/
__init__.py
57 lines (48 loc) · 2.31 KB
/
__init__.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
from .policy import JWTAuthenticationPolicy
def includeme(config):
config.add_directive(
'set_jwt_authentication_policy',
set_jwt_authentication_policy,
action_wrap=True)
def create_jwt_authentication_policy(config, private_key=None, public_key=None,
algorithm=None, expiration=None, leeway=None,
http_header=None, auth_type=None, callback=None, json_encoder=None):
settings = config.get_settings()
private_key = private_key or settings.get('jwt.private_key')
algorithm = algorithm or settings.get('jwt.algorithm') or 'HS512'
if algorithm.startswith('RS') or algorithm.startswith('EC'):
public_key = public_key or settings.get('jwt.public_key')
else:
public_key = None
if expiration is None and 'jwt.expiration' in settings:
expiration = int(settings.get('jwt.expiration'))
leeway = int(settings.get('jwt.leeway', 0)) if leeway is None else leeway
http_header = http_header or settings.get('jwt.http_header') or 'Authorization'
if http_header.lower() == 'authorization':
auth_type = auth_type or settings.get('jwt.auth_type') or 'JWT'
else:
auth_type = None
return JWTAuthenticationPolicy(
private_key=private_key,
public_key=public_key,
algorithm=algorithm,
leeway=leeway,
expiration=expiration,
http_header=http_header,
auth_type=auth_type,
callback=callback,
json_encoder=json_encoder)
def set_jwt_authentication_policy(config, private_key=None, public_key=None,
algorithm=None, expiration=None, leeway=None,
http_header=None, auth_type=None, callback=None, json_encoder=None):
policy = create_jwt_authentication_policy(
config, private_key, public_key,
algorithm, expiration, leeway,
http_header, auth_type, callback, json_encoder)
def request_create_token(request, principal, expiration=None, **claims):
return policy.create_token(principal, expiration, **claims)
def request_claims(request):
return policy.get_claims(request)
config.set_authentication_policy(policy)
config.add_request_method(request_create_token, 'create_jwt_token')
config.add_request_method(request_claims, 'jwt_claims', reify=True)