-
-
Notifications
You must be signed in to change notification settings - Fork 240
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Helper functions for verifying JWTs in a request (#131)
This is useful for using flask before_requests, or creating your own decorators while utilizing flask_jwt_extended features.
- Loading branch information
Landon Gilbert-Bland
committed
May 11, 2018
1 parent
5d7868c
commit a027698
Showing
6 changed files
with
163 additions
and
35 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
Custom Decorators | ||
================= | ||
|
||
You can create your own decorators that extend the functionality of the | ||
decorators provided by this extension. For example, you may want to create | ||
your own decorator that verifies a JWT is present as well as verifying that | ||
this token has sufficient permissions/roles to access an endpoint. | ||
|
||
:ref:`Verify Tokens in Request` is a list of functions that can be | ||
used to build your own decorators (these are also what all the default | ||
decorators provided by this extension use internally). | ||
|
||
Here is an example of how this might look. | ||
|
||
.. literalinclude:: ../examples/custom_decorators.py | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
from functools import wraps | ||
|
||
from flask import Flask, jsonify, request | ||
from flask_jwt_extended import ( | ||
JWTManager, verify_jwt_in_request, create_access_token, | ||
get_jwt_claims | ||
) | ||
|
||
app = Flask(__name__) | ||
|
||
app.config['JWT_SECRET_KEY'] = 'super-secret' # Change this! | ||
jwt = JWTManager(app) | ||
|
||
|
||
|
||
# Here is a custom decorator that verifies the JWT is present in | ||
# the request, as well as insuring that this user has a role of | ||
# `admin` in the access token | ||
def admin_required(fn): | ||
@wraps(fn) | ||
def wrapper(*args, **kwargs): | ||
verify_jwt_in_request() | ||
claims = get_jwt_claims() | ||
if claims['roles'] != 'admin': | ||
return jsonify(msg='Admins only!'), 403 | ||
else: | ||
return fn(*args, **kwargs) | ||
return wrapper | ||
|
||
|
||
@jwt.user_claims_loader | ||
def add_claims_to_access_token(identity): | ||
if identity == 'admin': | ||
return {'roles': 'admin'} | ||
else: | ||
return {'roles': 'pesant'} | ||
|
||
|
||
@app.route('/login', methods=['POST']) | ||
def login(): | ||
username = request.json.get('username', None) | ||
access_token = create_access_token(username) | ||
return jsonify(access_token=access_token) | ||
|
||
|
||
@app.route('/protected', methods=['GET']) | ||
@admin_required | ||
def protected(): | ||
return jsonify(secret_message="go banana!") | ||
|
||
if __name__ == '__main__': | ||
app.run() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,13 +1,14 @@ | ||
from .jwt_manager import JWTManager | ||
from .view_decorators import ( | ||
jwt_required, fresh_jwt_required, jwt_refresh_token_required, jwt_optional | ||
fresh_jwt_required, jwt_optional, jwt_refresh_token_required, jwt_required, | ||
verify_fresh_jwt_in_request, verify_jwt_in_request, | ||
verify_jwt_in_request_optional, verify_jwt_refresh_token_in_request | ||
) | ||
from .utils import ( | ||
create_refresh_token, create_access_token, get_jwt_identity, | ||
get_jwt_claims, set_access_cookies, set_refresh_cookies, | ||
unset_jwt_cookies, unset_access_cookies, unset_refresh_cookies, | ||
get_raw_jwt, get_current_user, current_user, get_jti, decode_token, | ||
get_csrf_token | ||
create_access_token, create_refresh_token, current_user, decode_token, | ||
get_csrf_token, get_current_user, get_jti, get_jwt_claims, get_jwt_identity, | ||
get_raw_jwt, set_access_cookies, set_refresh_cookies, unset_access_cookies, | ||
unset_jwt_cookies, unset_refresh_cookies | ||
) | ||
|
||
__version__ = '3.8.2' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters