Merge branch 'master' into contact

Conflicts: static/js/controllers.js templates/base.html
2014-01-15 14:32:51 -05:00 · 2014-01-15 14:32:51 -05:00 · 82c4c8a28b
commit 82c4c8a28b
parent 7c93688e30 502b4d334d
78 changed files with 5071 additions and 1953 deletions
--- a/endpoints/web.py
+++ b/endpoints/web.py
@ -4,53 +4,33 @@ import stripe

 from flask import (abort, redirect, request, url_for, render_template,
                   make_response, Response)
-from flask.ext.login import login_user, UserMixin
-from flask.ext.principal import identity_changed
+from flask.ext.login import login_required, current_user
 from urlparse import urlparse

 from data import model
-from app import app, login_manager, mixpanel
-from auth.permissions import (QuayDeferredPermissionUser,
-                              AdministerOrganizationPermission)
+from app import app, mixpanel
+from auth.permissions import AdministerOrganizationPermission
 from util.invoice import renderInvoiceToPdf
 from util.seo import render_snapshot
+from util.cache import no_cache
+from endpoints.api import get_route_data
+from endpoints.common import common_login


 logger = logging.getLogger(__name__)


-class _LoginWrappedDBUser(UserMixin):
-  def __init__(self, db_username, db_user=None):
-
-    self._db_username = db_username
-    self._db_user = db_user
-
-  def db_user(self):
-    if not self._db_user:
-      self._db_user = model.get_user(self._db_username)
-    return self._db_user
-
-  def is_authenticated(self):
-    return self.db_user() is not None
-
-  def is_active(self):
-    return self.db_user().verified
-
-  def get_id(self):
-    return unicode(self._db_username)
-
-
-@login_manager.user_loader
-def load_user(username):
-  logger.debug('Loading user: %s' % username)
-  return _LoginWrappedDBUser(username)
+def render_page_template(name, **kwargs):
+  return make_response(render_template(name, route_data=get_route_data(),
+                                       **kwargs))


@app.route('/', methods=['GET'], defaults={'path': ''})
@app.route('/repository/<path:path>', methods=['GET'])
@app.route('/organization/<path:path>', methods=['GET'])
+@no_cache
 def index(path):
-  return render_template('index.html')
+  return render_page_template('index.html')


@app.route('/snapshot', methods=['GET'])
@ -67,26 +47,32 @@ def snapshot(path = ''):


@app.route('/plans/')
+@no_cache
 def plans():
  return index('')


@app.route('/guide/')
+@no_cache
 def guide():
  return index('')


@app.route('/organizations/')
@app.route('/organizations/new/')
+@no_cache
 def organizations():
  return index('')

+
@app.route('/user/')
+@no_cache
 def user():
  return index('')


@app.route('/signin/')
+@no_cache
 def signin():
  return index('')

@ -97,76 +83,85 @@ def contact():


@app.route('/new/')
+@no_cache
 def new():
  return index('')


@app.route('/repository/')
+@no_cache
 def repository():
  return index('')


@app.route('/security/')
+@no_cache
 def security():
  return index('')


@app.route('/v1')
@app.route('/v1/')
+@no_cache
 def v1():
  return index('')


@app.route('/status', methods=['GET'])
+@no_cache
 def status():
  return make_response('Healthy')


@app.route('/tos', methods=['GET'])
+@no_cache
 def tos():
-  return render_template('tos.html')
+  return render_page_template('tos.html')


@app.route('/disclaimer', methods=['GET'])
+@no_cache
 def disclaimer():
-  return render_template('disclaimer.html')
+  return render_page_template('disclaimer.html')


@app.route('/privacy', methods=['GET'])
+@no_cache
 def privacy():
-  return render_template('privacy.html')
+  return render_page_template('privacy.html')


