phzhik/gault-millau
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added custom JWT authentication

Browse Source
This commit is contained in:
Anatoly 2019-08-29 09:43:31 +03:00
parent 7a1d5e269c
commit 39e833ec1d
8 changed files with 75 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
apps/authorization/serializers/common.py
View File

@ -200,8 +200,11 @@ class LogoutSerializer(serializers.ModelSerializer):
def validate(self, attrs):
"""Override validated data"""
request = self.context.get('request')
token = request.headers.get('Authorization') \
.split(' ')[::-1][0]
# Get token bytes from cookies (result: b'Bearer <token>')
token_bytes = utils_methods.get_token_from_cookies(request)
# Get token value from bytes
token = token_bytes.decode().split(' ')[::-1][0]
# Get access token obj
access_token = tokens.AccessToken(token)
# Prepare validated data
attrs['user'] = request.user

36
apps/utils/authentication.py Normal file
View File

@ -0,0 +1,36 @@
"""Custom authentication based on JWTAuthentication class"""
from rest_framework import HTTP_HEADER_ENCODING
from rest_framework_simplejwt.authentication import JWTAuthentication
from rest_framework_simplejwt.settings import api_settings
from utils.methods import get_token_from_cookies
AUTH_HEADER_TYPES = api_settings.AUTH_HEADER_TYPES
if not isinstance(api_settings.AUTH_HEADER_TYPES, (list, tuple)):
AUTH_HEADER_TYPES = (AUTH_HEADER_TYPES,)
AUTH_HEADER_TYPE_BYTES = set(
h.encode(HTTP_HEADER_ENCODING)
for h in AUTH_HEADER_TYPES
)
class GMJWTAuthentication(JWTAuthentication):
"""
An authentication plugin that authenticates requests through a JSON web
token provided in a request cookies.
"""
def authenticate(self, request):
token = get_token_from_cookies(request)
if token is None:
return None
raw_token = self.get_raw_token(token)
if raw_token is None:
return None
validated_token = self.get_validated_token(raw_token)
return self.get_user(validated_token), None

2
apps/utils/exceptions.py
View File

@ -73,7 +73,7 @@ class NotValidUsernameError(exceptions.APIException):
class NotValidTokenError(exceptions.APIException):
"""The exception should be thrown when token in url is not valid
"""
status_code = status.HTTP_400_BAD_REQUEST
status_code = status.HTTP_401_UNAUTHORIZED
default_detail = _('Not valid token')

16
apps/utils/methods.py
View File

@ -16,13 +16,23 @@ def generate_code(digits=6, string_output=True):
return str(value) if string_output else value
def get_token_from_cookies(request):
"""Get access token from request cookies"""
cookies = request.COOKIES
if cookies.get('access_token'):
token = f'Bearer {cookies.get("access_token")}'
return token.encode()
def get_token_from_request(request):
"""Get access token from request"""
token = None
if 'Authorization' in request.headers:
if isinstance(request, HttpRequest):
return request.headers.get('Authorization').split(' ')[::-1][0]
elif isinstance(request, Request):
return request._request.headers.get('Authorization').split(' ')[::-1][0]
token = request.headers.get('Authorization').split(' ')[::-1][0]
if isinstance(request, Request):
token = request.headers.get('Authorization').split(' ')[::-1][0]
return token
def username_validator(username: str) -> bool:

24
apps/utils/permissions.py
View File

@ -1,7 +1,10 @@
"""Project custom permissions"""
from rest_framework.permissions import BasePermission
from rest_framework_simplejwt.exceptions import TokenBackendError
from authorization.models import BlacklistedAccessToken
from utils.methods import get_token_from_request
from utils.exceptions import NotValidTokenError
from utils.methods import get_token_from_cookies
class IsAuthenticatedAndTokenIsValid(BasePermission):
@ -12,12 +15,17 @@ class IsAuthenticatedAndTokenIsValid(BasePermission):
def has_permission(self, request, view):
"""Check permissions by access token and default REST permission IsAuthenticated"""
user = request.user
if user and user.is_authenticated:
token = get_token_from_request(request)
# Check if user access token not expired
expired = BlacklistedAccessToken.objects.by_token(token)\
.by_user(user)\
.exists()
return not expired
try:
if user and user.is_authenticated:
token_bytes = get_token_from_cookies(request)
# Get access token key
token = token_bytes.decode().split(' ')[1]
# Check if user access token not expired
blacklisted = BlacklistedAccessToken.objects.by_token(token) \
.by_user(user) \
.exists()
return not blacklisted
except TokenBackendError:
raise NotValidTokenError()
else:
return False

4
apps/utils/views.py
View File

@ -67,8 +67,8 @@ class JWTGenericViewMixin(generics.GenericAPIView):
"""Update COOKIES in response from namedtuple"""
for cookie in cookies:
# todo: remove config for develop
import os
configuration = os.environ.get('SETTINGS_CONFIGURATION', None)
from os import environ
configuration = environ.get('SETTINGS_CONFIGURATION', None)
if configuration == 'development':
response.set_cookie(key=cookie.key,
value=cookie.value,

5
project/settings/base.py
View File

@ -205,10 +205,9 @@ REST_FRAMEWORK = {
'DEFAULT_PAGINATION_CLASS': 'utils.pagination.ProjectMobilePagination',
'COERCE_DECIMAL_TO_STRING': False,
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
'rest_framework.authentication.SessionAuthentication',
# JWT
'rest_framework_simplejwt.authentication.JWTAuthentication',
'utils.authentication.GMJWTAuthentication',
'rest_framework.authentication.SessionAuthentication',
),
'DEFAULT_VERSIONING_CLASS': 'rest_framework.versioning.AcceptHeaderVersioning',
'DEFAULT_VERSION': (AVAILABLE_VERSIONS['current'],),

3
project/settings/local.py
View File

@ -21,6 +21,3 @@ API_HOST_URL = 'http://%s' % API_HOST
BROKER_URL = 'amqp://rabbitmq:5672'
CELERY_RESULT_BACKEND = BROKER_URL
CELERY_BROKER_URL = BROKER_URL
# Increase access token lifetime for local deploy
SIMPLE_JWT['ACCESS_TOKEN_LIFETIME'] = timedelta(days=365)