Skip to content

Add /auth/login endpoint for jwt securitzation #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 18 commits into from
Aug 18, 2025
Merged

Add /auth/login endpoint for jwt securitzation #13

merged 18 commits into from
Aug 18, 2025

Conversation

@codesungrape
Copy link
Collaborator

@codesungrape codesungrape commented Aug 15, 2025

Description

This PR adds /auth/login endpoint (PyJWT) to issue tokens after password verification and integrates Flask-Bcrypt for password hashing/verification.
It also adds a require_jwt decorator that validates Authorization: Bearer , and attaches user.

Please delete options that are not relevant.

  • New feature (non-breaking change which adds functionality)
  • This change requires a documentation update - HAVEN'T DONE YET
  • Code refactor (improving code quality without changing functionality)

How Has This Been Tested?

Automated test suite in tests/test_auth.py
Manual Testing with cURL and mongosh
CI/CD

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • My individual commit messages are descriptive and follow our commit guidelines
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

@codesungrape
Setup fixture for mock database with user inserted
846ea7f
@codesungrape
Refactor fixture using exisitng test_app mock database
99751e9
@codesungrape
Install and initialize Flask-Bcrypt globally in app
4fe49bd
@codesungrape
Use Flask-Bcrypt in mock_user_data fixture; standardize password key
a5ae537
@codesungrape
Add /auth/login test suite covering success, failures, and edge cases
e863158 
- Test valid login returns 200 with correct JWT payload
- Test wrong password returns 401 with 'Invalid credentials'
- Test non-existent user returns 401
- Test missing data returns 400 with specific error message
- Parametrize payload variations for missing data cases
- Test PyJWT encoding error returns 500 with proper message
@codesungrape
Implement /login route with JWT authentication using PyJWT
6fea4f4 
- Validate email and password from request
- Look up user in MongoDB
- Verify password hash with Flask-Bcrypt
- Generate JWT with sub, iat, and exp claims
- Handle PyJWTError with 500 response
@codesungrape
Run formatting
f4f7116
@codesungrape
Standardize password key in seed_users.py and related tests
692e051
@codesungrape
Add minimal Flask app & route to isolate decorator
1453502
@codesungrape
Add test for auth header missing & malformed
0e9ee60
@codesungrape
Add tests 4 jwt.decode errors with monkeypatch + unittest.mock patch
d983fe4
@codesungrape
Add tests for invalid user_id in token and missing user in DB
e334ba9
@codesungrape
Add test for require_jwt decorator happy path
72284ce
@codesungrape
Add require_jwt decorator: validate Bearer token and attach user
64e88c3
@codesungrape
Silence Pylint errors- WIP
e80878a
Copilot AI reviewed Aug 15, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements JWT-based authentication by adding a /auth/login endpoint and a require_jwt decorator for protecting routes. The changes integrate Flask-Bcrypt for password hashing and PyJWT for token generation/validation, replacing the previous basic bcrypt implementation.

  • Adds JWT authentication with login endpoint and route protection decorator
  • Migrates from raw bcrypt to Flask-Bcrypt for consistent password hashing
  • Updates database schema to use password field instead of password_hash

Reviewed Changes

Copilot reviewed 9 out of 10 changed files in this pull request and generated 6 comments.

Show a summary per file
File Description
app/extensions.py Adds Flask-Bcrypt extension initialization
app/init.py Initializes bcrypt extension in application factory
app/routes/auth_routes.py Adds login endpoint with JWT token generation and migrates to Flask-Bcrypt
app/utils/decorators.py Implements JWT validation decorator for protecting routes
scripts/seed_users.py Updates user seeding to use new password field name
tests/conftest.py Adds test fixtures for seeded user data with hashed passwords
tests/test_auth.py Adds comprehensive tests for login endpoint functionality
tests/test_decorators.py Adds thorough test coverage for JWT decorator validation
tests/scripts/test_seed_users.py Updates test to use new password field name

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

tests/test_decorators.py Outdated
"""
Test suite for decorators
To test the decorator in isolation, we'll create a tiny, temporary Flask app inside out test file.
Copy link

Copilot AI Aug 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo: 'out' should be 'our'

Suggested change
To test the decorator in isolation, we'll create a tiny, temporary Flask app inside out test file.
To test the decorator in isolation, we'll create a tiny, temporary Flask app inside our test file.

Copilot uses AI. Check for mistakes.
tests/test_auth.py Outdated
assert data["error"] == expected_message


def test_loginhandles_jwp_encoding_error(client, seeded_user_in_db):
Copy link

Copilot AI Aug 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Function name has typos: 'loginhandles' should be 'login_handles' and 'jwp' should be 'jwt'

Suggested change
def test_loginhandles_jwp_encoding_error(client, seeded_user_in_db):
def test_login_handles_jwt_encoding_error(client, seeded_user_in_db):

Copilot uses AI. Check for mistakes.
tests/test_auth.py Outdated
}
# Patch jwt.encode() to be a mock
with patch("app.routes.auth_routes.jwt.encode") as mock_jwt_encode:
# Configure the mosk to raise the specific exception we want to test
Copy link

Copilot AI Aug 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo: 'mosk' should be 'mock'

Suggested change
# Configure the mosk to raise the specific exception we want to test
# Configure the mock to raise the specific exception we want to test

Copilot uses AI. Check for mistakes.
tests/conftest.py Outdated
@pytest.fixture(scope="session") # because this data never changes
def mock_user_data():
"""Provides a dictionary of a test user's data, with a hashed password."""
# USe Flask-Bcrypt's fucntion to CREATE the hash.
Copy link

Copilot AI Aug 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment has typos: 'USe' should be 'Use' and 'fucntion' should be 'function'

Suggested change
# USe Flask-Bcrypt's fucntion to CREATE the hash.
# Use Flask-Bcrypt's function to CREATE the hash.

Copilot uses AI. Check for mistakes.
app/utils/decorators.py Outdated
@@ -0,0 +1,65 @@
# pylint: disable=too-many-return-statements
"""..."""
Copy link

Copilot AI Aug 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Module docstring is incomplete - should describe the purpose of the decorators module

Suggested change
"""..."""
"""
This module provides decorators for Flask routes, including JWT authentication.
The `require_jwt` decorator protects routes by verifying JWT tokens in the
'Authorization: Bearer <token>' header, decoding and validating the token,
and attaching the authenticated user to the request context.
"""

Copilot uses AI. Check for mistakes.
app/routes/auth_routes.py
import jwt
from email_validator import EmailNotValidError, validate_email
from flask import Blueprint, jsonify, request
from flask import Blueprint, current_app, jsonify, request
Copy link

Copilot AI Aug 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] Import organization: datetime and jwt imports should be grouped together as they are both third-party libraries

Copilot uses AI. Check for mistakes.
@codesungrape codesungrape merged commit 16337b4 into main Aug 18, 2025
2 checks passed
@codesungrape codesungrape deleted the Add-/auth/register-endpoint-for-JWT-securitsation branch August 19, 2025 08:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@newmaldenite newmaldenite newmaldenite approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@codesungrape @newmaldenite