complete all docs

IndominusByte · IndominusByte · commit 8e54499abedf · 2020-10-30T03:04:13.000+08:00
diff --git a/README.md b/README.md
@@ -2,21 +2,26 @@
   FastAPI JWT Auth
 </h1>
 
-[![Build Status](https://travis-ci.org/IndominusByte/fastapi-jwt-auth.svg?branch=master)](https://travis-ci.org/IndominusByte/fastapi-jwt-auth)
+![Tests](https://github.com/IndominusByte/fastapi-jwt-auth/workflows/Tests/badge.svg)
 [![Coverage Status](https://coveralls.io/repos/github/IndominusByte/fastapi-jwt-auth/badge.svg?branch=master)](https://coveralls.io/github/IndominusByte/fastapi-jwt-auth?branch=master)
 [![PyPI version](https://badge.fury.io/py/fastapi-jwt-auth.svg)](https://badge.fury.io/py/fastapi-jwt-auth)
 [![Downloads](https://static.pepy.tech/personalized-badge/fastapi-jwt-auth?period=total&units=international_system&left_color=grey&right_color=brightgreen&left_text=Downloads)](https://pepy.tech/project/fastapi-jwt-auth)
 
 ---
 
+**Documentation**: <a href="https://indominusbyte.github.io/fastapi-jwt-auth" target="_blank">https://indominusbyte.github.io/fastapi-jwt-auth</a>
+
+**Source Code**: <a href="https://github.com/IndominusByte/fastapi-jwt-auth" target="_blank">https://github.com/IndominusByte/fastapi-jwt-auth</a>
+
+---
+
 ## Features
-FastAPI extension that provides JWT Auth support (secure, easy to use and lightweight), if you were familiar with flask-jwt-extended this extension suitable for you because this extension inspired by flask-jwt-extended 😀
+FastAPI extension that provides JWT Auth support (secure, easy to use and lightweight), if you were familiar with flask-jwt-extended this extension suitable for you, cause this extension inspired by flask-jwt-extended 😀
 
 - Access tokens and refresh tokens
 - Freshness Tokens
 - Revoking Tokens
 - Support for adding custom claims to JSON Web Tokens
-- Support RSA encryption
 - Storing tokens in cookies and CSRF protection
 
 ## Installation
diff --git a/docs/advanced-usage/additional-claims.md b/docs/advanced-usage/additional-claims.md
@@ -0,0 +1,9 @@
+You may want to store additional information in the access token or refresh token and you could later access in the protected views. This can be done easily by parsing additional information *(dictionary python)* to parameter **user_claims** in function **create_access_token()** or **create_refresh_token()**, and the data can be accessed later in a protected endpoint with the **get_raw_jwt()** function.
+
+Storing data in the tokens can be good for performance. If you store data in the tokens, you won't need to look it up from disk next time you need it in a protected endpoint. However, you should take care of what data you put in the tokens. Any data in the tokens can be trivially viewed by anyone who can read the tokens.
+
+**Note**: *Do not store sensitive information in the tokens!*
+
+```python hl_lines="34-35 44"
+{!../examples/additional_claims.py!}
+```
diff --git a/docs/advanced-usage/bigger-app.md b/docs/advanced-usage/bigger-app.md
@@ -0,0 +1,36 @@
+Because *fastapi-jwt-auth* configure your setting via class state that applies across all instances of the class. You need to make sure to call **load_config**(callback) above from your endpoint. Thanks to `FastAPI` when you make endpoint from `APIRouter` it will actually work as if everything was the same single app.
+
+So you only need to define **load_config**(callback) where `Fastapi` instance created or you can import it where you included all the router. 
+
+## An example file structure
+
+Let's say you have a file structure like this:
+
+```
+.
+├── multiple_files
+│   ├── __init__.py
+│   ├── app.py
+│   └── routers
+│       ├── __init__.py
+│       ├── items.py
+│       └── users.py
+```
+
+Here an example of `app.py`
+
+```python
+{!../examples/multiple_files/app.py!}
+```
+
+Here an example of `users.py`
+
+```python
+{!../examples/multiple_files/routers/users.py!}
+```
+
+Here an example of `items.py`
+
+```python
+{!../examples/multiple_files/routers/items.py!}
+```
diff --git a/docs/advanced-usage/dynamic-algorithm.md b/docs/advanced-usage/dynamic-algorithm.md
@@ -0,0 +1,5 @@
+You can specify which algorithm you would like to use to sign the JWT by using the **algorithm** parameter in **create_access_token()** or **create_refresh_token()**. Also you need to specify which algorithms you would like to permit when validating in protected endpoint by settings `authjwt_decode_algorithms` which take a *sequence*. If the JWT doesn't have algorithm in `authjwt_decode_algorithms` the token will be rejected.
+
+```python hl_lines="16 35-36"
+{!../examples/dynamic_algorithm.py!}
+```
diff --git a/docs/advanced-usage/dynamic-expires.md b/docs/advanced-usage/dynamic-expires.md
@@ -0,0 +1,18 @@
+You can also change the expires time for a token via parameter **expires_time** in the **create_access_token()** or **create_refresh_token()** function. This takes a *datetime.timedelta*, *integer*, or even *boolean* and overrides the `authjwt_access_token_expires` and `authjwt_refresh_token_expires` settings. This can be useful if you have different use cases for different tokens.
+
+```python
+@app.post('/create-dynamic-token')
+def create_dynamic_token(Authorize: AuthJWT = Depends()):
+    expires = datetime.timedelta(days=1)
+    token = Authorize.create_access_token(subject="test",expires_time=expires)
+    return {"token": token}
+```
+
+You can even disable expiration by setting **expires_time** to *False*:
+
+```python
+@app.post('/create-token-disable')
+def create_dynamic_token(Authorize: AuthJWT = Depends()):
+    token = Authorize.create_access_token(subject="test",expires_time=False)
+    return {"token": token}
+```
diff --git a/docs/advanced-usage/generate-docs.md b/docs/advanced-usage/generate-docs.md
@@ -0,0 +1,7 @@
+It feels incomplete if there is no documentation because *fastapi-jwt-auth* that uses starlette request and response directly to get headers or cookies, you must manually generate the documentation. Thanks to `FastAPI` you can generate doc easily via `Extending OpenAPI`.
+
+Here is an example to generate the doc:
+
+```python hl_lines="37 57-65 69 71-78"
+{!../examples/generate_doc.py!}
+```
diff --git a/docs/api-doc.md b/docs/api-doc.md
@@ -10,7 +10,7 @@ In here you will find the API for everything exposed in this extension.
 
 **token_in_denylist_loader**(callback)
 :   *This decorator sets the callback function that will be called when
-    a protected endpoint is accessed and will check if the JWT has been
+    a protected endpoint is accessed and will check if the JWT has
     been revoked. By default, this callback is not used.*
 
     **Hint**: *The callback must be a function that takes `one` argument, which is the decoded JWT (python dictionary),
diff --git a/docs/configuration/cookies.md b/docs/configuration/cookies.md
@@ -8,11 +8,11 @@ These are only applicable if `authjwt_token_location` is use cookies.
 
 `authjwt_access_cookie_path`
 :   What path should be set for the access cookie. Defaults to `'/'`, which will cause this
-    access cookie to be sent in with every request.
+    access cookie to be sent in every request.
 
 `authjwt_refresh_cookie_path`
 :   What path should be set for the refresh cookie. Defaults to `'/'`, which will cause this
-    refresh cookie to be sent in with every request. 
+    refresh cookie to be sent in every request. 
 
 `authjwt_cookie_max_age`
 :   If you don't set anything else, the cookie will expire when the browser is closed. Defaults to
diff --git a/examples/additional_claims.py b/examples/additional_claims.py
@@ -0,0 +1,45 @@
+from fastapi import FastAPI, HTTPException, Depends, Request
+from fastapi.responses import JSONResponse
+from fastapi_jwt_auth import AuthJWT
+from fastapi_jwt_auth.exceptions import AuthJWTException
+from pydantic import BaseModel
+
+app = FastAPI()
+
+class User(BaseModel):
+    username: str
+    password: str
+
+class Settings(BaseModel):
+    authjwt_secret_key: str = "secret"
+
+@AuthJWT.load_config
+def get_config():
+    return Settings()
+
+@app.exception_handler(AuthJWTException)
+def authjwt_exception_handler(request: Request, exc: AuthJWTException):
+    return JSONResponse(
+        status_code=exc.status_code,
+        content={"detail": exc.message}
+    )
+
+@app.post('/login')
+def login(user: User, Authorize: AuthJWT = Depends()):
+    if user.username != "test" or user.password != "test":
+        raise HTTPException(status_code=401,detail="Bad username or password")
+
+    # You can be passing custom claim to argument user_claims
+    # in function create_access_token() or create refresh token()
+    another_claims = {"foo": ["fiz","baz"]}
+    access_token = Authorize.create_access_token(subject=user.username,user_claims=another_claims)
+    return {"access_token": access_token}
+
+# In protected route, get the claims you added to the jwt with the
+# get_raw_jwt() method
+@app.get('/claims')
+def user(Authorize: AuthJWT = Depends()):
+    Authorize.jwt_required()
+
+    foo_claims = Authorize.get_raw_jwt()['foo']
+    return {"foo": foo_claims}
diff --git a/examples/basic.py b/examples/basic.py
@@ -34,7 +34,7 @@ def authjwt_exception_handler(request: Request, exc: AuthJWTException):
 # later in endpoint protected
 @app.post('/login')
 def login(user: User, Authorize: AuthJWT = Depends()):
-    if user.username != "test" and user.password != "test":
+    if user.username != "test" or user.password != "test":
         raise HTTPException(status_code=401,detail="Bad username or password")
 
