Merge pull request #10 from eadwinCode/jazz_merge_march4_2022

Jazzband recent updates

Author: eadwinCode

ninja_jwt/backends.py

@@ -2,18 +2,28 @@
 
 import jwt
 from django.utils.translation import gettext_lazy as _
-from jwt import InvalidAlgorithmError, InvalidTokenError, PyJWKClient, algorithms
+from jwt import InvalidAlgorithmError, InvalidTokenError, algorithms
 
 from .exceptions import TokenBackendError
 from .utils import format_lazy
 
+try:
+    from jwt import PyJWKClient
+
+    JWK_CLIENT_AVAILABLE = True
+except ImportError:
+    JWK_CLIENT_AVAILABLE = False
+
 ALLOWED_ALGORITHMS = (
     "HS256",
     "HS384",
     "HS512",
     "RS256",
     "RS384",
     "RS512",
+    "ES256",
+    "ES384",
+    "ES512",
 )
 
 
@@ -36,7 +46,10 @@ def __init__(
         self.audience = audience
         self.issuer = issuer
 
-        self.jwks_client = PyJWKClient(jwk_url) if jwk_url else None
+        if JWK_CLIENT_AVAILABLE:
+            self.jwks_client = PyJWKClient(jwk_url) if jwk_url else None
+        else:
+            self.jwks_client = None
         self.leeway = leeway
 
         if algorithm.startswith("HS"):

ninja_jwt/models.py

@@ -105,3 +105,7 @@ def is_authenticated(self) -> bool:
 
     def get_username(self) -> str:
         return self.username
+
+    def __getattr__(self, attr):
+        """This acts as a backup attribute getter for custom claims defined in Token serializers."""
+        return self.token.get(attr, None)

ninja_jwt/token_blacklist/migrations/0012_alter_outstandingtoken_user.py

@@ -0,0 +1,26 @@
+# Generated by Django 3.2.10 on 2022-01-24 06:42
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ("token_blacklist", "0011_linearizes_history"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="outstandingtoken",
+            name="user",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                to=settings.AUTH_USER_MODEL,
+            ),
+        ),
+    ]

ninja_jwt/token_blacklist/models.py

@@ -5,7 +5,7 @@
 class OutstandingToken(models.Model):
     id = models.BigAutoField(primary_key=True, serialize=False)
     user = models.ForeignKey(
-        settings.AUTH_USER_MODEL, on_delete=models.CASCADE, null=True, blank=True
+        settings.AUTH_USER_MODEL, on_delete=models.SET_NULL, null=True, blank=True
     )
 
     jti = models.CharField(unique=True, max_length=255)

ninja_jwt/tokens.py

@@ -170,7 +170,8 @@ def check_exp(self, claim: str = "exp", current_time: Optional[datetime] = None)
             raise TokenError(format_lazy(_("Token has no '{}' claim"), claim))
 
         claim_time = datetime_from_epoch(claim_value)
-        if claim_time <= current_time:
+        leeway = self.get_token_backend().leeway
+        if claim_time <= current_time - timedelta(seconds=leeway):
             raise TokenError(format_lazy(_("Token '{}' claim has expired"), claim))
 
     @classmethod
@@ -190,11 +191,16 @@ def for_user(cls, user: Type[AbstractBaseUser]) -> Union["Token", Type["Token"]]
 
     _token_backend = None
 
-    def get_token_backend(self):
+    @property
+    def token_backend(self):
         if self._token_backend is None:
             self._token_backend = import_string("ninja_jwt.state.token_backend")
         return self._token_backend
 
+    def get_token_backend(self):
+        # Backward compatibility.
+        return self.token_backend
+
 
 class BlacklistMixin:
     """
@@ -277,6 +283,11 @@ def __init__(self, *args: Any, **kwargs: Any) -> None:
             )
 
 
+class AccessToken(Token):
+    token_type: str = "access"
+    lifetime: timedelta = api_settings.ACCESS_TOKEN_LIFETIME
+
+
 class RefreshToken(BlacklistMixin, Token):
     token_type: str = "refresh"
     lifetime: timedelta = api_settings.REFRESH_TOKEN_LIFETIME
@@ -290,6 +301,7 @@ class RefreshToken(BlacklistMixin, Token):
         api_settings.JTI_CLAIM,
         "jti",
     )
+    access_token_class = AccessToken
 
     @property
     def access_token(self) -> "AccessToken":
@@ -298,7 +310,7 @@ def access_token(self) -> "AccessToken":
         claims present in this refresh token to the new access token except
         those claims listed in the `no_copy_claims` attribute.
         """
-        access = AccessToken()
+        access = self.access_token_class()
 
         # Use instantiation time of refresh token as relative timestamp for
         # access token "exp" claim.  This ensures that both a refresh and
@@ -315,11 +327,6 @@ def access_token(self) -> "AccessToken":
         return access
 
 
-class AccessToken(Token):
-    token_type: str = "access"
-    lifetime: timedelta = api_settings.ACCESS_TOKEN_LIFETIME
-
-
 class UntypedToken(Token):
     token_type: str = "untyped"
     lifetime: timedelta = timedelta(seconds=0)

pyproject.toml

@@ -48,7 +48,7 @@ classifiers = [
 
 dependencies = [
     "Django >= 2.1",
-    "pyjwt>=2,<3",
+    "pyjwt>=1.7.1,<3",
     "pyjwt[crypto]",
     "ninja-schema >= 0.12.8",
     "django-ninja-extra >= 0.14.2",

tests/keys.py

@@ -110,3 +110,19 @@
 E01hmaHk9xlOpo73IjUxhXUCAwEAAQ==
 -----END PUBLIC KEY-----
 """
+
+
+ES256_PRIVATE_KEY = """
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIMtBPxiLHcJCrAGdz4jHvTtAh6Rw7351AckG3whXq2WOoAoGCCqGSM49
+AwEHoUQDQgAEMZHyNxbkr7+zqQ1dQk/zug2pwYdztmjhpC+XqK88q5NfIS1cBYYt
+zhHUS4vGpazNqbW8HA3ZIvJRmx4L96O6/w==
+-----END EC PRIVATE KEY-----
+"""
+
+ES256_PUBLIC_KEY = """
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMZHyNxbkr7+zqQ1dQk/zug2pwYdz
+tmjhpC+XqK88q5NfIS1cBYYtzhHUS4vGpazNqbW8HA3ZIvJRmx4L96O6/w==
+-----END PUBLIC KEY-----
+"""