diff --git a/Dockerfile.web b/Dockerfile.web index 7d693668d..46b360b6c 100644 --- a/Dockerfile.web +++ b/Dockerfile.web @@ -8,7 +8,7 @@ ENV HOME /root RUN apt-get update # 10SEP2014 # New ubuntu packages should be added as their own apt-get install lines below the existing install commands -RUN apt-get install -y git python-virtualenv python-dev libjpeg8 libjpeg62 libjpeg62-dev libevent-2.0.5 libevent-dev gdebi-core g++ libmagic1 phantomjs nodejs npm libldap-2.4-2 libldap2-dev libsasl2-modules libsasl2-dev libpq5 libpq-dev +RUN apt-get install -y git python-virtualenv python-dev libjpeg8 libjpeg62 libjpeg62-dev libevent-2.0.5 libevent-dev gdebi-core g++ libmagic1 phantomjs nodejs npm libldap-2.4-2 libldap2-dev libsasl2-modules libsasl2-dev libpq5 libpq-dev libfreetype6-dev # Build the python dependencies ADD requirements.txt requirements.txt diff --git a/app.py b/app.py index 908c2681e..cdac98a27 100644 --- a/app.py +++ b/app.py @@ -25,6 +25,7 @@ from data.buildlogs import BuildLogs from data.archivedlogs import LogArchive from data.queue import WorkQueue from data.userevent import UserEventsBuilderModule +from avatars.avatars import Avatar class Config(BaseConfig): @@ -119,6 +120,7 @@ features.import_features(app.config) Principal(app, use_sessions=False) +avatar = Avatar(app) login_manager = LoginManager(app) mail = Mail(app) storage = Storage(app) diff --git a/auth/scopes.py b/auth/scopes.py index e2192a2bd..128f99b98 100644 --- a/auth/scopes.py +++ b/auth/scopes.py @@ -76,7 +76,7 @@ IMPLIED_SCOPES = { def scopes_from_scope_string(scopes): if not scopes: - return {} + scopes = '' return {ALL_SCOPES.get(scope, None) for scope in scopes.split(',')} diff --git a/avatars/__init__.py b/avatars/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/avatars/avatars.py b/avatars/avatars.py new file mode 100644 index 000000000..40935df10 --- /dev/null +++ b/avatars/avatars.py @@ -0,0 +1,65 @@ +import hashlib + +class Avatar(object): + def __init__(self, app=None): + self.app = app + self.state = self._init_app(app) + + def _init_app(self, app): + return AVATAR_CLASSES[app.config.get('AVATAR_KIND', 'Gravatar')]( + app.config['SERVER_HOSTNAME'], + app.config['PREFERRED_URL_SCHEME']) + + def __getattr__(self, name): + return getattr(self.state, name, None) + + +class BaseAvatar(object): + """ Base class for all avatar implementations. """ + def __init__(self, server_hostname, preferred_url_scheme): + self.server_hostname = server_hostname + self.preferred_url_scheme = preferred_url_scheme + + def get_url(self, email, size=16, name=None): + """ Returns the full URL for viewing the avatar of the given email address, with + an optional size. + """ + raise NotImplementedError + + def compute_hash(self, email, name=None): + """ Computes the avatar hash for the given email address. If the name is given and a default + avatar is being computed, the name can be used in place of the email address. """ + raise NotImplementedError + + +class GravatarAvatar(BaseAvatar): + """ Avatar system that uses gravatar for generating avatars. """ + def compute_hash(self, email, name=None): + email = email or "" + return hashlib.md5(email.strip().lower()).hexdigest() + + def get_url(self, email, size=16, name=None): + computed = self.compute_hash(email, name=name) + return '%s://www.gravatar.com/avatar/%s?d=identicon&size=%s' % (self.preferred_url_scheme, + computed, size) + +class LocalAvatar(BaseAvatar): + """ Avatar system that uses the local system for generating avatars. """ + def compute_hash(self, email, name=None): + email = email or "" + if not name and not email: + return '' + + prefix = name if name else email + return prefix[0] + hashlib.md5(email.strip().lower()).hexdigest() + + def get_url(self, email, size=16, name=None): + computed = self.compute_hash(email, name=name) + return '%s://%s/avatar/%s?size=%s' % (self.preferred_url_scheme, self.server_hostname, + computed, size) + + +AVATAR_CLASSES = { + 'gravatar': GravatarAvatar, + 'local': LocalAvatar +} diff --git a/config.py b/config.py index 60334ebd3..39a257b15 100644 --- a/config.py +++ b/config.py @@ -19,7 +19,7 @@ def build_requests_session(): CLIENT_WHITELIST = ['SERVER_HOSTNAME', 'PREFERRED_URL_SCHEME', 'MIXPANEL_KEY', 'STRIPE_PUBLISHABLE_KEY', 'ENTERPRISE_LOGO_URL', 'SENTRY_PUBLIC_DSN', 'AUTHENTICATION_TYPE', 'REGISTRY_TITLE', 'REGISTRY_TITLE_SHORT', - 'CONTACT_INFO'] + 'CONTACT_INFO', 'AVATAR_KIND'] def getFrontendVisibleConfig(config_dict): @@ -46,6 +46,8 @@ class DefaultConfig(object): PREFERRED_URL_SCHEME = 'http' SERVER_HOSTNAME = 'localhost:5000' + AVATAR_KIND = 'local' + REGISTRY_TITLE = 'Quay.io' REGISTRY_TITLE_SHORT = 'Quay.io' CONTACT_INFO = [ diff --git a/data/database.py b/data/database.py index c8d7ff8ae..b49c8a594 100644 --- a/data/database.py +++ b/data/database.py @@ -475,7 +475,7 @@ class OAuthApplication(BaseModel): name = CharField() description = TextField(default='') - gravatar_email = CharField(null=True) + avatar_email = CharField(null=True, db_column='gravatar_email') class OAuthAuthorizationCode(BaseModel): diff --git a/data/model/oauth.py b/data/model/oauth.py index 8bdca1020..1be84114a 100644 --- a/data/model/oauth.py +++ b/data/model/oauth.py @@ -9,6 +9,7 @@ from data.database import (OAuthApplication, OAuthAuthorizationCode, OAuthAccess random_string_generator) from data.model.legacy import get_user from auth import scopes +from flask import render_template logger = logging.getLogger(__name__) @@ -154,6 +155,7 @@ class DatabaseAuthorizationProvider(AuthorizationProvider): def get_token_response(self, response_type, client_id, redirect_uri, **params): + # Ensure proper response_type if response_type != 'token': err = 'unsupported_response_type' @@ -161,7 +163,7 @@ class DatabaseAuthorizationProvider(AuthorizationProvider): # Check redirect URI