     # subject identifier for who this token is for example id or username from database
diff --git a/examples/csrf_protection_cookies.py b/examples/csrf_protection_cookies.py
@@ -45,7 +45,7 @@ def login(user: User, Authorize: AuthJWT = Depends()):
     With authjwt_cookie_csrf_protect set to True, set_access_cookies() and
     set_refresh_cookies() will now also set the non-httponly CSRF cookies
     """
-    if user.username != "test" and user.password != "test":
+    if user.username != "test" or user.password != "test":
         raise HTTPException(status_code=401,detail="Bad username or password")
 
     # Create the tokens and passing to set_access_cookies or set_refresh_cookies
diff --git a/examples/denylist.py b/examples/denylist.py
@@ -44,7 +44,7 @@ def check_if_token_in_denylist(decrypted_token):
 
 @app.post('/login')
 def login(user: User, Authorize: AuthJWT = Depends()):
-    if user.username != "test" and user.password != "test":
+    if user.username != "test" or user.password != "test":
         raise HTTPException(status_code=401,detail="Bad username or password")
 
     access_token = Authorize.create_access_token(subject=user.username)
diff --git a/examples/denylist_redis.py b/examples/denylist_redis.py
@@ -49,7 +49,7 @@ def check_if_token_in_denylist(decrypted_token):
 
 @app.post('/login')
 def login(user: User, Authorize: AuthJWT = Depends()):
-    if user.username != "test" and user.password != "test":
+    if user.username != "test" or user.password != "test":
         raise HTTPException(status_code=401,detail="Bad username or password")
 
     access_token = Authorize.create_access_token(subject=user.username)
diff --git a/examples/dynamic_algorithm.py b/examples/dynamic_algorithm.py
@@ -0,0 +1,56 @@
+from fastapi import FastAPI, HTTPException, Depends, Request
+from fastapi.responses import JSONResponse
+from fastapi_jwt_auth import AuthJWT
+from fastapi_jwt_auth.exceptions import AuthJWTException
+from pydantic import BaseModel
+
+app = FastAPI()
+
+class User(BaseModel):
+    username: str
+    password: str
+
+class Settings(BaseModel):
+    authjwt_secret_key: str = "secret"
+    # Configure algorithms which is permit
+    authjwt_decode_algorithms: set = {"HS384","HS512"}
+
+@AuthJWT.load_config
+def get_config():
+    return Settings()
+
+@app.exception_handler(AuthJWTException)
+def authjwt_exception_handler(request: Request, exc: AuthJWTException):
+    return JSONResponse(
+        status_code=exc.status_code,
+        content={"detail": exc.message}
+    )
+
+@app.post('/login')
+def login(user: User, Authorize: AuthJWT = Depends()):
+    if user.username != "test" or user.password != "test":
+        raise HTTPException(status_code=401,detail="Bad username or password")
+
+    # You can define different algorithm when create a token
+    access_token = Authorize.create_access_token(subject=user.username,algorithm="HS384")
+    refresh_token = Authorize.create_refresh_token(subject=user.username,algorithm="HS512")
+    return {"access_token": access_token, "refresh_token": refresh_token}
+
+# In protected route, automatically check incoming JWT
+# have algorithm in your `authjwt_decode_algorithms` or not
+@app.post('/refresh')
+def refresh(Authorize: AuthJWT = Depends()):
+    Authorize.jwt_refresh_token_required()
+
+    current_user = Authorize.get_jwt_subject()
+    new_access_token = Authorize.create_access_token(subject=current_user)
+    return {"access_token": new_access_token}
+
+# In protected route, automatically check incoming JWT
+# have algorithm in your `authjwt_decode_algorithms` or not
+@app.get('/protected')
+def protected(Authorize: AuthJWT = Depends()):
+    Authorize.jwt_required()
+
+    current_user = Authorize.get_jwt_subject()
+    return {"user": current_user}
diff --git a/examples/freshness.py b/examples/freshness.py
@@ -27,7 +27,7 @@ def authjwt_exception_handler(request: Request, exc: AuthJWTException):
 # Standard login endpoint. Will return a fresh access token and a refresh token
 @app.post('/login')
 def login(user: User, Authorize: AuthJWT = Depends()):
-    if user.username != "test" and user.password != "test":
+    if user.username != "test" or user.password != "test":
         raise HTTPException(status_code=401,detail="Bad username or password")
 
