Added: basic current user functionality (#19)

libreforms_fastapi/app/__init__.py

@@ -1,6 +1,6 @@
-import re, os, json, tempfile, logging, sys, asyncio
+import re, os, json, tempfile, logging, sys, asyncio, jwt
 from datetime import datetime, timedelta
-from typing import Dict, Optional
+from typing import Dict, Optional, Annotated
 from markupsafe import escape
 from bson import ObjectId
 
@@ -16,7 +16,11 @@
 from fastapi.responses import HTMLResponse
 from fastapi.staticfiles import StaticFiles
 from fastapi.templating import Jinja2Templates
-from fastapi.security import APIKeyHeader
+from fastapi.security import (
+    APIKeyHeader,
+    OAuth2PasswordBearer,
+    OAuth2PasswordRequestForm,
+)
 
 from sqlalchemy import (
     create_engine, 
@@ -121,6 +125,36 @@
     },
 )
 
+# Here we instantiate our oauth object, see
+# https://github.com/signebedi/libreforms-fastapi/issues/19
+oauth2_scheme = OAuth2PasswordBearer(tokenUrl="api/auth/login")
+
+async def get_current_user(token: Annotated[str, Depends(oauth2_scheme)]):
+    try:
+        payload = jwt.decode(token, config.SECRET_KEY, algorithms=['HS256'])
+        with SessionLocal() as session:
+            user = session.query(User).filter_by(id=payload.get("id", None)).first()
+
+    except:
+        raise HTTPException(
+            status_code=401,
+            detail="Incorrect username or password"
+        )
+
+    if not user:
+        raise HTTPException(
+            status_code=401,
+            detail="Incorrect username or password"
+        )
+
+    if not user.active:
+        raise HTTPException(
+            status_code=401,
+            detail="Unable to login at this time"
+        )
+
+    return user
+
 
 # Set up logger, see https://github.com/signebedi/libreforms-fastapi/issues/26,
 # again using a factory pattern defined in libreforms_fastapi.utis.logging.
@@ -1469,6 +1503,37 @@ async def api_auth_get(
     # @app.patch("/api/auth/forgot_password/{single_use_token}")
     # async def api_auth_forgot_password_confirm(user_request: CreateUserRequest, session: SessionLocal = Depends(get_db)):
 
+# Login, uses OAUTH and current_user functionality, see
+# https://github.com/signebedi/libreforms-fastapi/issues/19
+@app.post('/api/auth/login')
+async def api_auth_login(form_data: Annotated[OAuth2PasswordRequestForm, Depends()]):
+    with SessionLocal() as session:
+        user = session.query(User).filter_by(username=form_data.username.lower()).first()
+
+    if not user:
+        raise HTTPException(status_code=400, detail="Incorrect username or password")
+
+    if not check_password_hash(user.password, form_data.password):
+        raise HTTPException(status_code=400, detail="Incorrect username or password")
+
+    user_dict = {
+        "id": user.id,
+        "email": user.email,
+        "username": user.username,
+        "active": user.active,
+    }
+
+    token = jwt.encode(user_dict, config.SECRET_KEY)
+
+    return {"access_token": token, "token_type": "bearer"}
+
+
+# @app.get("/users/me")
+# async def read_users_me(
+#     current_user: Annotated[User, Depends(get_current_user)]
+# ):
+#     return current_user
+
 
 
 ##########################

libreforms_fastapi/utils/sqlalchemy_models.py

@@ -13,7 +13,8 @@
     JSON,
     LargeBinary,
 )
-from sqlalchemy.orm import relationship, declarative_base
+from sqlalchemy.inspection import inspect
+from sqlalchemy.orm import relationship, declarative_base, class_mapper
 
 from sqlalchemy_signing import create_signing_class
 
@@ -108,7 +109,6 @@ def compile_permissions(self) -> dict:
         return permissions_dict
 
 
-
 # Allow admins to define custom groups, see
 # https://github.com/signebedi/libreforms-fastapi/issues/22
 class Group(Base):

requirements/base.txt

@@ -5,8 +5,10 @@ fuzzywuzzy<1.0.0
 Jinja2<4.0.0
 passlib[bcrypt]<2.0.0
 pydantic-settings<3.0.0
+PyJWT<3.0.0
 pymongo<5.0.0
 python-Levenshtein<1.0.0
+python-multipart<1.0.0
 SQLAlchemy<3.0.0
 sqlalchemy-signing<2.0.0
 tinydb<5.0.0

requirements/latest.txt

@@ -5,8 +5,10 @@ fuzzywuzzy
 Jinja2
 passlib[bcrypt]
 pydantic-settings
+PyJWT
 pymongo
 python-Levenshtein
+python-multipart
 SQLAlchemy
 sqlalchemy-signing
 tinydb