Skip to content

周伟奇 / bmw-ocr

Go to a project
Toggle navigation
Toggle navigation pinning
Switch branch/tag
authentication.py 2.3 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 
from django.contrib.auth import get_user_model
from oauth2_provider.contrib.rest_framework import OAuth2Authentication
from oauth2_provider.oauth2_backends import get_oauthlib_core
from rest_framework_jwt.authentication import JSONWebTokenAuthentication
from rest_framework import exceptions
from rest_framework_jwt.settings import api_settings
import jwt
from django.utils.translation import ugettext as _
from common.redis_cache import redis_handler as rh

jwt_decode_handler = api_settings.JWT_DECODE_HANDLER


class OAuth2AuthenticationWithUser(OAuth2Authentication):
    """
    OAuth 2 authentication backend using `django-oauth-toolkit`
    """
    www_authenticate_realm = "api"
    user = get_user_model().objects.first()

    def authenticate(self, request):
        """
        Returns two-tuple of (user, token) if authentication succeeds,
        or None otherwise.
        """
        oauthlib_core = get_oauthlib_core()
        valid, r = oauthlib_core.verify_request(request, scopes=[])
        if valid:
            return self.user, r.access_token
        request.oauth2_error = getattr(r, "oauth2_error", {})
        return None


class MyJSONWebTokenAuthentication(JSONWebTokenAuthentication):

    def authenticate(self, request):
        """
        Returns a two-tuple of `User` and token if a valid signature has been
        supplied using JWT-based authentication.  Otherwise returns `None`.
        """
        jwt_value = self.get_jwt_value(request)
        if jwt_value is None:
            return None

        jwt_str = str(jwt_value, 'UTF-8')[-10:]
        is_expired = rh.get_token(jwt_str)
        if isinstance(is_expired, str):
            rh.set_token(jwt_str)
        else:
            msg = _('Signature has expired.')
            raise exceptions.AuthenticationFailed(msg)

        try:
            payload = jwt_decode_handler(jwt_value)
        except jwt.ExpiredSignature:
            # msg = _('Signature has expired.')
            # raise exceptions.AuthenticationFailed(msg)
            pass
        except jwt.DecodeError:
            msg = _('Error decoding signature.')
            raise exceptions.AuthenticationFailed(msg)
        except jwt.InvalidTokenError:
            raise exceptions.AuthenticationFailed()

        user = self.authenticate_credentials(payload)

        return (user, jwt_value)