Django Rest Framework PyJWT 令牌无效 header 填充

Django Rest Framework PyJWT Token Invalid header padding

我正在使用 Django Rest Frame Work,我正在尝试获取经过身份验证的用户信息,使用 session

中的令牌

views.py:

# Get Authenticated User Data
class UserAPIView(APIView):
    authentication_classes = [JWTAuthentication]
    permission_classes = [IsAuthenticated]

    def get(self, request):
        return Response(UserSerializer(request.user).data)

JWTAuthentication

class JWTAuthentication(BaseAuthentication):

    def authenticate(self, request):
        token = request.COOKIES.get('jwt')
        print('token = ', token)

        if not token:
            return None

        try:
            payload = jwt.decode(token, settings.SECRET_KEY, algorithms=['HS256'])
            print('payload = ', payload)
        except jwt.ExpiredSignatureError:
            raise exceptions.AuthenticationFailed('unauthenticated')

        user = User.objects.get(pk=payload['user_id'])

        if not user:
            raise exceptions.AuthenticationFailed('User not found!')

        return (user, None)

    @staticmethod
    def generate_jwt(id):
        payload = {
            'user_id': id,
            'exp': datetime.datetime.now() + datetime.timedelta(days=1),
            'iat': datetime.datetime.utcnow()
        }
        return jwt.encode(payload, settings.SECRET_KEY, algorithm='HS256')

但是我遇到了这个错误

Invalid header padding 

这是回溯

[08/Jun/2021 10:44:09] "GET /api/account/user/ HTTP/1.1" 500 134862
token =  b'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE2MjMyMzU0NDcsImlhdCI6MTYyMzE0MTg0N30.qnNZw3M5YiLMalc78wknjtuTOztHbjyr2swHyK1xuGY'
Internal Server Error: /api/account/user/
Traceback (most recent call last):
  File "C:\Users\MAbbas\AppData\Local\Programs\Python\Python37\lib\site-packages\jwt\api_jws.py", line 186, in _load
    header_data = base64url_decode(header_segment)
  File "C:\Users\MAbbas\AppData\Local\Programs\Python\Python37\lib\site-packages\jwt\utils.py", line 42, in base64url_decode
    return base64.urlsafe_b64decode(input)
  File "C:\Users\MAbbas\AppData\Local\Programs\Python\Python37\lib\base64.py", line 133, in urlsafe_b64decode
    return b64decode(s)
  File "C:\Users\MAbbas\AppData\Local\Programs\Python\Python37\lib\base64.py", line 87, in b64decode
    return binascii.a2b_base64(s)
binascii.Error: Invalid base64-encoded string: number of data characters (37) cannot be 1 more than a multiple of 4

这是 Traceback 的其余部分

在处理上述异常的过程中,又发生了异常:

  File "D:\Private\PythonProjects\ProCoders-02\src\Pepsi\profession\backend\blog\api\API_Authentication.py", line 20, in authenticate
    payload = jwt.decode(token, settings.SECRET_KEY, algorithms=['HS256'])
  File "C:\Users\MAbbas\AppData\Local\Programs\Python\Python37\lib\site-packages\jwt\api_jwt.py", line 84, in decode
    payload, _, _, _ = self._load(jwt)
  File "C:\Users\MAbbas\AppData\Local\Programs\Python\Python37\lib\site-packages\jwt\api_jws.py", line 188, in _load
    raise DecodeError('Invalid header padding')
jwt.exceptions.DecodeError: Invalid header padding

修改 01 号(添加 LogInView 以显示我如何保存令牌)

登录查看

class LoginAPIView(APIView):
    def post(self, request):
        email = request.data['email']
        password = request.data['password']

        user = User.objects.filter(email=email).first()

        if user is None:
            raise exceptions.AuthenticationFailed('User not found!')

        if not user.check_password(password):
            raise exceptions.AuthenticationFailed('Incorrect Password!')

        token = JWTAuthentication.generate_jwt(user.id)

        response = Response()
        response.set_cookie(key='jwt', value=token, httponly=True)
        response.data = {
            'message': 'success'
        }

        return response

令牌存在于 cookie 中并如您所见打印出来,但这个错误让我很生气 谢谢in-advance

在编码时尝试将令牌解码为 utf-8

return jwt.encode(有效载荷, settings.SECRET_KEY, 算法='HS256').decode("utf-8")

并检查它是否有效

这里有更多信息https://github.com/jpadilla/pyjwt/issues/319

我认为问题可能出在您对 jwt 进行编码的方式上,在您的有效负载中尝试将“exp”值转换为 int 值,如下所示: 有效载荷= { 'user_id': 编号, 'exp': int(datetime.datetime.now() + datetime.timedelta(days=1)), 'iat': 整数(datetime.datetime.utcnow()) } return jwt.encode(有效载荷,settings.SECRET_KEY,算法='HS256')

我认为 exp 和 iat 值必须是数字