chore: Migrate to flask_jwt_extended

app/__init__.py

@@ -10,7 +10,7 @@
 from flask_migrate import Migrate, MigrateCommand
 from flask_script import Manager
 from flask_login import current_user
-from flask_jwt import JWT
+from flask_jwt_extended import JWTManager
 from flask_limiter import Limiter
 from datetime import timedelta
 from flask_cors import CORS
@@ -26,7 +26,7 @@
 import stripe
 from app.settings import get_settings
 from app.models import db
-from app.api.helpers.jwt import jwt_authenticate, jwt_identity
+from app.api.helpers.jwt import jwt_user_loader
 from app.api.helpers.cache import cache
 from werkzeug.middleware.profiler import ProfilerMiddleware
 from app.views import BlueprintsManager
@@ -102,10 +102,11 @@ def create_app():
     app.logger.setLevel(logging.ERROR)
 
     # set up jwt
-    app.config['JWT_AUTH_USERNAME_KEY'] = 'email'
-    app.config['JWT_EXPIRATION_DELTA'] = timedelta(seconds=24 * 60 * 60)
-    app.config['JWT_AUTH_URL_RULE'] = '/auth/session'
-    _jwt = JWT(app, jwt_authenticate, jwt_identity)
+    app.config['JWT_HEADER_TYPE'] = 'JWT'
+    app.config['JWT_ACCESS_TOKEN_EXPIRES'] = timedelta(days=1)
+    app.config['JWT_ERROR_MESSAGE_KEY'] = 'error'
+    _jwt = JWTManager(app)
+    _jwt.user_loader_callback_loader(jwt_user_loader)
 
     # setup celery
     app.config['CELERY_BROKER_URL'] = app.config['REDIS_URL']

app/api/admin_statistics_api/events.py

@@ -1,6 +1,6 @@
 from flask_rest_jsonapi import ResourceDetail
 from flask import jsonify, Blueprint
-from flask_jwt import jwt_required
+from flask_jwt_extended import jwt_required
 from sqlalchemy.sql import text
 
 from app.api.bootstrap import api
@@ -12,7 +12,7 @@
 
 
 @event_statistics.route('/event-topics', methods=['GET'])
-@jwt_required()
+@jwt_required
 def event_topic_count():
     result_set = db.engine.execute(text(
         "SELECT event_topics.name AS name, event_topics.id AS id, " +
@@ -25,7 +25,7 @@ def event_topic_count():
 
 
 @event_statistics.route('/event-types', methods=['GET'])
-@jwt_required()
+@jwt_required
 def event_types_count():
     result_set = db.engine.execute(text(
         "SELECT event_types.name AS name, event_types.id AS id, " +

app/api/attendees.py

@@ -1,7 +1,7 @@
 from datetime import datetime
 
 from flask import Blueprint, request, jsonify, abort, make_response
-from flask_jwt import current_identity
+from flask_jwt_extended import current_user
 from flask_rest_jsonapi import ResourceDetail, ResourceList, ResourceRelationship
 from flask_rest_jsonapi.exceptions import ObjectNotFound
 from sqlalchemy.orm.exc import NoResultFound
@@ -146,7 +146,7 @@ def before_get_object(self, view_kwargs):
         :return:
         """
         attendee = safe_query(self, TicketHolder, 'id', view_kwargs['id'], 'attendee_id')
-        if not has_access('is_registrar_or_user_itself', user_id=current_identity.id, event_id=attendee.event_id):
+        if not has_access('is_registrar_or_user_itself', user_id=current_user.id, event_id=attendee.event_id):
             raise ForbiddenException({'source': 'User'}, 'You are not authorized to access this.')
 
     def before_delete_object(self, obj, kwargs):
@@ -171,7 +171,7 @@ def before_update_object(self, obj, data, kwargs):
 #         raise ForbiddenException({'source': 'User'}, 'You are not authorized to access this.')
 
         if 'ticket' in data:
-            user = safe_query(self, User, 'id', current_identity.id, 'user_id')
+            user = safe_query(self, User, 'id', current_user.id, 'user_id')
             ticket = db.session.query(Ticket).filter_by(
                 id=int(data['ticket']), deleted_at=None
             ).first()
@@ -278,7 +278,7 @@ def send_receipt():
         except NoResultFound:
             raise ObjectNotFound({'parameter': '{identifier}'}, "Order not found")
 
