In [1]:
from aioapi import aioAPI
from utils import JSON
import csv
import random
from faker import Faker

fake = Faker()

# JSON Web Token

JSON Web Tokens (JWTs) are a standard method for representing secure data transfer between two parties. They're compact, self-contained, and can be easily sent via URL, POST request, or inside an HTTP header. Additionally, JWTs can be signed to verify the integrity of the data being sent. In our API, we use JWTs to handle user authentication.

In [2]:
API = 'http://localhost:8000/'
API_TOKEN =  API + 'api/token/'
API_TOKEN_VERIFY =  API_TOKEN + 'verify/'

## Token generation

To access our API endpoints, you need to generate JWTs for each user role - admin, editor, and blogger. This can be done by making a POST request to the API_TOKEN endpoint with the correct username and password. Here's an example of how you can generate these tokens:

In [76]:
users = {}

with open('../../../blog/faker/users.csv') as csv_file:
    csv_reader = csv.reader(csv_file, delimiter=',')
    for row in csv_reader:
        username, password, role = row
        users.setdefault(role, []).append((username, password))

JSON(users, max_list_len=1)


{
  "role": [[
  "username",
  "password"
]],
  "blogger": [[
  "bethanymendez",
  "r1T3414q$Q"
], ...],
  "editor": [[
  "kiara30",
  ")54CLDaz)O"
], ...],
  "admin": [[
  "jennifer52",
  "18PdsyjZ*^"
], ...],
}


This script reads a CSV file with usernames, passwords, and roles, and stores them in a dictionary. The dictionary keys are the user roles and the values are lists of tuples with username and password.

Next, we define an async function 'token' that makes a POST request to the API_TOKEN endpoint, passing the username and password as payload.

In [77]:
async def token(username, password):
    api = aioAPI(API)
    response = await api.token.post({'username': username, 'password': password}, url=API_TOKEN)
    return response['access']

Now, we can generate the tokens for each user role. Additionally, we also include an invalid token to demonstrate a failure case.

In [78]:
roles = {role: await token(*random.choice(users[role])) for role in ['admin', 'editor', 'blogger']}
roles['fail'] = 'THIS IS NOT A TOKEN, OBVIOUSLY'
JSON(roles)


{
  "admin": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjg1MjM5NjE1LCJpYXQiOjE2ODUxNTMyMTUsImp0aSI6IjBmNGU4NmU0NWU0NDRiYmY5YTJlMGYyYjJmYWYzODdlIiwidXNlcl9pZCI6MjR9.mXc-xX4ktB6ITDaFfVWBQ4SYX8PnpKSwsdx-cxqNyHo",
  "editor": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjg1MjM5NjE1LCJpYXQiOjE2ODUxNTMyMTUsImp0aSI6IjVlZDhkODY0MDgzYTRiYmM5ZDVmYzA3YmQzNmI3M2IzIiwidXNlcl9pZCI6Mjl9.noGNwfr-zlqAFTWD9Kx-5at4dHhPCw_JyUr6IyQEFdM",
  "blogger": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjg1MjM5NjE1LCJpYXQiOjE2ODUxNTMyMTUsImp0aSI6IjliZjZkOGMyNTcxNTQyNDhhZDE3OGU5MTU1OTg5NWYwIiwidXNlcl9pZCI6Mjd9.hUMHUflRIMomnrvUBZlJL_l_-hP1UbXvn0LCiGKljgk",
  "fail": "THIS IS NOT A TOKEN, OBVIOUSLY",
}


The 'roles' dictionary now contains JWTs for each user role. These tokens can be used to authenticate requests to the API endpoints. Remember to handle the case when the token is invalid or expired.