Skip to content

Commit b0b68c3

Browse files
author
IndominusByte
committed
make dynamic verify jwt in request
1 parent c4751fa commit b0b68c3

File tree

3 files changed

+22
-28
lines changed

3 files changed

+22
-28
lines changed

fastapi_jwt_auth/auth_config.py

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,6 @@
66
class AuthConfig:
77
_token = None
88
_token_location = {'headers'}
9-
_response = None
10-
_request = None
119

1210
_secret_key = None
1311
_public_key = None

fastapi_jwt_auth/auth_jwt.py

Lines changed: 22 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -506,7 +506,7 @@ def _verify_and_get_jwt_optional_in_cookies(self,issuer: Optional[str] = None) -
506506

507507
# set token from cookie and verify jwt
508508
self._token = cookie
509-
self._verify_jwt_optional_in_request(self._token,issuer)
509+
self.verify_jwt_optional_in_request(self._token,issuer)
510510

511511
decoded_token = self.get_raw_jwt()
512512

@@ -553,7 +553,7 @@ def _verify_and_get_jwt_in_cookies(
553553

554554
# set token from cookie and verify jwt
555555
self._token = cookie
556-
self._verify_jwt_in_request(self._token,type_token,'cookies',issuer,fresh)
556+
self.verify_jwt_in_request(self._token,type_token,'cookies',issuer,fresh)
557557

558558
decoded_token = self.get_raw_jwt()
559559

@@ -563,7 +563,7 @@ def _verify_and_get_jwt_in_cookies(
563563
if not hmac.compare_digest(csrf_cookie,decoded_token['csrf']):
564564
raise CSRFError(status_code=401,message="CSRF double submit tokens do not match")
565565

566-
def _verify_jwt_optional_in_request(self,token: str, issuer: Optional[str] = None) -> None:
566+
def verify_jwt_optional_in_request(self,token: str, issuer: Optional[str] = None) -> None:
567567
"""
568568
Optionally check if this request has a valid access token
569569
@@ -573,10 +573,10 @@ def _verify_jwt_optional_in_request(self,token: str, issuer: Optional[str] = Non
573573
if token:
574574
self._verifying_token(token,issuer)
575575

576-
if token and self._get_type_token() != 'access':
576+
if token and self.get_raw_jwt(token)['type'] != 'access':
577577
raise AccessTokenRequired(status_code=422,message="Only access tokens are allowed")
578578

579-
def _verify_jwt_in_request(
579+
def verify_jwt_in_request(
580580
self,
581581
token: str,
582582
type_token: str,
@@ -599,14 +599,14 @@ def _verify_jwt_in_request(
599599
if not token and token_from == 'headers':
600600
raise MissingHeaderError(status_code=401,message="Missing {} Header".format(self._header_name))
601601

602-
if self._get_type_token() != type_token:
602+
if self.get_raw_jwt(token)['type'] != type_token:
603603
msg = "Only {} tokens are allowed".format(type_token)
604604
if type_token == 'access':
605605
raise AccessTokenRequired(status_code=422,message=msg)
606606
if type_token == 'refresh':
607607
raise RefreshTokenRequired(status_code=422,message=msg)
608608

609-
if fresh and not self._get_fresh_token():
609+
if fresh and not self.get_raw_jwt(token)['fresh']:
610610
raise FreshTokenRequired(status_code=401,message="Fresh token required")
611611

612612
def _verifying_token(self,encoded_token: str, issuer: Optional[str] = None) -> None:
@@ -653,24 +653,18 @@ def _verified_token(self,encoded_token: str, issuer: Optional[str] = None) -> Di
653653
except Exception as err:
654654
raise JWTDecodeError(status_code=422,message=str(err))
655655

656-
def _get_type_token(self) -> str:
657-
return self.get_raw_jwt()['type']
658-
659-
def _get_fresh_token(self) -> bool:
660-
return self.get_raw_jwt()['fresh']
661-
662656
def jwt_required(self) -> None:
663657
"""
664658
Only access token can access this function
665659
"""
666660
if len(self._token_location) == 2:
667661
if self._token and self.jwt_in_headers:
668-
self._verify_jwt_in_request(self._token,'access','headers',self._decode_issuer)
662+
self.verify_jwt_in_request(self._token,'access','headers',self._decode_issuer)
669663
if not self._token and self.jwt_in_cookies:
670664
self._verify_and_get_jwt_in_cookies('access',self._decode_issuer)
671665
else:
672666
if self.jwt_in_headers:
673-
self._verify_jwt_in_request(self._token,'access','headers',self._decode_issuer)
667+
self.verify_jwt_in_request(self._token,'access','headers',self._decode_issuer)
674668
if self.jwt_in_cookies:
675669
self._verify_and_get_jwt_in_cookies('access',self._decode_issuer)
676670

