jwt_payload_handler(user, elevated_token=None): payload = jwt_payload_handler(user) payload.pop('username') payload.pop('email') try: payload['identity_token'] = IdentityToken.objects.get(user=user).key except IdentityToken.DoesNotExist: raise AuthenticationFailed('Identity token does not exist!') payload['elevated_token'] = elevated_token payload['user_permissions'] = get_user_permissions_string_list(user) payload['service_permissions'] = get_user_service_permissions_string_list( user) return payload
def test_jwt_login_with_expired_token(self): """ Ensure JWT login view works even if expired token is provided """ payload = utils.jwt_payload_handler(self.user) payload['exp'] = 1 token = utils.jwt_encode_handler(payload) auth = 'JWT {0}'.format(token) client = APIClient(enforce_csrf_checks=True) response = client.post( '/auth-token/', self.data, HTTP_AUTHORIZATION=auth, format='json') self.assertTrue(response.status_code, status.HTTP_200_OK)
def create(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) try: user = self.perform_create(serializer) payload = jwt_payload_handler(user) serializer.data["token"] = jwt_encode_handler(payload) serializer.data[ "name"] = user.nick_name if user.nick_name else user.username headers = self.get_success_headers(serializer.data) data = {'msg': 'success'} except: headers = {} data = {'msg': 'fail'} return Response(data, status=status.HTTP_201_CREATED, headers=headers)
def post(self, request, backend, *args, **kwargs): try: serialized_data = self.serializer_class(data=request.data) if serialized_data.is_valid(raise_exception=True): token = serialized_data.data['token'] if backend.lower() == 'google': try: resp_user = id_token.verify_oauth2_token( token, google_requests.Request(), settings.GOOGLE_OAUTH_ID) except Exception as e: return responses.ErrorResponse( message='Error in google open auth', dev_error=str(e), status=400).send() if resp_user['iss'] not in [ 'accounts.google.com', 'https://accounts.google.com' ]: raise authnz_exceptions.CustomException( detail=_('Google Wrong issuer.')) if not resp_user.get('email') or not resp_user.get('given_name') or \ not resp_user.get('family_name') or not resp_user.get('picture'): raise authnz_exceptions.CustomException(detail=_( 'Scope need to have email, given name, family, picture' )) email = resp_user['email'].lower() try: user = User.objects.get(profile__email=email) except User.DoesNotExist as e: user = transactions.open_auth_user_creator( email, resp_user['given_name'], resp_user['family_name'], resp_user['picture']) else: raise authnz_exceptions.CustomException( detail=_('Wrong backend')) if user.is_active: payload = jwt_payload_handler(user) # todo: Is deprecated jwt_token = utilities.jwt_response_payload_handler( jwt_encode_handler(payload), user=user) else: raise authnz_exceptions.CustomException(detail=_( 'Your user account is deactivated, contact us for more information.' )) return responses.SuccessResponse(jwt_token).send() except authnz_exceptions.CustomException as e: return responses.ErrorResponse(message=e.detail, status=e.status_code).send()
def create(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) user = serializer.save() headers = self.get_success_headers(serializer.data) payload = jwt_payload_handler(user) response_data = { 'token': jwt_encode_handler(payload), 'user': serializer.data, } return Response(response_data, status=status.HTTP_201_CREATED, headers=headers)
def test_get_refresh_token_list(self): self.client.credentials( HTTP_AUTHORIZATION='JWT ' + utils.jwt_encode_handler(utils.jwt_payload_handler(self.user))) response = self.client.get(self.list_url) self.assertEqual(len(response.data), 1) resp0 = response.data[0] self.assertEqual(self.token.key, resp0['key']) self.client.force_authenticate(self.user1) response = self.client.get(self.list_url) self.assertEqual(len(response.data), 1) resp0 = response.data[0] self.assertEqual(self.token1.key, resp0['key']) self.assertEqual(RefreshToken.objects.count(), 2)
def test_jwt_login_with_expired_token(self): """ Ensure JWT login view works even if expired token is provided """ payload = utils.jwt_payload_handler(self.user) payload['exp'] = 1 token = utils.jwt_encode_handler(payload) auth = 'JWT {0}'.format(token) client = APIClient(enforce_csrf_checks=True) response = client.post('/auth-token/', self.data, HTTP_AUTHORIZATION=auth, format='json') self.assertTrue(response.status_code, status.HTTP_200_OK)