-        if (order.user_id != current_identity.id) and (not has_access('is_registrar', event_id=order.event_id)):
+        if (order.user_id != current_user.id) and (not has_access('is_registrar', event_id=order.event_id)):
             abort(
                 make_response(jsonify(error="You need to be the event organizer or order buyer to send receipts."), 403)
             )
@@ -287,7 +287,7 @@ def send_receipt():
                 make_response(jsonify(error="Cannot send receipt for an incomplete order"), 409)
             )
         else:
-            send_email_to_attendees(order, current_identity.id)
+            send_email_to_attendees(order, current_user.id)
             return jsonify(message="receipt sent to attendees")
     else:
         abort(

app/api/auth.py

@@ -7,7 +7,7 @@
 
 import requests
 from flask import request, jsonify, make_response, Blueprint, send_file
-from flask_jwt import current_identity as current_user, jwt_required
+from flask_jwt_extended import jwt_required, current_user, create_access_token
 from flask_limiter.util import get_remote_address
 from healthcheck import EnvironmentDump
 from flask_rest_jsonapi.exceptions import ObjectNotFound
@@ -17,6 +17,7 @@
 from app import limiter
 from app.api.helpers.db import save_to_db, get_count, safe_query
 from app.api.helpers.auth import AuthManager
+from app.api.helpers.jwt import jwt_authenticate
 from app.api.helpers.errors import ForbiddenError, UnprocessableEntityError, NotFoundError, BadRequestError
 from app.api.helpers.files import make_frontend_url
 from app.api.helpers.mail import send_email_to_attendees
@@ -44,6 +45,26 @@
 auth_routes = Blueprint('auth', __name__, url_prefix='/v1/auth')
 
 
+@authorised_blueprint.route('/auth/session', methods=['POST'])
+@auth_routes.route('/login', methods=['POST'])
+def login():
+    data = request.get_json()
+    username = data.get('email', data.get('username'))
+    password = data.get('password')
+    criterion = [username, password]
+
+    if not all(criterion):
+        return jsonify(error='username or password missing'), 400
+
+    identity = jwt_authenticate(username, password)
+
+    if identity:
+        access_token = create_access_token(identity.id, fresh=True)
+        return jsonify(access_token=access_token)
+    else:
+        return jsonify(error='Invalid Credentials'), 401
+
+
 @auth_routes.route('/oauth/<provider>', methods=['GET'])
 def redirect_uri(provider):
     if provider == 'facebook':
@@ -266,7 +287,7 @@ def reset_password_patch():
 
 
 @auth_routes.route('/change-password', methods=['POST'])
-@jwt_required()
+@jwt_required
 def change_password():
     old_password = request.json['data']['old-password']
     new_password = request.json['data']['new-password']
@@ -307,7 +328,7 @@ def return_file(file_name_prefix, file_path, identifier):
 
 
 @ticket_blueprint.route('/tickets/<string:order_identifier>')
-@jwt_required()
+@jwt_required
 def ticket_attendee_authorized(order_identifier):
     if current_user:
         try:
@@ -329,7 +350,7 @@ def ticket_attendee_authorized(order_identifier):
 
 
 @ticket_blueprint.route('/orders/invoices/<string:order_identifier>')
-@jwt_required()
+@jwt_required
 def order_invoices(order_identifier):
     if current_user:
         try:
@@ -351,7 +372,7 @@ def order_invoices(order_identifier):
 
