def _user_from_refresh_token(self, jwtstr: str, key_pemstr: str, expected_issuer: Optional[str]=None,
expected_audience: Optional[str]=None) -> Optional[MNUser]:
_log.debug("Received refresh token: %s", jwtstr)
try:
token = jwt.decode(jwtstr, key_pemstr, algorithms=["RS256"], leeway=10,
issuer=expected_issuer, audience=expected_audience)
except (jwt.ExpiredSignatureError, jwt.InvalidAlgorithmError,
jwt.InvalidIssuerError, jwt.InvalidTokenError) as e:
_log.warning("Rejected refresh token because of %s", str(e))
return None
if "sub" not in token:
_log.error("BUG? Valid refresh token without user in subject. %s", jwtstr)
return None
try:
user = MNUser.objects.get(pk=token["sub"]) # type: MNUser
except MNUser.DoesNotExist:
_log.warning("No such user from valid JWT. %s", jwtstr)
return None
return user
评论列表
文章目录
