Fixes #1031 : Added Token service for validating request from frontend (

#1036)

api/controllers/loginUser.py

@@ -1,48 +1,39 @@
 import jwt
-import datetime
 
 from flask import Blueprint, jsonify, request
 from flask import current_app as app
-from api.utils.response import Response
-from api.helpers.verifyPassword import verifyPassword
 from api.models.user import User
 from api.schemas.user import FTLUserSchema
+from api.schemas.token import LoginTokenSchema
 from api.utils.errors import ErrorResponse
 from api.schemas.errors import (
-    JsonNotFound,
     UserNotFound,
     OperationNotFound,
-    PasswordNotFound
 )
 
 
 router = Blueprint('loginUser', __name__)
 
 
-@router.route('/login', methods=['POST'])
+@router.route('/login')
 def login():
-    try:
-        data = request.get_json()
-    except Exception:
-        return ErrorResponse(JsonNotFound().message, 422, {'Content-Type': 'application/json'}).respond()
-
-    if 'name' in data.keys():
-        user = User.getUser(username=data['name'])
-        uid = data['uid']
+    args = request.args
+    if 'id' in args.keys():
+        user = User.getUser(user_id=args['id'])
+        uid = user.id
         if not user:
             return ErrorResponse(UserNotFound(uid).message, 422, {'Content-Type': 'application/json'}).respond()
 
-        if not verifyPassword(user, data['password']):
-            return ErrorResponse(PasswordNotFound().message, 422, {'Content-Type': 'application/json'}).respond()
-
+        # Token that is not expiring and validated for the whole session
         token = jwt.encode(
-            {'user': user.username,
-             'exp': datetime.datetime.utcnow() + datetime.timedelta(seconds=900)},
+            {'user': user.username},
             app.config.get('SECRET_KEY'))
 
-        return jsonify(
-            Response(200).generateToken(
-                token.decode('UTF-8')))
+        resp = {
+            'id': user.id,
+            'token': token.decode('UTF-8')}
+
+        return jsonify(LoginTokenSchema().dump(resp).data)
 
     return ErrorResponse(OperationNotFound().message, 422, {'Content-Type': 'application/json'}).respond()
 

api/controllers/oauthToken.py

@@ -1,4 +1,3 @@
-import datetime
 import jwt
 
 
@@ -24,8 +23,7 @@ def oauth_token():
 
     try:
         token = jwt.encode(
-            {'user': data.get('username'),
-             'exp': datetime.datetime.utcnow() + datetime.timedelta(seconds=900)},
+            {'user': data.get('username')},
             app.config.get('SECRET_KEY'))
 
     except Exception:

api/schemas/token.py

@@ -18,3 +18,12 @@ class Meta:
 
     id = fields.Str(required=True, dump_only=True)
     valid = fields.Bool(required=True)
+
+
+class LoginTokenSchema(Schema):
+    class Meta:
+        type_ = 'login-tokens'
+        kwargs = {'id': '<id>'}
+
+    id = fields.Str(required=True, dump_only=True)
+    token = fields.Str(required=True)

frontend/app/adapters/badge.js

@@ -1,11 +1,20 @@
 import ApplicationAdapter from './application';
 import ENV from '../config/environment';
+import { computed } from '@ember/object';
+import { inject as service } from '@ember/service';
+
 
 const { APP } = ENV;
 
 export default ApplicationAdapter.extend({
-  host        : APP.backLink,
-  pathForType : () => {
+  host       : APP.backLink,
+  loginToken : service('auth-session'),
+  headers    : computed('loginToken.authToken', function() {
+    return {
+      'x-access-token': this.get('loginToken.sessionToken')
+    };
+  }),
+  pathForType: () => {
     return 'api/generate_badges';
   }
 });

frontend/app/adapters/bg-color.js

@@ -1,11 +1,20 @@
 import ApplicationAdapter from './application';
 import ENV from '../config/environment';
+import { computed } from '@ember/object';
+import { inject as service } from '@ember/service';
+
 