 
 @ticket_blueprint.route('/events/invoices/<string:invoice_identifier>')
-@jwt_required()
+@jwt_required
 def event_invoices(invoice_identifier):
     if not current_user:
         return ForbiddenError({'source': ''}, 'Authentication Required to access Invoice').respond()

app/api/discount_codes.py

@@ -1,13 +1,14 @@
 from datetime import datetime
 
+from flask_jwt_extended import current_user
 from flask_rest_jsonapi import ResourceDetail, ResourceList, ResourceRelationship
 from flask_rest_jsonapi.exceptions import ObjectNotFound
 from sqlalchemy.orm.exc import NoResultFound
 
 from app.api.helpers.db import safe_query
 from app.api.helpers.exceptions import ConflictException, ForbiddenException, UnprocessableEntity, MethodNotAllowed
 from app.api.helpers.permission_manager import has_access
-from app.api.helpers.permissions import jwt_required, current_identity
+from app.api.helpers.permissions import jwt_required
 from app.api.helpers.utilities import require_relationship
 from app.api.schema.discount_codes import DiscountCodeSchemaEvent, DiscountCodeSchemaPublic, DiscountCodeSchemaTicket
 from app.models import db
@@ -52,7 +53,7 @@ def before_post(self, args, kwargs, data):
         elif data['used_for'] == 'event' and not has_access('is_admin') and 'events' in data:
             raise UnprocessableEntity({'source': ''}, "Please verify your permission or check your relationship")
 
-        data['user_id'] = current_identity.id
+        data['user_id'] = current_user.id
 
     def before_create_object(self, data, view_kwargs):
         if data['used_for'] == 'event':

app/api/events.py

@@ -1,5 +1,5 @@
 from flask import request, current_app
-from flask_jwt import current_identity, _jwt_required
+from flask_jwt_extended import verify_jwt_in_request, current_user
 from flask_rest_jsonapi import ResourceDetail, ResourceList, ResourceRelationship
 from flask_rest_jsonapi.exceptions import ObjectNotFound
 from marshmallow_jsonapi import fields
@@ -105,9 +105,9 @@ def query(self, view_kwargs):
         """
         query_ = self.session.query(Event).filter_by(state='published')
         if 'Authorization' in request.headers:
-            _jwt_required(current_app.config['JWT_DEFAULT_REALM'])
+            verify_jwt_in_request()
             query2 = self.session.query(Event)
-            query2 = query2.join(Event.roles).filter_by(user_id=current_identity.id).join(UsersEventsRoles.role). \
+            query2 = query2.join(Event.roles).filter_by(user_id=current_user.id).join(UsersEventsRoles.role). \
                 filter(or_(Role.name == COORGANIZER, Role.name == ORGANIZER, Role.name == OWNER))
             query_ = query_.union(query2)
 
@@ -455,7 +455,7 @@ def before_patch(self, args, kwargs, data=None):
         :param data:
         :return:
         """
-        user = User.query.filter_by(id=current_identity.id).one()
+        user = User.query.filter_by(id=current_user.id).one()
         modules = Module.query.first()
         validate_event(user, modules, data)
 

app/api/exports.py

@@ -2,7 +2,7 @@
 
 from flask import send_file, make_response, jsonify, url_for, \
     current_app, request, Blueprint
-from flask_jwt import jwt_required, current_identity
+from flask_jwt_extended import jwt_required, current_user
 
 from app.api.helpers.export_helpers import export_event_json, create_export_job
 from app.api.helpers.utilities import TASK_RESULTS
@@ -20,7 +20,7 @@
 
 
 @export_routes.route('/events/<string:event_identifier>/export/json', methods=['POST'])
-@jwt_required()
+@jwt_required
 def export_event(event_identifier):
     from .helpers.tasks import export_event_task
 
@@ -37,7 +37,7 @@ def export_event(event_identifier):
         event_id = event_identifier
     # queue task
     task = export_event_task.delay(
-        current_identity.email, event_id, settings)
+        current_user.email, event_id, settings)
     # create Job
     create_export_job(task.id, event_id)
 
@@ -54,7 +54,7 @@ def export_event(event_identifier):
 
 
 @export_routes.route('/events/<string:event_id>/exports/<path:path>')
-@jwt_required()
+@jwt_required
 def export_download(event_id, path):
     if not path.startswith('/'):
         path = '/' + path
@@ -66,7 +66,7 @@ def export_download(event_id, path):
 
 
 @export_routes.route('/events/<string:event_identifier>/export/xcal', methods=['GET'])
-@jwt_required()
+@jwt_required
 def export_event_xcal(event_identifier):
 
     if not event_identifier.isdigit():
@@ -95,7 +95,7 @@ def event_export_task_base(event_id, settings):
 
