dj-jwt-auth 1.9.5__py3-none-any.whl → 1.10.0__py3-none-any.whl

{dj_jwt_auth-1.9.5.dist-info → dj_jwt_auth-1.10.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.4
 Name: dj-jwt-auth
-Version: 1.9.5
+Version: 1.10.0
 Summary: A Django package for JSON Web Token validation and verification. Using PyJWT.
 Home-page: https://www.example.com/
 Author: Konstantin Seleznev
@@ -26,6 +26,7 @@ Requires-Dist: Django>=3.0
 Requires-Dist: pyjwt>=2.5.0
 Requires-Dist: requests>=2.28.1
 Requires-Dist: cryptography>=36.0.2
+Dynamic: description-content-type
 
 # Django-JWT
 

{dj_jwt_auth-1.9.5.dist-info → dj_jwt_auth-1.10.0.dist-info}/RECORD

@@ -1,21 +1,21 @@
 django_jwt/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 django_jwt/config.py,sha256=rJTLgFo42iuxZ4pk2tecmlp2fKcyX7QDDsOrnEKjC6c,1506
 django_jwt/exceptions.py,sha256=S8HeH_lu8XSsejhyW0qkl04MmXxxbN4-zrtyPywbBwc,311
-django_jwt/middleware.py,sha256=jk3M9qumI0p4rVvmkZM1jAf5xzaVl5FmAqrR-jAO_Po,1288
+django_jwt/middleware.py,sha256=xAF-kTv9GZ0waVkRgP2oNfqU3OpADcdg3NI2BrL7-TQ,1371
 django_jwt/pkce.py,sha256=j-v2ffCw0X3JW7ak8vfNeSZI-dACOvHbi1eLmJ0R8gM,685
 django_jwt/roles.py,sha256=SaHK3o8T8USS4ZhG4SrHPlZQV2lMb2t1UZHT6IQtBvA,143
 django_jwt/settings.py,sha256=N3v8B4lEM-bGLmAhXhF7hOfdcjKn6afbxDFx7CETcD0,1769
 django_jwt/urls.py,sha256=ZhcnRcQ1MBRh-bS7fTa-Vkz8yuWUhv-G_uRXKLnKAs0,320
 django_jwt/user.py,sha256=v2oCoAThstFg5x5cOA9nSKlYWZzCEqhFbz63WGhE_NM,6382
-django_jwt/utils.py,sha256=E_D_GxIVmKQYHzKTMEWPqR1zV4l0q40vPolxhcDGQdk,1641
-django_jwt/views.py,sha256=RO87xCGhKClkJScn_tlSwytIzlqL-pl0vIKdFUUPOVY,4829
+django_jwt/utils.py,sha256=Y0J5_31yLk_Xfi4fRn4u2Oh0b1dHMNjalKqx2gF-ONU,1696
+django_jwt/views.py,sha256=A67FLhbEcyDkD3GfTOmWWD2wrxRCQgsEvUQg43BQsEo,4830
 django_jwt/templates/django-jwt-index.html,sha256=y8f0v2WbRAFxnIU799I_MZCVsjn1sbdh7bypjdWB0lA,1353
-django_jwt/templates/admin/login.html,sha256=Nihyu0IGvDDZVvQDITXozwlj6XCQ0B8gqlyHLqVNyJc,275
+django_jwt/templates/admin/login.html,sha256=akPHr4mAMtISjTDlZ2KMVV1M2ZnMT8i5WjlfMe1hjI0,344
 tests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tests/models.py,sha256=jhoJcCEsx5B9AibmoLQLDD3cEsyYzYy6dMdYhRnBVFo,338
-tests/test.py,sha256=HEy5DsEYrPmtWSdeDhgdeV2tZTYlepaWt82VoTBrta8,11828
-tests/urls.py,sha256=D5FhDSVAudurkrpkCZZPnDvgXSgifwFVB3nAlYBg7uQ,212
-dj_jwt_auth-1.9.5.dist-info/METADATA,sha256=r7am9IZuqkvup41Kimg2-1b-eRuMPH5KtS6YNoKTKQc,4251
-dj_jwt_auth-1.9.5.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
-dj_jwt_auth-1.9.5.dist-info/top_level.txt,sha256=58O7TdK-yECZcbmPc52KNlBFpjIUlENuZubCxaSOxus,17
-dj_jwt_auth-1.9.5.dist-info/RECORD,,
+tests/test.py,sha256=m_iWQRMk3pS71A70m5RK3yQsS0PXX159EcZ_27weyB8,17910
+tests/urls.py,sha256=bjV0IYqenHbCUB3D8wsnznytaRjSqfLXiRt2T0ZeFGg,339
+dj_jwt_auth-1.10.0.dist-info/METADATA,sha256=WrK6dNsovcIyGtIE4wKlpLPb3DbMczbji2F_urlhxiI,4286
+dj_jwt_auth-1.10.0.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+dj_jwt_auth-1.10.0.dist-info/top_level.txt,sha256=58O7TdK-yECZcbmPc52KNlBFpjIUlENuZubCxaSOxus,17
+dj_jwt_auth-1.10.0.dist-info/RECORD,,