is_valid_redirect_uri = self.validate_redirect_uri(client_id, redirect_uri) - if not is_valid_redirect_uri: + if redirect_uri != 'display' and not is_valid_redirect_uri: return self._invalid_redirect_uri_response() # Check conditions @@ -196,6 +198,10 @@ class DatabaseAuthorizationProvider(AuthorizationProvider): url = utils.build_url(redirect_uri, params) url += '#access_token=%s&token_type=%s&expires_in=%s' % (access_token, token_type, expires_in) + if redirect_uri == 'display': + return self._make_response( + render_template("message.html", message="Access Token: " + access_token)) + return self._make_response(headers={'Location': url}, status_code=302) diff --git a/endpoints/api/__init__.py b/endpoints/api/__init__.py index b523cf4c2..821a18f05 100644 --- a/endpoints/api/__init__.py +++ b/endpoints/api/__init__.py @@ -1,11 +1,10 @@ import logging -import json import datetime +from app import app from flask import Blueprint, request, make_response, jsonify, session from flask.ext.restful import Resource, abort, Api, reqparse from flask.ext.restful.utils.cors import crossdomain -from werkzeug.exceptions import HTTPException from calendar import timegm from email.utils import formatdate from functools import partial, wraps @@ -52,6 +51,10 @@ class InvalidRequest(ApiException): def __init__(self, error_description, payload=None): ApiException.__init__(self, 'invalid_request', 400, error_description, payload) +class InvalidResponse(ApiException): + def __init__(self, error_description, payload=None): + ApiException.__init__(self, 'invalid_response', 400, error_description, payload) + class InvalidToken(ApiException): def __init__(self, error_description, payload=None): @@ -170,6 +173,9 @@ internal_only = add_method_metadata('internal', True) def path_param(name, description): def add_param(func): + if not func: + return func + if '__api_path_params' not in dir(func): func.__api_path_params = {} func.__api_path_params[name] = { @@ -346,6 +352,25 @@ def log_action(kind, user_or_orgname, metadata=None, repo=None): metadata=metadata, repository=repo) +def define_json_response(schema_name): + def wrapper(func): + @add_method_metadata('response_schema', schema_name) + @wraps(func) + def wrapped(self, *args, **kwargs): + schema = self.schemas[schema_name] + resp = func(self, *args, **kwargs) + + if app.config['TESTING']: + try: + validate(resp, schema) + except ValidationError as ex: + raise InvalidResponse(ex.message) + + return resp + return wrapped + return wrapper + + import endpoints.api.billing import endpoints.api.build import endpoints.api.discovery diff --git a/endpoints/api/billing.py b/endpoints/api/billing.py index c246e4475..36dc96102 100644 --- a/endpoints/api/billing.py +++ b/endpoints/api/billing.py @@ -4,10 +4,11 @@ from flask import request from app import billing from endpoints.api import (resource, nickname, ApiResource, validate_json_request, log_action, related_user_resource, internal_only, Unauthorized, NotFound, - require_user_admin, show_if, hide_if, abort) + require_user_admin, show_if, hide_if, path_param, require_scope, abort) from endpoints.api.subscribe import subscribe, subscription_view from auth.permissions import AdministerOrganizationPermission from auth.auth_context import get_authenticated_user +from auth import scopes from data import model from data.billing import PLANS @@ -149,6 +150,7 @@ class UserCard(ApiResource): @resource('/v1/organization//card') +@path_param('orgname', 'The name of the organization') @internal_only @related_user_resource(UserCard) @show_if(features.BILLING) @@ -171,6 +173,7 @@ class OrganizationCard(ApiResource): }, } + @require_scope(scopes.ORG_ADMIN) @nickname('getOrgCard') def get(self, orgname): """ Get the organization's credit card. """ @@ -259,6 +262,7 @@ class UserPlan(ApiResource): @resource('/v1/organization//plan') +@path_param('orgname', 'The name of the organization') @internal_only @related_user_resource(UserPlan) @show_if(features.BILLING) @@ -285,6 +289,7 @@ class OrganizationPlan(ApiResource): }, } + @require_scope(scopes.ORG_ADMIN) @nickname('updateOrgSubscription') @validate_json_request('OrgSubscription') def put(self, orgname): @@ -299,6 +304,7 @@ class OrganizationPlan(ApiResource): raise Unauthorized() + @require_scope(scopes.ORG_ADMIN) @nickname('getOrgSubscription') def get(self, orgname): """ Fetch any existing subscription for the org. """ @@ -343,11 +349,12 @@ class UserInvoiceList(ApiResource): @resource('/v1/organization//invoices') -@internal_only +@path_param('orgname', 'The name of the organization') @related_user_resource(UserInvoiceList) @show_if(features.BILLING) class OrgnaizationInvoiceList(ApiResource): """ Resource for listing an orgnaization's invoices. """ + @require_scope(scopes.ORG_ADMIN) @nickname('listOrgInvoices') def get(self, orgname): """ List the invoices for the specified orgnaization. """ diff --git a/endpoints/api/build.py b/endpoints/api/build.py index 682380dd9..d8ab952f8 100644 --- a/endpoints/api/build.py +++ b/endpoints/api/build.py @@ -8,7 +8,8 @@ from flask import request, redirect from app import app, userfiles as user_files, build_logs, log_archive from endpoints.api import (RepositoryParamResource, parse_args, query_param, nickname, resource, require_repo_read, require_repo_write, validate_json_request, - ApiResource, internal_only, format_date, api, Unauthorized, NotFound) + ApiResource, internal_only, format_date, api, Unauthorized, NotFound, + path_param) from endpoints.common import start_build from endpoints.trigger import BuildTrigger from data import model, database @@ -95,6 +96,7 @@ def build_status_view(build_obj, can_write=False): @resource('/v1/repository//build/') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') class RepositoryBuildList(RepositoryParamResource): """ Resource