From 1cd08951ad90e23b7a61678e14629af43675576b Mon Sep 17 00:00:00 2001
From: Matt Lewellyn <guruofgentoo@gmail.com>
Date: Tue, 6 Jul 2021 13:11:42 -0400
Subject: [PATCH] update JWT usage to reflect flask-jwt-extended changes - lib
 had breaking changes in 4.0.0

---
 keg_auth/libs/authenticators.py       | 12 +++++++-----
 keg_auth/tests/test_authenticators.py |  2 +-
 setup.py                              |  4 ++--
 3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/keg_auth/libs/authenticators.py b/keg_auth/libs/authenticators.py
index bcbfced..cd00d53 100644
--- a/keg_auth/libs/authenticators.py
+++ b/keg_auth/libs/authenticators.py
@@ -927,24 +927,26 @@ def __init__(self, app):
         def user_identity_loader(user):
             """
             Serialize a user entity to the JWT token
-            This method is the complement of `user_loader_callback_loader`
+            This method is the complement of `user_lookup_loader`
             """
             return user.session_key
 
-        @jwt_manager.user_loader_callback_loader
-        def user_loader_callback_loader(session_key):
+        @jwt_manager.user_lookup_loader
+        def user_loader_callback_loader(jwt_header, jwt_data):
             """
             Load a user entity from the JWT token
             This method is the complement of `user_identity_loader`
 
             Note, if user is not found or inactive, fail silently - user just won't get loaded
             """
-            return self.user_ent.get_by(session_key=session_key, is_active=True)
+            data_key = flask.current_app.config.get('JWT_IDENTITY_CLAIM')
+            return self.user_ent.get_by(session_key=jwt_data[data_key], is_active=True)
 
     @staticmethod
     def get_authenticated_user():
         try:
-            flask_jwt_extended.verify_jwt_in_request()
+            if flask_jwt_extended.verify_jwt_in_request() is None:
+                return None
             user = flask_jwt_extended.get_current_user()
             flask_login.login_user(user)
             return user
diff --git a/keg_auth/tests/test_authenticators.py b/keg_auth/tests/test_authenticators.py
index 158bf64..bd522af 100644
--- a/keg_auth/tests/test_authenticators.py
+++ b/keg_auth/tests/test_authenticators.py
@@ -258,7 +258,7 @@ def test_create_access_token(self):
         user = User.testing_create()
         jwt_auth = auth.JwtRequestLoader(flask.current_app)
         token = jwt_auth.create_access_token(user)
-        assert flask_jwt_extended.decode_token(token)['identity'] == user.session_key
+        assert flask_jwt_extended.decode_token(token)['sub'] == user.session_key
 
 
 class TestPasswordPolicy:
diff --git a/setup.py b/setup.py
index 5ac8e79..05a3716 100644
--- a/setup.py
+++ b/setup.py
@@ -51,7 +51,7 @@
             'email_validator',
             'flake8',
             'flask-bootstrap',
-            'flask-jwt-extended<4.0',
+            'flask-jwt-extended>=4.0.0',
             'flask-mail',
             'flask-oidc',
             'flask-webtest',
@@ -70,7 +70,7 @@
             'webgrid[i18n]'
         ],
         'jwt': [
-            'flask-jwt-extended',
+            'flask-jwt-extended>=4.0.0',
         ],
         'ldap': [
             'python-ldap',