novaburst/funquail
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Remove JWT related code

Browse source
This commit is contained in:
Georg Krause 2021-04-24 20:05:00 +02:00
commit 88de997603
No known key found for this signature in database
GPG key ID: FD479B9A4D48E632
13 changed files with 2 additions and 331 deletions
Download patch file Download diff file Expand all files Collapse all files

116
api/funkwhale_api/common/authentication.py
View file

@ -1,5 +1,4 @@
from django.conf import settings
from django.utils.encoding import smart_text
from django.utils.translation import ugettext as _
from django.core.cache import cache
@ -9,8 +8,6 @@ from oauth2_provider.contrib.rest_framework.authentication import (
OAuth2Authentication as BaseOAuth2Authentication,
)
from rest_framework import exceptions
from rest_framework_jwt import authentication
from rest_framework_jwt.settings import api_settings
from funkwhale_api.users import models as users_models
@ -76,116 +73,3 @@ class ApplicationTokenAuthentication(object):
request.scopes = application.scope.split()
return user, None
class BaseJsonWebTokenAuth(object):
def authenticate(self, request):
try:
return super().authenticate(request)
except UnverifiedEmail as e:
msg = _("You need to verify your email address.")
resend_confirmation_email(request, e.user)
raise exceptions.AuthenticationFailed(msg)
def authenticate_credentials(self, payload):
"""
We have to implement this method by hand to ensure we can check that the
User has a verified email, if required
"""
User = authentication.get_user_model()
username = authentication.jwt_get_username_from_payload(payload)
if not username:
msg = _("Invalid payload.")
raise exceptions.AuthenticationFailed(msg)
try:
user = User.objects.get_by_natural_key(username)
except User.DoesNotExist:
msg = _("Invalid signature.")
raise exceptions.AuthenticationFailed(msg)
if not user.is_active:
msg = _("User account is disabled.")
raise exceptions.AuthenticationFailed(msg)
if should_verify_email(user):
raise UnverifiedEmail(user)
return user
class JSONWebTokenAuthenticationQS(
BaseJsonWebTokenAuth, authentication.BaseJSONWebTokenAuthentication
):
www_authenticate_realm = "api"
def get_jwt_value(self, request):
token = request.query_params.get("jwt")
if "jwt" in request.query_params and not token:
msg = _("Invalid Authorization header. No credentials provided.")
raise exceptions.AuthenticationFailed(msg)
return token
def authenticate_header(self, request):
return '{0} realm="{1}"'.format(
api_settings.JWT_AUTH_HEADER_PREFIX, self.www_authenticate_realm
)
class BearerTokenHeaderAuth(
BaseJsonWebTokenAuth, authentication.BaseJSONWebTokenAuthentication
):
"""
For backward compatibility purpose, we used Authorization: JWT <token>
but Authorization: Bearer <token> is probably better.
"""
www_authenticate_realm = "api"
def get_jwt_value(self, request):
auth = authentication.get_authorization_header(request).split()
auth_header_prefix = "bearer"
if not auth:
if api_settings.JWT_AUTH_COOKIE:
return request.COOKIES.get(api_settings.JWT_AUTH_COOKIE)
return None
if smart_text(auth[0].lower()) != auth_header_prefix:
return None
if len(auth) == 1:
msg = _("Invalid Authorization header. No credentials provided.")
raise exceptions.AuthenticationFailed(msg)
elif len(auth) > 2:
msg = _(
"Invalid Authorization header. Credentials string "
"should not contain spaces."
)
raise exceptions.AuthenticationFailed(msg)
return auth[1]
def authenticate_header(self, request):
return '{0} realm="{1}"'.format("Bearer", self.www_authenticate_realm)
def authenticate(self, request):
auth = super().authenticate(request)
if auth:
if not auth[0].actor:
auth[0].create_actor()
return auth
class JSONWebTokenAuthentication(
BaseJsonWebTokenAuth, authentication.JSONWebTokenAuthentication
):
def authenticate(self, request):
auth = super().authenticate(request)
if auth:
if not auth[0].actor:
auth[0].create_actor()
return auth

18
api/funkwhale_api/users/jwt_views.py
View file

@ -1,18 +0,0 @@
from rest_framework_jwt import views as jwt_views
from . import serializers
class ObtainJSONWebToken(jwt_views.ObtainJSONWebToken):
throttling_scopes = {"*": {"anonymous": "jwt-login", "authenticated": "jwt-login"}}
serializer_class = serializers.JSONWebTokenSerializer
class RefreshJSONWebToken(jwt_views.RefreshJSONWebToken):
throttling_scopes = {
"*": {"anonymous": "jwt-refresh", "authenticated": "jwt-refresh"}
}
obtain_jwt_token = ObtainJSONWebToken.as_view()
refresh_jwt_token = RefreshJSONWebToken.as_view()

11
api/funkwhale_api/users/serializers.py
View file

@ -10,10 +10,8 @@ from allauth.account import models as allauth_models
from rest_auth.serializers import PasswordResetSerializer as PRS
from rest_auth.registration.serializers import RegisterSerializer as RS, get_adapter
from rest_framework import serializers
from rest_framework_jwt import serializers as jwt_serializers
from funkwhale_api.activity import serializers as activity_serializers
from funkwhale_api.common import authentication
from funkwhale_api.common import models as common_models
from funkwhale_api.common import preferences
from funkwhale_api.common import serializers as common_serializers
@ -42,15 +40,6 @@ username_validators = [ASCIIUsernameValidator()]
NOOP = object()
class JSONWebTokenSerializer(jwt_serializers.JSONWebTokenSerializer):
def validate(self, data):
try:
return super().validate(data)
except authentication.UnverifiedEmail as e:
authentication.send_email_confirmation(self.context["request"], e.user)
raise serializers.ValidationError("Please verify your email address.")
class RegisterSerializer(RS):
invitation = serializers.CharField(
required=False, allow_null=True, allow_blank=True