related to creating and listing repository builds. """ schemas = { @@ -199,6 +201,8 @@ class RepositoryBuildList(RepositoryParamResource): @resource('/v1/repository//build//status') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') +@path_param('build_uuid', 'The UUID of the build') class RepositoryBuildStatus(RepositoryParamResource): """ Resource for dealing with repository build status. """ @require_repo_read @@ -215,6 +219,8 @@ class RepositoryBuildStatus(RepositoryParamResource): @resource('/v1/repository//build//logs') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') +@path_param('build_uuid', 'The UUID of the build') class RepositoryBuildLogs(RepositoryParamResource): """ Resource for loading repository build logs. """ @require_repo_write diff --git a/endpoints/api/discovery.py b/endpoints/api/discovery.py index 4e0ff56b1..2481fa807 100644 --- a/endpoints/api/discovery.py +++ b/endpoints/api/discovery.py @@ -94,13 +94,19 @@ def swagger_route_data(include_internal=False, compact=False): new_operation = { 'method': method_name, - 'nickname': method_metadata(method, 'nickname') + 'nickname': method_metadata(method, 'nickname') or '(unnamed)' } if not compact: + response_type = 'void' + res_schema_name = method_metadata(method, 'response_schema') + if res_schema_name: + models[res_schema_name] = view_class.schemas[res_schema_name] + response_type = res_schema_name + new_operation.update({ - 'type': 'void', - 'summary': method.__doc__ if method.__doc__ else '', + 'type': response_type, + 'summary': method.__doc__.strip() if method.__doc__ else '', 'parameters': parameters, }) @@ -134,7 +140,7 @@ def swagger_route_data(include_internal=False, compact=False): swagger_path = PARAM_REGEX.sub(r'{\2}', rule.rule) new_resource = { 'path': swagger_path, - 'description': view_class.__doc__ if view_class.__doc__ else "", + 'description': view_class.__doc__.strip() if view_class.__doc__ else "", 'operations': operations, 'name': fully_qualified_name(view_class), } diff --git a/endpoints/api/image.py b/endpoints/api/image.py index c952cc5d7..f82bfd55a 100644 --- a/endpoints/api/image.py +++ b/endpoints/api/image.py @@ -4,7 +4,7 @@ from collections import defaultdict from app import storage as store from endpoints.api import (resource, nickname, require_repo_read, RepositoryParamResource, - format_date, NotFound) + format_date, NotFound, path_param) from data import model from util.cache import cache_control_flask_restful @@ -40,6 +40,7 @@ def image_view(image, image_map): @resource('/v1/repository//image/') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') class RepositoryImageList(RepositoryParamResource): """ Resource for listing repository images. """ @require_repo_read @@ -67,6 +68,8 @@ class RepositoryImageList(RepositoryParamResource): @resource('/v1/repository//image/') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') +@path_param('image_id', 'The Docker image ID') class RepositoryImage(RepositoryParamResource): """ Resource for handling repository images. """ @require_repo_read @@ -86,6 +89,8 @@ class RepositoryImage(RepositoryParamResource): @resource('/v1/repository//image//changes') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') +@path_param('image_id', 'The Docker image ID') class RepositoryImageChanges(RepositoryParamResource): """ Resource for handling repository image change lists. """ diff --git a/endpoints/api/logs.py b/endpoints/api/logs.py index 271ca9d02..258e17118 100644 --- a/endpoints/api/logs.py +++ b/endpoints/api/logs.py @@ -5,10 +5,11 @@ from datetime import datetime, timedelta from endpoints.api import (resource, nickname, ApiResource, query_param, parse_args, RepositoryParamResource, require_repo_admin, related_user_resource, format_date, Unauthorized, NotFound, require_user_admin, - internal_only) + internal_only, path_param, require_scope) from auth.permissions import AdministerOrganizationPermission, AdministerOrganizationPermission from auth.auth_context import get_authenticated_user from data import model +from auth import scopes def log_view(log): @@ -63,7 +64,7 @@ def get_logs(start_time, end_time, performer_name=None, repository=None, namespa @resource('/v1/repository//logs') -@internal_only +@path_param('repository', 'The full path of the repository. e.g. namespace/name') class RepositoryLogs(RepositoryParamResource): """ Resource for fetching logs for the specific repository. """ @require_repo_admin @@ -103,7 +104,7 @@ class UserLogs(ApiResource): @resource('/v1/organization//logs') -@internal_only +@path_param('orgname', 'The name of the organization') @related_user_resource(UserLogs) class OrgLogs(ApiResource): """ Resource for fetching logs for the entire organization. """ @@ -112,6 +113,7 @@ class OrgLogs(ApiResource): @query_param('starttime', 'Earliest time from which to get logs. (%m/%d/%Y %Z)', type=str) @query_param('endtime', 'Latest time to which to get logs. (%m/%d/%Y %Z)', type=str) @query_param('performer', 'Username for which to filter logs.', type=str) + @require_scope(scopes.ORG_ADMIN) def get(self, args, orgname): """ List the logs for the specified organization. """ permission = AdministerOrganizationPermission(orgname) diff --git a/endpoints/api/organization.py b/endpoints/api/organization.py index 954500735..a03638d8a 100644 --- a/endpoints/api/organization.py +++ b/endpoints/api/organization.py @@ -2,18 +2,19 @@ import logging from flask import request -from app import billing as stripe +from app import billing as stripe, avatar from endpoints.api import (resource, nickname, ApiResource, validate_json_request, request_error, related_user_resource, internal_only, Unauthorized, NotFound, - require_user_admin, log_action, show_if) + require_user_admin, log_action, show_if, path_param, + require_scope) from endpoints.api.team import team_view