Skip to content
This repository was archived by the owner on May 26, 2020. It is now read-only.

Fix redundant jwt.decode() calls when JWT_GET_USER_SECRET_KEY is None #416

Closed
wants to merge 1 commit into from
Closed

Fix redundant jwt.decode() calls when JWT_GET_USER_SECRET_KEY is None #416

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 15 additions & 12 deletions rest_framework_jwt/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
from rest_framework_jwt.settings import api_settings


def jwt_get_secret_key(payload=None):
def jwt_get_secret_key(user_id=None):
"""
For enhanced security you may want to use a secret key based on user.

Expand All @@ -21,12 +21,13 @@ def jwt_get_secret_key(payload=None):
- password is changed
- etc.
"""
if api_settings.JWT_GET_USER_SECRET_KEY:
User = get_user_model() # noqa: N806
user = User.objects.get(pk=payload.get('user_id'))
key = str(api_settings.JWT_GET_USER_SECRET_KEY(user))
return key
return api_settings.JWT_SECRET_KEY
if not user_id:
return api_settings.JWT_SECRET_KEY

User = get_user_model() # noqa: N806
user = User.objects.get(pk=user_id)
key = str(api_settings.JWT_GET_USER_SECRET_KEY(user))
return key


def jwt_payload_handler(user):
Expand Down Expand Up @@ -88,7 +89,9 @@ def jwt_get_username_from_payload_handler(payload):


def jwt_encode_handler(payload):
key = api_settings.JWT_PRIVATE_KEY or jwt_get_secret_key(payload)
key = api_settings.JWT_PRIVATE_KEY or jwt_get_secret_key(
payload.get('user_id')
if api_settings.JWT_GET_USER_SECRET_KEY else None)
return jwt.encode(
payload,
key,
Expand All @@ -100,12 +103,12 @@ def jwt_decode_handler(token):
options = {
'verify_exp': api_settings.JWT_VERIFY_EXPIRATION,
}
# get user from token, BEFORE verification, to get user secret key
unverified_payload = jwt.decode(token, None, False)
secret_key = jwt_get_secret_key(unverified_payload)
key = api_settings.JWT_PUBLIC_KEY or jwt_get_secret_key(
jwt.decode(token, None, False).get('user_id')
if api_settings.JWT_GET_USER_SECRET_KEY else None)
return jwt.decode(
token,
api_settings.JWT_PUBLIC_KEY or secret_key,
key,
api_settings.JWT_VERIFY,
options=options,
leeway=api_settings.JWT_LEEWAY,
Expand Down