 
 @export_routes.route('/events/<string:event_identifier>/export/ical', methods=['GET'])
-@jwt_required()
+@jwt_required
 def export_event_ical(event_identifier):
     if not event_identifier.isdigit():
         event = db.session.query(Event).filter_by(identifier=event_identifier).first()
@@ -115,7 +115,7 @@ def export_event_ical(event_identifier):
 
 
 @export_routes.route('/events/<string:event_identifier>/export/pentabarf', methods=['GET'])
-@jwt_required()
+@jwt_required
 def export_event_pentabarf(event_identifier):
     if not event_identifier.isdigit():
         event = db.session.query(Event).filter_by(identifier=event_identifier).first()
@@ -135,7 +135,7 @@ def export_event_pentabarf(event_identifier):
 
 
 @export_routes.route('/events/<string:event_identifier>/export/orders/csv', methods=['GET'])
-@jwt_required()
+@jwt_required
 def export_orders_csv(event_identifier):
     if not event_identifier.isdigit():
         event = db.session.query(Event).filter_by(identifier=event_identifier).first()
@@ -155,7 +155,7 @@ def export_orders_csv(event_identifier):
 
 
 @export_routes.route('/events/<string:event_identifier>/export/orders/pdf', methods=['GET'])
-@jwt_required()
+@jwt_required
 def export_orders_pdf(event_identifier):
     if not event_identifier.isdigit():
         event = db.session.query(Event).filter_by(identifier=event_identifier).first()
@@ -175,7 +175,7 @@ def export_orders_pdf(event_identifier):
 
 
 @export_routes.route('/events/<string:event_identifier>/export/attendees/csv', methods=['GET'])
-@jwt_required()
+@jwt_required
 def export_attendees_csv(event_identifier):
     if not event_identifier.isdigit():
         event = db.session.query(Event).filter_by(identifier=event_identifier).first()
@@ -195,7 +195,7 @@ def export_attendees_csv(event_identifier):
 
 
 @export_routes.route('/events/<string:event_identifier>/export/attendees/pdf', methods=['GET'])
-@jwt_required()
+@jwt_required
 def export_attendees_pdf(event_identifier):
     if not event_identifier.isdigit():
         event = db.session.query(Event).filter_by(identifier=event_identifier).first()
@@ -215,7 +215,7 @@ def export_attendees_pdf(event_identifier):
 
 
 @export_routes.route('/events/<string:event_identifier>/export/sessions/csv', methods=['GET'])
-@jwt_required()
+@jwt_required
 def export_sessions_csv(event_identifier):
     if not event_identifier.isdigit():
         event = db.session.query(Event).filter_by(identifier=event_identifier).first()
@@ -235,7 +235,7 @@ def export_sessions_csv(event_identifier):
 
 
 @export_routes.route('/events/<string:event_identifier>/export/speakers/csv', methods=['GET'])
-@jwt_required()
+@jwt_required
 def export_speakers_csv(event_identifier):
     if not event_identifier.isdigit():
         event = db.session.query(Event).filter_by(identifier=event_identifier).first()
@@ -255,7 +255,7 @@ def export_speakers_csv(event_identifier):
 
 
 @export_routes.route('/events/<string:event_identifier>/export/sessions/pdf', methods=['GET'])
-@jwt_required()
+@jwt_required
 def export_sessions_pdf(event_identifier):
     if not event_identifier.isdigit():
         event = db.session.query(Event).filter_by(identifier=event_identifier).first()
@@ -275,7 +275,7 @@ def export_sessions_pdf(event_identifier):
 
 
 @export_routes.route('/events/<string:event_identifier>/export/speakers/pdf', methods=['GET'])
-@jwt_required()
+@jwt_required
 def export_speakers_pdf(event_identifier):
     if not event_identifier.isdigit():
         event = db.session.query(Event).filter_by(identifier=event_identifier).first()

app/api/feedbacks.py

@@ -1,6 +1,6 @@
+from flask_jwt_extended import current_user
 from flask_rest_jsonapi import ResourceDetail, ResourceList, ResourceRelationship
 from flask_rest_jsonapi.exceptions import ObjectNotFound
-from flask_jwt import current_identity as current_user
 
 from app.api.bootstrap import api
 from app.api.helpers.db import safe_query