better separation between api and frontend login

auth/__init__.py

@@ -5,13 +5,16 @@ Base module for auth aspects.
 Also this module contains mainly code for login through HTML pages served by the backend.
 If frontend pages are build by frontend code (JS, etc.) authentication should consider using api functions.
 (For more info, see api.auth_api.py.)
+
+This code uses login_user and logout user (to start and end sessions) ... API code returns JWTs.
 """
-from flask import Blueprint
+from flask import Blueprint, jsonify
+from flask_login import logout_user, LoginManager
 from werkzeug.routing import BuildError
 
 auth_bp = Blueprint('auth', __name__, url_prefix='/auth', template_folder='templates')
 
-from backend.auth.config import AUTH_PROVIDERS, DEFAULT_PROVIDER
+from backend.auth.config import AUTH_PROVIDERS, DEFAULT_FRONTEND_PROVIDER
 from backend.auth.oidc_config import OIDC_PROVIDERS
 
 from backend.auth.oidc import oidc_auth
@@ -26,7 +29,7 @@ def auth_decorator(): # custom decorator
 @auth_bp.route('/login', methods=['GET', 'POST'])
 def login():
     try:
-        prov = AUTH_PROVIDERS[DEFAULT_PROVIDER]
+        prov = AUTH_PROVIDERS[DEFAULT_FRONTEND_PROVIDER]
     except KeyError:
         return "No known default provider specified!"
     url = prov["url"]
@@ -41,3 +44,8 @@ def login():
 @auth_bp.route('/login_select', methods=['GET'])
 def login_select():
     return render_template('login_select.html', providers=AUTH_PROVIDERS)
+
+
+@auth_bp.route('/logout', methods=('GET', ))
+def logout():
+    logout_user()

auth/basic_auth.py

@@ -1,5 +1,7 @@
 # Route for handling the login page logic
 from flask import request, redirect, render_template, url_for
+from flask_login import login_user
+
 from backend.auth import auth_bp
 
 
@@ -10,5 +12,9 @@ def base_login():
         if request.form['username'] != 'admin' or request.form['password'] != 'admin':
             error = 'Invalid Credentials. Please try again.'
         else:
+            login_user()
             return redirect("/")
+
     return render_template('login.html', error=error)
+
+

auth/config.py

@@ -11,7 +11,19 @@ AUTH_PROVIDERS: Dict[str, Dict[str, str]] = {
             "type": "login_form",
             "url": "auth.base_login"
         },
+    "KIT OIDC (API)":
+        {
+            "type": "api_oidc",
+            "url": "auth_api_bp.oidc"
+        },
+    "User-Password (API)":
+        {
+            "type": "api_login_form",
+            "url": "auth_api_bp.base_login"
+        },
 }
 
-DEFAULT_PROVIDER: str = "Base Login"
-#DEFAULT_PROVIDER: str = "KIT OIDC"
+#DEFAULT_PROVIDER: str = "Base Login"
+DEFAULT_PROVIDER: str = "KIT OIDC (API)"
+
+DEFAULT_FRONTEND_PROVIDER: str = "Base Login"

auth/oidc.py

@@ -5,6 +5,7 @@ OIDC login auth module
 
 import flask
 from flask import jsonify
+from flask_login import login_user
 from flask_pyoidc.flask_pyoidc import OIDCAuthentication
 from flask_pyoidc.user_session import UserSession
 
@@ -50,8 +51,9 @@ def create_or_retrieve_user_from_userinfo(userinfo):
 @oidc_auth.oidc_auth()
 def oidc():
     user_session = UserSession(flask.session)
-    create_or_retrieve_user_from_userinfo(user_session.userinfo)
-    #login_user(user)
+    app.logger.info(user_session.userinfo)
+    user = create_or_retrieve_user_from_userinfo(user_session.userinfo)
+    login_user(user)
     return jsonify(id_token=user_session.id_token,
                    access_token=flask.session['access_token'],
                    userinfo=user_session.userinfo)