from endpoints.api.user import User, PrivateRepositories from auth.permissions import (AdministerOrganizationPermission, OrganizationMemberPermission, CreateRepositoryPermission) from auth.auth_context import get_authenticated_user +from auth import scopes from data import model from data.billing import get_plan -from util.gravatar import compute_hash import features @@ -28,7 +29,7 @@ def org_view(o, teams): view = { 'name': o.username, 'email': o.email if is_admin else '', - 'gravatar': compute_hash(o.email), + 'avatar': avatar.compute_hash(o.email, name=o.username), 'teams': {t.name : team_view(o.username, t) for t in teams}, 'is_admin': is_admin } @@ -97,7 +98,7 @@ class OrganizationList(ApiResource): @resource('/v1/organization/') -@internal_only +@path_param('orgname', 'The name of the organization') @related_user_resource(User) class Organization(ApiResource): """ Resource for managing organizations. """ @@ -118,6 +119,8 @@ class Organization(ApiResource): }, }, } + + @require_scope(scopes.ORG_ADMIN) @nickname('getOrganization') def get(self, orgname): """ Get the details for the specified organization """ @@ -133,6 +136,7 @@ class Organization(ApiResource): raise Unauthorized() + @require_scope(scopes.ORG_ADMIN) @nickname('changeOrganizationDetails') @validate_json_request('UpdateOrg') def put(self, orgname): @@ -163,11 +167,14 @@ class Organization(ApiResource): @resource('/v1/organization//private') +@path_param('orgname', 'The name of the organization') @internal_only @related_user_resource(PrivateRepositories) @show_if(features.BILLING) class OrgPrivateRepositories(ApiResource): """ Custom verb to compute whether additional private repositories are available. """ + + @require_scope(scopes.ORG_ADMIN) @nickname('getOrganizationPrivateAllowed') def get(self, orgname): """ Return whether or not this org is allowed to create new private repositories. """ @@ -199,9 +206,11 @@ class OrgPrivateRepositories(ApiResource): @resource('/v1/organization//members') -@internal_only +@path_param('orgname', 'The name of the organization') class OrgnaizationMemberList(ApiResource): """ Resource for listing the members of an organization. """ + + @require_scope(scopes.ORG_ADMIN) @nickname('getOrganizationMembers') def get(self, orgname): """ List the members of the specified organization. """ @@ -232,9 +241,12 @@ class OrgnaizationMemberList(ApiResource): @resource('/v1/organization//members/') -@internal_only +@path_param('orgname', 'The name of the organization') +@path_param('membername', 'The username of the organization member') class OrganizationMember(ApiResource): """ Resource for managing individual organization members. """ + + @require_scope(scopes.ORG_ADMIN) @nickname('getOrganizationMember') def get(self, orgname, membername): """ Get information on the specific orgnaization member. """ @@ -265,8 +277,10 @@ class OrganizationMember(ApiResource): @resource('/v1/app/') +@path_param('client_id', 'The OAuth client ID') class ApplicationInformation(ApiResource): """ Resource that returns public information about a registered application. """ + @nickname('getApplicationInformation') def get(self, client_id): """ Get information on the specified application. """ @@ -274,14 +288,16 @@ class ApplicationInformation(ApiResource): if not application: raise NotFound() - org_hash = compute_hash(application.organization.email) - gravatar = compute_hash(application.gravatar_email) if application.gravatar_email else org_hash + org_hash = avatar.compute_hash(application.organization.email, + name=application.organization.username) + app_hash = (avatar.compute_hash(application.avatar_email, name=application.name) if + application.avatar_email else org_hash) return { 'name': application.name, 'description': application.description, 'uri': application.application_uri, - 'gravatar': gravatar, + 'avatar': app_hash, 'organization': org_view(application.organization, []) } @@ -297,12 +313,12 @@ def app_view(application): 'client_id': application.client_id, 'client_secret': application.client_secret if is_admin else None, 'redirect_uri': application.redirect_uri if is_admin else None, - 'gravatar_email': application.gravatar_email if is_admin else None, + 'avatar_email': application.avatar_email if is_admin else None, } @resource('/v1/organization//applications') -@internal_only +@path_param('orgname', 'The name of the organization') class OrganizationApplications(ApiResource): """ Resource for managing applications defined by an organizations. """ schemas = { @@ -330,15 +346,15 @@ class OrganizationApplications(ApiResource): 'type': 'string', 'description': 'The human-readable description for the application', }, - 'gravatar_email': { + 'avatar_email': { 'type': 'string', - 'description': 'The e-mail address of the gravatar to use for the application', + 'description': 'The e-mail address of the avatar to use for the application', } }, }, } - + @require_scope(scopes.ORG_ADMIN) @nickname('getOrganizationApplications') def get(self, orgname): """ List the applications for the specified organization """ @@ -354,6 +370,7 @@ class OrganizationApplications(ApiResource): raise Unauthorized() + @require_scope(scopes.ORG_ADMIN) @nickname('createOrganizationApplication') @validate_json_request('NewApp') def post(self, orgname): @@ -371,7 +388,7 @@ class OrganizationApplications(ApiResource): app_data.get('application_uri', ''), app_data.get('redirect_uri', ''), description = app_data.get('description', ''), - gravatar_email = app_data.get('gravatar_email', None),) + avatar_email = app_data.get('avatar_email', None),) app_data.update({ @@ -386,7 +403,8 @@ class OrganizationApplications(ApiResource): @resource('/v1/organization//applications/') -@internal_only +@path_param('orgname', 'The name of the organization') +@path_param('client_id', 'The