-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
32 changed files
with
1,341 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
# Byte-compiled / optimized / DLL files | ||
__pycache__/ | ||
*.py[cod] | ||
*$py.class | ||
|
||
# C extensions | ||
*.so | ||
|
||
# Sublime Text | ||
*.sublime* | ||
|
||
# Distribution / packaging | ||
.Python | ||
env/ | ||
build/ | ||
develop-eggs/ | ||
dist/ | ||
downloads/ | ||
eggs/ | ||
.eggs/ | ||
lib/ | ||
lib64/ | ||
parts/ | ||
sdist/ | ||
var/ | ||
*.egg-info/ | ||
.installed.cfg | ||
*.egg | ||
|
||
# PyInstaller | ||
# Usually these files are written by a python script from a template | ||
# before PyInstaller builds the exe, so as to inject date/other infos into it. | ||
*.manifest | ||
*.spec | ||
|
||
# Installer logs | ||
pip-log.txt | ||
pip-delete-this-directory.txt | ||
|
||
# Unit test / coverage reports | ||
htmlcov/ | ||
.tox/ | ||
.coverage | ||
.coverage.* | ||
.cache | ||
nosetests.xml | ||
coverage.xml | ||
*,cover | ||
.hypothesis/ | ||
|
||
# Translations | ||
*.mo | ||
*.pot | ||
|
||
# Django stuff: | ||
*.log | ||
local_settings.py | ||
manage.py | ||
|
||
# Flask stuff: | ||
instance/ | ||
.webassets-cache | ||
|
||
# Scrapy stuff: | ||
.scrapy | ||
|
||
# Sphinx documentation | ||
docs/_build/ | ||
|
||
# PyBuilder | ||
target/ | ||
|
||
# IPython Notebook | ||
.ipynb_checkpoints | ||
|
||
# pyenv | ||
.python-version | ||
|
||
# celery beat schedule file | ||
celerybeat-schedule | ||
|
||
# dotenv | ||
.env | ||
|
||
# virtualenv | ||
venv/ | ||
ENV/ | ||
|
||
# Spyder project settings | ||
.spyderproject | ||
|
||
# Rope project settings | ||
.ropeproject |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
language: python | ||
|
||
cache: pip | ||
sudo: false | ||
|
||
env: | ||
- TOX_ENV=py27-flake8 | ||
|
||
- TOX_ENV=py27-django1.8-drf3.1 | ||
- TOX_ENV=py27-django1.8-drf3.2 | ||
- TOX_ENV=py27-django1.8-drf3.3 | ||
- TOX_ENV=py27-django1.8-drf3.4 | ||
- TOX_ENV=py27-django1.8-drf3.5 | ||
|
||
- TOX_ENV=py27-django1.9-drf3.1 | ||
- TOX_ENV=py27-django1.9-drf3.2 | ||
- TOX_ENV=py27-django1.9-drf3.3 | ||
- TOX_ENV=py27-django1.9-drf3.4 | ||
- TOX_ENV=py27-django1.9-drf3.5 | ||
|
||
- TOX_ENV=py27-django1.10-drf3.4 | ||
- TOX_ENV=py27-django1.10-drf3.5 | ||
|
||
- TOX_ENV=py27-django1.11-drf3.4 | ||
- TOX_ENV=py27-django1.11-drf3.5 | ||
|
||
- TOX_ENV=py34-django1.8-drf3.1 | ||
- TOX_ENV=py34-django1.8-drf3.2 | ||
- TOX_ENV=py34-django1.8-drf3.3 | ||
- TOX_ENV=py34-django1.8-drf3.4 | ||
- TOX_ENV=py34-django1.8-drf3.5 | ||
|
||
- TOX_ENV=py34-django1.9-drf3.1 | ||
- TOX_ENV=py34-django1.9-drf3.2 | ||
- TOX_ENV=py34-django1.9-drf3.3 | ||
- TOX_ENV=py34-django1.9-drf3.4 | ||
- TOX_ENV=py34-django1.9-drf3.5 | ||
|
||
- TOX_ENV=py34-django1.10-drf3.4 | ||
- TOX_ENV=py34-django1.10-drf3.5 | ||
|
||
- TOX_ENV=py34-django1.11-drf3.4 | ||
- TOX_ENV=py34-django1.11-drf3.5 | ||
|
||
- TOX_ENV=py35-django1.10-drf3.4 | ||
- TOX_ENV=py35-django1.10-drf3.5 | ||
|
||
- TOX_ENV=py35-django1.11-drf3.4 | ||
- TOX_ENV=py35-django1.11-drf3.5 | ||
|
||
matrix: | ||
fast_finish: true | ||
|
||
install: | ||
- pip install tox coverage coveralls | ||
|
||
script: | ||
- tox -e $TOX_ENV | ||
|
||
after_success: | ||
- coverage report -m | ||
- coveralls | ||
|
||
notifications: | ||
email: | ||
recipients: | ||
- team@arabel.la |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
# Change Log | ||
All notable changes to this project will be documented in this file. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
MIT License | ||
|
||
Copyright (c) 2017 Arabella | ||
|
||
Permission is hereby granted, free of charge, to any person obtaining a copy | ||
of this software and associated documentation files (the "Software"), to deal | ||
in the Software without restriction, including without limitation the rights | ||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
copies of the Software, and to permit persons to whom the Software is | ||
furnished to do so, subject to the following conditions: | ||
|
||
The above copyright notice and this permission notice shall be included in all | ||
copies or substantial portions of the Software. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||
SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
include README.rst | ||
include LICENSE | ||
include requirements/* | ||
recursive-exclude * __pycache__ | ||
recursive-exclude * *.py[co] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,113 @@ | ||
=============== | ||
drf-jwt-devices | ||
=============== | ||
|travis|_ |pypi|_ |coveralls|_ |requiresio|_ | ||
|
||
Permanent token feature for `Django Rest Framework JWT <https://github.com/GetBlimp/django-rest-framework-jwt>`_ | ||
|
||
By default JWT tokens have short lifetime because of security reasons, but sometimes you may want to keep user logged | ||
in, without the need to refresh the auth token each 5 minutes. For this case, you should consider using the permanent | ||
token authentication. | ||
|
||
Installation | ||
============ | ||
To use, add ``jwt_devices`` to your ``INSTALLED_APPS``, and then migrate the project. | ||
|
||
Configuration | ||
------------- | ||
|
||
To enable permanent token authentication, update rest framework's default authentication classes list: | ||
:: | ||
|
||
REST_FRAMEWORK={ | ||
"DEFAULT_AUTHENTICATION_CLASSES": [ | ||
"jwt_devices.authentication.PermanentTokenAuthentication" | ||
] | ||
} | ||
|
||
Another step is to add a few urls to your url patterns, and register the ``DeviceViewSet``: | ||
:: | ||
|
||
from jwt_devices import views | ||
from rest_framework.routers import DefaultRouter | ||
|
||
router = DefaultRouter() | ||
router.register(r'devices', views.DeviceViewSet) | ||
urlpatterns = [ | ||
# ... | ||
url(r'^device-refresh-token/$', views.device_refresh_token), | ||
url(r'^device-logout/$', views.device_logout) | ||
] + router.urls | ||
|
||
|
||
Using the API views | ||
------------------- | ||
|
||
**Login & logout view** | ||
|
||
When using the regular JWT login or the device logout view, use the ``HTTP_X_DEVICE_MODEL`` header to pass device model | ||
(otherwise, user agent will used instead as the name). After a successful login, the permanent token and id of the | ||
created device will be returned, for example: | ||
:: | ||
|
||
{ | ||
"token": "ads344fdgfd5454yJ0eAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VynRlYW1AYXJhYmVsLmxh", | ||
"permanent_token": "gfd5454yJ0eAiOiJKV1QiLCJhbGciOiJ", | ||
"device_id": 1 | ||
} | ||
|
||
The ``device_id`` is used to logout the device, so it should be saved on the front-end side (in local storage, for | ||
example). | ||
|
||
To logout a device, make a **DELETE** request to the ``rest_framework_jwt.views.device_logout`` view, passing device's | ||
id in the ``device_id`` header to identify the device. | ||
|
||
**Refresh JWT token using permanent token** | ||
|
||
To refresh JWT token, you have to pass the ``permanent_token`` header along with the request to identify the device. | ||
On success, response will return new JWT token (the same as it does after login). | ||
|
||
In case the permanent token has expired, the device will be logged out, and it will require login in again to obtain a | ||
new permanent token. To customize the expiration time and expiration accuracy, set the following settings in your | ||
``REST_FRAMEWORK`` configuration in **settings.py** | ||
|
||
|
||
**PermitHeaders middleware** | ||
|
||
As you may know, the content of a permanent token is a very fragile information, which should be sent along with a | ||
request only when it is needed. To avoid situations in which a front-end developer has incorrectly implemented the | ||
permanent token authentication on the front-end side and the permanent token value is sent with all requests | ||
(just like the JWT token), the ``jwt_devices.middleware.PermitHeadersMiddleware`` comes in handy. The middleware looks | ||
for the ``permanent_token`` in the headers, and checks if the view is not the | ||
``jwt_devices.views.DeviceRefreshJSONWebToken`` in which the ``permanent_token`` header is obligatory, otherwise it | ||
returns a **400 Bad Request** error. | ||
|
||
To use the ``PermitHeadersMiddleware`` in your application, add ``jwt_devices.middleware.PermitHeadersMiddleware`` | ||
to your ``MIDDLEWARES`` or ``MIDDLEWARE_CLASSES`` (in Django <1.10) in Django settings. | ||
|
||
**Settings** | ||
|
