def post(self, movie_id):
logging.debug(
"MovieDetailsHandler. POST. movie_id: {}. auth: {}".format(
movie_id, self.request.headers.get("Authorization")))
ok, movie = self._get_movie(movie_id)
if not ok:
return
name = self.request.get("name", movie.name)
description = self.request.get("description", movie.description)
logging.debug(
"MovieDetailsHandler. POST. movie_id: {}. name: {}. description: {}. auth: {}"
.format(movie_id, name, description,
self.request.headers.get("Authorization")))
if not (name and description):
json_response(
self,
{"message": "Name and description fields must be filled"},
status=400)
return
movie.name = name
movie.description = description
movie.put()
json_response(self, status=204)
def get(self, movie_id):
logging.debug(
"MovieDetailsHandler. GET. movie_id: {}. auth: {}".format(
movie_id, self.request.headers.get("Authorization")))
ok, movie = self._get_movie(movie_id)
if not ok:
return
json_response(self, movie.to_dict(), status=200)
def _login(self, user, password):
if user.password == password:
# generate JWT for this user
self._set_token(user)
return
logging.info(
"LoginHandler. POST. login. invalid password. email: {}".format(
user.email))
json_response(self, {"message": "Invalid password"}, status=401)
def wrapper(handler, *args, **kwargs):
auth_header = handler.request.headers["Authorization"]
if auth_header == "null":
# no header
logging.debug(
"Authorization header is blank. path_info: {}".format(
handler.request.path_info))
json_response(
handler,
{"message": "You didn't provide authorization header"},
status=401)
return
try:
# trying to get token from `Bearer <token>` string
token = auth_header.split(" ")[1]
except IndexError:
logging.warn(
"Cannot parse Authorization header. header: {}. path_info: {}"
.format(auth_header, handler.request.path_info))
json_response(handler,
{"message": "Invalid authorization header"},
status=401)
return
# Start JWT validation
try:
# parsing
jwt_token = JWTToken(token)
except JWTValidationError as exc:
logging.warn(
"Cannot parse Authorization header. header: {}. path_info: {}"
.format(auth_header, handler.request.path_info))
json_response(handler, {"message": exc.message}, status=401)
return
try:
# validation
jwt_token.is_valid()
except JWTValidationError as exc:
logging.warn(
"JWT Token is not valid. header: {}. path_info: {}".format(
auth_header, handler.request.path_info))
json_response(handler, {"message": exc.message}, status=401)
return
try:
# permissions
jwt_token.has_permissions(*permissions)
return func(handler, *args, **kwargs)
except JWTValidationError as exc:
logging.warn(
"Attempt to access object without permissions. header: {}. path_info: {}"
.format(auth_header, handler.request.path_info))
json_response(handler, {"message": exc.message}, status=401)
def _get_movie(self, movie_id):
"""
Get movie from datastore by movie_id
Return status (found/not found) and movie instance
:param movie_id: str
"""
# movie_id is always int (based on handler regexp), but dispatcher sends as str
movie = Movie.get_by_id(int(movie_id))
if not movie:
logging.debug(
"MovieDetailsHandler. Movie not found. movie_id: {}. auth: {}".
format(movie_id, self.request.headers.get("Authorization")))
json_response(self, {"message": "No such movie"}, status=404)
return False, None
return True, movie
def post(self):
email = self.request.get("email")
password = self.request.get("password")
logging.debug("LoginHandler. POST. email: {}".format(email))
if not (email and password):
logging.info("LoginHandler. POST. blank credentials")
json_response(self, {"message": "Credentials cannot be blank"},
400)
return
user = db.GqlQuery("SELECT * FROM User WHERE email=:1", email).get()
if not user:
# if no such user - register
return self._register(email, password)
# try to login
return self._login(user, password)
def post(self):
logging.debug("MovieListHandler. POST. auth: {}".format(
self.request.headers.get("Authorization")))
name = self.request.get("name")
description = self.request.get("description")
if not (name and description):
json_response(
self,
{"message": "Name and description fields must be filled"},
status=400)
return
logging.debug(
"MovieListHandler. POST. name: {}. description: {}. auth: {}".
format(name, description,
self.request.headers.get("Authorization")))
movie = Movie(name=name, description=description)
movie.put()
json_response(self, data=movie.to_dict(), status=201)
def get(self):
logging.debug("MovieListHandler. GET. auth: {}".format(
self.request.headers.get("Authorization")))
movies = db.GqlQuery("SELECT * FROM Movie ORDER BY add_timestamp DESC")
movie_list = [movie.to_dict() for movie in movies]
json_response(self, data=movie_list, status=200)