基于Python令牌的身份验证错误

时间:2015-04-23 19:03:07

标签: python authentication flask jwt eve

我使用基于令牌的身份验证来限制对我的网站用户的访问,我收到了以下错误

{"_status": "ERR", "_error": {"message": "Please provide proper credentials", "code": 401}}weber@weber-desktop:/var/www/lunar-cloud-web-ui/kukunako$ 

我的示例代码如下所示。

class TokenAuth(TokenAuth):
def check_auth(self, token, allowed_roles, resource, method):
    accounts = app.data.driver.db['people']
    return accounts.find_one({'token': token})

app = Eve(__name__,static_url_path='/static', auth = TokenAuth)
app.debug = True,

app.config.update(
   DEBUG=True,
      #EMAIL SETTINGS
      MAIL_SERVER='smtp.gmail.com',
      MAIL_PORT=465,
      MAIL_USE_SSL=True,
      MAIL_USERNAME = '<username>',
      MAIL_PASSWORD = '<password>'
)

 mail=Mail(app)
 socketio = SocketIO(app)


 def create_token(user):
  payload = {
      'sub': str(user['_id']),
      'iat': datetime.now(),
      'exp': datetime.now() + timedelta(days=14)
  }

token = jwt.encode(payload, TOKEN_SECRET)
return token.decode('unicode_escape')

def login_required(f):
   @wraps(f)
   def decorated_function(*args, **kwargs):
    if not request.headers.get('Authorization'):
        response = jsonify(error='Missing authorization header')
        response.status_code = 401
        return response

    payload = parse_token(request)

    if datetime.fromtimestamp(payload['exp']) < datetime.now():
        response = jsonify(error='Token has expired')
        response.status_code = 401
        return response

    g.user_id = payload['sub']

    return f(*args, **kwargs)

return decorated_function

 @app.route('/auth/login', methods=['POST'])
    def login():
        accounts = app.data.driver.db['people']
        user = accounts.find_one({'email': request.json['email']})
        if not user:
           response = jsonify(error='Your email does not exist')
           response.status_code = 401
           return response
        if not user['email_confirmed'] == True:
           response = jsonify(error='Email is not confirmed')
           response.status_code = 401
           return response
        if not user or not check_password_hash(user['password']['password'],      request.json['password']):
           response = jsonify(error='Wrong Email or Password')
           response.status_code = 401
           return response
         token = create_token(user)

        return jsonify(token=token)

我的所有代码都显示在下面的设置文件和服务器代码文件中 settings file

server code file

1 个答案:

答案 0 :(得分:1)

你是如何测试的?

我可以想到两个可能的问题。

  1. JWT令牌需要为base64编码
  2. 您可能最后忘记了:
  3. e.g。如果您的令牌如下(取自jwt.io网站)

    eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
    

    您需要执行以下操作:

    $ echo 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ:' | base64
    ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SnpkV0lpT2lJeE1qTTBOVFkzT0Rrd0lpd2libUZ0WlNJNklrcHZhRzRnUkc5bElpd2lZV1J0YVc0aU9uUnlkV1Y5LlRKVkE5NU9yTTdFMmNCYWIzMFJNSHJIRGNFZnhqb1laZ2VGT05GaDdIZ1E6Cg==
    

    现在使用如下(使用curl

    curl -H "Authorization Basic ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SnpkV0lpT2lJeE1qTTBOVFkzT0Rrd0lpd2libUZ0WlNJNklrcHZhRzRnUkc5bElpd2lZV1J0YVc0aU9uUnlkV1Y5LlRKVkE5NU9yTTdFMmNCYWIzMFJNSHJIRGNFZnhqb1laZ2VGT05GaDdIZ1E6Cg==" http://127.0.0.1:5000/my_secure_endpoint