Merge branch 'master' into add_user_logout_using_blacklist

Author: jslvtr

.gitignore

@@ -1,3 +1,4 @@
+.vscode/
 *.pyc
 .idea/
 __pycache__/

section11/README.md

@@ -83,7 +83,7 @@ tips:
 Introduce the concept of `claims`, it's just the data we choose to attach to the JWT payload. Use the `Item.delete()` endpoint as example, we make it only accessible by authenticated admins. So we need to configure the claims in `app.py` and decide whether a user is an admin, then we add a boolean claim `is_admin` to the JWT payload.
 
 tips:
-- `get_jwt_oidentity()` now as opposed to `current_identity`
+- `get_jwt_identity()` now as opposed to `current_identity`
 - The identity is just the user id now as opposed to a UserModel object.
 
 ### Half protected endpoints

section11/app.py

@@ -4,36 +4,34 @@
 
 from db import db
 from blacklist import BLACKLIST
-from resources.user import UserRegister, UserLogin, TokenRefresh, UserLogout
+from resources.user import UserRegister, UserLogin, User, TokenRefresh, UserLogout
 from resources.item import Item, ItemList
 from resources.store import Store, StoreList
 
 app = Flask(__name__)
 app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///data.db'
 app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
+app.config['PROPAGATE_EXCEPTIONS'] = True
 api = Api(app)
-db.init_app(app)
 
 """
-JWT related configurations began. The following functions includes:
+JWT related configuration. The following functions includes:
 1) add claims to each jwt
 2) customize the token expired error message 
 """
-app.config['JWT_SECRET_KEY'] = 'jose'   # we can also use app.secret like before, Flask-JWT-Extended can recognize both
+app.config['JWT_SECRET_KEY'] = 'jose'  # we can also use app.secret like before, Flask-JWT-Extended can recognize both
 app.config['JWT_BLACKLIST_ENABLED'] = True  # enable blacklist feature
 app.config['JWT_BLACKLIST_TOKEN_CHECKS'] = ['access', 'refresh']  # allow blacklisting for access and refresh tokens
 jwt = JWTManager(app)
 
 """
-`claims` are data we choose to attached to each jwt payload
+`claims` are data we choose to attach to each jwt payload
 and for each jwt protected endpoint, we can retrieve these claims via `get_jwt_claims()`
 one possible use case for claims are access level control, which is shown below
 """
-
-
 @jwt.user_claims_loader
 def add_claims_to_jwt(identity):
-    if identity == 1:   # instead of hard-coding, we can read from a config file to get a list of admins instead
+    if identity == 1:   # instead of hard-coding, we should read from a config file to get a list of admins instead
         return {'is_admin': True}
     return {'is_admin': False}
 
@@ -99,8 +97,10 @@ def create_tables():
 api.add_resource(ItemList, '/items')
 api.add_resource(UserRegister, '/register')
 api.add_resource(UserLogin, '/login')
+api.add_resource(User, '/user/<int:user_id>')
 api.add_resource(TokenRefresh, '/refresh')
 api.add_resource(UserLogout, '/logout')
 
 if __name__ == '__main__':
+    db.init_app(app)
     app.run(port=5000, debug=True)

section11/requirement.txt

@@ -0,0 +1,3 @@
+Flask-JWT-Extended
+Flask-RESTful
+Flask-SQLAlchemy

section11/requirements.txt

@@ -80,4 +80,7 @@ def get(self):
         items = [item.json() for item in ItemModel.find_all()]
         if user_id:
             return {'items': items}, 200
-        return {'items': [item['name'] for item in items]}, 401
+        return {
+            'items': [item['name'] for item in items],
+            'message': 'More data available if you log in.'
+        }, 200

section11/resources/item.py

@@ -62,6 +62,27 @@ def post(self):
         return {"message": "Successfully logged out"}, 200
 
 
+class User(Resource):
+    """
+    This resource can be useful when testing our Flask app. We may not want to expose it to public users, but for the
+    sake of demonstration in this course, it can be useful when we are manipulating data regarding the users.
+    """
+    @classmethod
+    def get(cls, user_id: int):
+        user = UserModel.find_by_id(user_id)
+        if not user:
+            return {'message': 'User Not Found'}, 404
+        return {'user': user.json()}, 200
+
+    @classmethod
+    def delete(cls, user_id: int):
+        user = UserModel.find_by_id(user_id)
+        if not user:
+            return {'message': 'User Not Found'}, 404
+        user.delete_from_db()
+        return {'message': 'User deleted.'}, 200
+
+
 class TokenRefresh(Resource):
     @jwt_refresh_token_required
     def post(self):