OAuth client ID') class OrganizationApplicationResource(ApiResource): """ Resource for managing an application defined by an organizations. """ schemas = { @@ -416,14 +434,15 @@ class OrganizationApplicationResource(ApiResource): 'type': 'string', 'description': 'The human-readable description for the application', }, - 'gravatar_email': { + 'avatar_email': { 'type': 'string', - 'description': 'The e-mail address of the gravatar to use for the application', + 'description': 'The e-mail address of the avatar to use for the application', } }, }, } + @require_scope(scopes.ORG_ADMIN) @nickname('getOrganizationApplication') def get(self, orgname, client_id): """ Retrieves the application with the specified client_id under the specified organization """ @@ -442,6 +461,7 @@ class OrganizationApplicationResource(ApiResource): raise Unauthorized() + @require_scope(scopes.ORG_ADMIN) @nickname('updateOrganizationApplication') @validate_json_request('UpdateApp') def put(self, orgname, client_id): @@ -462,7 +482,7 @@ class OrganizationApplicationResource(ApiResource): application.application_uri = app_data['application_uri'] application.redirect_uri = app_data['redirect_uri'] application.description = app_data.get('description', '') - application.gravatar_email = app_data.get('gravatar_email', None) + application.avatar_email = app_data.get('avatar_email', None) application.save() app_data.update({ @@ -475,7 +495,7 @@ class OrganizationApplicationResource(ApiResource): return app_view(application) raise Unauthorized() - + @require_scope(scopes.ORG_ADMIN) @nickname('deleteOrganizationApplication') def delete(self, orgname, client_id): """ Deletes the application under this organization. """ @@ -498,6 +518,8 @@ class OrganizationApplicationResource(ApiResource): @resource('/v1/organization//applications//resetclientsecret') +@path_param('orgname', 'The name of the organization') +@path_param('client_id', 'The OAuth client ID') @internal_only class OrganizationApplicationResetClientSecret(ApiResource): """ Custom verb for resetting the client secret of an application. """ diff --git a/endpoints/api/permission.py b/endpoints/api/permission.py index f0fb69f74..c8a473d9c 100644 --- a/endpoints/api/permission.py +++ b/endpoints/api/permission.py @@ -3,7 +3,7 @@ import logging from flask import request from endpoints.api import (resource, nickname, require_repo_admin, RepositoryParamResource, - log_action, request_error, validate_json_request) + log_action, request_error, validate_json_request, path_param) from data import model @@ -26,6 +26,7 @@ def wrap_role_view_org(role_json, user, org_members): @resource('/v1/repository//permissions/team/') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') class RepositoryTeamPermissionList(RepositoryParamResource): """ Resource for repository team permissions. """ @require_repo_admin @@ -41,6 +42,7 @@ class RepositoryTeamPermissionList(RepositoryParamResource): @resource('/v1/repository//permissions/user/') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') class RepositoryUserPermissionList(RepositoryParamResource): """ Resource for repository user permissions. """ @require_repo_admin @@ -80,6 +82,8 @@ class RepositoryUserPermissionList(RepositoryParamResource): @resource('/v1/repository//permissions/user/') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') +@path_param('username', 'The username of the user to which the permission applies') class RepositoryUserPermission(RepositoryParamResource): """ Resource for managing individual user permissions. """ schemas = { @@ -175,6 +179,8 @@ class RepositoryUserPermission(RepositoryParamResource): @resource('/v1/repository//permissions/team/') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') +@path_param('teamname', 'The name of the team to which the permission applies') class RepositoryTeamPermission(RepositoryParamResource): """ Resource for managing individual team permissions. """ schemas = { diff --git a/endpoints/api/prototype.py b/endpoints/api/prototype.py index c1394e300..343913c3a 100644 --- a/endpoints/api/prototype.py +++ b/endpoints/api/prototype.py @@ -1,9 +1,11 @@ from flask import request from endpoints.api import (resource, nickname, ApiResource, validate_json_request, request_error, - log_action, Unauthorized, NotFound, internal_only) + log_action, Unauthorized, NotFound, internal_only, path_param, + require_scope) from auth.permissions import AdministerOrganizationPermission from auth.auth_context import get_authenticated_user +from auth import scopes from data import model @@ -54,7 +56,7 @@ def log_prototype_action(action_kind, orgname, prototype, **kwargs): @resource('/v1/organization//prototypes') -@internal_only +@path_param('orgname', 'The name of the organization') class PermissionPrototypeList(ApiResource): """ Resource for listing and creating permission prototypes. """ schemas = { @@ -115,6 +117,7 @@ class PermissionPrototypeList(ApiResource): }, } + @require_scope(scopes.ORG_ADMIN) @nickname('getOrganizationPrototypePermissions') def get(self, orgname): """ List the existing prototypes for this organization. """ @@ -131,6 +134,7 @@ class PermissionPrototypeList(ApiResource): raise Unauthorized() + @require_scope(scopes.ORG_ADMIN) @nickname('createOrganizationPrototypePermission') @validate_json_request('NewPrototype') def post(self, orgname): @@ -179,7 +183,8 @@ class PermissionPrototypeList(ApiResource): @resource('/v1/organization//prototypes/') -@internal_only +@path_param('orgname', 'The name of the organization') +@path_param('prototypeid', 'The ID of the prototype') class PermissionPrototype(ApiResource): """ Resource for managingin individual permission prototypes. """ schemas = { @@ -204,6 +209,7 @@ class PermissionPrototype(ApiResource): }, } + @require_scope(scopes.ORG_ADMIN) @nickname('deleteOrganizationPrototypePermission') def