{dj_jwt_auth-1.9.5.dist-info → dj_jwt_auth-1.10.0.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (75.6.0)
+Generator: setuptools (80.10.2)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

django_jwt/middleware.py

@@ -29,7 +29,8 @@ class JWTAuthMiddleware(MiddlewareMixin):
             info = oidc_handler.decode_token(raw_token)
             request.user = request._cached_user = UserHandler(info, request, raw_token).get_user()
         except AlgorithmNotSupportedException as exc:
-            return JsonResponse(status=HTTPStatus.UNAUTHORIZED.value, data={"detail": str(exc)})
+            log.warning(f"AlgorithmNotSupportedException: {exc}")
+            return JsonResponse(status=HTTPStatus.UNAUTHORIZED.value, data={"detail": "algorithm not supported"})
         except ExpiredSignatureError:
             return JsonResponse(status=HTTPStatus.UNAUTHORIZED.value, data={"detail": "expired token"})
         except UnicodeDecodeError as exc:

django_jwt/templates/admin/login.html

@@ -1,9 +1,11 @@
 {% extends "admin/login.html" %}
 
 {% block content %}
-    {{  block.super }}
-    <br>
-    <div style="text-align: center;">
-        <a class="button" style="display: inline-block; margin-top: 20px" href="{% url 'start_oidc_auth' %}">NeoID Login</a>
-    </div>
+    {% if neoid_only is True %}
+        <div style="text-align: center;">
+            <a class="button" style="display: inline-block; margin-top: 20px" href="{% url 'start_oidc_auth' %}">NeoID Login</a>
+        </div>
+    {% else %}
+        {{ block.super }}
+    {% endif %}
 {% endblock %}

django_jwt/utils.py

@@ -7,11 +7,11 @@ import jwt
 import requests
 
 from django_jwt import settings
-from django_jwt.config import config
+from django_jwt.config import SupportedAlgorithms, config
 
 
 def get_random_string(k: int = 32) -> str:
-    return "".join(random.choices(string.ascii_letters + string.digits + "-._~", k=k))
+    return "".join(random.choices(string.ascii_letters + string.digits + "-._~", k=k))  # NOSONAR
 
 
 def get_alg(token: str) -> str:
@@ -20,7 +20,7 @@ def get_alg(token: str) -> str:
 
 
 def get_access_token(code: str, redirect_uri: str, pkce_secret: str, client_id: str) -> str:
-    token_endpoint = config.admin().get("token_endpoint")
+    token_endpoint = config.cfg(SupportedAlgorithms.ES256).get("token_endpoint")
     data = {
         "grant_type": "authorization_code",
         "client_id": client_id,

django_jwt/views.py

@@ -25,7 +25,7 @@ def silent_sso_check(request):
 
 
 def index_response(request, msg, status=400):
-    logout_url = config.admin().get("end_session_endpoint")
+    logout_url = config.cfg(SupportedAlgorithms.ES256).get("end_session_endpoint")
     return render(
         request,
         "django-jwt-index.html",
@@ -33,7 +33,6 @@ def index_response(request, msg, status=400):
             "error_message": msg,
             "login_url": reverse("start_oidc_auth"),
             "logout_url": logout_url,
-            "redirect_uri": request.build_absolute_uri(reverse("start_oidc_auth")),
         },
         status=status,
     )
@@ -107,7 +106,8 @@ class ReceiveRedirectView(CallbackView):
             log.warning(f"OIDC Admin HTTPError: {exc}")
             return index_response(request=request, msg=exc.response.text, status=exc.response.status_code)
         except ConfigException as exc:
-            return HttpResponse(content=str(exc), status=500)
+            log.error(f"OIDC Config error: {exc}")
+            return HttpResponse(content="OIDC Config error", status=500)
         except BadRequestException as exc:
             return index_response(request=request, msg=str(exc))
         except Exception as exc:

