refactor security to Flask-Security - Part 1

eveai_app/views/auth_views.py

@@ -1,65 +1,46 @@
 from datetime import datetime as dt, timezone as tz
 from flask import request, redirect, url_for, flash, render_template, Blueprint, jsonify, session
-from ..models.user import User, Tenant
-from ..extensions import db, bcrypt
-from .auth_forms import LoginForm
-from flask_jwt_extended import (create_access_token, create_refresh_token, set_access_cookies, set_refresh_cookies,
-                                unset_jwt_cookies)
+from flask_security import login_user, logout_user
 
-auth_bp = Blueprint('auth_bp', __name__)
+from ..models.user import User, Tenant
+from .auth_forms import LoginForm
+
+auth_bp = Blueprint('auth_bp', __name__, template_folder='templates')
 
 
 @auth_bp.route('/login', methods=['GET', 'POST'])
 def login():
-    if request.method == 'POST':
-        email = request.form.get('email')
-        password = request.form.get('password')
-        # remember_me = True if request.form.get('remember_me') else False
+    form = LoginForm()
+    if form.validate_on_submit():
+        email = form.email.data
+        password = form.password.data
+        remember_me = True if form.remember_me.data else False
 
         user = User.query.filter_by(email=email).first()
         tenant = Tenant.query.filter_by(id=user.tenant_id).first()
-        if user:
+        if user and user.verify_and_update_password(password):
             if user.is_active:
-                if bcrypt.check_password_hash(user.password, password):
-                    response = jsonify({'msg': 'Login Successful'})
-                    flash('Logged in successfully!', category='success')
+                login_user(user, remember=remember_me)
+                next_page = request.args.get('next')
 
-                    # set session information
-                    # session['user_id'] = user.id
-                    # session['user_name'] = user.user_name
-                    # session['email'] = user.email
-                    # session['tenant_id'] = user.tenant_id
-                    # session['tenant_name'] = tenant.name
+                session['tenant_id'] = user.tenant_id
+                session['tenant_name'] = tenant.name
 
-                    # set JWT header information
-                    additional_claims = {'tenant': user.tenant_id,
-                                         'is_super': user.is_super,
-                                         'is_admin': user.is_admin,
-                                         'is_tester': user.is_tester}
-                    access_token = create_access_token(
-                        identity=user.id,
-                        additional_claims=additional_claims)
-                    refresh_token = create_refresh_token(
-                        identity=user.id,
-                        additional_claims=additional_claims)
-                    set_access_cookies(response, access_token)
-                    set_refresh_cookies(response, refresh_token)
-                    response.headers['Location'] = url_for('user_bp.user')
-
-                    return response, 302
-                else:
-                    flash('Incorrect email/password combination, try again.', category='error')
+                return redirect(next_page)
             else:
                 flash('Account disabled. Please contact your administrator.', category='error')
         else:
-            flash('Incorrect email/password combination, try again.', category='error')
+            flash('Invalid email or password.', category='error')
 
-    form = LoginForm()
     return render_template('login.html', form=form)
 
 
 @auth_bp.route('/logout', methods=['POST'])
 def logout():
-    response = jsonify({'msg': 'Logout Successful'})
-    unset_jwt_cookies(response)
+    logout_user()
+
+    # Clear session data
+    session.pop('tenant_id', None)
+    session.pop('tenant_name', None)
+
     return redirect(url_for('/'))