def delete_token(auth_token, token_value):
"""Revoke the given authentication token."""
db_session.query(Token).filter(
Token.owner == auth_token.owner,
Token.value == token_value
).delete(synchronize_session='fetch')
db_session.commit()
return '', 204
def delete_milestone(auth_token, slug):
try:
db_session.query(Milestone).filter(Milestone.slug == slug).delete()
except NoResultFound:
abort(404)
db_session.commit()
return '', 204
def delete_comment(auth_token, uid):
try:
db_session.query(Comment).filter(Comment.uid == uid).delete()
except NoResultFound:
abort(404)
db_session.commit()
return '', 204
def delete_issue(auth_token, uid):
try:
db_session.query(Issue).filter(Issue.uid == uid).delete()
except NoResultFound:
abort(404)
db_session.commit()
return '', 204
def delete_tag(auth_token, name):
try:
db_session.query(Tag).filter(Tag.name == name).delete()
except NoResultFound:
abort(404)
db_session.commit()
return '', 204
def delete_user(auth_token, email):
if email == 'me':
user = auth_token.owner
else:
try:
user = db_session.query(User).filter(User.email == email).one()
except NoResultFound:
abort(404)
db_session.delete(user)
db_session.commit()
return '', 204
def create_tag(auth_token):
try:
post_data = request.get_json(force=True)
except BadRequest as e:
raise ApiError(e.description)
new_tag = Tag()
new_tag.update(post_data)
db_session.add(new_tag)
db_session.commit()
return jsonify(new_tag.to_dict(max_depth=2))
def delete_attachment(auth_token, uid):
try:
attachment = db_session.query(Attachment).filter(Attachment.uid == uid).one()
except NoResultFound:
abort(404)
# Delete the attachment file and its thumbails from the filesystem.
for filename in glob.glob(attachment.filename + '*'):
os.remove(filename)
db_session.delete(attachment)
db_session.commit()
return '', 204
def create_issue(auth_token):
try:
post_data = request.get_json(force=True)
except BadRequest as e:
raise ApiError(e.description)
post_data['author'] = auth_token.owner.email
new_issue = Issue()
new_issue.update(post_data)
db_session.add(new_issue)
db_session.commit()
return jsonify(new_issue.to_dict(max_depth=2))
def create_milestone(auth_token):
try:
post_data = request.get_json(force=True)
except BadRequest as e:
raise ApiError(e.description)
if 'due_date' in post_data:
post_data['due_date'] = from_unix_timestamp(post_data['due_date'])
new_milestone = Milestone()
new_milestone.update(post_data)
db_session.add(new_milestone)
db_session.commit()
return jsonify(new_milestone.to_dict(max_depth=2))
def update_tag(auth_token, name):
try:
tag = db_session.query(Tag).filter(Tag.name == name).one()
except NoResultFound:
abort(404)
try:
post_data = request.get_json(force=True)
except BadRequest as e:
raise ApiError(e.description)
tag.update(post_data)
db_session.commit()
return jsonify(tag.to_dict(max_depth=2))
def create_user(auth_token):
try:
post_data = request.get_json(force=True)
except BadRequest as e:
raise ApiError(e.description)
if not post_data.get('password', False):
raise ApiError('Missing or empty password.')
post_data['password'] = md5(post_data['password'].encode()).hexdigest()
new_user = User()
new_tag.update(post_data)
db_session.add(new_user)
db_session.commit()
return jsonify(new_user.to_dict(max_depth=2))
def __call__(self):
# Create an application context.
app = create_app(__name__, [])
ctx = app.test_request_context()
ctx.push()
parser = argparse.ArgumentParser(
prog=self.argv[0],
description="Manage the user's account.")
subparsers = parser.add_subparsers(dest='subcommand')
subparsers.required = True
sub = subparsers.add_parser('add', help='add a user')
sub.add_argument('email', action='store', help="the email of the new user's account")
sub.add_argument(
'-n', '--name', dest='name', action='store',
help='the full name of the user (default: email address)')
sub.add_argument(
'-p', '--password', dest='password', action='store',
help='the full name of the user (will be asked if not provided)')
sub = subparsers.add_parser('list', help='list users')
args = parser.parse_args(self.argv[1:])
if args.subcommand == 'add':
new_user = User()
new_user.email = args.email
new_user.name = args.name or args.email
if args.password:
password = args.password
else:
password = getpass('password: '******'confirm: ') != password:
raise InvalidArgumentError('Password do not match.')
