diff --git a/docs/rest_api.rst b/docs/rest_api.rst index a23eaa4372..28b0f2c536 100644 --- a/docs/rest_api.rst +++ b/docs/rest_api.rst @@ -522,7 +522,7 @@ You can create an alternate JWT user loader, this can be useful if you want to use an external Authentication provider and map the JWT identity to your user Model:: - @appbuilder.sm.jwt_manager.user_loader_callback_loader + @appbuilder.sm.jwt_manager.user_lookup_loader def alternate_user_loader(identity): # find the user by it's identity ... diff --git a/flask_appbuilder/security/api.py b/flask_appbuilder/security/api.py index 2e2dfd6124..df1bd5a253 100644 --- a/flask_appbuilder/security/api.py +++ b/flask_appbuilder/security/api.py @@ -3,7 +3,7 @@ create_access_token, create_refresh_token, get_jwt_identity, - jwt_refresh_token_required, + jwt_required, ) from ..api import BaseApi, safe @@ -118,7 +118,7 @@ def login(self): return self.response(200, **resp) @expose("/refresh", methods=["POST"]) - @jwt_refresh_token_required + @jwt_required(refresh=True) @safe def refresh(self): """ diff --git a/flask_appbuilder/security/manager.py b/flask_appbuilder/security/manager.py index fe76970070..3b22ab255a 100644 --- a/flask_appbuilder/security/manager.py +++ b/flask_appbuilder/security/manager.py @@ -297,7 +297,7 @@ def create_jwt_manager(self, app) -> JWTManager: """ jwt_manager = JWTManager() jwt_manager.init_app(app) - jwt_manager.user_loader_callback_loader(self.load_user_jwt) + jwt_manager.user_lookup_loader(self.load_user_jwt) return jwt_manager def create_builtin_roles(self): @@ -1944,7 +1944,8 @@ def del_permission_role(self, role, perm_view): def load_user(self, pk): return self.get_user_by_id(int(pk)) - def load_user_jwt(self, pk): + def load_user_jwt(self, _jwt_header, jwt_data): + pk = jwt_data["sub"] user = self.load_user(pk) # Set flask g.user to JWT user, we can't do it on before request g.user = user diff --git a/requirements.txt b/requirements.txt index 8d65858e3a..a215a867a0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -13,7 +13,7 @@ defusedxml==0.5.0 # via python3-openid dnspython==1.16.0 # via email-validator email-validator==1.0.5 flask-babel==1.0.0 -flask-jwt-extended==3.18.0 +flask-jwt-extended==4.1.0 flask-login==0.4.1 flask-openid==1.2.5 flask-sqlalchemy==2.4.0 @@ -28,7 +28,7 @@ marshmallow-enum==1.5.1 marshmallow-sqlalchemy==0.23.0 marshmallow==3.5.1 prison==0.1.3 -pyjwt==1.7.1 +pyjwt==2.0.1 pyrsistent==0.14.11 # via jsonschema python-dateutil==2.8.0 python3-openid==3.1.0 # via flask-openid diff --git a/rtd_requirements.txt b/rtd_requirements.txt index 648feb56ae..003076f68a 100644 --- a/rtd_requirements.txt +++ b/rtd_requirements.txt @@ -7,7 +7,7 @@ click==7.0 colorama==0.4.1 defusedxml==0.5.0 # via python3-openid flask-babel==1.0.0 -flask-jwt-extended==3.18.0 +flask-jwt-extended==4.1.0 flask-login==0.4.1 flask-openid==1.2.5 flask-sqlalchemy==2.4.0 @@ -21,7 +21,7 @@ marshmallow-enum==1.5.1 marshmallow-sqlalchemy==0.23.0 marshmallow==3.5.1 prison==0.1.3 -pyjwt==1.7.1 +pyjwt==2.0.1 pyrsistent==0.14.11 # via jsonschema python-dateutil==2.8.0 python3-openid==3.1.0 # via flask-openid diff --git a/setup.py b/setup.py index fa9d85be65..b7100fc603 100644 --- a/setup.py +++ b/setup.py @@ -57,14 +57,14 @@ def desc(): "SQLAlchemy<1.4.0", "Flask-SQLAlchemy>=2.4, <3", "Flask-WTF>=0.14.2, <0.15.0", - "Flask-JWT-Extended>=3.18, <4", + "Flask-JWT-Extended>=4.1.0", "jsonschema>=3.0.1, <4", "marshmallow>=3, <4", "marshmallow-enum>=1.5.1, <2", "marshmallow-sqlalchemy>=0.22.0, <0.24.0", "python-dateutil>=2.3, <3", "prison>=0.1.3, <1.0.0", - "PyJWT>=1.7.1, <2.0.0", + "PyJWT>=2.0.1", "sqlalchemy-utils>=0.32.21, <1", ], extras_require={"jmespath": ["jmespath>=0.9.5"]},