def post(self, request, format=None): parser = JSONParser().parse(request) jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER if parser['username'] and parser['password']: user = auth_authenticate(username=parser['username'], password=parser['password']) if user: payload = jwt_payload_handler(user) else: logger.error("JWT generation failed for the user:{0}, exception-{1}".format(parser['username'], {'error': 'unautorized user'})) return Response(data={'error': 'invalid authentication key'}, status=status.HTTP_401_UNAUTHORIZED) else: return Response(data={'error': 'password and username required'}, status=status.HTTP_400_BAD_REQUEST) token = jwt_encode_handler(payload) logger.info("JWT is sent to registered user:{0}".format(parser['username'])) return Response(data={'token': token}, status=status.HTTP_200_OK)
def test_delete_refresth_token(self): self.client.credentials( HTTP_AUTHORIZATION='JWT ' + utils.jwt_encode_handler( utils.jwt_payload_handler(self.user))) response = self.client.delete(self.detail_url) self.assertEqual( response.status_code, status.HTTP_204_NO_CONTENT, (response.status_code, response.content) ) response = self.client.delete(self.detail_url1) self.assertEqual( response.status_code, status.HTTP_404_NOT_FOUND, (response.status_code, response.content) )
def test_post_expired_token_failing_jwt_auth(self): """ Ensure POSTing over JWT auth with expired token fails """ payload = utils.jwt_payload_handler(self.user) payload["exp"] = 1 token = utils.jwt_encode_handler(payload) auth = "JWT {0}".format(token) response = self.csrf_client.post("/jwt/", {"example": "example"}, HTTP_AUTHORIZATION=auth, format="json") msg = "Signature has expired." self.assertEqual(response.data["detail"], msg) self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) self.assertEqual(response["WWW-Authenticate"], 'JWT realm="api"')
def validate(self, attrs): # 1、实现传统身份认证 username = attrs.get("username") password = attrs.get("password") # 传统身份认证成功之后,返回用户对象 user = authenticate(username=username, password=password) if not user or not user.is_active: # 用户验证不通过,用户已经注销 raise serializers.ValidationError("传统身份认证失败!") # 2、签发token,返回有效数据 payload = jwt_payload_handler(user) token = jwt_encode_handler(payload) return {'user': user, 'token': token}
def test_get_refresh_token_list(self): self.client.credentials( HTTP_AUTHORIZATION='JWT ' + utils.jwt_encode_handler( utils.jwt_payload_handler(self.user))) response = self.client.get(self.list_url) self.assertEqual(len(response.data), 1) resp0 = response.data[0] self.assertEqual(self.token.key, resp0['key']) self.client.force_authenticate(self.user1) response = self.client.get(self.list_url) self.assertEqual(len(response.data), 1) resp0 = response.data[0] self.assertEqual(self.token1.key, resp0['key']) self.assertEqual(RefreshToken.objects.count(), 2)
def post(self, request, format=None): username = request.data['username'] password = request.data['password'] usergo = authenticate(username=username, password=password) if usergo is not None: # auth_login(request,usergo) if usergo.is_active: payload = jwt_payload_handler(usergo) token = jwt_encode_handler(payload) response_data = jwt_response_payload_handler(token, usergo) return Response(response_data, status=status.HTTP_200_OK) else: content = {"non_field_errors": ["用户账户已禁用。"]} return Response(content, status=status.HTTP_400_BAD_REQUEST) else: content = {"non_field_errors": ["无法使用提供的认证信息登录。"]} return Response(content, status=status.HTTP_400_BAD_REQUEST)
def test_different_auth_header_prefix(self): """ Ensure using a different setting for `JWT_AUTH_HEADER_PREFIX` and with correct credentials passes. """ api_settings.JWT_AUTH_HEADER_PREFIX = "Bearer" payload = utils.jwt_payload_handler(self.user) token = utils.jwt_encode_handler(payload) auth = "Bearer {0}".format(token) response = self.csrf_client.post("/jwt/", {"example": "example"}, HTTP_AUTHORIZATION=auth, format="json") self.assertEqual(response.status_code, status.HTTP_200_OK) # Restore original settings api_settings.JWT_AUTH_HEADER_PREFIX = DEFAULTS["JWT_AUTH_HEADER_PREFIX"]
def validate(self, attrs): """验证用户名和密码""" user = authenticate(**attrs) if not user: raise serializers.ValidationError("用户名或密码错误") user_payload = jwt_payload_handler(user) jwt_token = jwt_encode_handler(user_payload) # 返回有效数据 return { 'username': user.username, 'user_id': user.id, 'token': jwt_token }