@app.route('/receipt', methods=['GET'])
 def receipt():
+  if not current_user.is_authenticated():
+    abort(401)
+    return
+
  id =  request.args.get('id')
  if id:
    invoice = stripe.Invoice.retrieve(id)
    if invoice:
-      org = model.get_user_or_org_by_customer_id(invoice.customer)
-      if org and org.organization:
-        admin_org = AdministerOrganizationPermission(org.username)
-        if admin_org.can():
-          file_data = renderInvoiceToPdf(invoice, org)          
-          return Response(file_data,
-                          mimetype="application/pdf",
-                          headers={"Content-Disposition":
-                                     "attachment;filename=receipt.pdf"})
+      user_or_org = model.get_user_or_org_by_customer_id(invoice.customer)
+      
+      if user_or_org:
+        if user_or_org.organization:
+          admin_org = AdministerOrganizationPermission(user_or_org.username)
+          if not admin_org.can():
+            abort(404)
+            return
+        else:
+          if not user_or_org.username == current_user.db_user().username:
+            abort(404)
+            return      
+
+      file_data = renderInvoiceToPdf(invoice, user_or_org)          
+      return Response(file_data,
+                      mimetype="application/pdf",
+                      headers={"Content-Disposition": "attachment;filename=receipt.pdf"})
  abort(404)

-def common_login(db_user):
-  if login_user(_LoginWrappedDBUser(db_user.username, db_user)):
-    logger.debug('Successfully signed in as: %s' % db_user.username)
-    new_identity = QuayDeferredPermissionUser(db_user.username, 'username')
-    identity_changed.send(app, identity=new_identity)
-    return True
-  else:
-    logger.debug('User could not be logged in, inactive?.')
-    return False

-
-@app.route('/oauth2/github/callback', methods=['GET'])
-def github_oauth_callback():
+def exchange_github_code_for_token(code):
  code = request.args.get('code')
  payload = {
    'client_id': app.config['GITHUB_CLIENT_ID'],
@ -181,19 +176,37 @@ def github_oauth_callback():
                                   params=payload, headers=headers)

  token = get_access_token.json()['access_token']
+  return token

+
+def get_github_user(token):
  token_param = {
    'access_token': token,
  }
  get_user = requests.get(app.config['GITHUB_USER_URL'], params=token_param)

-  user_data = get_user.json()
+  return get_user.json()
+
+
+@app.route('/oauth2/github/callback', methods=['GET'])
+def github_oauth_callback():
+  error = request.args.get('error', None)
+  if error:
+    return render_page_template('githuberror.html', error_message=error)
+
+  token = exchange_github_code_for_token(request.args.get('code'))
+  user_data = get_github_user(token)
+
  username = user_data['login']
  github_id = user_data['id']

  v3_media_type = {
    'Accept': 'application/vnd.github.v3'
  }
+
+  token_param = {
+    'access_token': token,
+  }
  get_email = requests.get(app.config['GITHUB_USER_EMAILS'],
                           params=token_param, headers=v3_media_type)

@ -220,18 +233,33 @@ def github_oauth_callback():
        mixpanel.alias(to_login.username, state)

    except model.DataModelException, ex:
-      return render_template('githuberror.html', error_message=ex.message)
+      return render_page_template('githuberror.html', error_message=ex.message)

  if common_login(to_login):
    return redirect(url_for('index'))

-  return render_template('githuberror.html')
+  return render_page_template('githuberror.html')
+
+
+@app.route('/oauth2/github/callback/attach', methods=['GET'])
+@login_required
+def github_oauth_attach():
+  token = exchange_github_code_for_token(request.args.get('code'))
+  user_data = get_github_user(token)
+  github_id = user_data['id']
+  user_obj = current_user.db_user()
+  model.attach_federated_login(user_obj, 'github', github_id)
+  return redirect(url_for('user'))


@app.route('/confirm', methods=['GET'])
 def confirm_email():
  code = request.values['code']
-  user = model.confirm_user_email(code)
+
+  try:
+    user = model.confirm_user_email(code)
+  except model.DataModelException as ex:
+    return redirect(url_for('signin'))

  common_login(user)

@ -248,8 +276,3 @@ def confirm_recovery():
    return redirect(url_for('user'))
  else:
    abort(403)
-
-
-@app.route('/reset', methods=['GET'])
-def password_reset():
-  pass