示例#1
0
文件: auth.py 项目: Secaly/mushi
def delete_token(auth_token, token_value):
    """Revoke the given authentication token."""
    db_session.query(Token).filter(
        Token.owner == auth_token.owner,
        Token.value == token_value
    ).delete(synchronize_session='fetch')
    db_session.commit()
    return '', 204
示例#2
0
def delete_milestone(auth_token, slug):
    try:
        db_session.query(Milestone).filter(Milestone.slug == slug).delete()
    except NoResultFound:
        abort(404)

    db_session.commit()

    return '', 204
示例#3
0
文件: comments.py 项目: Secaly/mushi
def delete_comment(auth_token, uid):
    try:
        db_session.query(Comment).filter(Comment.uid == uid).delete()
    except NoResultFound:
        abort(404)

    db_session.commit()

    return '', 204
示例#4
0
def delete_issue(auth_token, uid):
    try:
        db_session.query(Issue).filter(Issue.uid == uid).delete()
    except NoResultFound:
        abort(404)

    db_session.commit()

    return '', 204
示例#5
0
文件: tags.py 项目: Secaly/mushi
def delete_tag(auth_token, name):
    try:
        db_session.query(Tag).filter(Tag.name == name).delete()
    except NoResultFound:
        abort(404)

    db_session.commit()

    return '', 204
示例#6
0
文件: auth.py 项目: Secaly/mushi
def delete_user(auth_token, email):
    if email == 'me':
        user = auth_token.owner
    else:
        try:
            user = db_session.query(User).filter(User.email == email).one()
        except NoResultFound:
            abort(404)

    db_session.delete(user)
    db_session.commit()

    return '', 204
示例#7
0
文件: tags.py 项目: Secaly/mushi
def create_tag(auth_token):
    try:
        post_data = request.get_json(force=True)
    except BadRequest as e:
        raise ApiError(e.description)

    new_tag = Tag()
    new_tag.update(post_data)

    db_session.add(new_tag)
    db_session.commit()

    return jsonify(new_tag.to_dict(max_depth=2))
示例#8
0
def delete_attachment(auth_token, uid):
    try:
        attachment = db_session.query(Attachment).filter(Attachment.uid == uid).one()
    except NoResultFound:
        abort(404)

    # Delete the attachment file and its thumbails from the filesystem.
    for filename in glob.glob(attachment.filename + '*'):
        os.remove(filename)

    db_session.delete(attachment)
    db_session.commit()

    return '', 204
示例#9
0
def create_issue(auth_token):
    try:
        post_data = request.get_json(force=True)
    except BadRequest as e:
        raise ApiError(e.description)
    post_data['author'] = auth_token.owner.email

    new_issue = Issue()
    new_issue.update(post_data)

    db_session.add(new_issue)
    db_session.commit()

    return jsonify(new_issue.to_dict(max_depth=2))
示例#10
0
def create_milestone(auth_token):
    try:
        post_data = request.get_json(force=True)
    except BadRequest as e:
        raise ApiError(e.description)
    if 'due_date' in post_data:
        post_data['due_date'] = from_unix_timestamp(post_data['due_date'])

    new_milestone = Milestone()
    new_milestone.update(post_data)

    db_session.add(new_milestone)
    db_session.commit()

    return jsonify(new_milestone.to_dict(max_depth=2))
示例#11
0
文件: tags.py 项目: Secaly/mushi
def update_tag(auth_token, name):
    try:
        tag = db_session.query(Tag).filter(Tag.name == name).one()
    except NoResultFound:
        abort(404)

    try:
        post_data = request.get_json(force=True)
    except BadRequest as e:
        raise ApiError(e.description)

    tag.update(post_data)

    db_session.commit()

    return jsonify(tag.to_dict(max_depth=2))
示例#12
0
文件: auth.py 项目: Secaly/mushi
def create_user(auth_token):
    try:
        post_data = request.get_json(force=True)
    except BadRequest as e:
        raise ApiError(e.description)

    if not post_data.get('password', False):
        raise ApiError('Missing or empty password.')
    post_data['password'] = md5(post_data['password'].encode()).hexdigest()

    new_user = User()
    new_tag.update(post_data)

    db_session.add(new_user)
    db_session.commit()

    return jsonify(new_user.to_dict(max_depth=2))
示例#13
0
文件: users.py 项目: Secaly/mushi
    def __call__(self):
        # Create an application context.
        app = create_app(__name__, [])
        ctx = app.test_request_context()
        ctx.push()

        parser = argparse.ArgumentParser(
            prog=self.argv[0],
            description="Manage the user's account.")
        subparsers = parser.add_subparsers(dest='subcommand')
        subparsers.required = True

        sub = subparsers.add_parser('add', help='add a user')
        sub.add_argument('email', action='store', help="the email of the new user's account")
        sub.add_argument(
            '-n', '--name', dest='name', action='store',
            help='the full name of the user (default: email address)')
        sub.add_argument(
            '-p', '--password', dest='password', action='store',
            help='the full name of the user (will be asked if not provided)')

        sub = subparsers.add_parser('list', help='list users')

        args = parser.parse_args(self.argv[1:])
        if args.subcommand == 'add':
            new_user = User()
            new_user.email = args.email
            new_user.name = args.name or args.email

            if args.password:
                password = args.password
            else:
                password = getpass('password: '******'confirm: ') != password:
                    raise InvalidArgumentError('Password do not match.')
            new_user.password = md5(password.encode()).hexdigest()

            db_session.add(new_user)
            db_session.commit()