     """
@@ -62,7 +62,7 @@ def fresh_login(user: User, Authorize: AuthJWT = Depends()):
     this will only return a new access token, so that we don't keep
     generating new refresh tokens, which entirely defeats their point.
     """
-    if user.username != "test" and user.password != "test":
+    if user.username != "test" or user.password != "test":
         raise HTTPException(status_code=401,detail="Bad username or password")
 
     new_access_token = Authorize.create_access_token(subject=user.username,fresh=True)
diff --git a/examples/generate_doc.py b/examples/generate_doc.py
@@ -0,0 +1,84 @@
+from fastapi import FastAPI, Request, Depends, HTTPException
+from fastapi.responses import JSONResponse
+from fastapi.openapi.utils import get_openapi
+from fastapi_jwt_auth import AuthJWT
+from fastapi_jwt_auth.exceptions import AuthJWTException
+from pydantic import BaseModel
+
+app = FastAPI()
+
+class User(BaseModel):
+    username: str
+    password: str
+
+class Settings(BaseModel):
+    authjwt_secret_key: str = "secret"
+
+@AuthJWT.load_config
+def get_config():
+    return Settings()
+
+@app.exception_handler(AuthJWTException)
+def authjwt_exception_handler(request: Request, exc: AuthJWTException):
+    return JSONResponse(
+        status_code=exc.status_code,
+        content={"detail": exc.message}
+    )
+
+
+@app.post('/login')
+def login(user: User, Authorize: AuthJWT = Depends()):
+    if user.username != "test" or user.password != "test":
+        raise HTTPException(status_code=401,detail="Bad username or password")
+
+    access_token = Authorize.create_access_token(subject=user.username)
+    return {"access_token": access_token}
+
+@app.get('/protected', operation_id="authorize")
+def protected(Authorize: AuthJWT = Depends()):
+    Authorize.jwt_required()
+
+    current_user = Authorize.get_jwt_subject()
+    return {"user": current_user}
+
+
+def custom_openapi():
+    if app.openapi_schema:
+        return app.openapi_schema
+
+    openapi_schema = get_openapi(
+        title="Custom title",
+        version="2.5.0",
+        description="This is a very custom OpenAPI schema",
+        routes=app.routes,
+    )
+
+    # Custom documentation fastapi-jwt-auth
+    headers = {
+        "name": "Authorization",
+        "in": "header",
+        "required": True,
+        "schema": {
+            "title": "Authorization",
+            "type": "string"
+        },
+    }
+
+    # Get routes from index 4 because before that fastapi define router for /openapi.json, /redoc, /docs, etc
+    # Get all router where operation_id is authorize
+    router_authorize = [route for route in app.routes[4:] if route.operation_id == "authorize"]
+
+    for route in router_authorize:
+        method = list(route.methods)[0].lower()
+        try:
+            # If the router has another parameter
+            openapi_schema["paths"][route.path][method]['parameters'].append(headers)
+        except Exception:
+            # If the router doesn't have a parameter
+            openapi_schema["paths"][route.path][method].update({"parameters":[headers]})
+
+    app.openapi_schema = openapi_schema
+    return app.openapi_schema
+
+
+app.openapi = custom_openapi
diff --git a/examples/jwt_in_cookies.py b/examples/jwt_in_cookies.py
@@ -35,7 +35,7 @@ def authjwt_exception_handler(request: Request, exc: AuthJWTException):
 
 @app.post('/login')
 def login(user: User, Authorize: AuthJWT = Depends()):
-    if user.username != "test" and user.password != "test":
+    if user.username != "test" or user.password != "test":
         raise HTTPException(status_code=401,detail="Bad username or password")
 
     # Create the tokens and passing to set_access_cookies or set_refresh_cookies
diff --git a/examples/multiple_files/__init__.py b/examples/multiple_files/__init__.py
diff --git a/examples/multiple_files/app.py b/examples/multiple_files/app.py
diff --git a/examples/multiple_files/routers/__init__.py b/examples/multiple_files/routers/__init__.py
diff --git a/examples/multiple_files/routers/items.py b/examples/multiple_files/routers/items.py
diff --git a/examples/multiple_files/routers/users.py b/examples/multiple_files/routers/users.py
diff --git a/examples/optional.py b/examples/optional.py
diff --git a/examples/refresh.py b/examples/refresh.py
diff --git a/mkdocs.yml b/mkdocs.yml
