Phase 2 Step 4: Implement Authentication System

Implemented comprehensive Flask-Login authentication with single-user support. New Features: - Flask-Login integration with User model - Bcrypt password hashing via PasswordManager - Login, logout, and initial password setup routes - @login_required and @api_auth_required decorators - All API endpoints now require authentication - Bootstrap 5 dark theme UI templates - Dashboard with navigation - Remember me and next parameter redirect support Files Created (12): - web/auth/__init__.py, models.py, decorators.py, routes.py - web/routes/__init__.py, main.py - web/templates/login.html, setup.html, dashboard.html, scans.html, scan_detail.html - tests/test_authentication.py (30+ tests) Files Modified (6): - web/app.py: Added Flask-Login initialization and main routes - web/api/scans.py: Protected all endpoints with @api_auth_required - web/api/settings.py: Protected all endpoints with @api_auth_required - web/api/schedules.py: Protected all endpoints with @api_auth_required - web/api/alerts.py: Protected all endpoints with @api_auth_required - tests/conftest.py: Added authentication test fixtures Security: - Session-based authentication for both web UI and API - Secure password storage with bcrypt - Protected routes redirect to login page - Protected API endpoints return 401 Unauthorized - Health check endpoints remain accessible for monitoring Testing: - User model authentication and properties - Login success/failure flows - Logout and session management - Password setup workflow - API endpoint authentication requirements - Session persistence and remember me functionality - Next parameter redirect behavior Total: ~1,200 lines of code added 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-14 11:23:46 -06:00
parent ee0c5a2c3c
commit abc682a634
18 changed files with 1127 additions and 4 deletions
--- a/web/api/scans.py
+++ b/web/api/scans.py
@@ -9,6 +9,7 @@ import logging
 from flask import Blueprint, current_app, jsonify, request
 from sqlalchemy.exc import SQLAlchemyError

+from web.auth.decorators import api_auth_required
 from web.services.scan_service import ScanService
 from web.utils.validators import validate_config_file, validate_page_params

@@ -17,6 +18,7 @@ logger = logging.getLogger(__name__)


@bp.route('', methods=['GET'])
+@api_auth_required
 def list_scans():
    """
    List all scans with pagination.
@@ -79,6 +81,7 @@ def list_scans():


@bp.route('/<int:scan_id>', methods=['GET'])
+@api_auth_required
 def get_scan(scan_id):
    """
    Get details for a specific scan.
@@ -119,6 +122,7 @@ def get_scan(scan_id):


@bp.route('', methods=['POST'])
+@api_auth_required
 def trigger_scan():
    """
    Trigger a new scan.
@@ -180,6 +184,7 @@ def trigger_scan():


@bp.route('/<int:scan_id>', methods=['DELETE'])
+@api_auth_required
 def delete_scan(scan_id):
    """
    Delete a scan and its associated files.
@@ -224,6 +229,7 @@ def delete_scan(scan_id):


@bp.route('/<int:scan_id>/status', methods=['GET'])
+@api_auth_required
 def get_scan_status(scan_id):
    """
    Get current status of a running scan.
@@ -264,6 +270,7 @@ def get_scan_status(scan_id):


@bp.route('/<int:scan_id1>/compare/<int:scan_id2>', methods=['GET'])
+@api_auth_required
 def compare_scans(scan_id1, scan_id2):
    """
    Compare two scans and show differences.