1313jwt_get_user_id_from_payload = api_settings .JWT_PAYLOAD_GET_USER_ID_HANDLER
1414
1515
16- class JSONWebTokenAuthentication (BaseAuthentication ):
16+ class JSONWebTokenAuthenticationBase (BaseAuthentication ):
1717 """
1818 Token based authentication using the JSON Web Token standard.
19-
20- Clients should authenticate by passing the token key in the "Authorization"
21- HTTP header, prepended with the string specified in the setting
22- `JWT_AUTH_HEADER_PREFIX`. For example:
23-
24- Authorization: JWT eyJhbGciOiAiSFMyNTYiLCAidHlwIj
2519 """
26- www_authenticate_realm = 'api'
2720
2821 def authenticate (self , request ):
2922 """
3023 Returns a two-tuple of `User` and token if a valid signature has been
3124 supplied using JWT-based authentication. Otherwise returns `None`.
3225 """
33- auth = get_authorization_header (request ).split ()
34- auth_header_prefix = api_settings .JWT_AUTH_HEADER_PREFIX .lower ()
35-
36- if not auth or smart_text (auth [0 ].lower ()) != auth_header_prefix :
37- return None
38-
39- if len (auth ) == 1 :
40- msg = _ ('Invalid Authorization header. No credentials provided.' )
41- raise exceptions .AuthenticationFailed (msg )
42- elif len (auth ) > 2 :
43- msg = _ ('Invalid Authorization header. Credentials string '
44- 'should not contain spaces.' )
45- raise exceptions .AuthenticationFailed (msg )
26+ jwt_value = self .get_jwt_value (request )
4627
4728 try :
48- payload = jwt_decode_handler (auth [ 1 ] )
29+ payload = jwt_decode_handler (jwt_value )
4930 except jwt .ExpiredSignature :
5031 msg = _ ('Signature has expired.' )
5132 raise exceptions .AuthenticationFailed (msg )
@@ -55,28 +36,56 @@ def authenticate(self, request):
5536
5637 user = self .authenticate_credentials (payload )
5738
58- return (user , auth [ 1 ] )
39+ return (user , jwt_value )
5940
6041 def authenticate_credentials (self , payload ):
6142 """
6243 Returns an active user that matches the payload's user id and email.
6344 """
6445 User = utils .get_user_model ()
6546
66- try :
67- user_id = jwt_get_user_id_from_payload (payload )
47+ user_id = jwt_get_user_id_from_payload (payload )
6848
69- if user_id is not None :
49+ if user_id is not None :
50+ try :
7051 user = User .objects .get (pk = user_id , is_active = True )
71- else :
72- msg = _ ('Invalid payload .' )
52+ except User . DoesNotExist :
53+ msg = _ ('Invalid signature .' )
7354 raise exceptions .AuthenticationFailed (msg )
74- except User . DoesNotExist :
75- msg = _ ('Invalid signature .' )
55+ else :
56+ msg = _ ('Invalid payload .' )
7657 raise exceptions .AuthenticationFailed (msg )
7758
7859 return user
7960
61+
62+ class JSONWebTokenAuthentication (JSONWebTokenAuthenticationBase ):
63+ """
64+ Clients should authenticate by passing the token key in the "Authorization"
65+ HTTP header, prepended with the string specified in the setting
66+ `JWT_AUTH_HEADER_PREFIX`. For example:
67+
68+ Authorization: JWT eyJhbGciOiAiSFMyNTYiLCAidHlwIj
69+ """
70+ www_authenticate_realm = 'api'
71+
72+ def get_jwt_value (self , request ):
73+ auth = get_authorization_header (request ).split ()
74+ auth_header_prefix = api_settings .JWT_AUTH_HEADER_PREFIX .lower ()
75+
76+ if not auth or smart_text (auth [0 ].lower ()) != auth_header_prefix :
77+ return None
78+
79+ if len (auth ) == 1 :
80+ msg = _ ('Invalid Authorization header. No credentials provided.' )
81+ raise exceptions .AuthenticationFailed (msg )
82+ elif len (auth ) > 2 :
83+ msg = _ ('Invalid Authorization header. Credentials string '
84+ 'should not contain spaces.' )
85+ raise exceptions .AuthenticationFailed (msg )
86+
87+ return auth [1 ]
88+
8089 def authenticate_header (self , request ):
8190 """
8291 Return a string to be used as the value of the `WWW-Authenticate`
0 commit comments