sneakygeek/SneakyScan
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Phase 2 Step 4: Implement Authentication System

Browse Source 
Implemented comprehensive Flask-Login authentication with single-user support.

New Features:
- Flask-Login integration with User model
- Bcrypt password hashing via PasswordManager
- Login, logout, and initial password setup routes
- @login_required and @api_auth_required decorators
- All API endpoints now require authentication
- Bootstrap 5 dark theme UI templates
- Dashboard with navigation
- Remember me and next parameter redirect support

Files Created (12):
- web/auth/__init__.py, models.py, decorators.py, routes.py
- web/routes/__init__.py, main.py
- web/templates/login.html, setup.html, dashboard.html, scans.html, scan_detail.html
- tests/test_authentication.py (30+ tests)

Files Modified (6):
- web/app.py: Added Flask-Login initialization and main routes
- web/api/scans.py: Protected all endpoints with @api_auth_required
- web/api/settings.py: Protected all endpoints with @api_auth_required
- web/api/schedules.py: Protected all endpoints with @api_auth_required
- web/api/alerts.py: Protected all endpoints with @api_auth_required
- tests/conftest.py: Added authentication test fixtures

Security:
- Session-based authentication for both web UI and API
- Secure password storage with bcrypt
- Protected routes redirect to login page
- Protected API endpoints return 401 Unauthorized
- Health check endpoints remain accessible for monitoring

Testing:
- User model authentication and properties
- Login success/failure flows
- Logout and session management
- Password setup workflow
- API endpoint authentication requirements
- Session persistence and remember me functionality
- Next parameter redirect behavior

Total: ~1,200 lines of code added

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Phillip Tarrant
2025-11-14 11:23:46 -06:00
parent ee0c5a2c3c
commit abc682a634
18 changed files with 1127 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
web/api/settings.py
View File

@@ -7,6 +7,7 @@ authentication, and system preferences.
from flask import Blueprint, current_app, jsonify, request
from web.auth.decorators import api_auth_required
from web.utils.settings import PasswordManager, SettingsManager
bp = Blueprint('settings', __name__)
@@ -18,6 +19,7 @@ def get_settings_manager():
@bp.route('', methods=['GET'])
@api_auth_required
def get_settings():
"""
Get all settings (sanitized - encrypted values masked).
@@ -42,6 +44,7 @@ def get_settings():
@bp.route('', methods=['PUT'])
@api_auth_required
def update_settings():
"""
Update multiple settings at once.
@@ -52,7 +55,6 @@ def update_settings():
Returns:
JSON response with update status
"""
# TODO: Add authentication in Phase 2
data = request.get_json() or {}
settings_dict = data.get('settings', {})
@@ -82,6 +84,7 @@ def update_settings():
@bp.route('/<string:key>', methods=['GET'])
@api_auth_required
def get_setting(key):
"""
Get a specific setting by key.
@@ -120,6 +123,7 @@ def get_setting(key):
@bp.route('/<string:key>', methods=['PUT'])
@api_auth_required
def update_setting(key):
"""
Update a specific setting.
@@ -133,7 +137,6 @@ def update_setting(key):
Returns:
JSON response with update status
"""
# TODO: Add authentication in Phase 2
data = request.get_json() or {}
value = data.get('value')
@@ -160,6 +163,7 @@ def update_setting(key):
@bp.route('/<string:key>', methods=['DELETE'])
@api_auth_required
def delete_setting(key):
"""
Delete a setting.
@@ -170,7 +174,6 @@ def delete_setting(key):
Returns:
JSON response with deletion status
"""
# TODO: Add authentication in Phase 2
try:
settings_manager = get_settings_manager()
deleted = settings_manager.delete(key)
@@ -194,6 +197,7 @@ def delete_setting(key):
@bp.route('/password', methods=['POST'])
@api_auth_required
def set_password():
"""
Set the application password.
@@ -204,7 +208,6 @@ def set_password():
Returns:
JSON response with status
"""
# TODO: Add current password verification in Phase 2
data = request.get_json() or {}
password = data.get('password')
@@ -237,6 +240,7 @@ def set_password():
@bp.route('/test-email', methods=['POST'])
@api_auth_required
def test_email():
"""
Test email configuration by sending a test email.