django-pfx 1.4.dev24__tar.gz → 1.4.dev26__tar.gz

{django-pfx-1.4.dev24 → django-pfx-1.4.dev26}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: django-pfx
-Version: 1.4.dev24
+Version: 1.4.dev26
 Summary: Django PFX is a toolkit designed to streamline the development of RESTful APIs using the Django framework.
 Author: Hervé Martinet
 Author-email: herve.martinet@gmail.com

{django-pfx-1.4.dev24 → django-pfx-1.4.dev26}/django_pfx.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: django-pfx
-Version: 1.4.dev24
+Version: 1.4.dev26
 Summary: Django PFX is a toolkit designed to streamline the development of RESTful APIs using the Django framework.
 Author: Hervé Martinet
 Author-email: herve.martinet@gmail.com

{django-pfx-1.4.dev24 → django-pfx-1.4.dev26}/pfx/pfxcore/middleware/authentication.py

@@ -30,13 +30,29 @@ class JWTTokenDecodeMixin:
         return user
 
     @classmethod
-    def decode_jwt(cls, token, otp_login=False):
+    def decode_jwt_header(cls, token):
         try:
             headers = jwt.get_unverified_header(token)
             if 'pfx_user_pk' not in headers:
                 raise jwt.InvalidTokenError(
                     "Missing pfx_user_pk in token headers")
-            user = cls.get_cached_user(headers['pfx_user_pk'])
+            return headers['pfx_user_pk']
+        except (jwt.ExpiredSignatureError,
+                jwt.InvalidTokenError, jwt.InvalidSignatureError,
+                DecodeError) as e:
+            # Log these exceptions only in debug mode
+            logger.debug(e, exc_info=True)
+            raise
+        except Exception as e:
+            # Always logs unexpected exceptions
+            logger.exception(e)
+            raise
+
+    @classmethod
+    def decode_jwt(cls, token, otp_login=False):
+        user_pk = cls.decode_jwt_header(token)
+        try:
+            user = cls.get_cached_user(user_pk)
             decoded = jwt.decode(
                 token,
                 user.get_user_jwt_signature_key() + settings.PFX_SECRET_KEY,
@@ -49,11 +65,12 @@ class JWTTokenDecodeMixin:
                     "This token is reserved for OTP login")
             return user
         except (get_user_model().DoesNotExist, jwt.ExpiredSignatureError,
-                jwt.InvalidTokenError, jwt.InvalidSignatureError) as e:
+                jwt.InvalidTokenError, jwt.InvalidSignatureError,
+                DecodeError) as e:
             # Log these exceptions only in debug mode
             logger.debug(e, exc_info=True)
             raise
-        except (DecodeError, Exception) as e:
+        except Exception as e:
             # Always logs unexpected exceptions
             logger.exception(e)
             raise
@@ -72,11 +89,11 @@ class AuthenticationMiddleware(JWTTokenDecodeMixin, MiddlewareMixin):
         authorization = request.headers.get('Authorization')
         if authorization:
             try:
-                _, key = authorization.split("Bearer ")
+                _, token = authorization.split("Bearer ")
             except ValueError:
-                key = None
+                token = ""
             try:
-                request.user = self.decode_jwt(key)
+                request.user = self.decode_jwt(token)
             except Exception:
                 request.user = AnonymousUser()
         else:
@@ -102,10 +119,10 @@ class CookieAuthenticationMiddleware(JWTTokenDecodeMixin, MiddlewareMixin):
     """
 
     def process_request(self, request):
-        key = request.COOKIES.get('token')
-        if key:
+        token = request.COOKIES.get('token', "")
+        if token:
             try:
-                request.user = self.decode_jwt(key)
+                request.user = self.decode_jwt(token)
             except Exception:
                 request.user = AnonymousUser()
                 request.delete_cookie = True

{django-pfx-1.4.dev24 → django-pfx-1.4.dev26}/pfx/pfxcore/views/authentication_views.py

@@ -261,9 +261,7 @@ class AuthenticationView(
         return jwt.encode(
             payload,
             user.get_user_jwt_signature_key() + settings.PFX_SECRET_KEY,
-            headers=dict(
-                pfx_user_pk=user.pk,
-                username=user.get_username()),
+            headers=dict(pfx_user_pk=user.pk),
             algorithm="HS256")
 
     def get_extra_payload(self, user):
@@ -559,9 +557,13 @@ class AuthenticationView(
                     description: If the OTP is disabled for this user.
         """
         data = self.deserialize_body()
-        token = data.get('token')
-        username = jwt.get_unverified_header(token).get('username')
-        ban_dt = LoginBan.objects.is_ban(username)
+        token = data.get('token', "")
+        try:
+            user_pk = self.decode_jwt_header(token)
+            ban_key = f"otp_{user_pk}"
+        except Exception:
+            raise UnauthorizedError()
+        ban_dt = LoginBan.objects.is_ban(ban_key)
         if ban_dt:
             return self.login_ban_response(ban_dt)
         try:
@@ -574,9 +576,9 @@ class AuthenticationView(
         if not user.otp_secret_token:
             raise ForbiddenError()
         if user.is_otp_valid(data.get('otp_code')):
-            LoginBan.objects.unban(username)
+            LoginBan.objects.unban(ban_key)
             return self._login_success(user, mode, remember_me)
-        LoginBan.objects.ban(username)
+        LoginBan.objects.ban(ban_key)
         return self.login_failed_response()
 
     def get_user(self, uidb64):
@@ -836,9 +838,8 @@ class OtpEmailView(BodyMixin, JWTTokenDecodeMixin, BaseRestView):
             data = self.deserialize_body()
             try:
                 user, __, __ = self.decode_jwt(
-                    data.get('token'), otp_login=True)
-            except Exception as e:
-                logger.exception(e)
+                    data.get('token', ""), otp_login=True)
+            except Exception:
                 raise UnauthorizedError()
         else:
             user = self.request.user

{django-pfx-1.4.dev24 → django-pfx-1.4.dev26}/tests/tests/test_auth_api.py

@@ -1287,20 +1287,20 @@ class AuthAPITest(TestAssertMixin, TransactionTestCase):
             code_match = re.search(
                 r'Authentication code: (\d{6})', mail.outbox[0].body)
             self.assertIsNotNone(code_match)
-            otp_code = int(code_match.group(1))
+            otp_code = code_match.group(1)
 
-        with freeze_time("2023-05-01 08:15:01"):
+        with freeze_time("2023-05-01 08:15:00"):
             response = self.client.post('/api/auth/otp/login', dict(
                 token=otp_token,
                 otp_code=otp_code))
-            self.assertRC(response, 422)
+            self.assertRC(response, 200)
+            self.assertJEExists(response, 'token')
 
-        with freeze_time("2023-05-01 08:15:00"):
+        with freeze_time("2023-05-01 08:15:01"):
             response = self.client.post('/api/auth/otp/login', dict(
                 token=otp_token,
                 otp_code=otp_code))
-            self.assertRC(response, 200)
-            self.assertJEExists(response, 'token')
+            self.assertRC(response, 422)
 
     @override_settings(
         PFX_HOTP_CODE_VALIDITY=15,