def post(self, request: Request): try: token = request.data['token'] except KeyError: return Response({'error': 'Field "token" is required'}, status=status.HTTP_400_BAD_REQUEST) try: payload = token_backend.decode(token) except (InvalidTokenError, TokenBackendError): return Response(status=status.HTTP_401_UNAUTHORIZED) try: token_type = payload['token_type'] except KeyError: return Response({'error': 'No token_type for token was given'}, status=status.HTTP_401_UNAUTHORIZED) try: app_id = payload['id'] except KeyError: return Response({'error', 'No id in token'}, status=status.HTTP_401_UNAUTHORIZED) if token_type != AppRefreshToken().access_token.token_type: return Response({'error': 'Wrong token_type'}, status=status.HTTP_401_UNAUTHORIZED) # Exp_time проверяется в decode if App.objects.filter(id=app_id).exists(): return Response(status=status.HTTP_200_OK) return Response(status=status.HTTP_401_UNAUTHORIZED)
def validate(self, attrs): data = super(CustomTokenRefreshSerializer, self).validate(attrs) decoded_payload = token_backend.decode(data['access'], verify=True) user_uid = decoded_payload['user_id'] # add filter query user = UserModel.objects.filter(id=user_uid).first() data['username'] = user.username data['email'] = user.email data['name'] = user.name data['phone'] = user.phone data['position'] = user.position data['slogan'] = user.slogan data['owner_course'] = user.owner_course data['temporary_user'] = user.temporary_user data['description'] = user.description if hasattr(user.photo, 'id') is True: data['photo'] = { 'id': user.photo.id, 'name': "image.png", 'status': "done", 'path': user.photo.photo.name, } else: data['photo'] = { 'id': "", 'name': "image.png", 'status': "done", 'path': "", } return data
def post(self, request: Request): try: token = request.data['refresh'] except KeyError: return Response({'error': 'Field "refresh" is required'}, status=status.HTTP_400_BAD_REQUEST) try: payload = token_backend.decode(token) except (InvalidTokenError, TokenBackendError): return Response(status=status.HTTP_401_UNAUTHORIZED) try: token_type = payload['token_type'] except KeyError: return Response({'error': 'No token_type for token was given'}, status=status.HTTP_401_UNAUTHORIZED) try: app_id = payload['id'] except KeyError: return Response({'error', 'No id in token'}, status=status.HTTP_401_UNAUTHORIZED) if token_type != AppRefreshToken.token_type: return Response({'error': 'Wrong token_type'}, status=status.HTTP_401_UNAUTHORIZED) if not App.objects.filter(id=app_id).exists(): return Response(status=status.HTTP_401_UNAUTHORIZED) refresh = AppRefreshToken(token=token, verify=False) data = { 'access': str(refresh.access_token), } return Response(data, status=status.HTTP_200_OK)
def __init__(self, token=None, verify=True): self.token = token self.current_time = aware_utcnow() if token is not None: # An encoded token was provided from rest_framework_simplejwt.state import token_backend # Decode token try: self.payload = token_backend.decode(token, verify=verify) if not get_or_none(User, pk=self.payload['user_id']): raise TokenError(_('Token is invalid or expired')) except TokenBackendError: raise TokenError(_('Token is invalid or expired')) if tokens.BlacklistedToken.objects.filter( token__jti=self.payload['jti']).exists(): raise TokenError(_('Token is blacklisted')) if verify: self.verify() new_token, created = \ tokens.OutstandingToken.objects.get_or_create( jti=self.payload['jti'], user_id=self.payload['user_id'], defaults={ 'token': str(self.token), 'expires_at': tokens.datetime_from_epoch( self.payload['exp'] ), }, ) super().__init__(token, verify)
def test_views_video_lti_instructor(self, mock_initialize): """Validate the context returned for an instructor request.""" video = VideoFactory( lti_id="123", playlist__lti_id="abc", playlist__consumer_site__name="example.com", ) view = VideoLTIView() view.request = self.factory.post( "/", { "resource_link_id": "123", "roles": "instructor", "context_id": "abc", "tool_consumer_instance_guid": "example.com", }, ) context = view.get_context_data() jwt_token = context.pop("jwt_token") decoded_token = token_backend.decode(jwt_token) self.assertEqual(decoded_token["video_id"], str(video.id)) self.assertEqual(set(context.keys()), {"state", "video"}) self.assertEqual(context["state"], "instructor") self.assertEqual(context["video"]["id"], str(video.id)) self.assertEqual(context["video"]["title"], str(video.title)) self.assertEqual(context["video"]["description"], str(video.description)) self.assertIsNone(context["video"]["urls"])
def test_username_and_password_are_correct___refresh_token_can_be_used_to_get_access_token( self): username = '******' password = '******' user = fake_user(username=username, password=password) response = self.app.post(reverse('auth:access_token'), params=json.dumps({ 'username': username, 'password': password }), content_type='application/json') response = self.app.post(reverse('auth:refresh_token'), content_type='application/json', headers={ 'Authorization': 'Bearer {}'.format( response.json['refresh_token']) }) data = response.json actual_access_ident = token_backend.decode( data.get('access_token').encode()) self.assertEqual(user.id, actual_access_ident['user_id']) self.assertEqual(data['expires_in'], 3600) self.assertEqual(data['token_type'], 'Bearer')
