Changing the authentication/authorization logic (#14)

* Changed: .env, .gitignore, README.MD, added .pylintrc

* fixes in app/api/

* fixes in app/

* front-end fixes

Author: olegliubimov

.env

@@ -28,7 +28,7 @@ REACT_APP_DS_RETURN_URL=http://localhost:3000
 REACT_APP_API_BASE_URL=http://localhost:5001/api
 
 # The DS Authentication server
-REACT_APP_DS_AUTH_SERVER=https://account-d.docusign.com
+DS_AUTH_SERVER=https://account-d.docusign.com
 
 # Demo Docusign API URL
 REACT_APP_DS_DEMO_SERVER=https://demo.docusign.net

.gitignore

@@ -1,9 +1,13 @@
 *.pyc
 .idea
 
+.env
+__pycache__/
+flask_session/
+
 # pyenv
 .python-version
-/venv
+/venv/
 
 # Mac/OSX
 .DS_Store

.pylintrc

@@ -0,0 +1,5 @@
+[MASTER]
+disable=
+    C0114, # (missing-module-docstring)
+    C0115, # (missing-class-docstring)
+    C0116, # (missing-function-docstring)

README.MD

@@ -48,7 +48,7 @@ MySure demonstrates the following:
 * **DS_PRIVATE_KEY** - Private key string, source or path; for instance: /app/id_rsa
 * **REACT_APP_DS_RETURN_URL** - URL where the back end of the application is located (If you run it locally, use `http://localhost:3000`)
 * **REACT_APP_API_BASE_URL** - URL where the front end of the application is located; will be used by Docusign to redirect back after signing ceremony (If you run it locally, use `http://localhost:5001/api`)
-* **REACT_APP_DS_AUTH_SERVER** - The DocuSign authentication server (for testing purposes, use `https://account-d.docusign.com`)
+* **DS_AUTH_SERVER** - The DocuSign authentication server (for testing purposes, use `https://account-d.docusign.com`)
 * **REACT_APP_DS_DEMO_SERVER** - Link to the DocuSign demo server (for testing purposes, use `https://demo.docusign.net`)
 * **REACT_APP_DS_CLICKWRAP_URL** - Link to the hosted clickwrap client (for testing purposes, use `//demo.docusign.net/clickapi/sdk/latest/docusign-click.js`)
 

app/__init__.py

@@ -1,10 +1,12 @@
 from flask import Flask
 from flask_cors import CORS
-from flask_session import Session
+from dotenv import load_dotenv
 
 from app.api import clickwrap, requests, common, auth
 
 
+load_dotenv()
+
 URL_PREFIX = '/api'
 
 app = Flask(__name__)
@@ -13,5 +15,4 @@
 app.register_blueprint(common, url_prefix=URL_PREFIX)
 app.register_blueprint(requests, url_prefix=URL_PREFIX)
 app.register_blueprint(auth, url_prefix=URL_PREFIX)
-Session(app)
 cors = CORS(app)

app/api/auth.py

@@ -1,75 +1,84 @@
 from docusign_esign import ApiException
-from flask import Blueprint, jsonify, request, redirect, url_for
+from flask import Blueprint, jsonify, request, redirect, url_for, session
 from flask_cors import cross_origin
 
-from app.api.utils import process_error
 from app.ds_client import DsClient
+from .utils import process_error
+from .session_data import SessionData
 
 auth = Blueprint('auth', __name__)
 
 
 @auth.route('/code_grant_auth', methods=['GET'])
-@cross_origin(support_creadentials=True)
+@cross_origin()
 def code_grant_auth():
     try:
-        url = DsClient.code_auth()
-    except ApiException as ex:
-        return process_error(ex)
+        url = DsClient.get_redirect_uri()
+    except ApiException as exc:
+        return process_error(exc)
     return jsonify({
         'reason': 'Unauthorized',
         'response': 'Permissions should be granted for current integration',
-        'url': url}), 401
+        'url': url
+    }), 401
 
 
 @auth.route('/callback', methods=['POST'])
-@cross_origin(support_creadentials=True)
+@cross_origin()
 def callback():
     try:
-        try:
-            req_json = request.get_json(force=True)
-            code = req_json['code']
-        except TypeError:
-            return jsonify(message='Invalid json input'), 400
-        DsClient.callback(code)
+        req_json = request.get_json(force=True)
+    except TypeError:
+        return jsonify(message='Invalid json input'), 400
+
+    try:
+        auth_data = DsClient.callback(req_json['code'])
     except ApiException:
         return redirect(url_for("auth.jwt_auth"), code=307)
+
+    SessionData.set_auth_data(auth_data)
     return jsonify(message="Logged in with code grant"), 200
 
