Should fix login and CORS shit

ef9a1c08 · Patrick van der Leer · 5ac0f1a0 · ef9a1c08 · ef9a1c08
Commit ef9a1c08 authored Mar 13, 2019 by Patrick van der Leer
--- a/eBookHub/__init__.py
+++ b/eBookHub/__init__.py
@@ -21,22 +21,29 @@ def init(config_object=ProdConfig):
    """
    app = Flask(__name__)
    app.config.from_object(config_object)
-    app.config['intercept_exceptions'] = False
+    # app.config['intercept_exceptions'] = False
    with app.app_context():
        configure_extensions(app)
        configure_scheduler(app)
        configure_logging(app)
-        configure_blueprints(app)
        CORS(
            app,
-            origins='*',
+            origins=[
+                'http://localhost',
+                'http://localhost:5000',
+                'http://localhost:8081',
+            ],
            allow_headers=[
                'Content-Type',
                'Authorization',
                'Access-Control-Allow-Credentials'
            ],
+            expose_headers=[
+                'Authorization',
+            ],
            supports_credentials=True
        )
+        configure_blueprints(app)
        configure_shellcontext(app)
    return app


--- a/eBookHub/api/auth.py
+++ b/eBookHub/api/auth.py
 from functools import wraps

-from flask import Blueprint, jsonify, request
+from flask import Blueprint, jsonify, request, make_response
 from flask_httpauth import HTTPBasicAuth
 from flask_jwt_extended import jwt_refresh_token_required, get_jwt_identity, unset_jwt_cookies, set_access_cookies, \
    set_refresh_cookies
@@ -53,6 +53,8 @@ def login():
    if user is None:
        return jsonify({'login': False}), 200

+    access_token = user.create_access_token()
+    refresh_token = user.create_refresh_token()
    resp = jsonify({
        'login': True,
        'user': {
@@ -61,28 +63,31 @@ def login():
            'email': user.email,
        }
    })
-    set_access_cookies(resp, user.create_access_token())
-    set_refresh_cookies(resp, user.create_refresh_token())
+    resp.headers['Authorization'] = "Bearer {}".format(access_token)
+    set_access_cookies(resp, access_token)
+    set_refresh_cookies(resp, refresh_token)
    return resp, 200


 # Same thing as login here, except we are only setting a new cookie
 # for the access token.
-@auth_app.route('/token/refresh', methods=['POST'])
+@auth_app.route('/token/refresh', methods=['GET'])
 @jwt_refresh_token_required
 def refresh():
    from eBookHub.models import User
    current_user = User.query.filter_by(email=get_jwt_identity()).first()
-    access_token = current_user.create_access_token(identity=current_user)
+    access_token = current_user.create_access_token()

    # Set the JWT access cookie in the response
    resp = jsonify({'refresh': True})
    set_access_cookies(resp, access_token)
+    resp.headers['Authorization'] = "Bearer {}".format(access_token)
    return resp, 200


-@auth_app.route('/token/remove', methods=['POST'])
+@auth_app.route('/token/remove', methods=['GET'])
 def logout():
    resp = jsonify({'logout': True})
    unset_jwt_cookies(resp)
+    resp.headers['Authorization'] = ""
    return resp, 200