From bc3550b0ff9959cd44702e6e98a5df43a3f52254 Mon Sep 17 00:00:00 2001 From: Johannes Löthberg Date: Fri, 3 Oct 2014 00:14:59 +0200 Subject: another big dump. github oauth authentiation is "working" But it's done really hackily and probably should never be done like this. --- app/__init__.py | 1 + app/models.py | 6 +---- app/views.py | 73 ++++++++++++++++++++++++++++++++++++++++----------------- 3 files changed, 54 insertions(+), 26 deletions(-) (limited to 'app') diff --git a/app/__init__.py b/app/__init__.py index f441218..d698823 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -3,6 +3,7 @@ from flask.ext.sqlalchemy import SQLAlchemy app = Flask(__name__) app.config.from_object('config') +app.secret_key = 'SUPERSEEKRITKEY' db = SQLAlchemy(app) from app import views, models diff --git a/app/models.py b/app/models.py index 4df6689..dc6a7cd 100644 --- a/app/models.py +++ b/app/models.py @@ -5,8 +5,7 @@ class User(db.Model): id = db.Column(db.Integer, primary_key=True) nickname = db.Column(db.String(64), index=True, unique=True) email = db.Column(db.String(120), index=True, unique=True) - opened = db.relationship('Ticket', backref='opened_by', lazy='dynamic', primaryjoin = 'Ticket.opened_by_user_id == User.id') - assigned = db.relationship('Ticket', backref='assigned_to', lazy='dynamic', primaryjoin = 'Ticket.assigned_to_user_id == User.id') + opened = db.relationship('Ticket', backref='opened_by', lazy='dynamic') def __repr__(self): @@ -22,12 +21,9 @@ class Ticket(db.Model): updated_at = db.Column(db.DateTime) status = db.Column(db.String(64), nullable=False, default='open') - resolution = db.Column(db.String(64)) reason = db.Column(db.String(140)) - deleted = db.Column(db.Boolean, default=False) opened_by_user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False) - assigned_to_user_id = db.Column(db.Integer, db.ForeignKey('user.id')) def __repr__(self): return '' % (self.id) diff --git a/app/views.py b/app/views.py index 2e6ba6f..3cc8891 100644 --- a/app/views.py +++ b/app/views.py @@ -1,6 +1,8 @@ -from flask import jsonify, abort, make_response, request, url_for +from flask import jsonify, abort, make_response, request, url_for, redirect, session +from requests_oauthlib import OAuth2Session from datetime import datetime from app import app, db, models +import json def make_public_ticket(ticket): new_ticket = ticket.copy() @@ -11,8 +13,6 @@ def ticket_to_dict(ticket): nt = {} nt['id'] = ticket.id - nt['deleted'] = ticket.deleted - nt['summary'] = ticket.summary nt['body'] = ticket.body @@ -25,7 +25,6 @@ def ticket_to_dict(ticket): nt['status'] = ticket.status - nt['resolution'] = ticket.resolution nt['reason'] = ticket.reason if ticket.opened_by: @@ -37,29 +36,61 @@ def ticket_to_dict(ticket): else: nt['opened_by'] = {'id': None, 'nickname': None, 'email': None} - if ticket.assigned_to: - nt['assigned_to'] = { - 'id': ticket.assigned_to.id, - 'nickname': ticket.assigned_to.nickname, - 'email': ticket.assigned_to.email, - } - else: - nt['assigned_to'] = None - return nt +@app.route('/authorized') +def authorized_callback(): + github = OAuth2Session(app.config['GITHUB_CLIENT_ID'], state=session['oauth_state']) + + token = github.fetch_token(app.config['TOKEN_URL'], client_secret=app.config['GITHUB_CLIENT_SECRET'], + authorization_response=request.url) + + session['oauth_token'] = token + + user_data = github.get('https://api.github.com/user') + + if user_data.status_code == 401: + abort(401) + + json_data = user_data.json() + user = models.User.query.filter(models.User.id == json_data['id']).first() + if not user: + user = models.User( + id = json_data['id'], + nickname = json_data['login'], + email = json_data['email'] + ) + db.session.add(user) + db.session.commit() + + return "Your access token is: {}".format(token['access_token']) + +@app.route('/login') +def login(): + github = OAuth2Session(app.config['GITHUB_CLIENT_ID']) + authorization_url, state = github.authorization_url(app.config['AUTHORIZATION_BASE_URL']) + + session['oauth_state'] = state + return redirect(authorization_url) + @app.route('/tbt/api/1.0/tickets', methods=['GET']) def get_tickets(): - ts = models.Ticket.query.filter(models.Ticket.deleted != True).all() + ts = models.Ticket.query.all() tickets = map(ticket_to_dict, ts) return jsonify({'tickets': list(map(make_public_ticket, tickets))}) @app.route('/tbt/api/1.0/ticket', methods=['POST']) def create_ticket(): - if not request.json or not ('summary' and 'body' and 'user_nickname') in request.json: + if not request.json or not ('summary' and 'body' and 'token') in request.json: abort(400) - user = models.User.query.filter(models.User.nickname == request.json['user_nickname']).first() + token = {"scope": [""], "access_token": request.json['token'], "token_type": "bearer"} + github = OAuth2Session(app.config['GITHUB_CLIENT_ID'], token=token) + user_data = github.get('https://api.github.com/user') + if user_data.status_code == 401: + abort(401) + + user = models.User.query.get(user_data.json()['id']) ticket = models.Ticket(summary=request.json['summary'], body=request.json['body'], @@ -90,18 +121,18 @@ def update_ticket(ticket_id): ticket['summary'] = request.json.get('summary', ticket['summary']) ticket['body'] = request.json.get('body', ticket['body']) ticket['status'] = request.json.get('status', ticket['status']) - ticket['resolution'] = request.json.get('resolution', ticket['resolution']) ticket['reason'] = request.json.get('reason', ticket['reason']) - ticket['assigned-to'] = request.json.get('assigned-to', ticket['assigned-to']) return jsonify({'ticket': make_public_ticket(ticket)}) @app.route('/tbt/api/1.0/ticket/', methods=['DELETE']) def delete_ticket(ticket_id): - ticket = next((t for t in tickets if t['id'] == ticket_id), None) + ticket = models.Ticket.query.get(ticket_id) if not ticket: abort(404) - #tickets.remove(ticket) - ticket['deleted'] = True + + db.session.delete(ticket) + db.session.commit() + return jsonify({'result': True}) @app.errorhandler(404) -- cgit v1.2.3-54-g00ecf