2 files changed, 43 insertions, 31 deletions

diff --git a/app/__init__.py b/app/__init__.py
index d698823..af83e2c 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -3,7 +3,7 @@ from flask.ext.sqlalchemy import SQLAlchemy
 
 app = Flask(__name__)
 app.config.from_object('config')
-app.secret_key = 'SUPERSEEKRITKEY'
+app.secret_key = app.config['SECRET_KEY']
 db = SQLAlchemy(app)
 
 from app import views, models
diff --git a/app/views.py b/app/views.py
index acaf3f1..c19b830 100644
--- a/app/views.py
+++ b/app/views.py
@@ -8,14 +8,9 @@ import json
 @app.route('/authorized')
 def authorized_callback():
 	github = OAuth2Session(app.config['GITHUB_CLIENT_ID'], state=session['oauth_state'])
-
 	token = github.fetch_token(app.config['TOKEN_URL'], client_secret=app.config['GITHUB_CLIENT_SECRET'],
 	                           authorization_response=request.url)
-
-	session['oauth_token'] = token
-
 	user_data = github.get('https://api.github.com/user')
-
 	if user_data.status_code == 401:
 		abort(401)
 
@@ -23,20 +18,21 @@ def authorized_callback():
 	user = models.User.query.filter(models.User.id == json_data['id']).first()
 	if not user:
 		user = models.User(
-			id = json_data['id'],
+			id       = json_data['id'],
+			name     = json_data['name'],
 			nickname = json_data['login'],
-			email = json_data['email']
+			email    = json_data['email'],
 		)
 		db.session.add(user)
 		db.session.commit()
 
+	session['oauth_token'] = token
 	return "Your access token is: {}".format(token['access_token'])
 
 @app.route('/login')
 def login():
 	github = OAuth2Session(app.config['GITHUB_CLIENT_ID'])
 	authorization_url, state = github.authorization_url(app.config['AUTHORIZATION_BASE_URL'])
-
 	session['oauth_state'] = state
 	return redirect(authorization_url)
 
@@ -51,24 +47,19 @@ def create_ticket():
 	if not request.json or not ('summary' and 'body' and 'token') in request.json:
 		abort(400)
 
-	token = {"scope": [""], "access_token": request.json['token'], "token_type": "bearer"}
-	github = OAuth2Session(app.config['GITHUB_CLIENT_ID'], token=token)
-	user_data = github.get('https://api.github.com/user')
-	if user_data.status_code == 401:
+	if not authenticate(request.json['token']):
 		abort(401)
 
-	user = models.User.query.get(user_data.json()['id'])
-
-	ticket = models.Ticket(summary=request.json['summary'],
-	                       body=request.json['body'],
-	                       opened_by=user,
-	                       opened_at=datetime.utcnow())
+	user   = models.User.query.get(user_data.json()['id'])
+	ticket = models.Ticket(summary   = request.json['summary'],
+	                       body      = request.json['body'],
+	                       opened_by = user,
+	                       opened_at = datetime.utcnow())
 	db.session.add(ticket)
 	db.session.commit()
 
-	td = ticket_to_dict(ticket)
-
-	return jsonify({'ticket': make_public_ticket(td)}), 201
+	public_ticket = make_public_ticket(ticket_to_dict(ticket))
+	return jsonify({'ticket': public_ticket}), 201
 
 @app.route('/tbt/api/1.0/ticket/<int:ticket_id>', methods=['GET'])
 def get_ticket(ticket_id):
@@ -76,23 +67,37 @@ def get_ticket(ticket_id):
 	if not ticket:
 		abort(404)
 
-	return jsonify({'ticket': make_public_ticket(ticket_to_dict(ticket))})
+	public_ticket = make_public_ticket(ticket_to_dict(ticket))
+	return jsonify({'ticket': public_ticket})
 
 @app.route('/tbt/api/1.0/ticket/<int:ticket_id>', methods=['PUT'])
 def update_ticket(ticket_id):
-	ticket = next((t for t in tickets if t['id'] == ticket_id), None)
-	if not ticket:
-		abort(404)
+	if not 'Access-Token' in request.headers or not authenticate(request.headers['Access-Token']):
+		abort(401)
 	if not request.json:
+		print(request.data)
 		abort(400)
-	ticket['summary']     = request.json.get('summary', ticket['summary'])
-	ticket['body']        = request.json.get('body', ticket['body'])
-	ticket['status']      = request.json.get('status', ticket['status'])
-	ticket['reason']      = request.json.get('reason', ticket['reason'])
-	return jsonify({'ticket': make_public_ticket(ticket)})
+
+	ticket = models.Ticket.query.get(ticket_id)
+	if not ticket:
+		abort(404)
+
+	ticket.summary    = request.json.get('summary', ticket.summary)
+	ticket.body       = request.json.get('body', ticket.body)
+	ticket.status     = request.json.get('status', ticket.status)
+	ticket.reason     = request.json.get('reason', ticket.reason)
+	ticket.updated_at = datetime.utcnow()
+	db.session.add(ticket)
+	db.session.commit()
+
+	public_ticket = make_public_ticket(ticket_to_dict(ticket))
+	return jsonify({'ticket': public_ticket})
 
 @app.route('/tbt/api/1.0/ticket/<int:ticket_id>', methods=['DELETE'])
 def delete_ticket(ticket_id):
+	if not 'Access-Token' in request.headers or not authenticate(request.headers['Access-Token']):
+		abort(401)
+
 	ticket = models.Ticket.query.get(ticket_id)
 	if not ticket:
 		abort(404)
@@ -106,3 +111,10 @@ def delete_ticket(ticket_id):
 def not_found(error):
 	return make_response(jsonify({'error': 'Not found'}), 404)
 
+@app.errorhandler(401)
+def unauthorized(error):
+	return make_response(jsonify({'error': 'Unauthorized'}), 401)
+
+@app.errorhandler(400)
+def unauthorized(error):
+	return make_response(jsonify({'error': 'Bad request'}), 400)