1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
diff --git a/flask_appbuilder/security/api.py b/flask_appbuilder/security/api.py
index 2e2dfd612..df1bd5a25 100644
--- a/flask_appbuilder/security/api.py
+++ b/flask_appbuilder/security/api.py
@@ -3,7 +3,7 @@
create_access_token,
create_refresh_token,
get_jwt_identity,
- jwt_refresh_token_required,
+ jwt_required,
)
from ..api import BaseApi, safe
@@ -118,7 +118,7 @@ def login(self):
return self.response(200, **resp)
@expose("/refresh", methods=["POST"])
- @jwt_refresh_token_required
+ @jwt_required(refresh=True)
@safe
def refresh(self):
"""
diff --git a/flask_appbuilder/security/manager.py b/flask_appbuilder/security/manager.py
index fe7697007..3b22ab255 100644
--- a/flask_appbuilder/security/manager.py
+++ b/flask_appbuilder/security/manager.py
@@ -297,7 +297,7 @@ def create_jwt_manager(self, app) -> JWTManager:
"""
jwt_manager = JWTManager()
jwt_manager.init_app(app)
- jwt_manager.user_loader_callback_loader(self.load_user_jwt)
+ jwt_manager.user_lookup_loader(self.load_user_jwt)
return jwt_manager
def create_builtin_roles(self):
@@ -1944,7 +1944,8 @@ def del_permission_role(self, role, perm_view):
def load_user(self, pk):
return self.get_user_by_id(int(pk))
- def load_user_jwt(self, pk):
+ def load_user_jwt(self, _jwt_header, jwt_data):
+ pk = jwt_data["sub"]
user = self.load_user(pk)
# Set flask g.user to JWT user, we can't do it on before request
g.user = user
|