refactor security to Flask-Security - Part 1

eveai_app/views/auth_forms.py

@@ -6,5 +6,5 @@ from wtforms.validators import DataRequired, Length, Email
 class LoginForm(FlaskForm):
     email = EmailField('Email', validators=[DataRequired(), Email()])
     password = PasswordField('Password', validators=[DataRequired(), Length(min=8)])
-    # remember_me = BooleanField('Remember me')
+    remember_me = BooleanField('Remember me')
     submit = SubmitField('Login')

eveai_app/views/auth_views.py

@@ -1,65 +1,46 @@
 from datetime import datetime as dt, timezone as tz
 from flask import request, redirect, url_for, flash, render_template, Blueprint, jsonify, session
-from ..models.user import User, Tenant
-from ..extensions import db, bcrypt
-from .auth_forms import LoginForm
-from flask_jwt_extended import (create_access_token, create_refresh_token, set_access_cookies, set_refresh_cookies,
-                                unset_jwt_cookies)
+from flask_security import login_user, logout_user
 
-auth_bp = Blueprint('auth_bp', __name__)
+from ..models.user import User, Tenant
+from .auth_forms import LoginForm
+
+auth_bp = Blueprint('auth_bp', __name__, template_folder='templates')
 
 
 @auth_bp.route('/login', methods=['GET', 'POST'])
 def login():
-    if request.method == 'POST':
-        email = request.form.get('email')
-        password = request.form.get('password')
-        # remember_me = True if request.form.get('remember_me') else False
+    form = LoginForm()
+    if form.validate_on_submit():
+        email = form.email.data
+        password = form.password.data
+        remember_me = True if form.remember_me.data else False
 
         user = User.query.filter_by(email=email).first()
         tenant = Tenant.query.filter_by(id=user.tenant_id).first()
-        if user:
+        if user and user.verify_and_update_password(password):
             if user.is_active:
-                if bcrypt.check_password_hash(user.password, password):
-                    response = jsonify({'msg': 'Login Successful'})
-                    flash('Logged in successfully!', category='success')
+                login_user(user, remember=remember_me)
+                next_page = request.args.get('next')
 
-                    # set session information
-                    # session['user_id'] = user.id
-                    # session['user_name'] = user.user_name
-                    # session['email'] = user.email
-                    # session['tenant_id'] = user.tenant_id
-                    # session['tenant_name'] = tenant.name
+                session['tenant_id'] = user.tenant_id
+                session['tenant_name'] = tenant.name
 
-                    # set JWT header information
-                    additional_claims = {'tenant': user.tenant_id,
-                                         'is_super': user.is_super,
-                                         'is_admin': user.is_admin,
-                                         'is_tester': user.is_tester}
-                    access_token = create_access_token(
-                        identity=user.id,
-                        additional_claims=additional_claims)
-                    refresh_token = create_refresh_token(
-                        identity=user.id,
-                        additional_claims=additional_claims)
-                    set_access_cookies(response, access_token)
-                    set_refresh_cookies(response, refresh_token)
-                    response.headers['Location'] = url_for('user_bp.user')
-
-                    return response, 302
-                else:
-                    flash('Incorrect email/password combination, try again.', category='error')
+                return redirect(next_page)
             else:
                 flash('Account disabled. Please contact your administrator.', category='error')
         else:
-            flash('Incorrect email/password combination, try again.', category='error')
+            flash('Invalid email or password.', category='error')
 
-    form = LoginForm()
     return render_template('login.html', form=form)
 
 
 @auth_bp.route('/logout', methods=['POST'])
 def logout():
-    response = jsonify({'msg': 'Logout Successful'})
-    unset_jwt_cookies(response)
+    logout_user()
+
+    # Clear session data
+    session.pop('tenant_id', None)
+    session.pop('tenant_name', None)
+
     return redirect(url_for('/'))

eveai_app/views/user_forms.py

@@ -16,12 +16,10 @@ class UserForm(FlaskForm):
     user_name = StringField('Name', validators=[DataRequired(), Length(max=80)])
     email = EmailField('Email', validators=[DataRequired(), Email()])
     password = PasswordField('Password', validators=[DataRequired(), Length(min=8)])
+    confirm_password = PasswordField('Confirm Password', validators=[DataRequired(), Length(min=8)])
     first_name = StringField('First Name', validators=[DataRequired(), Length(max=80)])
     last_name = StringField('Last Name', validators=[DataRequired(), Length(max=80)])
     is_active = BooleanField('Is Active')
-    is_tester = BooleanField('Is Tester')
-    is_admin = BooleanField('Is Administrator')
-    is_super = BooleanField('Is Super User')
     valid_to = DateField('Valid to', id='datepicker')
     tenant_id = IntegerField('Tenant ID', validators=[NumberRange(min=0)])
     submit = SubmitField('Submit')

