diff options
author | Johannes Löthberg <johannes@kyriasis.com> | 2014-10-05 01:30:14 +0200 |
---|---|---|
committer | Johannes Löthberg <johannes@kyriasis.com> | 2014-10-05 01:30:14 +0200 |
commit | 99f748ed7f445c5dfb019b6327d119e08f00cad4 (patch) | |
tree | 6310abef82613afc1fa6b23b4a3855a4e519f1eb /app | |
parent | 571976cb2780ab0272b95b05bff860a3b8f04cc9 (diff) | |
download | tbt-99f748ed7f445c5dfb019b6327d119e08f00cad4.tar.xz |
all of this should be squashed later.. at least most of it works now, I
think... I should add some tests probably.
Diffstat (limited to 'app')
-rw-r--r-- | app/__init__.py | 2 | ||||
-rw-r--r-- | app/views.py | 72 |
2 files changed, 43 insertions, 31 deletions
diff --git a/app/__init__.py b/app/__init__.py index d698823..af83e2c 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -3,7 +3,7 @@ from flask.ext.sqlalchemy import SQLAlchemy app = Flask(__name__) app.config.from_object('config') -app.secret_key = 'SUPERSEEKRITKEY' +app.secret_key = app.config['SECRET_KEY'] db = SQLAlchemy(app) from app import views, models diff --git a/app/views.py b/app/views.py index acaf3f1..c19b830 100644 --- a/app/views.py +++ b/app/views.py @@ -8,14 +8,9 @@ import json @app.route('/authorized') def authorized_callback(): github = OAuth2Session(app.config['GITHUB_CLIENT_ID'], state=session['oauth_state']) - token = github.fetch_token(app.config['TOKEN_URL'], client_secret=app.config['GITHUB_CLIENT_SECRET'], authorization_response=request.url) - - session['oauth_token'] = token - user_data = github.get('https://api.github.com/user') - if user_data.status_code == 401: abort(401) @@ -23,20 +18,21 @@ def authorized_callback(): user = models.User.query.filter(models.User.id == json_data['id']).first() if not user: user = models.User( - id = json_data['id'], + id = json_data['id'], + name = json_data['name'], nickname = json_data['login'], - email = json_data['email'] + email = json_data['email'], ) db.session.add(user) db.session.commit() + session['oauth_token'] = token return "Your access token is: {}".format(token['access_token']) @app.route('/login') def login(): github = OAuth2Session(app.config['GITHUB_CLIENT_ID']) authorization_url, state = github.authorization_url(app.config['AUTHORIZATION_BASE_URL']) - session['oauth_state'] = state return redirect(authorization_url) @@ -51,24 +47,19 @@ def create_ticket(): if not request.json or not ('summary' and 'body' and 'token') in request.json: abort(400) - token = {"scope": [""], "access_token": request.json['token'], "token_type": "bearer"} - github = OAuth2Session(app.config['GITHUB_CLIENT_ID'], token=token) - user_data = github.get('https://api.github.com/user') - if user_data.status_code == 401: + if not authenticate(request.json['token']): abort(401) - user = models.User.query.get(user_data.json()['id']) - - ticket = models.Ticket(summary=request.json['summary'], - body=request.json['body'], - opened_by=user, - opened_at=datetime.utcnow()) + user = models.User.query.get(user_data.json()['id']) + ticket = models.Ticket(summary = request.json['summary'], + body = request.json['body'], + opened_by = user, + opened_at = datetime.utcnow()) db.session.add(ticket) db.session.commit() - td = ticket_to_dict(ticket) - - return jsonify({'ticket': make_public_ticket(td)}), 201 + public_ticket = make_public_ticket(ticket_to_dict(ticket)) + return jsonify({'ticket': public_ticket}), 201 @app.route('/tbt/api/1.0/ticket/<int:ticket_id>', methods=['GET']) def get_ticket(ticket_id): @@ -76,23 +67,37 @@ def get_ticket(ticket_id): if not ticket: abort(404) - return jsonify({'ticket': make_public_ticket(ticket_to_dict(ticket))}) + public_ticket = make_public_ticket(ticket_to_dict(ticket)) + return jsonify({'ticket': public_ticket}) @app.route('/tbt/api/1.0/ticket/<int:ticket_id>', methods=['PUT']) def update_ticket(ticket_id): - ticket = next((t for t in tickets if t['id'] == ticket_id), None) - if not ticket: - abort(404) + if not 'Access-Token' in request.headers or not authenticate(request.headers['Access-Token']): + abort(401) if not request.json: + print(request.data) abort(400) - ticket['summary'] = request.json.get('summary', ticket['summary']) - ticket['body'] = request.json.get('body', ticket['body']) - ticket['status'] = request.json.get('status', ticket['status']) - ticket['reason'] = request.json.get('reason', ticket['reason']) - return jsonify({'ticket': make_public_ticket(ticket)}) + + ticket = models.Ticket.query.get(ticket_id) + if not ticket: + abort(404) + + ticket.summary = request.json.get('summary', ticket.summary) + ticket.body = request.json.get('body', ticket.body) + ticket.status = request.json.get('status', ticket.status) + ticket.reason = request.json.get('reason', ticket.reason) + ticket.updated_at = datetime.utcnow() + db.session.add(ticket) + db.session.commit() + + public_ticket = make_public_ticket(ticket_to_dict(ticket)) + return jsonify({'ticket': public_ticket}) @app.route('/tbt/api/1.0/ticket/<int:ticket_id>', methods=['DELETE']) def delete_ticket(ticket_id): + if not 'Access-Token' in request.headers or not authenticate(request.headers['Access-Token']): + abort(401) + ticket = models.Ticket.query.get(ticket_id) if not ticket: abort(404) @@ -106,3 +111,10 @@ def delete_ticket(ticket_id): def not_found(error): return make_response(jsonify({'error': 'Not found'}), 404) +@app.errorhandler(401) +def unauthorized(error): + return make_response(jsonify({'error': 'Unauthorized'}), 401) + +@app.errorhandler(400) +def unauthorized(error): + return make_response(jsonify({'error': 'Bad request'}), 400) |