delete(self, orgname, prototypeid): """ Delete an existing permission prototype. """ @@ -224,6 +230,7 @@ class PermissionPrototype(ApiResource): raise Unauthorized() + @require_scope(scopes.ORG_ADMIN) @nickname('updateOrganizationPrototypePermission') @validate_json_request('PrototypeUpdate') def put(self, orgname, prototypeid): diff --git a/endpoints/api/repoemail.py b/endpoints/api/repoemail.py index 3a9151b7d..bb448721a 100644 --- a/endpoints/api/repoemail.py +++ b/endpoints/api/repoemail.py @@ -4,7 +4,7 @@ from flask import request, abort from endpoints.api import (resource, nickname, require_repo_admin, RepositoryParamResource, log_action, validate_json_request, NotFound, internal_only, - show_if) + path_param, show_if) from app import tf from data import model @@ -28,6 +28,8 @@ def record_view(record): @internal_only @show_if(features.MAILING) @resource('/v1/repository//authorizedemail/') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') +@path_param('email', 'The e-mail address') class RepositoryAuthorizedEmail(RepositoryParamResource): """ Resource for checking and authorizing e-mail addresses to receive repo notifications. """ @require_repo_admin diff --git a/endpoints/api/repository.py b/endpoints/api/repository.py index edaf2da58..0a3acdcd7 100644 --- a/endpoints/api/repository.py +++ b/endpoints/api/repository.py @@ -7,7 +7,9 @@ from data import model from endpoints.api import (truthy_bool, format_date, nickname, log_action, validate_json_request, require_repo_read, require_repo_write, require_repo_admin, RepositoryParamResource, resource, query_param, parse_args, ApiResource, - request_error, require_scope, Unauthorized, NotFound, InvalidRequest) + request_error, require_scope, Unauthorized, NotFound, InvalidRequest, + path_param) + from auth.permissions import (ModifyRepositoryPermission, AdministerRepositoryPermission, CreateRepositoryPermission, ReadRepositoryPermission) from auth.auth_context import get_authenticated_user @@ -140,6 +142,7 @@ class RepositoryList(ApiResource): @resource('/v1/repository/') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') class Repository(RepositoryParamResource): """Operations for managing a specific repository.""" schemas = { @@ -232,6 +235,7 @@ class Repository(RepositoryParamResource): @resource('/v1/repository//changevisibility') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') class RepositoryVisibility(RepositoryParamResource): """ Custom verb for changing the visibility of the repository. """ schemas = { diff --git a/endpoints/api/repositorynotification.py b/endpoints/api/repositorynotification.py index 6dadf3567..92ea4315c 100644 --- a/endpoints/api/repositorynotification.py +++ b/endpoints/api/repositorynotification.py @@ -4,7 +4,8 @@ from flask import request, abort from app import notification_queue from endpoints.api import (RepositoryParamResource, nickname, resource, require_repo_admin, - log_action, validate_json_request, api, NotFound, request_error) + log_action, validate_json_request, api, NotFound, request_error, + path_param) from endpoints.notificationevent import NotificationEvent from endpoints.notificationmethod import (NotificationMethod, CannotValidateNotificationMethodException) @@ -28,6 +29,7 @@ def notification_view(notification): @resource('/v1/repository//notification/') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') class RepositoryNotificationList(RepositoryParamResource): """ Resource for dealing with listing and creating notifications on a repository. """ schemas = { @@ -95,6 +97,8 @@ class RepositoryNotificationList(RepositoryParamResource): @resource('/v1/repository//notification/') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') +@path_param('uuid', 'The UUID of the notification') class RepositoryNotification(RepositoryParamResource): """ Resource for dealing with specific notifications. """ @require_repo_admin @@ -126,6 +130,8 @@ class RepositoryNotification(RepositoryParamResource): @resource('/v1/repository//notification//test') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') +@path_param('uuid', 'The UUID of the notification') class TestRepositoryNotification(RepositoryParamResource): """ Resource for queuing a test of a notification. """ @require_repo_admin diff --git a/endpoints/api/repotoken.py b/endpoints/api/repotoken.py index b430d2b4e..a6b28275b 100644 --- a/endpoints/api/repotoken.py +++ b/endpoints/api/repotoken.py @@ -3,7 +3,7 @@ import logging from flask import request from endpoints.api import (resource, nickname, require_repo_admin, RepositoryParamResource, - log_action, validate_json_request, NotFound) + log_action, validate_json_request, NotFound, path_param) from data import model @@ -19,6 +19,7 @@ def token_view(token_obj): @resource('/v1/repository//tokens/') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') class RepositoryTokenList(RepositoryParamResource): """ Resource for creating and listing repository tokens. """ schemas = { @@ -66,6 +67,8 @@ class RepositoryTokenList(RepositoryParamResource): @resource('/v1/repository//tokens/') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') +@path_param('code', 'The token code') class RepositoryToken(RepositoryParamResource): """ Resource for managing individual tokens. """ schemas = { diff --git a/endpoints/api/search.py b/endpoints/api/search.py index 080615582..0e3561745 100644 --- a/endpoints/api/search.py +++ b/endpoints/api/search.py @@ -1,17 +1,18 @@ from endpoints.api import (ApiResource, parse_args, query_param, truthy_bool, nickname, resource, - require_scope) + require_scope, path_param) from data import model from auth.permissions import (OrganizationMemberPermission, ViewTeamPermission, ReadRepositoryPermission, UserAdminPermission, AdministerOrganizationPermission) from