 
-@auth.route('/jwt_auth', methods=['POST'])
-@cross_origin(support_creadentials=True)
+@auth.route('/jwt_auth', methods=['GET'])
+@cross_origin()
 def jwt_auth():
     try:
-        DsClient.update_token()
-    except ApiException as ex:
-        return process_error(ex)
+        auth_data = DsClient.update_token()
+    except ApiException as exc:
+        return process_error(exc)
+
+    SessionData.set_auth_data(auth_data)
+    SessionData.set_payment_data()
+
     return jsonify(message="Logged in with JWT"), 200
 
 
 @auth.route('/get_status', methods=['GET'])
-@cross_origin(support_creadentials=True)
+@cross_origin()
 def get_status():
-    if DsClient.code_grant:
-        return jsonify(logged=DsClient.logged, auth_type="code_grant"), 200
-    elif DsClient.jwt_auth:
-        return jsonify(logged=DsClient.logged, auth_type="jwt"), 200
-    return jsonify(logged=DsClient.logged, auth_type="undefined"), 200
+    logged = SessionData.is_logged()
+    auth_type = session.get('auth_type')
+    return jsonify(logged=logged, auth_type=auth_type), 200
 
 
 @auth.route('/logout', methods=['POST'])
-@cross_origin(support_credentials=True)
+@cross_origin()
 def log_out():
-    DsClient.destroy()
+    session.clear()
     return jsonify(message="Logged out"), 200
 
 
 @auth.route('/check_payment', methods=['GET'])
-@cross_origin(support_credentials=True)
+@cross_origin()
 def check_payment():
     try:
-        if DsClient.check_payment_gateway():
-            return jsonify(message="User has a payment gateway account"), 200
-        else:
-            return jsonify(message="User doesn't have a payment gateway account"), 402
-    except ApiException as ex:
-        return process_error(ex)
+        payment_data = DsClient.check_payment_gateway(session)
+    except ApiException as exc:
+        return process_error(exc)
+
+    if payment_data:
+        session.update(payment_data)
+        return jsonify(message="User has a payment gateway account"), 200
+
+    return jsonify(message="User doesn't have a payment gateway account"), 402

app/api/clickwrap.py

@@ -1,5 +1,5 @@
 from docusign_esign import ApiException
-from flask import Blueprint, jsonify, request
+from flask import Blueprint, jsonify, request, session
 from flask_cors import cross_origin
 
 from app.api.utils import process_error, check_token
@@ -9,20 +9,22 @@
 
 
 @clickwrap.route('/clickwraps/renewal', methods=['POST'])
-@cross_origin(supports_credentials=True)
+@cross_origin()
 @check_token
 def insurance_renewal():
     """Create a clickwrap for submitting insurance policy renewal"""
     try:
-        try:
-            req_json = request.get_json(force=True)
-            clickwrap_args = {
-                'terms_name': req_json['terms-name'],
-                'display_name': req_json['display-name'],
-            }
-        except TypeError:
-            return jsonify(message='Invalid JSON input'), 400
-        clickwrap = Clickwrap.create(clickwrap_args)
-    except ApiException as ex:
-        return process_error(ex)
-    return jsonify(clickwrap=clickwrap)
+        req_json = request.get_json(force=True)
+    except TypeError:
+        return jsonify(message='Invalid JSON input'), 400
+
+    clickwrap_args = {
+        'terms_name': req_json['terms-name'],
+        'display_name': req_json['display-name'],
+    }
+
+    try:
+        clickwrap_ = Clickwrap.create(clickwrap_args, session)
+    except ApiException as exc:
+        return process_error(exc)
+    return jsonify(clickwrap=clickwrap_)

app/api/common.py

@@ -2,8 +2,7 @@
 
 common = Blueprint('common', __name__)
 
-
 @common.before_app_request
-def only_json():
+def only_json(): # pylint: disable-msg=inconsistent-return-statements
     if request.method == 'POST' and not request.is_json:
-        return jsonify({'error': 'Payload should be a JSON object'}), 400
+        return jsonify({'error': 'Payload should be a JSON'}), 400