# Authentification et autorisation

- Références : https://pyjwt.readthedocs.io/en/latest/

In [590]:
import requests
import random

### Intéraction avec l'API
Lancez le serveur dans votre terminal

```bash
flask --app basic_api_items.py run --debug
```

In [591]:
# POST
item_name = random.choice(['apple', 'banana', 'orange', 'kiwi', 'mango', 'pineapple', 'pear', 'peach', 'plum', 'grape'])
price = random.randint(1, 10)
new_item = requests.post(f'http://localhost:5000/item/{item_name}', json={'price': price})
print(new_item)
print(new_item.json())

<Response [201]>
{'data': {'price': 10}, 'name': 'peach'}


In [592]:
# GET
item_1 = requests.get(f'http://localhost:5000/item/{item_name}')
print(item_1)
try:
    print(item_1.json())
except:
    print('not found')

<Response [200]>
{'data': {'price': 10}, 'name': 'peach'}


In [593]:
# GET sur tous les items
items = requests.get('http://localhost:5000/items')
print(items)
print(*items.json())
print(items.json())

<Response [200]>
peach
{'peach': {'data': {'price': 10}, 'name': 'peach'}}


## Authentification

In [594]:
import jwt
r = requests.post('http://localhost:5000/login', data={}, auth=('alex', 'password'))
r.json()

{'token': 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiYWxleCIsImV4cCI6MTcwMjg2NjEyM30.3YIQZ9shuudTeZ0ybcpB3jULbDT2Bo79NEpDekJWkBo'}

In [595]:
try:
    token = r.json()['token']
    print('encoded token', token)

    decoded_token = jwt.decode(token, 'password', algorithms=['HS256'])
    print('decoded token', decoded_token)
    print("Token is valid")

    headers={'Authorization': token}

except jwt.ExpiredSignatureError:
    print('Token expired')

encoded token eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiYWxleCIsImV4cCI6MTcwMjg2NjEyM30.3YIQZ9shuudTeZ0ybcpB3jULbDT2Bo79NEpDekJWkBo
decoded token {'user': 'alex', 'exp': 1702866123}
Token is valid


In [596]:
# r = requests.get('http://localhost:5000/protected')  # 403 - token missing
r = requests.get('http://localhost:5000/protected', headers=headers)
r.json()

{'message': 'ACCESS GRANTED'}

In [597]:
r = requests.get('http://localhost:5000/items', headers=headers)
# pretty json
print(r.json())

{'peach': {'data': {'price': 10}, 'name': 'peach'}}


In [600]:
new_price = random.randint(1, 10)
# update_item = requests.put(f'http://localhost:5000/item/{item_name}', json={item_name: new_price})  # token missing
update_item = requests.put(f'http://localhost:5000/item/{item_name}', json={item_name: new_price}, headers=headers)
print(update_item.status_code)
print(update_item.json())

404
{'message': 'Item not found'}


In [601]:
r = requests.delete(f'http://localhost:5000/del_item/{item_name}', headers=headers)
print(r.status_code)
print(r.json())

404
{'message': 'Item not found'}


In [602]:
r = requests.delete('http://localhost:5000/del_items', headers=headers)
r.text

'{\n  "message": "All items deleted"\n}\n'