jwt decorator about flask-jwt-extended HOT 15 CLOSED

Awesome! Very glad to hear it :)

I'll leave this issue open until I get these fixes pushed to pypi/pip.

Cheers.

from flask-jwt-extended.

Assuming you are using a virtualenv, you can run:

pip install -U git+https://github.com/vimalloc/flask-jwt-extended.git

from flask-jwt-extended.

I'm wondering if the @classmethod decorator should go below the @jwt_required decorator, otherwise I think it may be trying to mark the jwt_required method as a class method instead of the get_many_preprocessors method. I'm not 100% sure on this though.

Do you have a minimal working example of this not working that I could use to debug the issue?

Thanks for the report!

from flask-jwt-extended.

If I change order I get an error AttributeError: 'staticmethod' object has no attribute '__module__'

You can try using this https://github.com/laranicolas/flaffold, I did it one year ago, has a similar base of the api I'm building now.

from flask-jwt-extended.

Give me a bit here and I'll see if I can get a quick example up with that to see what is happening. Looking at the controllers.py file here, it looks like it is marking al the preprocessors as staticmethod instead of classmethod. Are you using this same template, but just removing the staticmethod and adding the classmethod decorators instead?

Thannks

from flask-jwt-extended.

Yes no problem!

Right now I replaced all by @classmethod decorator.

Thanks!!

from flask-jwt-extended.

So it looks like this stems from the differences with how this extension and flask-jwt handle token errors. By default, my extension tries to return a response indicating what went wrong if a token is invalid for any reason, whereas flask-jwt raises an exception if the token is invalid, which is then picked up by the flask exception handlers.

In flask-restless, I have verified that jwt_required is still returning a response when trying to access a protected endpoint without an access token, but that response is getting ignored,probably something to do with how the pre and post processors work in regards to flask routing. I think what I need to do is get rid of my decorator that tries to return a reponse directly from jwt_required (https://github.com/vimalloc/flask-jwt-extended/blob/master/flask_jwt_extended/utils.py#L209-L233), and instead register these exceptions in the flask exception handler, return the responses in there instead, and have the jwt_required not catch the exceptions. I'll need to think on this a bit and look into flask exception handling to make sure that will work. Does this sound good to you?

EDIT: I can probably have an updated version of flask_jwt_extended this afternoon that has this patched up.

from flask-jwt-extended.

Ok, I think that should fix it. I need to test a few more things and update some tests, so I probably wont get this pushed to pip till later today. But if you could try installing the master version of this extension and verify that it's working for you (if you have time), that would be a huge help.

Cheers.

from flask-jwt-extended.

wOOt! Great work! I don't know how to test with master version? What I have to do?

from flask-jwt-extended.

Validation now is working (empty token or invalid token).

But once I added a valid token, then failed:

TypeError: get_many_preprocessor() takes at least 1 argument (1 given)

from flask-jwt-extended.

Could be because after I did the update:

pip install -U git+https://github.com/vimalloc/flask-jwt-extended.git

Some libs are broken?

from flask-jwt-extended.

That isn't broken libs. The pip command must have also upgrade your other libraries to the newest version, including flask to version 0.11. In that version, they changed how they want you to import modules. No longer do they recommend doing

from flask.ext.sqlalchemy import <foo>

The new way of doing it is

from flask_sqlalchemy import <foo>

And the same for all the other extensions there. Those are just warnings saying that you should switch to using the new way on this newest version of flask. You can always move back to the older version of flask as well, if this gives you any problems.

As for the type error when using a valid token, I'll need to check it out and see what's happening there. If you have a stack trace handy that could help. Otherwise I'll rebuild the flask-restless demo app again and see if I can duplicate it.

from flask-jwt-extended.

You are right! thanks,

Let me know when you update last commits on flask-jwt-extended.

from flask-jwt-extended.

I'm unable to duplicate this issue with the scaffolding project you linked above.

I cloned that project, and made the following changes to it:

• api/init.py

from flask import request, jsonify
from flask_jwt_extended import JWTManager, jwt_required,\
            create_access_token, get_jwt_identity

...

app.secret_key = 'super-secret'  # Change this!
jwt = JWTManager(app)

@app.route('/login', methods=['POST'])
def login():
    username = request.json.get('username', None)
    password = request.json.get('password', None)
    if username != 'test' and password != 'test':
        return jsonify({"msg": "Bad username or password"}), 401

    # Identity can be any data that is json serializable
    ret = {'access_token': create_access_token(identity=username)}
    return jsonify(ret), 200

• api/api_0_1/controllers/controllers.py

from flask_jwt_extended import jwt_required

...

    @classmethod
    @jwt_required
    def get_many_preprocessor(cls, search_params=None, **kw):
        print('foo')

...

And tested it like this:

$ curl http://localhost:5000/0.1/users 
{
  "msg": "Missing Authorization Header"
}

$ curl -H "Content-Type: application/json" -X POST -d '{"username":"test","password":"test"}' http://localhost:5000/login
{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2NsYWltcyI6e30sImp0aSI6ImQ1ZGFlZmJjLTgzNjctNDEwNi1iMTc0LWNkNjk1NzUzY2E2NyIsImV4cCI6MTQ3NjcxODQwOSwiZnJlc2giOnRydWUsImlhdCI6MTQ3NjcxNzUwOSwidHlwZSI6ImFjY2VzcyIsIm5iZiI6MTQ3NjcxNzUwOSwiaWRlbnRpdHkiOiJ0ZXN0In0.NuQSgO5SMP9IJ0EvfUA9rfXmFHrH-xD8k9rLP_e9qXU"
}

$ export ACCESS=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2NsYWltcyI6e30sImp0aSI6ImQ1ZGFlZmJjLTgzNjctNDEwNi1iMTc0LWNkNjk1NzUzY2E2NyIsImV4cCI6MTQ3NjcxODQwOSwiZnJlc2giOnRydWUsImlhdCI6MTQ3NjcxNzUwOSwidHlwZSI6ImFjY2VzcyIsIm5iZiI6MTQ3NjcxNzUwOSwiaWRlbnRpdHkiOiJ0ZXN0In0.NuQSgO5SMP9IJ0EvfUA9rfXmFHrH-xD8k9rLP_e9qXU

$ curl -H "Authorization: Bearer $ACCESS" http://localhost:5000/0.1/users
{
  "num_results": 0, 
  "objects": [], 
  "page": 1, 
  "total_pages": 0
}

It seems to be working as expected here. Do you have a stack trace of the error you are seeing? Or is there any other changes that I need to make to that scaffolding project to better mimic yours?

from flask-jwt-extended.

COOL! Sorry was my fault.

It is working perfectly!

THANKS!

from flask-jwt-extended.