@@ -682,12 +676,12 @@ def jwt_optional(self) -> None:
682676
"""
683677
if len(self._token_location) == 2:
684678
if self._token and self.jwt_in_headers:
685-
self._verify_jwt_optional_in_request(self._token,self._decode_issuer)
679+
self.verify_jwt_optional_in_request(self._token,self._decode_issuer)
686680
if not self._token and self.jwt_in_cookies:
687681
self._verify_and_get_jwt_optional_in_cookies(self._decode_issuer)
688682
else:
689683
if self.jwt_in_headers:
690-
self._verify_jwt_optional_in_request(self._token,self._decode_issuer)
684+
self.verify_jwt_optional_in_request(self._token,self._decode_issuer)
691685
if self.jwt_in_cookies:
692686
self._verify_and_get_jwt_optional_in_cookies(self._decode_issuer)
693687

@@ -697,12 +691,12 @@ def jwt_refresh_token_required(self) -> None:
697691
"""
698692
if len(self._token_location) == 2:
699693
if self._token and self.jwt_in_headers:
700-
self._verify_jwt_in_request(self._token,'refresh','headers')
694+
self.verify_jwt_in_request(self._token,'refresh','headers')
701695
if not self._token and self.jwt_in_cookies:
702696
self._verify_and_get_jwt_in_cookies('refresh')
703697
else:
704698
if self.jwt_in_headers:
705-
self._verify_jwt_in_request(self._token,'refresh','headers')
699+
self.verify_jwt_in_request(self._token,'refresh','headers')
706700
if self.jwt_in_cookies:
707701
self._verify_and_get_jwt_in_cookies('refresh')
708702

@@ -712,30 +706,34 @@ def fresh_jwt_required(self) -> None:
712706
"""
713707
if len(self._token_location) == 2:
714708
if self._token and self.jwt_in_headers:
715-
self._verify_jwt_in_request(self._token,'access','headers',self._decode_issuer,True)
709+
self.verify_jwt_in_request(self._token,'access','headers',self._decode_issuer,True)
716710
if not self._token and self.jwt_in_cookies:
717711
self._verify_and_get_jwt_in_cookies('access',self._decode_issuer,True)
718712
else:
719713
if self.jwt_in_headers:
720-
self._verify_jwt_in_request(self._token,'access','headers',self._decode_issuer,True)
714+
self.verify_jwt_in_request(self._token,'access','headers',self._decode_issuer,True)
721715
if self.jwt_in_cookies:
722716
self._verify_and_get_jwt_in_cookies('access',self._decode_issuer,True)
723717

724-
def get_raw_jwt(self) -> Optional[Dict[str,Union[str,int,bool]]]:
718+
def get_raw_jwt(self,encoded_token: Optional[str] = None) -> Optional[Dict[str,Union[str,int,bool]]]:
725719
"""
726720
this will return the python dictionary which has all of the claims of the JWT that is accessing the endpoint.
727721
If no JWT is currently present, return None instead
728722
723+
:param encoded_token: The encoded JWT from parameter
729724
:return: claims of JWT
730725
"""
731-
if self._token:
732-
return self._verified_token(self._token)
726+
token = encoded_token or self._token
727+
728+
if token:
729+
return self._verified_token(token)
733730
return None
734731

735732
def get_jti(self,encoded_token: str) -> str:
736733
"""
737734
Returns the JTI (unique identifier) of an encoded JWT
738735
736+
:param encoded_token: The encoded JWT from parameter
739737
:return: string of JTI
740738
"""
741739
return self._verified_token(encoded_token)['jti']

tests/test_config.py

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,8 +20,6 @@ def protected(Authorize: AuthJWT = Depends()):
2020
def test_default_config():
2121
assert AuthJWT._token is None
2222
assert AuthJWT._token_location == {'headers'}
23-
assert AuthJWT._response is None
24-
assert AuthJWT._request is None
2523
assert AuthJWT._secret_key is None
2624
assert AuthJWT._public_key is None
2725
assert AuthJWT._private_key is None

0 commit comments

Comments
 (0)