unify set_cookie methods

Author: vimalloc

examples/csrf_protection_with_cookies.py

@@ -3,7 +3,7 @@
 from flask_jwt_extended import JWTManager, jwt_required, \
     create_access_token, jwt_refresh_token_required, \
     create_refresh_token, get_jwt_identity, set_access_cookies, \
-    set_refresh_cookie
+    set_refresh_cookies
 
 
 app = Flask(__name__)
@@ -55,7 +55,7 @@ def login():
     # in this response
     resp = jsonify({'login': True})
     set_access_cookies(resp, access_token)
-    set_refresh_cookie(resp, refresh_token)
+    set_refresh_cookies(resp, refresh_token)
     return resp, 200
 
 

examples/jwt_in_cookie.py

@@ -3,7 +3,7 @@
 from flask_jwt_extended import JWTManager, jwt_required, \
     create_access_token,  jwt_refresh_token_required, \
     create_refresh_token, get_jwt_identity, set_access_cookies, \
-    set_refresh_cookie
+    set_refresh_cookies
 
 # NOTE: This is just a basic example of how to enable cookies. This is
 #       vulnerable to CSRF attacks, and should not be used as is. See
@@ -46,7 +46,7 @@ def login():
     # Set the JWT cookies in the response
     resp = jsonify({'login': True})
     set_access_cookies(resp, access_token)
-    set_refresh_cookie(resp, refresh_token)
+    set_refresh_cookies(resp, refresh_token)
     return resp, 200
 
 

examples/simple.py

@@ -1,6 +1,6 @@
 from flask import Flask, jsonify, request
 from flask_jwt_extended import JWTManager, jwt_required,\
-    create_access_token
+    create_access_token, get_jwt_identity
 
 app = Flask(__name__)
 app.secret_key = 'super-secret'  # Change this!
@@ -18,7 +18,8 @@ def login():
     if username != 'test' and password != 'test':
         return jsonify({"msg": "Bad username or password"}), 401
 
-    ret = {'access_token': create_access_token(username)}
+    # Identity can be any data that is json serializable
+    ret = {'access_token': create_access_token(identity=username)}
     return jsonify(ret), 200
 
 
@@ -27,7 +28,9 @@ def login():
 @app.route('/protected', methods=['GET'])
 @jwt_required
 def protected():
-    return jsonify({'hello': 'world'}), 200
+    # Access the identity of the current user with get_jwt_identity
+    current_user = get_jwt_identity()
+    return jsonify({'hello_from': current_user}), 200
 
 if __name__ == '__main__':
     app.run()

flask_jwt_extended/__init__.py

@@ -1,6 +1,6 @@
 from .jwt_manager import JWTManager
 from .utils import (jwt_required, fresh_jwt_required, jwt_refresh_token_required,
                     create_refresh_token, create_access_token, get_jwt_identity,
-                    get_jwt_claims, set_access_cookies, set_refresh_cookie)
+                    get_jwt_claims, set_access_cookies, set_refresh_cookies)
 from .blacklist import (revoke_token, unrevoke_token, get_stored_tokens,
                         get_all_stored_tokens, get_stored_token)

flask_jwt_extended/utils.py

@@ -389,7 +389,7 @@ def set_access_cookies(response, encoded_access_token):
                             path='/')
 
 
-def set_refresh_cookie(response, encoded_refresh_token):
+def set_refresh_cookies(response, encoded_refresh_token):
     """
     Takes a flask response object, and configures it to set the encoded refresh
     token in a cookie (as well as a csrf refresh cookie if enabled)

tests/test_protected_endpoints.py

@@ -5,7 +5,7 @@
 
 from flask import Flask, jsonify
 from flask_jwt_extended.utils import _encode_access_token, get_jwt_claims, \
-    get_jwt_identity, set_refresh_cookie, set_access_cookies
+    get_jwt_identity, set_refresh_cookies, set_access_cookies
 from flask_jwt_extended import JWTManager, create_refresh_token, \
     jwt_refresh_token_required, create_access_token, fresh_jwt_required, \
     jwt_required
@@ -326,7 +326,7 @@ def login():
             # Set the JWTs and the CSRF double submit protection cookies in this response
             resp = jsonify({'login': True})
             set_access_cookies(resp, access_token)
-            set_refresh_cookie(resp, refresh_token)
+            set_refresh_cookies(resp, refresh_token)
             return resp, 200
 
         @self.app.route('/auth/refresh', methods=['POST'])