profile and other stuff

auth/__init__.py

@@ -8,10 +8,13 @@ If frontend pages are build by frontend code (JS, etc.) authentication should co
 
 This code uses login_user and logout user (to start and end sessions) ... API code returns JWTs.
 """
-from flask import Blueprint, jsonify
+from flask import Blueprint, jsonify, url_for
 from flask_login import logout_user, LoginManager
 from werkzeug.routing import BuildError
 
+from backend import jwt_extended
+from backend.models import BlacklistToken, User
+
 auth_bp = Blueprint('auth', __name__, url_prefix='/auth', template_folder='templates')
 
 from backend.auth.config import AUTH_PROVIDERS, DEFAULT_FRONTEND_PROVIDER
@@ -49,3 +52,27 @@ def login_select():
 @auth_bp.route('/logout', methods=('GET', ))
 def logout():
     logout_user()
+
+
+@jwt_extended.user_claims_loader
+def add_claims_to_access_token(user):
+    if isinstance(user, str):
+        return {}
+    return {'role': user.role, 'groups': [g.to_dict() for g in user.groups]}
+
+
+@jwt_extended.user_identity_loader
+def user_identity_loader(user):
+    return user.email
+
+
+@jwt_extended.user_loader_callback_loader
+def user_loader_callback(identity):
+    user = User.get_by_identifier(identity)
+    return user
+
+
+@jwt_extended.token_in_blacklist_loader
+def check_if_token_in_blacklist(decrypted_token):
+    jti = decrypted_token['jti']
+    return BlacklistToken.get_by_token(jti) is not None

auth/basic_auth.py

@@ -1,18 +1,20 @@
 # Route for handling the login page logic
-from flask import request, redirect, render_template, url_for
+from flask import request, redirect, render_template
 from flask_login import login_user
 
 from backend.auth import auth_bp
+from backend.models.user_model import User
 
 
 @auth_bp.route('/base_login', methods=['GET', 'POST'])
 def base_login():
     error = None
     if request.method == 'POST':
-        if request.form['username'] != 'admin' or request.form['password'] != 'admin':
+        user = User.authenticate(email=request.form['email'], password=request.form['password'])
+        if user is None:
             error = 'Invalid Credentials. Please try again.'
         else:
-            login_user()
+            login_user(user)
             return redirect("/")
 
     return render_template('login.html', error=error)

auth/config.py

@@ -4,7 +4,7 @@ AUTH_PROVIDERS: Dict[str, Dict[str, str]] = {
     "KIT OIDC":
         {
             "type": "oidc",
-            "url": "auth.oidc"
+            "url": "auth_api.oidc"
         },
     "Base Login":
         {

auth/templates/login.html

@@ -9,7 +9,7 @@
       <h1>Please login</h1>
       <br>
       <form action="" method="post">
-        <input type="text" placeholder="Username" name="username" value="{{
+        <input type="text" placeholder="E-Mail" name="email" value="{{
           request.form.username }}">
          <input type="password" placeholder="Password" name="password" value="{{
           request.form.password }}">