Updates for flask-jwt-extended v4

c-simpson · c-simpson · commit 8065f84832b6 · 2021-02-17T17:04:30.000-05:00
diff --git a/src/server/api/jwt_ops.py b/src/server/api/jwt_ops.py
@@ -6,7 +6,8 @@
     create_access_token,
     get_jwt_identity,
     verify_jwt_in_request,
-    get_jwt_claims,
+    get_jwt
+   
 )
 
 from app import app, jwt
@@ -16,28 +17,20 @@ def admin_required(fn):
     @wraps(fn)
     def wrapper(*args, **kwargs):
         verify_jwt_in_request()
-        claims = get_jwt_claims()
+        claims = get_jwt()
         if claims["role"] != "admin":  # TODO could be multiple
             return jsonify(msg="Admins only!"), 403
         else:
             return fn(*args, **kwargs)
 
     return wrapper
 
-
-@jwt.user_claims_loader
-def add_claims_to_access_token(accesslevel):
-    """ Adds role k/v to token """
-    return {"role": accesslevel}
-
-
 def create_token(username, accesslevel):
-    """ Create a JWT *access* token for the specified user and role. 
-        Role is magically added by the user_claims_loader decorator 
+    """ Create a JWT *access* token for the specified user ('sub:') and role ('role:'). 
     """
-    # Identity can be any data that is json serializable
-    new_token = create_access_token(identity=username)
-    # add_claims_to_access_token(accesslevel)
+    # Identity can be any data that is json serializable, we just use username
+    addl_claims = {'role': accesslevel}
+    new_token = create_access_token(identity=username, additional_claims=addl_claims)
     return jsonify(access_token=new_token)
 
 
diff --git a/src/server/api/user_api.py b/src/server/api/user_api.py
@@ -145,15 +145,15 @@ def user_login_json():
 
 
 @user_api.route("/api/user/test_auth", methods=["GET"])
-@jwt_ops.jwt_required
+@jwt_ops.jwt_required()
 def user_test_auth():
     """ Liveness test, requires JWT """
     return jsonify(("OK from User Test - Auth  @" + str(datetime.now())))
 
 
 # Logout is not strictly needed; client can just delete JWT, but good for logging
 @user_api.route("/api/user/logout", methods=["POST"])
-@jwt_ops.jwt_required
+@jwt_ops.jwt_required()
 def user_logout():
     username = request.form["username"]  # TODO: Should be JSON all throughout
     # Log the request
diff --git a/src/server/requirements.txt b/src/server/requirements.txt
@@ -10,7 +10,7 @@ xlrd==1.2.0  # currently used for xlsx, but we should consider adjusting code to
 openpyxl
 requests
 pytest
-flask-jwt-extended=3.25.0  # Breaking change in 4.0
+flask-jwt-extended=4.0.2
 alembic
 flask-cors
 phonenumbers
