This repository has been archived by the owner on Dec 7, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 170
/
jwt_auth.py
63 lines (52 loc) · 2.1 KB
/
jwt_auth.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
import jwt
from django.contrib.auth import get_user_model
from django.utils.translation import ugettext as _
from rest_framework import exceptions
from rest_framework_jwt.authentication import JSONWebTokenAuthentication
from rest_framework_jwt.settings import api_settings
class PulpJSONWebTokenAuthentication(JSONWebTokenAuthentication):
"""
Authenticate user by JWT token.
"""
def authenticate(self, request):
"""
Returns a two-tuple of `User` and token if a valid signature has been
supplied using JWT-based authentication. Otherwise returns `None`.
"""
User = get_user_model()
jwt_value = self.get_jwt_value(request)
if jwt_value is None:
return None
try:
payload = api_settings.JWT_DECODE_HANDLER(jwt_value)
except User.DoesNotExist:
msg = _('User not found.')
raise exceptions.AuthenticationFailed(msg)
except jwt.ExpiredSignature:
msg = _('Token has expired.')
raise exceptions.AuthenticationFailed(msg)
except jwt.DecodeError:
msg = _('Invalid token.')
raise exceptions.AuthenticationFailed(msg)
except jwt.InvalidTokenError:
raise exceptions.AuthenticationFailed()
user = self.authenticate_credentials(payload)
return (user, jwt_value)
def authenticate_credentials(self, payload):
"""
Returns an active user that matches the payload's user id and email.
"""
User = get_user_model()
username = api_settings.JWT_PAYLOAD_GET_USERNAME_HANDLER(payload)
if not username:
msg = _('Invalid token.')
raise exceptions.AuthenticationFailed(msg)
try:
user = User.objects.get_by_natural_key(username)
except User.DoesNotExist:
msg = _('Invalid token. User not found.')
raise exceptions.AuthenticationFailed(msg)
if not user.is_active:
msg = _('Invalid token. User account is disabled.')
raise exceptions.AuthenticationFailed(msg)
return user