def __init__(self, token=None, verify=True): """ !!!! IMPORTANT !!!! MUST raise a TokenError with a user-facing error message if the given token is invalid, expired, or otherwise not safe to use. """ if self.token_type is None or self.lifetime is None: raise self.errors( _('Cannot create token with no type or lifetime')) self.token = token self.current_time = aware_utcnow() # Set up token if token is not None: # An encoded token was provided from rest_framework_simplejwt.state import token_backend # Decode token try: self.payload = token_backend.decode(token, verify=verify) except TokenBackendError: raise self.errors(_('Token is invalid or expired')) if verify: self.verify() else: # New token. Skip all the verification steps. self.payload = {api_settings.TOKEN_TYPE_CLAIM: self.token_type} # Set "exp" claim with default value self.set_exp(from_time=self.current_time, lifetime=self.lifetime) # Set "jti" claim self.set_jti()
def post(self, request: Request): try: token = request.data['refresh'] except KeyError: return Response({'error': 'Field "refresh" is required'}, status=status.HTTP_400_BAD_REQUEST) try: username = request.data['username'] except KeyError: return Response({'error': 'Field "username" is required'}, status=status.HTTP_400_BAD_REQUEST) try: req_client_id = request.data['client_id'] except KeyError: return Response({'error': 'Field "client_id" is required'}, status=status.HTTP_400_BAD_REQUEST) try: payload = token_backend.decode(token) except (InvalidTokenError, TokenBackendError): return Response(status=status.HTTP_401_UNAUTHORIZED) try: token_type = payload['token_type'] except KeyError: return Response({'error': 'No token_type for token was given'}, status=status.HTTP_401_UNAUTHORIZED) try: user_id = payload['id'] except KeyError: return Response({'error', 'No id in token'}, status=status.HTTP_401_UNAUTHORIZED) try: client_id = payload['client_id'] except KeyError: return Response({'error', 'No client_id in token'}, status=status.HTTP_401_UNAUTHORIZED) if token_type != ThirdPartyAppRefreshToken.token_type: return Response({'error': 'Wrong token_type'}, status=status.HTTP_401_UNAUTHORIZED) # Exp_time проверяется в decode if not App.objects.filter( id=client_id).exists() or not User.objects.filter( id=user_id).exists(): return Response(status=status.HTTP_401_UNAUTHORIZED) if req_client_id != client_id: return Response({'error': 'Client ids don\'t match'}, status=status.HTTP_401_UNAUTHORIZED) if User.objects.get(id=user_id).username != username: return Response({'error': 'Username is wrong for given token'}, status=status.HTTP_401_UNAUTHORIZED) refresh = ThirdPartyAppRefreshToken(token=token, verify=False) data = { 'access': str(refresh.access_token), } return Response(data, status=status.HTTP_200_OK)
def __call__(self, request): # Code to be executed for each request before # the view (and later middleware) are called. AUTH_HEADER = request.META.get('HTTP_AUTHORIZATION', None) token = AUTH_HEADER.split(" ")[1] decoded_token = token_backend.decode(token, verify=False) company = decoded_token['custom_field'] request.custom_field = company response = self.get_response(request) # Code to be executed for each request/response after # the view is called. return response
def test_username_and_password_are_correct___returned_token_represents_the_user( self): username = '******' password = '******' user = fake_user(username=username, password=password) response = self.app.post(reverse('auth:access_token'), params=json.dumps({ 'username': username, 'password': password }), content_type='application/json') data = response.json actual_refresh_ident = token_backend.decode( data.get('refresh_token').encode()) actual_access_ident = token_backend.decode( data.get('access_token').encode()) self.assertEqual(user.id, actual_refresh_ident['user_id']) self.assertEqual(user.id, actual_access_ident['user_id']) self.assertEqual(data['expires_in'], 86400) self.assertEqual(data['token_type'], 'Bearer')
def validate(self, attrs): data = super().validate(attrs) decoded_payload = token_backend.decode(data['access'], verify=True) user_pk = decoded_payload['user_id'] user_model = get_user_model() user = user_model.objects.get(id=user_pk) data.update({ 'user': dict( pk=user.pk, full_name=user.full_name, email=user.email, role=get_user_role(user.pk), ) }) return data
def __call__(self, request): #http 요청에서 httponly 쿠키를 찾고 if 'drf_backend' in request.COOKIES: #쿠키가 있다면 쿠키에서 JWT토큰을 가져오고 token_cookie = request.COOKIES['drf_backend'] #요청 헤더에 JWT토큰을 추가 request.META['HTTP_AUTHORIZATION'] = f"Bearer {token_cookie}" #토큰에서 사용자 정보를 생성 payload = token_backend.decode(token_cookie, verify=True) request.user = User.objects.filter(id=payload["user_id"]).first() #다음 미들웨어에 요청을 넘김 response = self.get_response(request) return response
def validate(self, attrs): token_payload = attrs.get('refresh') if token_payload is not None: # Decode token try: token = token_backend.decode(token_payload) except TokenBackendError: raise TokenError('Token is invalid or expired') try: user = User.objects.get(pk=token.get('user_id')) except User.DoesNotExist: raise exceptions.AuthenticationFailed(self.error_msg, 'no_active_account') if not user.is_active: raise exceptions.AuthenticationFailed(self.error_msg, 'no_active_account') return super().validate(attrs)