Add user logout and get User API

Author: npalaska

lib/pbench/server/api/__init__.py

@@ -22,13 +22,22 @@
 from pbench.server import PbenchServerConfig
 from pbench.common.exceptions import BadConfig
 from pbench.server.utils import filesize_bytes
+from pbench.server.api.resources.pbench_users import RegisterUser, LoginAPI, LogoutAPI, GetUser
 
 ALLOWED_EXTENSIONS = {"xz"}
 
 app = None
 bcrypt = None
 db = None
 
+""""
+A storage engine to save revoked tokens. if speed is the primary concern, redis is a good option. but if data 
+persistence is more important, postgres can be another good option too. Here I am using an in memory store to get 
+something working.
+"""
+blacklist = set()
+
+
 def allowed_file(filename):
     """Check if the file has the correct extension."""
     try:
@@ -49,12 +58,16 @@ def register_endpoints(api, app):
     api.add_resource(HostInfo, f"{app.config['REST_URI']}/host_info")
     api.add_resource(Elasticsearch, f"{app.config['REST_URI']}/elasticsearch")
     api.add_resource(GraphQL, f"{app.config['REST_URI']}/graphql")
+    api.add_resource(RegisterUser, f"{app.config['REST_URI']}/register")
+    api.add_resource(LoginAPI, f"{app.config['REST_URI']}/login")
+    api.add_resource(LogoutAPI, f"{app.config['REST_URI']}/logout")
+    api.add_resource(GetUser, f"{app.config['REST_URI']}/user")
 
 
 def create_app():
     """Create Flask app with defined resource endpoints."""
 
-    global app, db, bcrypt
+    global app, db, bcrypt, blacklist
 
     cfg_name = os.environ.get("_PBENCH_SERVER_CONFIG")
     if not cfg_name:

lib/pbench/server/api/resources/db_models.py

@@ -1,7 +1,7 @@
 import jwt
 import datetime
 from dateutil import parser
-from pbench.server.api import app, bcrypt, db
+from pbench.server.api import app, bcrypt, db, blacklist
 
 
 class UserModel(db.Model):
@@ -56,6 +56,8 @@ def decode_auth_token(auth_token):
         """
         try:
             payload = jwt.decode(auth_token, app.config.get('SECRET_KEY'))
+            if auth_token in blacklist:
+                return 'Token blacklisted. Please log in again.'
             return payload['sub']
         except jwt.ExpiredSignatureError:
             return 'Signature expired. Please log in again.'

lib/pbench/server/api/resources/pbench_users.py

@@ -1,8 +1,9 @@
 
 from flask import request, jsonify, make_response
 from flask_restful import Resource, abort
-from pbench.server.api import app, bcrypt, db
+from pbench.server.api import app, bcrypt, db, blacklist
 from pbench.server.api.resources.db_models import UserModel
+from flask_jwt_extended import jwt_required
 
 
 class RegisterUser(Resource):
@@ -91,3 +92,91 @@ def post(self):
                 'message': 'Try again'
             }
             return make_response(jsonify(response_object))
+
+
+class LogoutAPI(Resource):
+    """
+    Abstracted pbench API for User Logout
+    """
+    @jwt_required
+    def post(self):
+        # get auth token
+        auth_header = request.headers.get('X-Auth-Token')
+        if auth_header:
+            auth_token = auth_header.split(" ")[1]
+
+            resp = UserModel.decode_auth_token(auth_token)
+            if not isinstance(resp, str):
+                # Add the token to the blacklist
+                blacklist.add(auth_token)
+                response_object = {
+                    'status': 'success',
+                    'message': 'Successfully logged out.',
+                    'status_code': 200
+                }
+                return make_response(jsonify(response_object))
+            else:
+                response_object = {
+                    'status': 'fail',
+                    'message': resp,
+                    'status_code': 401
+                }
+                return make_response(jsonify(response_object))
+        else:
+            response_object = {
+                'status': 'fail',
+                'message': 'Provide a valid auth token.',
+                'status_code': 403
+            }
+            return make_response(jsonify(response_object))
+
+
+class GetUser(Resource):
+    """
+    Abstracted pbench API to get user metadata information
+    """
+    # TODO: We can implement the graphql query to get specific metadata related to a user
+    # We dont need to pass user_id to get the user, user id will be retrieved from the jwt encoded auth header
+    @jwt_required
+    def get(self):
+        # get the auth token
+        auth_header = request.headers.get('X-Auth-Token')
+        auth_token = ''
+        if auth_header:
+            try:
+                auth_token = auth_header.split(" ")[1]
+            except IndexError:
+                response_object = {
+                    'status': 'fail',
+                    'message': 'Bearer token malformed.',
+                    'status_code': 401
+                }
+                return make_response(jsonify(response_object))
+
+        if auth_token:
+            resp = UserModel.decode_auth_token(auth_token)
+            if not isinstance(resp, str):
+                user = UserModel.query.filter_by(id=resp).first()
+                response_object = {
+                    'status': 'success',
+                    'data': {
+                        'user_id': user.id,
+                        'username': user.username,
+                        'registered_on': user.registered_on
+                    },
+                    'status_code': 200
+                }
+                return make_response(jsonify(response_object))
+            response_object = {
+                'status': 'fail',
+                'message': resp,
+                'status_code': 403
+            }
+            return make_response(jsonify(response_object))
+        else:
+            response_object = {
+                'status': 'fail',
+                'message': 'Provide a valid auth token.',
+                'status_code': 401
+            }
+            return make_response(jsonify(response_object))