||
* ``JWT_PERMANENT_TOKEN_AUTH`` - option to enable/disable the permanent token authentication (default: ``True``) | ||
* ``JWT_PERMANENT_TOKEN_EXPIRATION_DELTA`` - describes how long can the permanent token live | ||
(default: ``datetime.timedelta(days=7)``) | ||
* ``JWT_PERMANENT_TOKEN_EXPIRATION_ACCURACY`` - the accuracy of updating permanent token last request time to decrease | ||
the number of database queries (default: ``datetime.timedelta(minutes=30)``) | ||
|
||
Support | ||
======= | ||
* Django 1.8 - 1.11 | ||
* Django Rest Framework 3.1 - 3.5 | ||
* Python 2.7, 3.4, 3.5, 3.6 | ||
|
||
.. |travis| image:: https://secure.travis-ci.org/ArabellaTech/drf-jwt-devices.svg?branch=master | ||
.. _travis: http://travis-ci.org/ArabellaTech/drf-jwt-devices | ||
|
||
.. |pypi| image:: https://img.shields.io/pypi/v/drf-jwt-devices.svg | ||
.. _pypi: https://pypi.python.org/pypi/drf-jwt-devices | ||
|
||
.. |coveralls| image:: https://coveralls.io/repos/github/ArabellaTech/drf-jwt-devices/badge.svg?branch=master | ||
.. _coveralls: https://coveralls.io/github/ArabellaTech/drf-jwt-devices | ||
|
||
.. |requiresio| image:: https://requires.io/github/ArabellaTech/drf-jwt-devices/requirements.svg?branch=master | ||
.. _requiresio: https://requires.io/github/ArabellaTech/drf-jwt-devices/requirements/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# -*- coding: utf-8 -*- | ||
__title__ = "Django Rest Framework JWT Devices" | ||
__version__ = "0.1" | ||
__author__ = "Michal Proszek" | ||
__license__ = "MIT" | ||
__copyright__ = "Copyright 2017 Arabella" | ||
|
||
# Version synonym | ||
VERSION = __version__ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
import jwt | ||
from django.utils.translation import ugettext as _ | ||
from rest_framework import exceptions | ||
from rest_framework_jwt.authentication import JSONWebTokenAuthentication | ||
from rest_framework_jwt.settings import api_settings as rfj_settings | ||
|
||
from jwt_devices.settings import api_settings | ||
|
||
jwt_decode_handler = rfj_settings.JWT_DECODE_HANDLER | ||
jwt_devices_decode_handler = api_settings.JWT_DEVICES_DECODE_HANDLER | ||
|
||
|
||
class PermanentTokenAuthentication(JSONWebTokenAuthentication): | ||
def authenticate(self, request): | ||
jwt_value = self.get_jwt_value(request) | ||
if jwt_value is None: | ||
return None | ||
|
||
try: | ||
if api_settings.JWT_PERMANENT_TOKEN_AUTH: | ||
payload = jwt_devices_decode_handler(jwt_value) | ||
else: | ||
payload = jwt_decode_handler(jwt_value) | ||
except jwt.ExpiredSignature: | ||
msg = _("Signature has expired.") | ||
raise exceptions.AuthenticationFailed(msg) | ||
except jwt.DecodeError: | ||
msg = _("Error decoding signature.") | ||
raise exceptions.AuthenticationFailed(msg) | ||
except jwt.InvalidTokenError: | ||
raise exceptions.AuthenticationFailed() | ||
|
||
user = self.authenticate_credentials(payload) | ||
|
||
return user, jwt_value |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
from django.http.response import JsonResponse | ||
from django.utils.translation import ugettext_lazy as _ | ||
from rest_framework import status | ||
|
||
from jwt_devices import views | ||
from jwt_devices.settings import api_settings | ||
|
||
|
||
class PermitHeadersMiddleware(object): | ||
""" | ||
Middleware used to disallow sending the permanent_token header in other requests than during permanent token | ||
refresh to make sure naive FE developers do not send the fragile permanent token with each request. | ||
""" | ||
|
||
def __init__(self, get_response=None): | ||
self.get_response = get_response | ||
|
||
def __call__(self, request): | ||
if self.get_response: | ||
return self.get_response(request) | ||
|
||
def process_view(self, request, view_func, view_args, view_kwargs): | ||
view_cls = getattr(view_func, "cls", None) | ||
if (view_cls and api_settings.JWT_PERMANENT_TOKEN_AUTH and request.META.get("permanent_token") and | ||
view_cls != views.DeviceRefreshJSONWebToken): | ||
return JsonResponse({ | ||
"permanent_token": { | ||
"details": _("Using the permanent_token header is disallowed for {}").format(type(view_cls)) | ||
} | ||
}, status=status.HTTP_400_BAD_REQUEST) |
Oops, something went wrong.