added user and group API and models
This commit is contained in:
@@ -5,10 +5,14 @@ For example: listing of available auth providers or registration of users.
|
||||
|
||||
Login through API does not start a new session, but instead returns JWT.
|
||||
"""
|
||||
import base64
|
||||
import json
|
||||
|
||||
import flask
|
||||
from datetime import datetime, timedelta
|
||||
import jwt
|
||||
from flask import request, jsonify, current_app, url_for
|
||||
from flask import request, jsonify, current_app, url_for, Response, session, redirect, make_response
|
||||
from flask_jwt_extended import create_access_token, create_refresh_token, jwt_refresh_token_required, get_jwt_identity
|
||||
from functools import wraps
|
||||
from random import randint
|
||||
|
||||
@@ -22,14 +26,6 @@ from backend.auth import AUTH_PROVIDERS, oidc_auth
|
||||
from backend.models.user_model import User, Group
|
||||
|
||||
|
||||
def create_jwt(user: User, validity_min=30):
|
||||
return jwt.encode({
|
||||
'sub': user.email,
|
||||
'iat': datetime.utcnow(),
|
||||
'exp': datetime.utcnow() + timedelta(minutes=validity_min)},
|
||||
current_app.config['SECRET_KEY'])
|
||||
|
||||
|
||||
@auth_api_bp.route('/providers', methods=('GET',))
|
||||
def get_auth_providers():
|
||||
providers = dict()
|
||||
@@ -65,8 +61,11 @@ def login():
|
||||
if not user:
|
||||
return jsonify({'message': 'Invalid credentials', 'authenticated': False}), 401
|
||||
|
||||
token = create_jwt(user)
|
||||
return jsonify({'token': token.decode('UTF-8')})
|
||||
token = {
|
||||
'access_token': create_access_token(identity=user.email, fresh=True),
|
||||
'refresh_token': create_refresh_token(identity=user.email)
|
||||
}
|
||||
return jsonify(token), 200
|
||||
|
||||
|
||||
def check_and_create_groups(groups: Iterable[str]):
|
||||
@@ -112,17 +111,38 @@ def create_or_retrieve_user_from_userinfo(userinfo):
|
||||
|
||||
|
||||
@auth_api_bp.route('/oidc', methods=['GET'])
|
||||
@auth_api_bp.route('/oidc/<redirect_url>', methods=['GET'])
|
||||
@oidc_auth.oidc_auth()
|
||||
def oidc():
|
||||
|
||||
def oidc(redirect_url=None):
|
||||
user = create_or_retrieve_user_from_userinfo(flask.session['userinfo'])
|
||||
|
||||
#return jsonify(user.to_dict())
|
||||
return user.toJSON()
|
||||
if user is None:
|
||||
return "Could not authenticate: could not find or create user.", 401
|
||||
if current_app.config.get("AUTH_RETURN_EXTERNAL_JWT", False):
|
||||
token = jwt.encode(flask.session['id_token'], current_app.config['SECRET_KEY'])
|
||||
else:
|
||||
token = create_jwt(user)
|
||||
return token
|
||||
token = json.dumps({
|
||||
'access_token': create_access_token(identity=user.email, fresh=True),
|
||||
'refresh_token': create_refresh_token(identity=user.email)
|
||||
})
|
||||
if redirect_url is None:
|
||||
redirect_url = request.headers.get("Referer")
|
||||
if redirect_url is None:
|
||||
redirect_url = request.args.get('redirect_url')
|
||||
if redirect_url is None:
|
||||
redirect_url = "/"
|
||||
app.logger.info("Token: {}".format(token))
|
||||
response = make_response(redirect(redirect_url))
|
||||
response.set_cookie('tokens', base64.b64encode(token.encode('utf-8')))
|
||||
return response
|
||||
|
||||
|
||||
@app.route('/refresh', methods=['POST'])
|
||||
@jwt_refresh_token_required
|
||||
def refresh():
|
||||
"""Refresh token endpoint. This will generate a new access token from
|
||||
the refresh token, but will mark that access token as non-fresh,
|
||||
as we do not actually verify a password in this endpoint."""
|
||||
current_user = get_jwt_identity()
|
||||
new_token = create_access_token(identity=current_user, fresh=False)
|
||||
ret = {'access_token': new_token}
|
||||
return jsonify(ret), 200
|
||||
|
||||
Reference in New Issue
Block a user