---
toc: true
comments: true
layout: notebook
title: Flask JWT
description: Team teach part two
courses: { csp: {week: 3} }
type: hacks
authors: Ananya Asudani, Arushi Pandey, Priya Suvarnagiri, Sumedha Kamaraju
---

# <span style="font-family: 'Times New Roman'; color: #FFC0CB;">User Roles: </span>

Users are individuals who interact with the web application.
User roles define the level of access and permissions a user has within the application.
Common user roles might include regular users who can access certain features, view content, and interact with the application.

# <span style="font-family: 'Times New Roman'; color: #FFC0CB;">Admin Roles: </span>

Admins are users with elevated privileges and control over the application.
Admin roles typically have access to additional features and functionalities that regular users don't have.
Admins may have the ability to manage user accounts, access sensitive information, and perform administrative tasks.

In the context of a Flask application, these roles are often implemented using a concept called "Authorization" or "Access Control." Flask provides mechanisms to manage user sessions, check user roles, and restrict access to certain parts of the application based on the user's role.

For example, you might have routes in your Flask application that are only accessible to users with admin roles. Here's a simplified example using Flask's @app.route decorator and a hypothetical user_role variable:


In [None]:
from flask import Flask, render_template

app = Flask(__name__)

@app.route('/user/dashboard')
def user_dashboard():
    # Code for user dashboard
    return render_template('user_dashboard.html')

@app.route('/admin/dashboard')
def admin_dashboard():
    # Code for admin dashboard
    return render_template('admin_dashboard.html')

if __name__ == '__main__':
    app.run(debug=True)

In a real-world scenario, you would likely use a more robust authentication and authorization system, such as Flask-Login or Flask-Security, to handle user roles and permissions securely.

Remember that this is a simplified explanation, and the actual implementation might vary based on the specific requirements of your web application.

# <span style="font-family: 'Times New Roman'; color: #FFC0CB;">Role Based Authorization: </span>

### **Authorization and @roles_required decorator:**

Authorization is the process of specifying and enforcing access rights of users to resources. Flask-User provides role-based authorization through the use of the @roles_required decorator. This decorator is applied to view functions (route handlers) in Flask.

### **Conditions for Access:**

For a user to access a route decorated with @roles_required:

- The user must be logged in.
- The user must be associated with the specified role names.
- If these conditions are not met, an 'Unauthorized access' error message is shown, and the user is redirected to the USER_UNAUTHORIZED_ENDPOINT.

### **Example of @roles_required decorator:**

The provided example demonstrates a route /admin/dashboard that requires the user to be logged in and associated with the 'Admin' role.

In [None]:
from flask_user import roles_required

@route('/admin/dashboard')    # @route() must always be the outer-most decorator
@roles_required('Admin')
def admin_dashboard():
    # render the admin dashboard

*Note that the comparison of role names is case-sensitive.*

# <span style="font-family: 'Times New Roman'; color: #FFC0CB;">Simple AND/OR Operations: </span>


### **AND Operation:** 
At the decorator level, if multiple role names are specified, the user must have all the specified roles.

### **OR Operation:** 
At the argument level, each item may be a role name or a list of role names. If a list of role names is specified, the user must have any one of the specified roles to gain access.

#### Example of OR operation:

Ensures that the user is ('Starving' AND (an 'Artist' OR a 'Programmer'))
@roles_required('Starving', ['Artist', 'Programmer'])

The nesting level only goes as deep as the example shows.

### **Required Role and User Roles data-models:**

The @roles_required decorator depends on the Role and UserRoles data-models, in addition to the User data-model. These data-models likely define the roles available in the application and the association between users and roles.

**Example App:**

The explanation refers to a "Basic App" that demonstrates the use of the @roles_required decorator. It would be worthwhile to refer to the documentation or example code provided by Flask-User to see the actual implementation of these concepts in a complete application.

# <span style="font-family: 'Times New Roman'; color: #FFC0CB;">User Data Model: </span>

In user data models, there can be multiple types of users.

The flask security library and SQLALchemy are used to store user's information. These two, along with UserMixin and RoleMixin which are imported from the library, are used to make user database tables with all user roles. This is written for the computer to understand and figure out what type of user you are.

Code:

*import UserMixin, RoleMixin*

*from flask_security import UserMixin, RoleMixin*


In Flask, a route decorator is used to handle requests, mainly using the GET and POST methods. 

**GET Method**: A method used to retrieve data from servers. Ex: entering keywords into search bar and seeing the keyword in the URL. This method is used when the data is not sensitive. 

**POST Method**: This method is used to send data to a server. For example: In any authentication enabled application, entering a user id and password into a login form. Using this method, we do not see the password in the URL. 


In [None]:
@app.route('/register', methods=["GET", "POST"])

def register():

  If the user made a POST request, create a new user

    if request.method == "POST":

        user = Users(username=request.form.get("username"),

                     password=request.form.get("password"))

        # Add the user to the database

        db.session.add(user)

        # Commit the changes made

        db.session.commit()

        # Once user account created, redirect them

        # to login route (created later on)

        return redirect(url_for("login"))

    # Renders sign_up template if user made a GET request
    
    return render_template("sign_up.html")

# <span style="font-family: 'Times New Roman'; color: #FFC0CB;">Flexible Class Name: </span>

In Flask, user class names can be whatever the user chooses.

Flask JWT typically works with the following classes:

1. 'JWT' Class: This class is part of the flask_jwt_extended extension, which provides JWT support for Flask. It is used to initialize your Flask application with JWT functionality.


