Feature/login (#293) (#322)

Co-authored-by: kobyfogel <[email protected]>

Author: yammesicka

app/internal/security/dependancies.py

@@ -1,8 +1,13 @@
+from fastapi import Depends, HTTPException
+from starlette.status import HTTP_401_UNAUTHORIZED
 from starlette.requests import Request
 
+from app.database.models import User
 from app.dependencies import get_db
 from app.internal.security.ouath2 import (
-    Depends, Session, check_jwt_token, get_authorization_cookie)
+    Session, get_jwt_token, get_authorization_cookie
+)
+from app.internal.security import schema
 
 
 async def is_logged_in(
@@ -11,7 +16,7 @@ async def is_logged_in(
     """
     A dependency function protecting routes for only logged in user
     """
-    await check_jwt_token(db, jwt)
+    await get_jwt_token(db, jwt)
     return True
 
 
@@ -21,5 +26,47 @@ async def is_manager(
     """
     A dependency function protecting routes for only logged in manager
     """
-    await check_jwt_token(db, jwt, manager=True)
-    return True
+    jwt_payload = await get_jwt_token(db, jwt)
+    if jwt_payload.get("is_manager"):
+        return True
+    raise HTTPException(
+                status_code=HTTP_401_UNAUTHORIZED,
+                headers=request.url.path,
+                detail="You don't have a permition to enter this page")
+
+
+async def current_user_from_db(
+    request: Request,
+    db: Session = Depends(get_db),
+    jwt: str = Depends(get_authorization_cookie),
+) -> User:
+    """
+    Returns logged in User object.
+    A dependency function protecting routes for only logged in user.
+    """
+    jwt_payload = await get_jwt_token(db, jwt)
+    username = jwt_payload.get("sub")
+    user_id = jwt_payload.get("user_id")
+    db_user = await User.get_by_username(db, username=username)
+    if db_user and db_user.id == user_id:
+        return db_user
+    else:
+        raise HTTPException(
+                status_code=HTTP_401_UNAUTHORIZED,
+                headers=request.url.path,
+                detail="Your token is incorrect. Please log in again")
+
+
+async def current_user(
+    request: Request,
+    db: Session = Depends(get_db),
+    jwt: str = Depends(get_authorization_cookie),
+) -> schema:
+    """
+    Returns logged in User object.
+    A dependency function protecting routes for only logged in user.
+    """
+    jwt_payload = await get_jwt_token(db, jwt)
+    username = jwt_payload.get("sub")
+    user_id = jwt_payload.get("user_id")
+    return schema.CurrentUser(user_id=user_id, username=username)

app/internal/security/ouath2.py

@@ -63,28 +63,18 @@ def create_jwt_token(
     return jwt_token
 
 
-async def check_jwt_token(
+async def get_jwt_token(
     db: Session,
-    token: str = Depends(oauth_schema),
-    path: bool = None,
-    manager: bool = False,
-) -> User:
+        token: str = Depends(oauth_schema),
+        path: Union[bool, str] = None) -> User:
     """
     Check whether JWT token is correct.
     Returns jwt payloads if correct.
     Raises HTTPException if fails to decode.
     """
     try:
-        jwt_payload = jwt.decode(token, JWT_KEY, algorithms=JWT_ALGORITHM)
-        if not manager:
-            return True
-        if jwt_payload.get("is_manager"):
-            return True
-        raise HTTPException(
-            status_code=HTTP_401_UNAUTHORIZED,
-            headers=path,
-            detail="You don't have a permition to enter this page",
-        )
+        jwt_payload = jwt.decode(
+            token, JWT_KEY, algorithms=JWT_ALGORITHM)
     except InvalidSignatureError:
         raise HTTPException(
             status_code=HTTP_401_UNAUTHORIZED,
@@ -101,8 +91,8 @@ async def check_jwt_token(
         raise HTTPException(
             status_code=HTTP_401_UNAUTHORIZED,
             headers=path,
-            detail="Your token is incorrect. Please log in again",
-        )
+            detail="Your token is incorrect. Please log in again")
+    return jwt_payload
 
 
 async def get_authorization_cookie(request: Request) -> str:

app/internal/security/schema.py

@@ -3,15 +3,22 @@
 from pydantic import BaseModel
 
 
-class LoginUser(BaseModel):
+class CurrentUser(BaseModel):
     """
     Validating fields types
-    Returns a User object for signing in.
+    Returns a user details as a class.
     """
     user_id: Optional[int]
-    is_manager: Optional[bool]
     username: str
-    password: str
 
     class Config:
         orm_mode = True
+
+
+class LoginUser(CurrentUser):
+    """
+    Validating fields types
+    Returns a User object for signing in.
+    """
+    is_manager: Optional[bool]
+    password: str

app/static/style.css

@@ -96,11 +96,22 @@ p {
   border: none;
   background-color: whitesmoke;
 }
+  
+.error-message {
+    line-height: 0;
+    color: red;
+    padding-left: 12.5rem;
+}
+
+.subtitle {
+    font-size: 1.25rem;
+}
 
 .error-message {
     line-height: 0;
     color: red;
     padding-left: 12.5rem;
+    margin-bottom: 1em;
 }
 
 .input-upload-file {

git

@@ -1,6 +1,10 @@
-from app.internal.security.dependancies import (is_manager, is_logged_in)
 from fastapi import APIRouter, Depends, Request
 
+from app.internal.security.dependancies import (
+    current_user, current_user_from_db,
+    is_logged_in, is_manager, User
+)
+
 
 """
 These routes are for security testing.
@@ -14,20 +18,43 @@
 )
 
 
-@router.get('/protected')
-async def protected_route(
+@router.get('/is_logged_in')
+async def is_logged_in(
         request: Request, user: bool = Depends(is_logged_in)):
-    # This is how to protect route for logged in user only.
-    # Dependency will return True.
-    # if user not looged-in, will be redirected to login route.
+    """This is how to protect route for logged in user only.
+    Dependency will return True.
+    if user not looged-in, will be redirected to login route.
+    """
     return {"user": user}
 
 
-@router.get('/manager')
-async def manager_route(
+@router.get('/is_manager')
+async def is_manager(
         request: Request, user: bool = Depends(is_manager)):
-    # This is how to protect route for logged in manager only.
-    # Dependency will return True.
-    # if user not looged-in, or have no manager permission,
-    # will be redirected to login route.
+    """This is how to protect route for logged in manager only.
+    Dependency will return True.
+    if user not looged-in, or have no manager permission,
+    will be redirected to login route.
+    """
     return {"manager": user}
+
+
+@router.get('/current_user_from_db')
+async def current_user_from_db(
+        request: Request, user: User = Depends(current_user_from_db)):
+    """This is how to protect route for logged in user only.
+    Dependency will return User object.
+    if user not looged-in, will be redirected to login route.
+    """
+    return {"user": user.username}
+
+
+@router.get('/current_user')
+async def current_user(
+        request: Request, user: User = Depends(current_user)):
+    """This is how to protect route for logged in user only.
+    Dependency will return schema.CurrentUser object,
+    contains user_id and username.
+    if user not looged-in, will be redirected to login route.
+    """
+    return {"user": user.username}