From b81c57905c7079f183cd9d380fd83053117e6d9f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Y=C3=BBki=20Vachot?= <yuki@vachot.fr>
Date: Wed, 5 Jan 2022 13:17:31 +0100
Subject: [PATCH] Update: Login, Register and Logout

---
 backend/application/api_functions.py |  3 ++-
 backend/application/responses.py     |  4 +++-
 backend/application/routes.py        | 31 +++++++++++++++-------------
 backend/application/sessionJWT.py    |  7 ++++---
 4 files changed, 26 insertions(+), 19 deletions(-)

diff --git a/backend/application/api_functions.py b/backend/application/api_functions.py
index 26e4157..adc9f32 100644
--- a/backend/application/api_functions.py
+++ b/backend/application/api_functions.py
@@ -48,7 +48,7 @@ def db_login(ip, email, password):
         return {'status': 1, 'message': message}  # Email or password invalid
 
 
-def db_register(ip, email, password, is_admin):
+def db_register(ip, email, nickname, password, is_admin):
     user = Users.query.filter(
         Users.email == email
     ).first()
@@ -75,6 +75,7 @@ def db_register(ip, email, password, is_admin):
     user = Users(
         email=email,
         hash_pass=hash_pass,
+        nickname=nickname,
         salt=salt,
         is_admin=is_admin
     )
diff --git a/backend/application/responses.py b/backend/application/responses.py
index 5f5b4db..0d5c9ac 100644
--- a/backend/application/responses.py
+++ b/backend/application/responses.py
@@ -18,7 +18,7 @@ def send_error(status_code, message, token=None):
     return res
 
 
-def send_message(message, data, token=None):
+def send_message(message, data, token=None, token_delete=False):
     data_json = {
         'status': 'success',
         'message': message,
@@ -32,4 +32,6 @@ def send_message(message, data, token=None):
     res.headers['Access-Control-Allow-Origin'] = app.config.get('ALLOW_ORIGIN')
     if token is not None:
         res.set_cookie('SESSIONID', token)
+    if token_delete:
+        res.delete_cookie('SESSIONID')
     return res
diff --git a/backend/application/routes.py b/backend/application/routes.py
index 0ae510b..3310e03 100644
--- a/backend/application/routes.py
+++ b/backend/application/routes.py
@@ -2,7 +2,7 @@ from flask import current_app as app
 from flask import request
 from .responses import send_message, send_error
 from .api_functions import db_login, db_register
-from .sessionJWT import create_auth_token, decode_auth_token, check_auth_token
+from .sessionJWT import create_auth_token, check_auth_token
 
 
 # Login
@@ -31,19 +31,21 @@ def login():
 @app.route('/api/register', methods=['POST'])
 def register():
     post_json = request.json
-    post_email = str(post_json['email'])
-    post_password = str(post_json['password'])
-    post_is_admin = bool(post_json['is_admin'])
+    try:
+        post_email = str(post_json['email'])
+        post_nickname = str(post_json['nickname'])
+        post_password = str(post_json['password'])
+        post_is_admin = bool(post_json['is_admin'])
 
-    if post_email and post_password and post_is_admin:
-        ip = request.remote_addr
-        res = db_register(ip, post_email, post_password, post_is_admin)
-        if res['status'] == 1:
-            return send_error(500, res['message'])
-        elif res['status'] == 0:
-            return send_message(res['message'], res['data'])
-    else:
-        return send_error(400, 'POST Request Error : Need email, password and is_admin fields.')
+        if post_email and post_nickname and post_password and post_is_admin:
+            ip = request.remote_addr
+            res = db_register(ip, post_email, post_nickname, post_password, post_is_admin)
+            if res['status'] == 1:
+                return send_error(500, res['message'])
+            elif res['status'] == 0:
+                return send_message(res['message'], res['data'])
+    except KeyError as e:
+        return send_error(400, 'POST Request Error : Need '+str(e)+' field.')
 
 
 # Logout
@@ -51,7 +53,7 @@ def register():
 def logout():
     token = check_auth_token(request)
     if token['success']:
-        return send_message('User disconnected.', None)
+        return send_message('User disconnected.', None, token_delete=True)
     else:
         return send_error(500, token['message'])
 
@@ -59,6 +61,7 @@ def logout():
 # Update User
 @app.route('/api/user/update', methods=['PUT'])
 def user_update():
+    token = check_auth_token(request)
     return send_message('User.update not implemented', None)
 
 
diff --git a/backend/application/sessionJWT.py b/backend/application/sessionJWT.py
index 13ddafc..ef228fb 100644
--- a/backend/application/sessionJWT.py
+++ b/backend/application/sessionJWT.py
@@ -24,13 +24,14 @@ def decode_auth_token(auth_token):
     try:
         payload = jwt.decode(
             auth_token,
-            app.config.get('SECRET_KEY')
+            app.config.get('SECRET_KEY'),
+            algorithms='HS256'
         )
         return {'success': True, 'payload': payload['user']}
     except jwt.ExpiredSignatureError:
         return {'success': False, 'message': 'Signature expired . Please log in again.'}
-    except jwt.InvalidTokenError:
-        return {'success': False, 'message': 'Invalid token. Please log in again.'}
+    except jwt.InvalidTokenError as e:
+        return {'success': False, 'message': 'User not authenticated.'}
 
 
 def check_auth_token(request):