 const { APP } = ENV;
 
 export default ApplicationAdapter.extend({
-  host        : APP.backLink,
-  pathForType : () => {
+  host       : APP.backLink,
+  loginToken : service('auth-session'),
+  headers    : computed('loginToken.authToken', function() {
+    return {
+      'x-access-token': this.get('loginToken.sessionToken')
+    };
+  }),
+  pathForType: () => {
     return 'api/upload/background_color';
   }
 });

frontend/app/adapters/csv-file.js

@@ -1,12 +1,20 @@
 import DS from 'ember-data';
 import ENV from '../config/environment';
+import { computed } from '@ember/object';
+import { inject as service } from '@ember/service';
 
 const { APP } = ENV;
 const { RESTAdapter } = DS;
 
 export default RESTAdapter.extend({
-  host        : APP.backLink,
-  pathForType : () => {
+  host       : APP.backLink,
+  loginToken : service('auth-session'),
+  headers    : computed('loginToken.authToken', function() {
+    return {
+      'x-access-token': this.get('loginToken.sessionToken')
+    };
+  }),
+  pathForType: () => {
     return 'api/upload/file';
   }
 });

frontend/app/adapters/cust-img-file.js

@@ -1,11 +1,20 @@
 import ApplicationAdapter from './application';
 import ENV from '../config/environment';
+import { computed } from '@ember/object';
+import { inject as service } from '@ember/service';
+
 
 const { APP } = ENV;
 
 export default ApplicationAdapter.extend({
-  host        : APP.backLink,
-  pathForType : () => {
+  host       : APP.backLink,
+  loginToken : service('auth-session'),
+  headers    : computed('loginToken.authToken', function() {
+    return {
+      'x-access-token': this.get('loginToken.sessionToken')
+    };
+  }),
+  pathForType: () => {
     return 'api/upload/image';
   }
 });

frontend/app/adapters/def-image-upload.js

@@ -1,12 +1,21 @@
 import DS from 'ember-data';
 import ENV from '../config/environment';
+import { computed } from '@ember/object';
+import { inject as service } from '@ember/service';
+
 
 const { APP } = ENV;
 const { JSONAPIAdapter } = DS;
 
 export default JSONAPIAdapter.extend({
-  host        : APP.backLink,
-  pathForType : () => {
+  host       : APP.backLink,
+  loginToken : service('auth-session'),
+  headers    : computed('loginToken.authToken', function() {
+    return {
+      'x-access-token': this.get('loginToken.sessionToken')
+    };
+  }),
+  pathForType: () => {
     return 'api/upload/upload_default';
   }
 });

frontend/app/adapters/def-image.js

@@ -1,11 +1,19 @@
 import ApplicationAdapter from './application';
 import ENV from '../config/environment';
+import { computed } from '@ember/object';
+import { inject as service } from '@ember/service';
 
 const { APP } = ENV;
 
 export default ApplicationAdapter.extend({
-  host        : APP.backLink,
-  pathForType : () => {
+  host       : APP.backLink,
+  loginToken : service('auth-session'),
+  headers    : computed('loginToken.authToken', function() {
+    return {
+      'x-access-token': this.get('loginToken.sessionToken')
+    };
+  }),
+  pathForType: () => {
     return 'api/default_images';
   }
 });

frontend/app/adapters/login-token.js

@@ -0,0 +1,12 @@
+import DS from 'ember-data';
+import ENV from '../config/environment';
+
+const { JSONAPIAdapter } = DS;
+const { APP } = ENV;
+
+export default JSONAPIAdapter.extend({
+  host        : APP.backLink,
+  pathForType : () => {
+    return 'user/login';
+  }
+});

frontend/app/adapters/my-badges.js

@@ -1,12 +1,20 @@
 import ApplicationAdapter from './application';
 import ENV from '../config/environment';
+import { computed } from '@ember/object';
+import { inject as service } from '@ember/service';
 
 const { APP } = ENV;
 