tests/test.py

@@ -1,10 +1,12 @@
 from datetime import datetime, timezone
 from http import HTTPStatus
 from unittest.mock import Mock, patch
+from urllib.parse import parse_qs, urlparse
 
 from django.contrib.auth import get_user_model
 from django.contrib.auth.models import Group, Permission
-from django.test import TestCase
+from django.http import HttpResponse
+from django.test import RequestFactory, TestCase
 from django.urls import reverse
 from jwt.api_jwt import ExpiredSignatureError
 
@@ -14,6 +16,13 @@ from django_jwt.exceptions import ConfigException
 from django_jwt.middleware import JWTAuthMiddleware
 from django_jwt.roles import ROLE
 from django_jwt.user import role_handler
+from django_jwt.views import (
+    LogoutView,
+    ReceiveRedirectView,
+    StartOIDCAuthView,
+    index_response,
+    silent_sso_check,
+)
 
 utc = timezone.utc
 access_token_payload = {
@@ -240,7 +249,7 @@ class ConfigTest(TestCase):
     def test_not_supported_alg(self, *_):
         response = self.middleware.process_request(self.request)
         self.assertEqual(HTTPStatus.UNAUTHORIZED.value, response.status_code)
-        self.assertEqual(b'{"detail": "Algorithm HS256 is not supported"}', response.content)
+        self.assertEqual(b'{"detail": "algorithm not supported"}', response.content)
 
