|
|
@@ -2,6 +2,7 @@
|
|
|
from __future__ import unicode_literals
|
|
|
from tastypie.authentication import Authentication
|
|
|
from django.contrib.auth.models import User
|
|
|
+from django.conf import settings
|
|
|
from .jwt_token import check_token, get_username
|
|
|
import simplejson as json
|
|
|
|
|
|
@@ -13,33 +14,33 @@ class JWTAuthentication(Authentication):
|
|
|
if request.content_type != 'application/json':
|
|
|
return False
|
|
|
|
|
|
- # Check body
|
|
|
- if not request.body:
|
|
|
+ # Check authorization header
|
|
|
+ if settings.JWT_ACCEPT_HEADER not in request.META:
|
|
|
return False
|
|
|
|
|
|
- body = json.loads(request.body)
|
|
|
+ authorization_header = request.META.get(settings.JWT_ACCEPT_HEADER)
|
|
|
|
|
|
- # Check required parameters
|
|
|
- if 'token' not in body:
|
|
|
+ # Check authorization header prefix
|
|
|
+ if not authorization_header.startswith(settings.JWT_PREFIX_HEADER):
|
|
|
return False
|
|
|
|
|
|
- return check_token(body['token'])
|
|
|
+ return check_token(authorization_header[4:])
|
|
|
|
|
|
'''
|
|
|
'''
|
|
|
def get_identifier(self, request):
|
|
|
# Check content type
|
|
|
if request.content_type != 'application/json':
|
|
|
- return None
|
|
|
+ return False
|
|
|
|
|
|
- # Check body
|
|
|
- if not request.body:
|
|
|
- return None
|
|
|
+ # Check authorization header
|
|
|
+ if settings.JWT_ACCEPT_HEADER not in request.META:
|
|
|
+ return False
|
|
|
|
|
|
- body = json.loads(request.body)
|
|
|
+ authorization_header = request.META.get(settings.JWT_ACCEPT_HEADER)
|
|
|
|
|
|
- # Check required parameters
|
|
|
- if 'token' not in body:
|
|
|
- return None
|
|
|
+ # Check authorization header prefix
|
|
|
+ if not authorization_header.startswith(settings.JWT_PREFIX_HEADER):
|
|
|
+ return False
|
|
|
|
|
|
- return get_username(body['token'])
|
|
|
+ return get_username(authorization_header[4:])
|
Gogs