In [None]:
from flask_jwt_extended import JWTManager

    jwt = JWTManager(app)

2. 'jwt_required' and 'jwt_optional' Decorators: These decorators are used to protect routes and specify    whether a token is required or optional for accessing a particular route.

In [None]:
from flask_jwt_extended import jwt_required, jwt_optional

@app.route('/protected', methods=['GET'])
@jwt_required()

def protected():
    # Accessible only with a valid JWT token
    
    return jsonify(logged_in=True), 200

@app.route('/optional', methods=['GET'])

@jwt_optional()

def optional():

    # Accessible with or without a valid JWT token
    


These routes allow you to create both protected and public routes in a Flask application. 

3. 'get_jwt_identity' Function: This function is used to get the identity (usually user identifier) from the current JWT. It's often used within protected routes to retrieve information about the authenticated user.

In [None]:
    *return jsonify(logged_in=get_jwt_identity() is not None), 200*

## <span style="font-family: 'Times New Roman'; color: #FFC0CB;">*EXTRA* User Email Data Models </span>
#### <span style="font-family: 'Times New Roman'; color: #FFC0CB;">*What are User Email Data Models?* </span>

The user data model represents how user information is structured and stored in your database. It includes fields such as username, password, email, and possibly additional information like roles. Now to get a deeper understanding, let's integrate this into our flask.

In [None]:
class User:
    # define the new variables including EMAIL
    def __init__(self, user_id, username, password, email, roles):
        self.user_id = user_id
        self.username = username
        self.password = password
        self.email = email
        self.roles = roles

# this will be your database
users = [
    User(1, 'admin', 'admin_password', 'admin@example.com', ['admin']),
    User(2, 'user', 'user_password', 'user@example.com', ['user'])
]

If we look at the code above it looks quite simlar to the code already in our flask, with the addition of self.email = email. To continue the registration and login page, it's the exact same process as we have seen before. So, you're all set!

However, here's a hint just in case you need some extra help with user registration!

### <span style="font-family: 'Times New Roman'; color: #c1121f;"> User Registration Code: </span>

In [None]:
from flask import generate_password_hash, check_password_hash

# For simplicity, using an in-memory user storage. In production, use a database.
users = []
user_id_counter = 1

@app.route('/register', methods=['POST'])
def register():
    data = request.get_json()
    username = data.get('username')
    email = data.get('email')
    password = generate_password_hash(data.get('password'), method='sha256')
    roles = data.get('roles', ['user'])  # Default role is 'user'

    new_user = User(user_id_counter, username, email, password, roles)
    users.append(new_user)

    global user_id_counter
    user_id_counter += 1

    return jsonify(message='User registered successfully'), 201

@app.route('/login', methods=['POST'])
def login():
    data = request.get_json()
    email = data.get('email')
    password = data.get('password')

    user = next((user for user in users if user.email == email), None)

    if user and check_password_hash(user.password, password):
        access_token = create_access_token(identity=email, additional_claims={'roles': user.roles})
        return jsonify(access_token=access_token), 200
    else:
        return jsonify(message='Invalid credentials'), 401


**A fixed data model** refers to a data schema or structure where the properties (fields or columns) and their characteristics, such as data types and relationships, are predefined and rigid. In other words, the structure of the data is explicitly defined before any data is inserted into the database. This fixed structure is typically enforced at the database level, and any deviation from the defined schema may result in errors or rejection of the data.

Relational databases, like those using the SQL (Structured Query Language) model, often adhere to fixed data models. In a relational database, you create tables with predefined columns, each having a specific data type. Relationships between tables are also defined, ensuring data integrity and consistency.

**Advantages of a fixed data model include:**

- **Data Integrity:** Enforcing a predefined schema helps maintain data consistency and integrity by ensuring that data conforms to a specific structure.
  
- **Query Optimization:** Fixed data models allow for the optimization of queries since the database engine can make assumptions about the structure of the data.
  
- **Validation:** The fixed structure allows for validation checks to ensure that only valid and correctly formatted data is stored.

One drawback of a fixed data model is that it may be less flexible when it comes to accommodating changes in requirements or evolving data structures. If your application frequently undergoes changes or if you need to handle diverse types of data, a more flexible approach, such as a NoSQL database or a hybrid model, might be more suitable.

**A flexible database column name** refers to an approach in which the structure of the database allows for dynamic or variable column names. This flexibility is often associated with NoSQL databases or schema-less databases, where the data model is not rigidly predefined.

In databases with flexible column names, records within a collection or table can have different sets of properties, and each property may not have a fixed name or data type across all records. This flexibility is particularly useful in scenarios where the data structure is not known in advance, or where the structure of the data can vary widely between different entities or records.

#### Some advantages of flexible database column names include:

- **Adaptability:** The database can easily accommodate changes in data requirements without requiring alterations to the schema.
  
- **Dynamic Schemas:** Each record can have its own set of properties, allowing for a dynamic and evolving data model.
  
- **Support for Varied Data:** It's well-suited for scenarios where different records may have distinct attributes, and there is no strict uniformity in the data structure.

**While the flexibility is beneficial for certain use cases, it's important to consider the trade-offs. Some potential challenges include:**

- **Query Complexity:** Retrieving and querying data can be more complex when column names are not standardized, potentially requiring additional handling in the application code.
  
- **Consistency:** Ensuring consistency across records can be challenging, as there may be variations in the structure of the data.
  
- **Validation:** Enforcing data integrity and validation may need to be handled at the application level, as the database itself may not impose strict constraints on the structure of the data.

Examples of databases that support flexible column names include document-oriented NoSQL databases like MongoDB, where each document can have different fields.


## Fixed data ,odel property names

## Flexible database column names

## Optional Role and UserRoles data models