 
 class RolesTest(TestCase):
@@ -289,3 +298,121 @@ class RolesTest(TestCase):
         self.assertTrue(self.user.is_staff)
         self.assertTrue(self.user.groups.filter(name="staff group").exists())
         self.assertTrue(self.user.user_permissions.filter(codename="add_user").exists())
+
+
+class ViewsTestCase(TestCase):
+    def setUp(self):
+        self.factory = RequestFactory()
+        self.user = User.objects.create(username="user2", kc_id="12345")
+
+    def test_silent_sso_check(self):
+        request = self.factory.get("/silent-sso/")
+        response = silent_sso_check(request)
+
+        self.assertIsInstance(response, HttpResponse)
+        self.assertIn("parent.postMessage", response.content.decode())
+
+    @patch("django_jwt.views.config.cfg", return_value={"end_session_endpoint": "/logout"})
+    def test_index_response(self, mock_config):
+        request = self.factory.get("/index/")
+        response = index_response(request, "Test error message", status=403)
+
+        self.assertEqual(response.status_code, 403)
+        self.assertIn("Test error message", response.content.decode())
+        self.assertIn('<button><a href="/admin/oidc/">Login</a></button>', response.content.decode())
+        self.assertIn('<button><a href="/logout">Logout</a></button', response.content.decode())
+
+    @patch("django_jwt.views.PKCESecret")
+    @patch("django_jwt.views.config")
+    def test_start_oidc_auth_view_get(self, mock_config, mock_pkce):
+        mock_pkce.return_value.challenge = "challenge"
+        mock_pkce.return_value.challenge_method = "S256"
+        mock_config.cfg.return_value.get.return_value = "/auth"
+
+        view = StartOIDCAuthView.as_view()
+        request = self.factory.get("/start-oidc/")
+        response = view(request)
+
+        self.assertEqual(response.status_code, 302)
+        self.assertIn("/auth?", response.url)
+        parsed_url = urlparse(response.url)
+        query_params = parse_qs(parsed_url.query)
+        self.assertEqual(query_params["client_id"][0], settings.OIDC_ADMIN_CLIENT_ID)
+        self.assertEqual(query_params["redirect_uri"][0], "http://testserver/admin/oidc/callback/")
+        self.assertEqual(query_params["response_type"][0], "code")
+        self.assertEqual(query_params["scope"][0], "openid")
+        self.assertEqual(query_params["code_challenge"][0], "challenge")
+        self.assertEqual(query_params["code_challenge_method"][0], "S256")
+
+    @patch("django_jwt.views.cache")
+    @patch("django_jwt.views.config")
+    @patch("django_jwt.views.get_access_token")
+    @patch("django_jwt.views.oidc_handler")
+    @patch("django_jwt.views.UserHandler.get_user")
+    def test_receive_redirect_view_success(
+        self, mock_get_user, mock_oidc_handler, mock_get_access_token, mock_cache, mock_config
+    ):
+        mock_cache.get.return_value = "pkce_secret"
+        mock_config.cfg.return_value.get.return_value = "/logout"
+        mock_get_access_token.return_value = "token"
+        mock_oidc_handler.decode_token.return_value = access_token_payload | {
+            "sub": self.user.kc_id,
+            "resource_access": {settings.OIDC_ADMIN_CLIENT_ID: {"roles": ["admin"]}},
+        }
+        mock_get_user.return_value = self.user
+
+        view = ReceiveRedirectView.as_view()
+        request = self.factory.get("/callback/", {"code": "abc", "state": "xyz"})
+        with patch("django_jwt.views.login"):
+            response = view(request)
+
+        self.assertEqual(response.status_code, 302)
+        self.assertIn(reverse("admin:index"), response.url)
+        self.user.refresh_from_db()
+        self.assertTrue(self.user.is_superuser)
+        self.assertTrue(self.user.is_staff)
+
+    @patch("django_jwt.views.config.cfg", return_value={"end_session_endpoint": "/logout"})
+    def test_receive_redirect_view_no_code_or_state(self, mock_config):
+        view = ReceiveRedirectView.as_view()
+        request = self.factory.get("/callback/")
+        response = view(request)
+        self.assertEqual(response.status_code, 400)
+        self.assertIn("No code or state", response.content.decode())
+        self.assertIn('<button><a href="/admin/oidc/">Login</a></button>', response.content.decode())
+        self.assertIn('<button><a href="/logout">Logout</a></button', response.content.decode())
+
+    @patch("django_jwt.views.cache.get", return_value=None)
+    @patch("django_jwt.views.config.cfg", return_value={"end_session_endpoint": "/logout"})
+    def test_receive_redirect_view_no_pkce(self, mock_cache, mock_config):
+        view = ReceiveRedirectView.as_view()
+        request = self.factory.get("/callback/", {"code": "abc", "state": "xyz"})
+        response = view(request)
+        self.assertEqual(response.status_code, 400)
+        self.assertIn("No PKCE secret found in cache", response.content.decode())
+
+    @patch("django_jwt.views.index_response")
+    @patch("django_jwt.views.cache")
+    @patch("django_jwt.views.get_access_token")
+    @patch("django_jwt.views.oidc_handler")
+    @patch("django_jwt.views.UserHandler")
+    def test_receive_redirect_view_http_error(
+        self, mock_user_handler, mock_oidc_handler, mock_get_access_token, mock_cache, mock_index_response
+    ):
+        mock_cache.get.return_value = "pkce_secret"
+        mock_get_access_token.side_effect = Exception("fail")
+        mock_index_response.return_value = HttpResponse("error", status=500)
+        view = ReceiveRedirectView.as_view()
+        request = self.factory.get("/callback/", {"code": "abc", "state": "xyz"})
+        response = view(request)
+        self.assertEqual(response.status_code, 500)
+
+    @patch("django_jwt.views.config.cfg", return_value={"end_session_endpoint": "/logout"})
+    def test_logout_view(self, mock_config):
+        view = LogoutView.as_view()
+        request = self.factory.get("/logout/")
+        response = view(request)
+        self.assertEqual(response.status_code, 401)
+        self.assertIn("Logged out", response.content.decode())
+        self.assertIn('<button><a href="/admin/oidc/">Login</a></button>', response.content.decode())
+        self.assertIn('<button><a href="/logout">Logout</a></button', response.content.decode())

tests/urls.py

@@ -1,5 +1,6 @@
+from django.contrib import admin
 from django.http import JsonResponse
-from django.urls import path
+from django.urls import include, path
 
 
 def profile(request):
@@ -7,5 +8,7 @@ def profile(request):
 
 
 urlpatterns = [
+    path("admin/", include("django_jwt.urls")),
+    path("admin/", admin.site.urls),
     path("profile/", profile, name="profile"),
 ]