New Files
/models/users.py - The model for the users table within the databsse
/models/revoked_tokens.py - the model for the revokedTokens table. This table is used to store all access and refresh tokens which have been revoked from users (due to logging out). When either an access or refresh JWT is required, a check is first done to determine whether these tokens are in the revokedTokens table
/resources/login.py - This file contains the logic for when the /login endpoint is called. This endpoint requires the user's email and password to sent in a POST request and if the email and password authentication is successful, along with the user being activated in the user table, an access and refresh JWT is sent to the user which can then be used for subsequent requests. NOTE: the SecretResource class in login.py was used to test whether the access JWT was functioning correctly.
/resources/refreshToken.py - This file contains the logic for when the /refreshToken endpoint is called. This endpoint requires a user's refresh JWT to be present in the authorization header. This endpoint will be called when a user's access token expires and results in a new access token being generated and sent back to the user.
/resources/logout.py - This file contains the logic for when the /revokeAccess and /revokeRefresh endpoints are called. The /revokeAccess endpoint requires an access JWT and when the endpoint is called, the token is added to the revokedTokens table and therefore it cannot be used in subsequent requests. The /revokeRefresh endpoint functions similarly to /revokeAccess accept that a refresh JWT is required
/resources/test_login_logout.py - contains the relevant tests for the functionality of the /login, /revokeAccess, /revokeRefresh and /refreshToken endpoints
Updated files
/Analytics/app.py - The relevant classes are imported which contain the logic for the /login, /refreshToken, /revokeAccess and /revokeRefresh endpoints, which are then exposed at lines 79 onwards. The flask app's configuration (app.config) is updated to include a JWT secret key, the amount of time it takes for access JWTs to expire and to indicate that tokens will be checked against a blacklisted token table.
An additional claim is added to the JWT at line 46 to include the users admin privileges. This will allow access to certain endpoints to be restricted to only admin users
New Files /models/users.py - The model for the users table within the databsse /models/revoked_tokens.py - the model for the revokedTokens table. This table is used to store all access and refresh tokens which have been revoked from users (due to logging out). When either an access or refresh JWT is required, a check is first done to determine whether these tokens are in the revokedTokens table
/resources/login.py - This file contains the logic for when the /login endpoint is called. This endpoint requires the user's email and password to sent in a POST request and if the email and password authentication is successful, along with the user being activated in the user table, an access and refresh JWT is sent to the user which can then be used for subsequent requests. NOTE: the SecretResource class in login.py was used to test whether the access JWT was functioning correctly.
/resources/refreshToken.py - This file contains the logic for when the /refreshToken endpoint is called. This endpoint requires a user's refresh JWT to be present in the authorization header. This endpoint will be called when a user's access token expires and results in a new access token being generated and sent back to the user.
/resources/logout.py - This file contains the logic for when the /revokeAccess and /revokeRefresh endpoints are called. The /revokeAccess endpoint requires an access JWT and when the endpoint is called, the token is added to the revokedTokens table and therefore it cannot be used in subsequent requests. The /revokeRefresh endpoint functions similarly to /revokeAccess accept that a refresh JWT is required
/resources/test_login_logout.py - contains the relevant tests for the functionality of the /login, /revokeAccess, /revokeRefresh and /refreshToken endpoints
Updated files
/Analytics/app.py - The relevant classes are imported which contain the logic for the /login, /refreshToken, /revokeAccess and /revokeRefresh endpoints, which are then exposed at lines 79 onwards. The flask app's configuration (app.config) is updated to include a JWT secret key, the amount of time it takes for access JWTs to expire and to indicate that tokens will be checked against a blacklisted token table. An additional claim is added to the JWT at line 46 to include the users admin privileges. This will allow access to certain endpoints to be restricted to only admin users