# Flask User Authentication and Authorization System
This project is a secure user authentication and authorization system built with Flask. It uses modern security practices including Argon2 for password hashing, JWT for session management, and encryption for sensitive data. Additionally, it leverages Flask-Security for role management and access control.
## Features
- User registration and login
- Password hashing with Argon2
- JWT-based session management
- Role-based access control
- Secure storage of sensitive user information
## Prerequisites
- Python 3.12 or higher
- pip (Python package installer)
## Installation
1. **Clone the repository**:
```sh
git clone https://github.com/yourusername/your-repository.git
cd your-repository
```
2. **Create a virtual environment**:
```sh
python -m venv venv
source venv/bin/activate # On Windows use `venv\Scripts\activate`
```
3. **Install dependencies**:
```sh
pip install -r requirements.txt
```
4. **Set up environment variables**:
Create a `.env` file in the project root directory with the following content:
```env
APP_SECRET_KEY=your_secret_key
SECURITY_PASSWORD_SALT=your_salt
```
5. **Initialize the database**:
```sh
flask db init
flask db migrate -m "Initial migration."
flask db upgrade
```
## Running the Application
Start the Flask application with the following command:
```sh
flask runThe application will be accessible at http://127.0.0.1:5000.
- Endpoint:
/register - Method:
POST - Request Body:
{ "username": "your_username", "password": "your_password", "email": "your_email@example.com" } - Response:
{ "message": "User registered successfully" }
- Endpoint:
/login - Method:
POST - Request Body:
{ "username": "your_username", "password": "your_password" } - Response:
{ "message": "Login successful" }
- Endpoint:
/protected - Method:
GET - Access: Requires authentication
- Response:
{ "message": "Access granted to protected route" }
The CustomUser class enhances user authentication by using Argon2 for hashing passwords, encrypting user data, and providing an additional layer of security with a custom hash folding technique.
- hash_password(password, salt): Hashes the password using Argon2 and the provided salt.
- fold_hash(hash_key): Folds the hash key for added complexity.
- encrypt(text, key): Encrypts the provided text using the given key.
- store_user(): Stores the user information in an in-memory database.
- authenticate(entered_password): Verifies the entered password against the stored hash.
This project is licensed under the MODIFIED QSRLC License V1.0.1.
MODIFIED QSRLC extends the QSR concept to longer code snippets, permitting the use OF THE CODE IN ITS ENTIRETY. It maintains the risk disclaimer, strict conditions on alterations AND USE, and requires proper attribution. Legal consequences may follow non-compliance.
MODIFIED Quick-Sample-Reference Long-code (QSRLC) License V1.0.1
Permission is hereby granted, free of charge, to use the code. Any use of the code is at your own risk, and the code is provided as-is, without promises or commitments. Neither the original author nor subsequent users can be held liable for any flaws, harm, or damage, and are not responsible for the intentions of recipients or users. The code may be altered, and the original author must be cited. Users must strictly adhere to this license or face possible legal prosecution.
This license must be posted with the reuse of all code covered by this license.
“This work is licensed for personal and commercial use only. Any commercial use, including but not limited to selling, reselling, or incorporating the work into a product for sale, is strictly prohibited WITHOUT EXPRESS WRITTEN CONSENT BY THE ORIGINAL AUTHOR.”
For any queries or contributions, please contact [Joey Soprano 420] at [https://www.github.com/joeysoprano420].
### Key Changes:
- **License**: Incorporated the MODIFIED QSRLC License V1.0.1 text.
- **License Section**: Updated to reference the new license details.
Make sure to update placeholders such as repository URL, your name, email, and license information accordingly.