eveai_app/views/user_views.py

@@ -1,18 +1,17 @@
 # from . import user_bp
 from datetime import datetime as dt, timezone as tz
 from flask import request, redirect, url_for, flash, render_template, Blueprint, session
-from flask_jwt_extended import verify_jwt_in_request, get_jwt, get_jwt_identity, jwt_required
+from flask_security import hash_password
+
 from ..models.user import User, Tenant
-from ..extensions import db, bcrypt
+from ..extensions import db
 from .user_forms import TenantForm, UserForm
 from ..utils.database import Database
-from ..utils.security import admin_required, super_required, tester_required
 
 user_bp = Blueprint('user_bp', __name__, url_prefix='/user')
 
 
 @user_bp.route('/tenant', methods=['GET', 'POST'])
-@super_required
 def tenant():
     if request.method == 'POST':
         # Handle the required attributes
@@ -65,61 +64,39 @@ def tenant():
 
 
 @user_bp.route('/user', methods=['GET', 'POST'])
-@admin_required
-@jwt_required()
 def user():
-    if request.method == 'POST':
-        # Handle the required attributes
-        username = request.form.get('user_name')
-        email = request.form.get('email')
-        password = request.form.get('password')
-        first_name = request.form.get('first_name')
-        last_name = request.form.get('last_name')
-        error = None
-
-        if not username:
-            error = 'Username is required.'
-        elif not email:
-            error = 'Email is required.'
-        elif not password:
-            error = 'Password is required.'
-        elif not first_name:
-            error = 'First name is required.'
-        elif not last_name:
-            error = 'Last name is required.'
-        if error is None:
-            password_hash = bcrypt.generate_password_hash(password).decode('utf-8')
-
-            # Create new user if there is no error
-            new_user = User(user_name=username, email=email, password=password_hash, first_name=first_name,
-                            last_name=last_name)
-
-            # Handle optional attributes
-            new_user.is_active = bool(request.form.get('is_active'))
-            new_user.is_tester = bool(request.form.get('is_tester'))
-            new_user.is_admin = bool(request.form.get('is_admin'))
-            new_user.is_super = bool(request.form.get('is_super'))
-            new_user.valid_to = request.form.get('valid_to')
-
-            # Handle Timestamps
-            timestamp = dt.now(tz.utc)
-            new_user.created_at = timestamp
-            new_user.updated_at = timestamp
-
-            # Handle the relations
-            tenant_id = request.form.get('tenant_id')
-            the_tenant = Tenant.query.get(tenant_id)
-            new_user.tenant = the_tenant
-
-            # Add the new user to the database and commit the changes
-
-            try:
-                db.session.add(new_user)
-                db.session.commit()
-            except Exception as e:
-                error = e.args
-
-        flash(error) if error else flash('User added successfully.')
-
     form = UserForm()
+    if form.validate_on_submit():
+        hashed_password = hash_password(form.password.data)
+        new_user = User(
+            user_name=form.user_name.data,
+            email=form.email.data,
+            password=hashed_password,
+            first_name=form.first_name.data,
+            last_name=form.last_name.data,
+            is_active=form.is_active.data,
+            valid_to=form.valid_to.data,
+            tenant_id=form.tenant_id.data
+        )
+
+        timestamp = dt.now(tz.utc)
+        new_user.created_at = timestamp
+        new_user.updated_at = timestamp
+
+        # Handle the relations
+        tenant_id = request.form.get('tenant_id')
+        the_tenant = Tenant.query.get(tenant_id)
+        new_user.tenant = the_tenant
+
+        # Add the new user to the database and commit the changes
+
+        try:
+            db.session.add(new_user)
+            db.session.commit()
+            flash('User added successfully.')
+            # return redirect(url_for('user/user'))
+        except Exception as e:
+            db.session.rollback()
+            flash(f'Failed to add user. Error: {str(e)}')
+
     return render_template('user/user.html', form=form)