        elif args.subcommand == 'list':
            for user in db_session.query(User):
                print('name: {:>15},    email: {:>15}'.format(user.name, user.email))

        ctx.pop()
示例#14
0
文件: comments.py 项目: Secaly/mushi
def update_comment(auth_token, uid):
    try:
        comment = db_session.query(Comment).filter(Comment.uid == uid).one()
    except NoResultFound:
        abort(404)

    try:
        post_data = request.get_json(force=True)
    except BadRequest as e:
        raise ApiError(e.description)

    post_data['updated_at'] = utcnow()

    comment.update(post_data)

    db_session.commit()

    return jsonify(comment.to_dict(max_depth=2))
示例#15
0
def update_milestone(auth_token, slug):
    try:
        milestone = db_session.query(Milestone).filter(Milestone.slug == slug).one()
    except NoResultFound:
        abort(404)

    try:
        post_data = request.get_json(force=True)
    except BadRequest as e:
        raise ApiError(e.description)
    if 'due_date' in post_data:
        post_data['due_date'] = from_unix_timestamp(post_data['due_date'])

    milestone.update(post_data)

    db_session.commit()

    return jsonify(milestone.to_dict(max_depth=2))
示例#16
0
def create_issue(auth_token, slug):
    try:
        milestone = db_session.query(Milestone).filter(Milestone.slug == slug).one()
    except NoResultFound:
        abort(404)

    try:
        post_data = request.get_json(force=True)
    except BadRequest as e:
        raise ApiError(e.description)
    post_data['author'] = auth_token.owner.email

    new_issue = Issue()
    new_issue.update(post_data)

    milestone.issues.append(new_issue)
    db_session.commit()

    return jsonify(new_issue.to_dict(max_depth=2))
示例#17
0
def create_attachment(auth_token):
    # Check if the file format is valid (solely on its filename).
    file = request.files['file']
    if not (file and check_file_ext(file.filename)):
        raise ApiError('Invalid file format.')

    # Create a file UID based on the file content, so we avoid storing
    # duplicates under different filenames.
    h = md5()
    while True:
        buf = file.read(128)
        if not buf:
            break
        h.update(buf)
    fuid = h.hexdigest()

    # Seek for an existing file reference on the upload.
    attachment = db_session.query(Attachment).filter(Attachment.uid == fuid).first()

    if attachment is None:
        # Create the attachment reference in the database.
        attachment = Attachment()
        attachment.uid = fuid
        attachment.name = file.filename
        attachment.filename = os.path.join(current_app.config['UPLOAD_FOLDER'], fuid)

        file_type, _ = mimetypes.guess_type(file.filename)
        if file_type is not None:
            attachment.mime_type = file_type

        # Save the upload.
        file.seek(0)
        file.save(attachment.filename)

        db_session.add(attachment)
        db_session.commit()

        return_status = 201
    else:
        return_status = 200

    return jsonify(attachment.to_dict(max_depth=2)), return_status
示例#18
0
文件: auth.py 项目: Secaly/mushi
def create_token():
    post_data = request.get_json(force=True)

    # get the credentials
    email = post_data.get('email')
    password = md5(post_data.get('password', '').encode()).hexdigest()

    # search for the user identified by email/password
    user = db_session.query(User).filter(
        User.email == email,
        User.password == password
    ).first()

    if user is None:
        abort(403)

    # generate a new token for the authenticated user
    token = make_auth_token(user)
    db_session.add(token)
    db_session.commit()

    return jsonify(token.to_dict()), 201
示例#19
0
def update_issue(auth_token, uid):
    try:
        issue = db_session.query(Issue).filter(Issue.uid == uid).one()
    except NoResultFound:
        abort(404)

    try:
        post_data = request.get_json(force=True)
    except BadRequest as e:
        raise ApiError(e.description)

    # Update the closing time if the status of the issue gets updated.
    if ('status' in post_data) and post_data['status'] != issue.status:
        if post_data['status'] == 'closed':
            post_data['closed_at'] = utcnow()
        else:
            post_data['closed_at'] = None

    issue.update(post_data)

    db_session.commit()

    return jsonify(issue.to_dict(max_depth=2))
示例#20
0
文件: auth.py 项目: Secaly/mushi
def updated_user_password(auth_token, email):
    if email not in ('me', auth_token.owner.email):
        abort(403)
    user = auth_token.owner

    try:
        post_data = request.get_json(force=True)
    except BadRequest as e:
        raise ApiError(e.description)

    if not post_data.get('current_password', False):
        raise ApiError('Missing or empty current password.')
    current_password = md5(post_data['current_password'].encode()).hexdigest()
    if current_password != user.password:
        raise ApiError('Invalid current password.')

    if not post_data.get('new_password', False):
        raise ApiError('Missing or empty new password.')
    user.password = md5(post_data['new_password'].encode()).hexdigest()

    db_session.commit()

    return '', 204
示例#21
0
文件: auth.py 项目: Secaly/mushi
def update_user(auth_token, email):
    if email == 'me':
        user = auth_token.owner
    else:
        try:
            user = db_session.query(User).filter(User.email == email).one()
        except NoResultFound:
            abort(404)

    try:
        post_data = request.get_json(force=True)
    except BadRequest as e:
        raise ApiError(e.description)

    # Remove password from post data since user's password shouldn't be
    # updated using this endpoint.
    if 'password' in post_data:
        del post_data['password']

    user.update(post_data)

    db_session.commit()

    return jsonify(user.to_dict(max_depth=2))