better separation between api and frontend login

2019-04-02 10:47:53 +02:00
parent ed57dc2720
commit 024f063bea
7 changed files with 80 additions and 14 deletions
--- a/auth/init.py
+++ b/auth/init.py
@@ -5,13 +5,16 @@ Base module for auth aspects.
 Also this module contains mainly code for login through HTML pages served by the backend.
 If frontend pages are build by frontend code (JS, etc.) authentication should consider using api functions.
 (For more info, see api.auth_api.py.)
+
+This code uses login_user and logout user (to start and end sessions) ... API code returns JWTs.
 """
-from flask import Blueprint
+from flask import Blueprint, jsonify
+from flask_login import logout_user, LoginManager
 from werkzeug.routing import BuildError

 auth_bp = Blueprint('auth', __name__, url_prefix='/auth', template_folder='templates')

-from backend.auth.config import AUTH_PROVIDERS, DEFAULT_PROVIDER
+from backend.auth.config import AUTH_PROVIDERS, DEFAULT_FRONTEND_PROVIDER
 from backend.auth.oidc_config import OIDC_PROVIDERS

 from backend.auth.oidc import oidc_auth
@@ -26,7 +29,7 @@ def auth_decorator(): # custom decorator
@auth_bp.route('/login', methods=['GET', 'POST'])
 def login():
    try:
-        prov = AUTH_PROVIDERS[DEFAULT_PROVIDER]
+        prov = AUTH_PROVIDERS[DEFAULT_FRONTEND_PROVIDER]
    except KeyError:
        return "No known default provider specified!"
    url = prov["url"]
@@ -41,3 +44,8 @@ def login():
@auth_bp.route('/login_select', methods=['GET'])
 def login_select():
    return render_template('login_select.html', providers=AUTH_PROVIDERS)
+
+
+@auth_bp.route('/logout', methods=('GET', ))
+def logout():
+    logout_user()