jwt_token.py 1.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990
  1. # -*- coding: utf-8 -*-
  2. from __future__ import unicode_literals
  3. from django.conf import settings
  4. from django.contrib.auth import authenticate
  5. from django.contrib.auth.models import User
  6. from django.utils.crypto import constant_time_compare
  7. from jwt import DecodeError
  8. import jwt
  9. '''
  10. '''
  11. def create_token(username, password):
  12. # Check if exists jwt key
  13. if not settings.JWT_SECRET_KEY:
  14. return None
  15. user = authenticate(username=username, password=password)
  16. # Check user authentication
  17. if not user:
  18. return user
  19. payload = {
  20. 'uid': user.id,
  21. 'password': user.password
  22. }
  23. return jwt.encode(payload, settings.JWT_SECRET_KEY, algorithm='HS256')
  24. '''
  25. '''
  26. def explode_token(token):
  27. # Normalize token
  28. if token.startswith(settings.JWT_PREFIX_HEADER):
  29. prefix_length = len(settings.JWT_PREFIX_HEADER)
  30. token = token[prefix_length + 1:]
  31. # Check if exists jwt key
  32. if not settings.JWT_SECRET_KEY:
  33. return None
  34. payload = None
  35. try:
  36. payload = jwt.decode(token, settings.JWT_SECRET_KEY, algorithm='HS256')
  37. except DecodeError:
  38. return False
  39. # Check payload parameters
  40. if 'uid' not in payload or 'password' not in payload:
  41. return False
  42. return payload
  43. '''
  44. '''
  45. def get_user(token):
  46. payload = explode_token(token)
  47. user = User.objects.get(pk=payload['uid'])
  48. return user
  49. '''
  50. '''
  51. def get_username(token):
  52. user = get_user(token)
  53. # Check if exists user
  54. if not user:
  55. return user
  56. return user.name
  57. '''
  58. '''
  59. def check_token(token):
  60. payload = explode_token(token)
  61. if not payload:
  62. return (None, False)
  63. user = User.objects.get(pk=payload['uid'])
  64. # Check if exists user
  65. if not user:
  66. return (None, False)
  67. return (user, constant_time_compare(user.password, payload['password']))