new_user.password = md5(password.encode()).hexdigest()
db_session.add(new_user)
db_session.commit()
elif args.subcommand == 'list':
for user in db_session.query(User):
print('name: {:>15}, email: {:>15}'.format(user.name, user.email))
ctx.pop()
def update_comment(auth_token, uid):
try:
comment = db_session.query(Comment).filter(Comment.uid == uid).one()
except NoResultFound:
abort(404)
try:
post_data = request.get_json(force=True)
except BadRequest as e:
raise ApiError(e.description)
post_data['updated_at'] = utcnow()
comment.update(post_data)
db_session.commit()
return jsonify(comment.to_dict(max_depth=2))
def update_milestone(auth_token, slug):
try:
milestone = db_session.query(Milestone).filter(Milestone.slug == slug).one()
except NoResultFound:
abort(404)
try:
post_data = request.get_json(force=True)
except BadRequest as e:
raise ApiError(e.description)
if 'due_date' in post_data:
post_data['due_date'] = from_unix_timestamp(post_data['due_date'])
milestone.update(post_data)
db_session.commit()
return jsonify(milestone.to_dict(max_depth=2))
def create_issue(auth_token, slug):
try:
milestone = db_session.query(Milestone).filter(Milestone.slug == slug).one()
except NoResultFound:
abort(404)
try:
post_data = request.get_json(force=True)
except BadRequest as e:
raise ApiError(e.description)
post_data['author'] = auth_token.owner.email
new_issue = Issue()
new_issue.update(post_data)
milestone.issues.append(new_issue)
db_session.commit()
return jsonify(new_issue.to_dict(max_depth=2))
def create_attachment(auth_token):
# Check if the file format is valid (solely on its filename).
file = request.files['file']
if not (file and check_file_ext(file.filename)):
raise ApiError('Invalid file format.')
# Create a file UID based on the file content, so we avoid storing
# duplicates under different filenames.
h = md5()
while True:
buf = file.read(128)
if not buf:
break
h.update(buf)
fuid = h.hexdigest()
# Seek for an existing file reference on the upload.
attachment = db_session.query(Attachment).filter(Attachment.uid == fuid).first()
if attachment is None:
# Create the attachment reference in the database.
attachment = Attachment()
attachment.uid = fuid
attachment.name = file.filename
attachment.filename = os.path.join(current_app.config['UPLOAD_FOLDER'], fuid)
file_type, _ = mimetypes.guess_type(file.filename)
if file_type is not None:
attachment.mime_type = file_type
# Save the upload.
file.seek(0)
file.save(attachment.filename)
db_session.add(attachment)
db_session.commit()
return_status = 201
else:
return_status = 200
return jsonify(attachment.to_dict(max_depth=2)), return_status
def create_token():
post_data = request.get_json(force=True)
# get the credentials
email = post_data.get('email')
password = md5(post_data.get('password', '').encode()).hexdigest()
# search for the user identified by email/password
user = db_session.query(User).filter(
User.email == email,
User.password == password
).first()
if user is None:
abort(403)
# generate a new token for the authenticated user
token = make_auth_token(user)
db_session.add(token)
db_session.commit()
return jsonify(token.to_dict()), 201
def update_issue(auth_token, uid):
try:
issue = db_session.query(Issue).filter(Issue.uid == uid).one()
except NoResultFound:
abort(404)
try:
post_data = request.get_json(force=True)
except BadRequest as e:
raise ApiError(e.description)
# Update the closing time if the status of the issue gets updated.
if ('status' in post_data) and post_data['status'] != issue.status:
if post_data['status'] == 'closed':
post_data['closed_at'] = utcnow()
else:
post_data['closed_at'] = None
issue.update(post_data)
db_session.commit()
return jsonify(issue.to_dict(max_depth=2))
def updated_user_password(auth_token, email):
if email not in ('me', auth_token.owner.email):
abort(403)
user = auth_token.owner
try:
post_data = request.get_json(force=True)
except BadRequest as e:
raise ApiError(e.description)
if not post_data.get('current_password', False):
raise ApiError('Missing or empty current password.')
current_password = md5(post_data['current_password'].encode()).hexdigest()
if current_password != user.password:
raise ApiError('Invalid current password.')
if not post_data.get('new_password', False):
raise ApiError('Missing or empty new password.')
user.password = md5(post_data['new_password'].encode()).hexdigest()
db_session.commit()
return '', 204
def update_user(auth_token, email):
if email == 'me':
user = auth_token.owner
else:
try:
user = db_session.query(User).filter(User.email == email).one()
except NoResultFound:
abort(404)
try:
post_data = request.get_json(force=True)
except BadRequest as e:
raise ApiError(e.description)
# Remove password from post data since user's password shouldn't be
# updated using this endpoint.
if 'password' in post_data:
del post_data['password']
user.update(post_data)
db_session.commit()
return jsonify(user.to_dict(max_depth=2))
