Example for POST login via JSON in body

[bernhardreiter]

It would be useful to have an example that allows for a login using JSON as body in a POST request. Use case: have an example for a single page web applicaton that likes to protect
against CSRF via an access token.

The current example https://github.com/hugapi/hug/blob/develop/examples/authentication.py#L76 token_gen_call() will also accept URL parameters, which it shouldn't. As a plus it probably should also check if there are extra parameters and fail, if there are.

[bernhardreiter]

Right now, this is how it can work with current hug, with test requests from curl.

hug -f hug-git/examples/authentication.py -p 8022
# different shell
curl "localhost:8011/token_generation"  -H "Content-Type: application/json" --data-raw '{"username":"User2", "password":"Mypassword"}'
# put the returned value in the shell variable TOKEN
set TOKEN abcd123...
curl "localhost:8011/token_authenticated"  -H "Authorization: $TOKEN"

bad case1 url parameters

 curl "localhost:8011/token_generation?username=User2&password=Mypassword"  -H "Content-Type: application/json" --data-raw '{}'
# succeeds, but shouldn't

bad case2 additional parameters

curl "localhost:8011/token_generation"  -H "Content-Type: application/json" --data-raw '{"username":"User2", "password":"Mypassword", "yoyo":"somemore"}'
# succeeds, but shouldn't