def test_post_expired_token_failing_jwt_auth(self): """ Ensure POSTing over JWT auth with expired token fails """ payload = utils.jwt_payload_handler(self.user) payload['exp'] = 1 token = utils.jwt_encode_handler(payload) auth = 'JWT {0}'.format(token) response = self.csrf_client.post( '/jwt/', {'example': 'example'}, HTTP_AUTHORIZATION=auth, format='json') msg = 'Signature has expired.' self.assertEqual(response.data['detail'], msg) self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) self.assertEqual(response['WWW-Authenticate'], 'JWT realm="api"')
def post(self, request): access_token_url = 'https://graph.facebook.com/v2.3/oauth/access_token' people_api_url = 'https://graph.facebook.com/v2.3/me' payload = dict(client_id=request.data['clientId'], redirect_uri=request.data['redirectUri'], client_secret=settings.SOCIAL_AUTH_FACEBOOK_SECRET, code=request.data['code'], scope='email', ) # Step 1. Exchange authorization code for access token. r = requests.post(access_token_url, data=payload) token = json.loads(r.text) headers = {'Authorization': 'Bearer {0}'.format(token['access_token']), 'scope': 'email'} # Step 2. Retrieve information about the current user. r = requests.get(people_api_url, headers=headers) profile = json.loads(r.text) user = None if 'email' in profile: try: user = User.objects.get(email=profile['email']) except User.DoesNotExist: pass else: try: user = User.objects.get(email=profile['id'] + '@facebook.com') except User.DoesNotExist: pass profile['email'] = profile['id'] + '@facebook.com' if not user: user = User.objects.create(username=profile['email'], first_name=profile['name'].split()[0], last_name=profile['name'].split()[1], email=profile['email']) Better.objects.create(user=user) payload = jwt_payload_handler(user) token = jwt_encode_handler(payload) return Response({'token': token.decode('unicode_escape')}, status=status.HTTP_200_OK)
def generate_token(user): """ Generate a JWT for the user. The token generally contains the following: { "username": "******", "orig_iat": 1441902926, "user_id": 5, "email": "*****@*****.**", "exp": 1442507726 } """ payload = jwt_payload_handler(user) return { 'token': jwt_encode_handler(payload), }
def test_post_form_passing_jwt_auth(self): """ Ensure POSTing form over JWT auth with correct credentials passes and does not require CSRF """ payload = utils.jwt_payload_handler(self.user) token = utils.jwt_encode_handler(payload) auth = 'JWT {0}'.format(token) response = self.csrf_client.post( '/jwt/', {'example': 'example'}, HTTP_AUTHORIZATION=auth) self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(response.content, b'mockview-post') # Ensure `authenticate` returned the decoded payload. self.assertEqual(response.wsgi_request.user, self.user) payload = response.wsgi_request.auth self.assertIsInstance(payload, dict) self.assertEqual(set(payload.keys()), { 'user_id', 'username', 'exp', 'email'})
def post(self, request): serialized = UserSerializer(data=request.DATA) if serialized.is_valid(): try: User.objects.get(email=serialized.data['email']) return Response({'error': 'User with same email already exists.'}, status=status.HTTP_400_BAD_REQUEST) except User.DoesNotExist: pass user = User.objects.create_user( serialized.data['username'], serialized.data['email'], serialized.data['password'], first_name=serialized.data['username'] ) Better.objects.create(user=user) payload = jwt_payload_handler(user) token = jwt_encode_handler(payload) return Response({'token': token.decode('unicode_escape')}, status=status.HTTP_201_CREATED) else: return Response(serialized._errors, status=status.HTTP_400_BAD_REQUEST)
def post(self, request): access_token_url = 'https://graph.facebook.com/v2.4/oauth/access_token' people_api_url = 'https://graph.facebook.com/v2.4/me?fields=id,email,name' payload = dict(client_id=request.data['clientId'], redirect_uri=request.data['redirectUri'], client_secret=settings.SOCIAL_AUTH_FACEBOOK_SECRET, code=request.data['code'], scope='email', ) # Step 1. Exchange authorization code for access token. r = requests.post(access_token_url, data=payload) token = json.loads(r.text) headers = {'Authorization': 'Bearer {0}'.format(token['access_token']), 'scope': 'email'} # Step 2. Retrieve information about the current user. r = requests.get(people_api_url, headers=headers) profile = json.loads(r.text) user = self.get_or_create_user(profile) payload = jwt_payload_handler(user) token = jwt_encode_handler(payload) return Response({'token': token.decode('unicode_escape')}, status=status.HTTP_200_OK)