Refactor webapp api in relation to flask-login (asreview#1577)

PeterLombaers · Nov 16, 2023 · 3452200 · 3452200
1 parent 6c289b0
commit 3452200
Show file tree

Hide file tree

Showing 17 changed files with 210 additions and 238 deletions.
diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
@@ -235,7 +235,7 @@ one could use the User model that can be found in `/asreview/webapp/authenticati
 
 To configure the authentication in more detail we need to create a TOML file that contains all authentication parameters. The parameters in that TOML file will override parameters that were passed in the CLI. Here's an example:
 ```toml
-AUTHENTICATION_ENABLED = true
+LOGIN_DISABLED = false
 SECRET_KEY = "<secret key>"
 SECURITY_PASSWORD_SALT = "<salt>"
 SESSION_COOKIE_SECURE = true
@@ -283,7 +283,7 @@ Store the TOML file on the server and start the ASReview application from the CL
 $ python3 -m asreview lab --flask-configfile=<path-to-TOML-config-file>
 ```
 A number of the keys in the TOML file are standard Flask parameters. The keys that are specific for authenticating ASReview are summarised below:
-*  AUTHENTICATION_ENABLED: if set to `true` the application will start with authentication enabled. If the SQLite database does not exist, one will be created during startup.
+*  LOGIN_DISABLED: if set to `false` the application will start with authentication enabled. If the SQLite database does not exist, one will be created during startup.
 * SECRET_KEY: the secret key is a string that is used to encrypt cookies and is mandatory if authentication is required.
 * SECURITY_PASSWORD_SALT: another string used to hash passwords, also mandatory if authentication is required.
 * ALLOW_ACCOUNT_CREATION: enables account creation by users, either by front- or backend.

diff --git a/asreview/webapp/api/auth.py b/asreview/webapp/api/auth.py
@@ -22,6 +22,7 @@
 from flask import render_template_string
 from flask import request
 from flask_login import current_user
+from flask_login import login_required
 from flask_login import login_user
 from flask_login import logout_user
 from flask_mail import Mail
@@ -32,7 +33,6 @@
 from sqlalchemy.exc import SQLAlchemyError
 
 from asreview.webapp import DB
-from asreview.webapp.authentication.login_required import asreview_login_required
 from asreview.webapp.authentication.models import User
 from asreview.webapp.authentication.oauth_handler import OAuthHandler
 
@@ -277,7 +277,7 @@ def confirm_account():
 
 
 @bp.route("/get_profile", methods=["GET"])
-@asreview_login_required
+@login_required
 def get_profile():
     user = User.query.filter(User.id == current_user.id).one_or_none()
     if user:
@@ -380,7 +380,7 @@ def reset_password():
 
 
 @bp.route("/update_profile", methods=["POST"])
-@asreview_login_required
+@login_required
 def update_profile():
     """Update user profile"""
     user = User.query.filter(User.id == current_user.id).one_or_none()
@@ -432,7 +432,7 @@ def refresh():
 
 
 @bp.route("/signout", methods=["DELETE"])
-@asreview_login_required
+@login_required
 def signout():
     if current_user:
         identifier = current_user.identifier