 export default ApplicationAdapter.extend({
-  host: APP.backLink,
+  host       : APP.backLink,
+  loginToken : service('auth-session'),
+  headers    : computed('loginToken.authToken', function() {
+    return {
+      'x-access-token': this.get('loginToken.sessionToken')
+    };
+  }),
   pathForType() {
     const user = this.get('session.currentUser');
     return 'api/get_badges?uid=' + user.uid;
   }
-});
+});

frontend/app/adapters/profile-image.js

@@ -1,12 +1,20 @@
 import DS from 'ember-data';
 import ENV from '../config/environment';
+import { computed } from '@ember/object';
+import { inject as service } from '@ember/service';
 
 const { JSONAPIAdapter } = DS;
 const { APP } = ENV;
 
 export default JSONAPIAdapter.extend({
-  host        : APP.backLink,
-  pathForType : () => {
+  host       : APP.backLink,
+  loginToken : service('auth-session'),
+  headers    : computed('loginToken.authToken', function() {
+    return {
+      'x-access-token': this.get('loginToken.sessionToken')
+    };
+  }),
+  pathForType: () => {
     return 'update/profileImage';
   }
 });

frontend/app/adapters/text-data.js

@@ -1,11 +1,19 @@
 import ApplicationAdapter from './application';
 import ENV from '../config/environment';
+import { computed } from '@ember/object';
+import { inject as service } from '@ember/service';
 
 const { APP } = ENV;
 
 export default ApplicationAdapter.extend({
-  host        : APP.backLink,
-  pathForType : () => {
+  host       : APP.backLink,
+  loginToken : service('auth-session'),
+  headers    : computed('loginToken.authToken', function() {
+    return {
+      'x-access-token': this.get('loginToken.sessionToken')
+    };
+  }),
+  pathForType: () => {
     return 'api/upload/manual_data';
   }
 });

frontend/app/adapters/valid-token.js

@@ -1,5 +1,7 @@
 import DS from 'ember-data';
 import ENV from '../config/environment';
+import { computed } from '@ember/object';
+import { inject as service } from '@ember/service';
 
 const { JSONAPIAdapter } = DS;
 const { APP } = ENV;

frontend/app/controllers/login.js

@@ -5,8 +5,9 @@ import Controller from '@ember/controller';
 const { inject } = Ember;
 
 export default Controller.extend({
-  session : inject.service(),
-  notify  : inject.service('notify'),
+  session   : inject.service(),
+  notify    : inject.service('notify'),
+  authToken : inject.service('auth-session'),
   beforeModel() {
     return this.get('session').fetch().catch(function() {});
   },
@@ -36,8 +37,7 @@ export default Controller.extend({
               relationships: {}
             }]
           });
-          this_.transitionToRoute('/');
-          this_.get('notify').success('Log In Successful');
+          this_.send('generateLoginToken', userData.uid);
         }).catch(function(err) {
           console.log(err.message);
           this_.get('notify').error('Log In Failed ! Please try again');
@@ -55,8 +55,7 @@ export default Controller.extend({
           });
           user_.save()
             .then(obj => {
-              this_.transitionToRoute('/');
-              this_.get('notify').success('Log In Successful');
+              this_.send('generateLoginToken', obj.id);
             })
             .catch(err => {
               console.log(err);
@@ -66,6 +65,21 @@ export default Controller.extend({
           this_.get('notify').error('Log In Failed ! Please try again');
         });
       }
+    },
+
+    generateLoginToken(id) {
+      const this_ = this;
+      this.get('store').queryRecord('login-token', {
+        id
+      })
+        .then(record => {
+          this_.get('authToken').updateToken(record.token);
+          this_.transitionToRoute('/');
+          this_.get('notify').success('Log In Successful');
+        })
+        .catch(err => {
+          this_.get('notify').error('Unable to validate user');
+        });
     }
   }
 });

frontend/app/models/login-token.js

@@ -0,0 +1,7 @@
+import DS from 'ember-data';
+
+const { Model, attr } = DS;
+
+export default Model.extend({
+  token: attr('string')
+});