Implemented token based authentication

flask-backend/api/__init__.py

@@ -3,6 +3,7 @@
 from flask_login import LoginManager 
 from flask_marshmallow import Marshmallow
 from flask_cors import CORS, cross_origin
+from flask_jwt_extended import get_jwt_identity, JWTManager, jwt_required
 
 db = SQLAlchemy()
 ma = Marshmallow()
@@ -15,6 +16,10 @@ def create_app():
     app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///db.sqlite3'
     app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
 
+    # Setup jwt
+    app.config["JWT_SECRET_KEY"] = "thisisasecret"
+    jwt = JWTManager(app)
+
     db.init_app(app)
 
     login_manager = LoginManager()
@@ -32,6 +37,22 @@ def load_user(user_id):
     def unauthorized_handler():
         return 'You are not authorized to use this route. Please Logged In.', 401
 
+    @login_manager.request_loader
+    @jwt_required()
+    def load_user_from_request(request):
+
+        # Get token from auth header
+        token = request.headers.get('Authorization')
+        if token:
+            token = token.replace('Bearer ', '', 1)
+            email = get_jwt_identity()
+            user = User.query.filter_by(email=email).first()
+            if user:
+                return user
+
+        #Return none if no token present                
+        return None
+
     from .userAuthentication.auth import auth as auth_blueprint
     app.register_blueprint(auth_blueprint)
 

flask-backend/api/userAuthentication/auth.py

@@ -1,6 +1,7 @@
-from flask import Blueprint, render_template, redirect, url_for, request, flash, request
+from flask import Blueprint, render_template, redirect, url_for, request, flash, request, jsonify
 from werkzeug.security import generate_password_hash, check_password_hash
 from flask_login import login_user, logout_user, login_required
+from flask_jwt_extended import create_access_token
 from ..models.models import User
 from .. import db
 
@@ -33,7 +34,14 @@ def login_post():
 
     login_user(user, remember=remember)
 
-    return 'user logged in', 200
+    token = create_access_token(identity=email)
+
+    response = {
+        'token': token,
+        'msg': 'user logged in',
+    }
+
+    return jsonify(response), 200
 
 @auth.route('/logout')
 @login_required

flask-backend/requirements.txt

@@ -1,7 +1,9 @@
 astroid==2.4.2
 click==7.1.2
+colorama==0.4.4
 Flask==1.1.1
 Flask-Cors==3.0.10
+Flask-JWT-Extended==4.0.2
 Flask-Login==0.5.0
 flask-marshmallow==0.13.0
 Flask-SQLAlchemy==2.4.4
@@ -14,10 +16,12 @@ marshmallow==3.7.1
 marshmallow-sqlalchemy==0.23.1
 mccabe==0.6.1
 pdfkit==0.6.1
+PyJWT==2.0.1
 pylint==2.5.3
 six==1.15.0
 SQLAlchemy==1.3.18
 toml==0.10.1
+typed-ast==1.4.2
 typing==3.7.4.3
 Werkzeug==1.0.1
 wrapt==1.12.1