def get(self): username = request.args.get('username', None) password = request.args.get('password', None) token = request.args.get('token', None) app_key = request.args.get('app_key', None) if not (username and (password or token) and app_key): return {'message' : 'Missing username, password, token, and/or app_key.'}, 400 if app_key != current_app.config['JIRA_APP_KEY']: return {'message' : 'Incorrect app_key.'}, 400 user = None if token: user = get_user_from_token(token, username) if user and user.token.active: return {'token' : token} elif not password: return {'message' : 'Invalid token.'}, 400 if password: user = PocketChangeUser(None, username, password) if user.is_authenticated(): User = sqlalchemy_db.models['User'] try: db_user = (sqlalchemy_db.session.query(User) .filter(User.name==user.name).one()) except: db_user = User(name=user.name) sqlalchemy_db.session.add(db_user) sqlalchemy_db.session.commit() user.token = db_user.get_new_token(current_app.secret_key[:16], expires=timedelta(hours=6), max_uses=1) sqlalchemy_db.session.commit() return {'token' : user.token.value} else: return {'message' : 'Bad username and/or password.'}, 400
def get(self): app_key = request.args.get('app_key', None) username = request.args.get('username', None) password = request.args.get('password', None) token = request.args.get('token', None) user = None if app_key and app_key == current_app.config['JIRA_APP_KEY']: if username: if token: print token, username user = get_user_from_token(token, username) used = False if user: used = user.token.use() if used: sqlalchemy_db.session.merge(user.token) sqlalchemy_db.session.commit() elif not password and not used: print 'inv' return {'message' : 'Invalid token.'}, 400 if password: user = PocketChangeUser(None, username, password) if user.is_authenticated(): User = sqlalchemy_db.models['User'] try: db_user = (sqlalchemy_db.session.query(User) .filter(User.name==user.name).one()) except: db_user = User(name=user.name, password=password) sqlalchemy_db.session.add(db_user) sqlalchemy_db.session.commit() user.token = db_user.get_new_token(current_app.secret_key[:16], expires=timedelta(hours=6), max_uses=1) user.token.use() sqlalchemy_db.session.commit() else: return {'message' : 'Invalid username/password.'}, 400 if not user: return {'message' : 'Must provide password or token.'}, 400 else: return {'message' : 'Must provide username.'}, 400 else: return {'message' : 'app_key missing or invalid.'}, 400 with open(current_app.config['JIRA_RSA_KEY_FILE'], 'r') as rsa_file: rsa_data = rsa_file.read() if hasattr(user.user, 'jira') and user.user.jira and user.user.jira.active: return {'rsa_key' : rsa_data, 'oauth_secret' : user.user.jira.oauth_secret, 'oauth_token' : user.user.jira.oauth_token} else: return {'message' : "User's token is expired or revoked."}, 400