如何从 jwt 过期令牌中提取有效负载

【问题标题】:How to extract payload from a jwt Expired Token如何从 jwt 过期令牌中提取有效负载
【发布时间】:2022-01-04 13:44:47
【问题描述】:

我已经制作了一个视图,我将刷新令牌发送到电子邮件以用于激活帐户。如果令牌有效,一切正常。问题是当 jwt 令牌过期时,我希望能够在 jwt.decode 抛出 ExpiredSignatureError 时在后端从令牌中提取有效负载(user_id),从而能够根据从令牌中提取的 user_id 自动重新发送电子邮件。

这是我生成令牌的方式:

def activation_link(request, user, email):
    token = RefreshToken.for_user(user)
    
    curent_site = "localhost:3000"
    relative_link="/auth/confirm-email"
    
    link = 'http://' + curent_site + relative_link + "/" + str(token)
    html_message  = render_to_string('users/email_templates/activate_account.html',{
        'activation_link': link,
    })

    text_content = strip_tags(html_message) 
    email_subject = 'Activate your account'
    from_email = 'notsure@yahoo.com'
    to_email = email

@api_view(['POST'])
def ConfirmEmailView(request):
    try:
        activation_token = request.data['activation_token']
        payload = jwt.decode(activation_token,settings.SECRET_KEY,  algorithms=['HS256'])
        user = User.objects.get(id = payload['user_id'])
        if user.is_confirmed:
            return Response('Already verified!', status=status.HTTP_200_OK)  
        user.is_confirmed = True
        user.save()
        return Response(status=status.HTTP_202_ACCEPTED)

    except jwt.ExpiredSignatureError as identifier:

        // =>>> Here I want to decode activation_token  and extract user_id 

        return Response("Link- expired!", status=status.HTTP_403_FORBIDDEN)


    except Exception as e:
        print(e)
        return Response(status=status.HTTP_400_BAD_REQUEST)

【问题讨论】:

    标签: django django-rest-framework access-token django-rest-framework-jwt django-rest-framework-simplejwt


    【解决方案1】:

    好吧,显然解决方案很简单:

    def ConfirmEmailView(request):
    try:
        activation_token = request.data['activation_token']
        payload = jwt.decode(activation_token,settings.SECRET_KEY,  algorithms=['HS256'])
        user = User.objects.get(id = payload['user_id'])
        if user.is_confirmed:
            return Response('Already verified!', status=status.HTTP_200_OK)  
        user.is_confirmed = True
        user.save()
        return Response(status=status.HTTP_202_ACCEPTED)

    except jwt.ExpiredSignatureError as identifier:

        # Here we are:

        payload = jwt.decode(request.data['activation_token'],settings.SECRET_KEY,  algorithms=['HS256'],options={"verify_signature": False}) 
        user_id = payload['user_id'];

        return Response({'user_id':user_id, status=status.HTTP_2OO_OK})

    通过添加options={"verify_signature": False} 可以很好地解码令牌!

    【讨论】:

      猜你喜欢
      • 2021-12-24
      • 2018-12-19
      • 1970-01-01
      • 2019-10-29
      • 2016-01-19
      • 1970-01-01
      • 2018-09-15
      • 1970-01-01
      • 2015-09-17
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode