profile and other stuff
This commit is contained in:
@@ -7,23 +7,27 @@ Login through API does not start a new session, but instead returns JWT.
|
||||
"""
|
||||
import base64
|
||||
import json
|
||||
from pprint import pprint
|
||||
|
||||
import flask
|
||||
from datetime import datetime, timedelta
|
||||
import jwt
|
||||
from flask import request, jsonify, current_app, url_for, Response, session, redirect, make_response
|
||||
from flask_jwt_extended import create_access_token, create_refresh_token, jwt_refresh_token_required, get_jwt_identity
|
||||
from flask_jwt_extended import create_access_token, create_refresh_token, jwt_refresh_token_required, get_jwt_identity, \
|
||||
get_raw_jwt, jwt_required
|
||||
from functools import wraps
|
||||
from random import randint
|
||||
|
||||
from flask_login import logout_user, login_user
|
||||
from typing import Iterable
|
||||
|
||||
from flask_restplus import Resource, fields
|
||||
from werkzeug.routing import BuildError
|
||||
|
||||
from backend import db, app
|
||||
from backend.api import auth_api_bp
|
||||
from backend import db, app, jwt_extended
|
||||
from backend.api import auth_api_bp, auth_api_providers_ns, auth_api_register_ns
|
||||
from backend.auth import AUTH_PROVIDERS, oidc_auth
|
||||
from backend.models.user_model import User, Group
|
||||
from backend.models.user_model import User, Group, BlacklistToken
|
||||
|
||||
|
||||
@auth_api_bp.route('/providers', methods=('GET',))
|
||||
@@ -39,6 +43,12 @@ def get_auth_providers():
|
||||
return jsonify(providers)
|
||||
|
||||
|
||||
@auth_api_providers_ns.route('/')
|
||||
class AuthProviders(Resource):
|
||||
def get(self):
|
||||
return get_auth_providers()
|
||||
|
||||
|
||||
@auth_api_bp.route('/register', methods=('POST',))
|
||||
def register():
|
||||
data = request.get_json()
|
||||
@@ -48,6 +58,21 @@ def register():
|
||||
return jsonify(user.to_dict()), 201
|
||||
|
||||
|
||||
@auth_api_register_ns.route('/')
|
||||
@auth_api_register_ns.expect(auth_api_register_ns.model('RegisterModel', {
|
||||
'nickname': fields.String(required=False, description='The user\'s nickname'),
|
||||
'first_name': fields.String(required=False, description='The user\'s first name'),
|
||||
'last_name': fields.String(required=False, description='The user\'s last name'),
|
||||
'lang': fields.String(required=False, description='The user\'s preferred language'),
|
||||
'timezone': fields.String(required=False, description='The user\'s preferred timezone'),
|
||||
'email': fields.String(required=True, description='The user\'s e-mail address'),
|
||||
'password': fields.String(required=False, description='The group\'s name')
|
||||
}))
|
||||
class AuthProviders(Resource):
|
||||
def get(self):
|
||||
return register()
|
||||
|
||||
|
||||
@auth_api_bp.route('/login', methods=('GET', 'POST',))
|
||||
def login():
|
||||
print("login")
|
||||
@@ -62,11 +87,30 @@ def login():
|
||||
return jsonify({'message': 'Invalid credentials', 'authenticated': False}), 401
|
||||
|
||||
token = {
|
||||
'access_token': create_access_token(identity=user.email, fresh=True),
|
||||
'refresh_token': create_refresh_token(identity=user.email)
|
||||
'access_token': create_access_token(identity=user, fresh=True),
|
||||
'refresh_token': create_refresh_token(identity=user)
|
||||
}
|
||||
return jsonify(token), 200
|
||||
|
||||
# Endpoint for revoking the current users access token
|
||||
@auth_api_bp.route('/logout', methods=['GET', 'DELETE'])
|
||||
@jwt_required
|
||||
def logout():
|
||||
jti = get_raw_jwt()['jti']
|
||||
db.session.add(BlacklistToken(token=jti))
|
||||
db.session.commit()
|
||||
return jsonify({"msg": "Successfully logged out"}), 200
|
||||
|
||||
|
||||
# Endpoint for revoking the current users refresh token
|
||||
@auth_api_bp.route('/logout2', methods=['GET', 'DELETE'])
|
||||
@jwt_refresh_token_required
|
||||
def logout2():
|
||||
jti = get_raw_jwt()['jti']
|
||||
db.session.add(BlacklistToken(token=jti))
|
||||
db.session.commit()
|
||||
return jsonify({"msg": "Successfully logged out"}), 200
|
||||
|
||||
|
||||
def check_and_create_groups(groups: Iterable[str]):
|
||||
user_groups = []
|
||||
@@ -92,6 +136,7 @@ def create_or_retrieve_user_from_userinfo(userinfo):
|
||||
|
||||
if user is not None:
|
||||
app.logger.info("user found -> update user")
|
||||
pprint(user.to_dict())
|
||||
user.first_name = userinfo.get("given_name", "")
|
||||
user.last_name = userinfo.get("family_name", "")
|
||||
for g in user_groups:
|
||||
@@ -121,8 +166,8 @@ def oidc(redirect_url=None):
|
||||
token = jwt.encode(flask.session['id_token'], current_app.config['SECRET_KEY'])
|
||||
else:
|
||||
token = json.dumps({
|
||||
'access_token': create_access_token(identity=user.email, fresh=True),
|
||||
'refresh_token': create_refresh_token(identity=user.email)
|
||||
'access_token': create_access_token(identity=user, fresh=True),
|
||||
'refresh_token': create_refresh_token(identity=user)
|
||||
})
|
||||
if redirect_url is None:
|
||||
redirect_url = request.headers.get("Referer")
|
||||
@@ -142,8 +187,10 @@ def refresh():
|
||||
"""Refresh token endpoint. This will generate a new access token from
|
||||
the refresh token, but will mark that access token as non-fresh,
|
||||
as we do not actually verify a password in this endpoint."""
|
||||
current_user = get_jwt_identity()
|
||||
app.logger.info("Refreshing token for " + current_user)
|
||||
new_token = create_access_token(identity=current_user, fresh=False)
|
||||
jwt_identity = get_jwt_identity()
|
||||
user = User.get_by_identifier(jwt_identity)
|
||||
app.logger.info("Refreshing token for " + str(user))
|
||||
new_token = create_access_token(identity=user, fresh=False)
|
||||
ret = {'access_token': new_token}
|
||||
return jsonify(ret), 200
|
||||
|
||||
|
||||
Reference in New Issue
Block a user