summaryrefslogtreecommitdiffstats
path: root/app
diff options
context:
space:
mode:
authorJohannes Löthberg <johannes@kyriasis.com>2014-10-05 01:30:14 +0200
committerJohannes Löthberg <johannes@kyriasis.com>2014-10-05 01:30:14 +0200
commit99f748ed7f445c5dfb019b6327d119e08f00cad4 (patch)
tree6310abef82613afc1fa6b23b4a3855a4e519f1eb /app
parent571976cb2780ab0272b95b05bff860a3b8f04cc9 (diff)
downloadtbt-99f748ed7f445c5dfb019b6327d119e08f00cad4.tar.xz
another massive commitHEADmaster
all of this should be squashed later.. at least most of it works now, I think... I should add some tests probably.
Diffstat (limited to 'app')
-rw-r--r--app/__init__.py2
-rw-r--r--app/views.py72
2 files changed, 43 insertions, 31 deletions
diff --git a/app/__init__.py b/app/__init__.py
index d698823..af83e2c 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -3,7 +3,7 @@ from flask.ext.sqlalchemy import SQLAlchemy
app = Flask(__name__)
app.config.from_object('config')
-app.secret_key = 'SUPERSEEKRITKEY'
+app.secret_key = app.config['SECRET_KEY']
db = SQLAlchemy(app)
from app import views, models
diff --git a/app/views.py b/app/views.py
index acaf3f1..c19b830 100644
--- a/app/views.py
+++ b/app/views.py
@@ -8,14 +8,9 @@ import json
@app.route('/authorized')
def authorized_callback():
github = OAuth2Session(app.config['GITHUB_CLIENT_ID'], state=session['oauth_state'])
-
token = github.fetch_token(app.config['TOKEN_URL'], client_secret=app.config['GITHUB_CLIENT_SECRET'],
authorization_response=request.url)
-
- session['oauth_token'] = token
-
user_data = github.get('https://api.github.com/user')
-
if user_data.status_code == 401:
abort(401)
@@ -23,20 +18,21 @@ def authorized_callback():
user = models.User.query.filter(models.User.id == json_data['id']).first()
if not user:
user = models.User(
- id = json_data['id'],
+ id = json_data['id'],
+ name = json_data['name'],
nickname = json_data['login'],
- email = json_data['email']
+ email = json_data['email'],
)
db.session.add(user)
db.session.commit()
+ session['oauth_token'] = token
return "Your access token is: {}".format(token['access_token'])
@app.route('/login')
def login():
github = OAuth2Session(app.config['GITHUB_CLIENT_ID'])
authorization_url, state = github.authorization_url(app.config['AUTHORIZATION_BASE_URL'])
-
session['oauth_state'] = state
return redirect(authorization_url)
@@ -51,24 +47,19 @@ def create_ticket():
if not request.json or not ('summary' and 'body' and 'token') in request.json:
abort(400)
- token = {"scope": [""], "access_token": request.json['token'], "token_type": "bearer"}
- github = OAuth2Session(app.config['GITHUB_CLIENT_ID'], token=token)
- user_data = github.get('https://api.github.com/user')
- if user_data.status_code == 401:
+ if not authenticate(request.json['token']):
abort(401)
- user = models.User.query.get(user_data.json()['id'])
-
- ticket = models.Ticket(summary=request.json['summary'],
- body=request.json['body'],
- opened_by=user,
- opened_at=datetime.utcnow())
+ user = models.User.query.get(user_data.json()['id'])
+ ticket = models.Ticket(summary = request.json['summary'],
+ body = request.json['body'],
+ opened_by = user,
+ opened_at = datetime.utcnow())
db.session.add(ticket)
db.session.commit()
- td = ticket_to_dict(ticket)
-
- return jsonify({'ticket': make_public_ticket(td)}), 201
+ public_ticket = make_public_ticket(ticket_to_dict(ticket))
+ return jsonify({'ticket': public_ticket}), 201
@app.route('/tbt/api/1.0/ticket/<int:ticket_id>', methods=['GET'])
def get_ticket(ticket_id):
@@ -76,23 +67,37 @@ def get_ticket(ticket_id):
if not ticket:
abort(404)
- return jsonify({'ticket': make_public_ticket(ticket_to_dict(ticket))})
+ public_ticket = make_public_ticket(ticket_to_dict(ticket))
+ return jsonify({'ticket': public_ticket})
@app.route('/tbt/api/1.0/ticket/<int:ticket_id>', methods=['PUT'])
def update_ticket(ticket_id):
- ticket = next((t for t in tickets if t['id'] == ticket_id), None)
- if not ticket:
- abort(404)
+ if not 'Access-Token' in request.headers or not authenticate(request.headers['Access-Token']):
+ abort(401)
if not request.json:
+ print(request.data)
abort(400)
- ticket['summary'] = request.json.get('summary', ticket['summary'])
- ticket['body'] = request.json.get('body', ticket['body'])
- ticket['status'] = request.json.get('status', ticket['status'])
- ticket['reason'] = request.json.get('reason', ticket['reason'])
- return jsonify({'ticket': make_public_ticket(ticket)})
+
+ ticket = models.Ticket.query.get(ticket_id)
+ if not ticket:
+ abort(404)
+
+ ticket.summary = request.json.get('summary', ticket.summary)
+ ticket.body = request.json.get('body', ticket.body)
+ ticket.status = request.json.get('status', ticket.status)
+ ticket.reason = request.json.get('reason', ticket.reason)
+ ticket.updated_at = datetime.utcnow()
+ db.session.add(ticket)
+ db.session.commit()
+
+ public_ticket = make_public_ticket(ticket_to_dict(ticket))
+ return jsonify({'ticket': public_ticket})
@app.route('/tbt/api/1.0/ticket/<int:ticket_id>', methods=['DELETE'])
def delete_ticket(ticket_id):
+ if not 'Access-Token' in request.headers or not authenticate(request.headers['Access-Token']):
+ abort(401)
+
ticket = models.Ticket.query.get(ticket_id)
if not ticket:
abort(404)
@@ -106,3 +111,10 @@ def delete_ticket(ticket_id):
def not_found(error):
return make_response(jsonify({'error': 'Not found'}), 404)
+@app.errorhandler(401)
+def unauthorized(error):
+ return make_response(jsonify({'error': 'Unauthorized'}), 401)
+
+@app.errorhandler(400)
+def unauthorized(error):
+ return make_response(jsonify({'error': 'Bad request'}), 400)