auth.auth_context import get_authenticated_user from auth import scopes -from util.gravatar import compute_hash +from app import avatar @resource('/v1/entities/') class EntitySearch(ApiResource): """ Resource for searching entities. """ + @path_param('prefix', 'The prefix of the entities being looked up') @parse_args @query_param('namespace', 'Namespace to use when querying for org entities.', type=str, default='') @@ -44,7 +45,7 @@ class EntitySearch(ApiResource): 'name': namespace_name, 'kind': 'org', 'is_org_member': True, - 'gravatar': compute_hash(organization.email), + 'avatar': avatar.compute_hash(organization.email, name=organization.username), }] except model.InvalidOrganizationException: diff --git a/endpoints/api/superuser.py b/endpoints/api/superuser.py index 3e3315b57..753e9caba 100644 --- a/endpoints/api/superuser.py +++ b/endpoints/api/superuser.py @@ -9,7 +9,7 @@ from flask import request from endpoints.api import (ApiResource, nickname, resource, validate_json_request, request_error, log_action, internal_only, NotFound, require_user_admin, format_date, InvalidToken, require_scope, format_date, hide_if, show_if, parse_args, - query_param, abort, require_fresh_login) + query_param, abort, require_fresh_login, path_param) from endpoints.api.logs import get_logs @@ -166,6 +166,7 @@ class SuperUserSendRecoveryEmail(ApiResource): @resource('/v1/superuser/users/') +@path_param('username', 'The username of the user being managed') @internal_only @show_if(features.SUPER_USERS) class SuperUserManagement(ApiResource): diff --git a/endpoints/api/tag.py b/endpoints/api/tag.py index 718b220c5..581e02a60 100644 --- a/endpoints/api/tag.py +++ b/endpoints/api/tag.py @@ -1,13 +1,16 @@ from flask import request from endpoints.api import (resource, nickname, require_repo_read, require_repo_write, - RepositoryParamResource, log_action, NotFound, validate_json_request) + RepositoryParamResource, log_action, NotFound, validate_json_request, + path_param) from endpoints.api.image import image_view from data import model from auth.auth_context import get_authenticated_user @resource('/v1/repository//tag/') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') +@path_param('tag', 'The name of the tag') class RepositoryTag(RepositoryParamResource): """ Resource for managing repository tags. """ schemas = { @@ -73,6 +76,8 @@ class RepositoryTag(RepositoryParamResource): @resource('/v1/repository//tag//images') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') +@path_param('tag', 'The name of the tag') class RepositoryTagImages(RepositoryParamResource): """ Resource for listing the images in a specific repository tag. """ @require_repo_read diff --git a/endpoints/api/team.py b/endpoints/api/team.py index 1bb9f9e1a..91f225fa1 100644 --- a/endpoints/api/team.py +++ b/endpoints/api/team.py @@ -2,13 +2,14 @@ from flask import request from endpoints.api import (resource, nickname, ApiResource, validate_json_request, request_error, log_action, Unauthorized, NotFound, internal_only, require_scope, - query_param, truthy_bool, parse_args, require_user_admin, show_if) + path_param, query_param, truthy_bool, parse_args, require_user_admin, + show_if) from auth.permissions import AdministerOrganizationPermission, ViewTeamPermission from auth.auth_context import get_authenticated_user from auth import scopes from data import model from util.useremails import send_org_invite_email -from util.gravatar import compute_hash +from app import avatar import features @@ -63,7 +64,7 @@ def member_view(member, invited=False): 'name': member.username, 'kind': 'user', 'is_robot': member.robot, - 'gravatar': compute_hash(member.email) if not member.robot else None, + 'avatar': avatar.compute_hash(member.email, name=member.username) if not member.robot else None, 'invited': invited, } @@ -75,13 +76,14 @@ def invite_view(invite): return { 'email': invite.email, 'kind': 'invite', - 'gravatar': compute_hash(invite.email), + 'avatar': avatar.compute_hash(invite.email), 'invited': True } @resource('/v1/organization//team/') -@internal_only +@path_param('orgname', 'The name of the organization') +@path_param('teamname', 'The name of the team') class OrganizationTeam(ApiResource): """ Resource for manging an organization's teams. """ schemas = { @@ -110,6 +112,7 @@ class OrganizationTeam(ApiResource): }, } + @require_scope(scopes.ORG_ADMIN) @nickname('updateOrganizationTeam') @validate_json_request('TeamDescription') def put(self, orgname, teamname): @@ -151,6 +154,7 @@ class OrganizationTeam(ApiResource): raise Unauthorized() + @require_scope(scopes.ORG_ADMIN) @nickname('deleteOrganizationTeam') def delete(self, orgname, teamname): """ Delete the specified team. """ @@ -164,9 +168,11 @@ class OrganizationTeam(ApiResource): @resource('/v1/organization//team//members') -@internal_only +@path_param('orgname', 'The name of the organization') +@path_param('teamname', 'The name of the team') class TeamMemberList(ApiResource): """ Resource for managing the list of members for a team. """ + @require_scope(scopes.ORG_ADMIN) @parse_args @query_param('includePending', 'Whether to include pending members', type=truthy_bool, default=False) @nickname('getOrganizationTeamMembers') @@ -199,8 +205,12 @@ class TeamMemberList(ApiResource): @resource('/v1/organization//team//members/') +@path_param('orgname', 'The name of the organization') +@path_param('teamname', 'The name of the team') +@path_param('membername', 'The username of the team member') class TeamMember(ApiResource): """ Resource for managing individual members of a team. """ + @require_scope(scopes.ORG_ADMIN) @nickname('updateOrganizationTeamMember') def put(self, orgname, teamname, membername): diff --git a/endpoints/api/trigger.py b/endpoints/api/trigger.py index e75b2ec07..ed5262852 100644 --- a/endpoints/api/trigger.py +++ b/endpoints/api/trigger.py @@ -8,7 +8,8 @@ from urlparse import urlunparse from app import app from endpoints.api import (RepositoryParamResource, nickname, resource, require_repo_admin, log_action, request_error, query_param, parse_args, internal_only, - validate_json_request, api, Unauthorized, NotFound, InvalidRequest) + validate_json_request, api, Unauthorized, NotFound, InvalidRequest, + path_param) from endpoints.api.build import (build_status_view, trigger_view, RepositoryBuildStatus, get_trigger_config) from endpoints.common import start_build @@ -30,6 +31,7 @@ def _prepare_webhook_url(scheme, username, password, hostname, path): @resource('/v1/repository//trigger/') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') class BuildTriggerList(RepositoryParamResource): """ Resource for listing repository build triggers. """ @@ -44,6 +46,8 @@ class BuildTriggerList(RepositoryParamResource): @resource('/v1/repository//trigger/') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') +@path_param('trigger_uuid', 'The UUID of the build trigger') class BuildTrigger(RepositoryParamResource): """ Resource for managing specific build triggers. """ @@ -90,6 +94,8 @@ class BuildTrigger(RepositoryParamResource): @resource('/v1/repository//trigger//subdir') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') +@path_param('trigger_uuid', 'The UUID of the build trigger') @internal_only class BuildTriggerSubdirs(RepositoryParamResource): """ Custom verb for fetching the subdirs which are buildable for a trigger. """ @@ -137,7 +143,8 @@ class BuildTriggerSubdirs(RepositoryParamResource): @resource('/v1/repository//trigger//activate') -@internal_only +@path_param('repository', 'The full path of the repository. e.g. namespace/name') +@path_param('trigger_uuid', 'The UUID of the build trigger') class BuildTriggerActivate(RepositoryParamResource): """ Custom verb for activating a build trigger once all required information has been collected. """ @@ -234,6 +241,8 @@ class BuildTriggerActivate(RepositoryParamResource): @resource('/v1/repository//trigger//analyze') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') +@path_param('trigger_uuid', 'The UUID of the build trigger') @internal_only class BuildTriggerAnalyze(RepositoryParamResource): """ Custom verb for analyzing the config for a build trigger and suggesting various changes @@ -369,6 +378,8 @@ class BuildTriggerAnalyze(RepositoryParamResource): @resource('/v1/repository//trigger//start') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') +@path_param('trigger_uuid', 'The UUID of the build trigger') class ActivateBuildTrigger(RepositoryParamResource): """ Custom verb to manually activate a build trigger. """ schemas = { @@ -424,6 +435,8 @@ class ActivateBuildTrigger(RepositoryParamResource): @resource('/v1/repository//trigger//builds') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') +@path_param('trigger_uuid', 'The UUID of the build trigger') class TriggerBuildList(RepositoryParamResource): """ Resource to represent builds that were activated from the specified trigger. """ @require_repo_admin @@ -471,6 +484,8 @@ class BuildTriggerFieldValues(RepositoryParamResource): @resource('/v1/repository//trigger//sources') +@path_param('repository', 'The full path of the repository. e.g. namespace/name') +@path_param('trigger_uuid', 'The UUID of the build trigger') @internal_only class BuildTriggerSources(RepositoryParamResource): """ Custom verb to fetch the list of build sources for the trigger config. """ diff --git a/endpoints/api/user.py b/endpoints/api/user.py index b7d92e2b1..b713b3ff8 100644 --- a/endpoints/api/user.py +++ b/endpoints/api/user.py @@ -5,11 +5,11 @@ from flask import request from flask.ext.login import logout_user from flask.ext.principal import identity_changed, AnonymousIdentity -from app import app, billing as stripe, authentication +from app import app, billing as stripe, authentication, avatar from endpoints.api import (ApiResource, nickname, resource, validate_json_request, request_error, log_action, internal_only, NotFound, require_user_admin, parse_args, query_param, InvalidToken, require_scope, format_date, hide_if, show_if, - license_error, require_fresh_login) + license_error, require_fresh_login, path_param, define_json_response) from endpoints.api.subscribe import subscribe from endpoints.common import common_login from endpoints.api.team import try_accept_invite @@ -20,7 +20,6 @@ from auth.permissions import (AdministerOrganizationPermission, CreateRepository UserAdminPermission, UserReadPermission, SuperUserPermission) from auth.auth_context import get_authenticated_user from auth import scopes -from util.gravatar import compute_hash from util.useremails import (send_confirmation_email, send_recovery_email, send_change_email, send_password_changed) from util.names import parse_single_urn @@ -34,7 +33,7 @@ def user_view(user): admin_org = AdministerOrganizationPermission(o.username) return { 'name': o.username, - 'gravatar': compute_hash(o.email), + 'avatar': avatar.compute_hash(o.email, name=o.username), 'is_org_admin': admin_org.can(), 'can_create_repo': admin_org.can() or CreateRepositoryPermission(o.username).can(), 'preferred_namespace': not (o.stripe_id is None) @@ -60,13 +59,13 @@ def user_view(user): 'verified': user.verified, 'anonymous': False, 'username': user.username, - 'email': user.email, - 'gravatar': compute_hash(user.email), + 'avatar': avatar.compute_hash(user.email, name=user.username), } user_admin = UserAdminPermission(user.username) if user_admin.can(): user_response.update({ + 'email': user.email, 'organizations': [org_view(o) for o in organizations], 'logins': [login_view(login) for login in logins], 'can_create_repo': True, @@ -149,10 +148,51 @@ class User(ApiResource): }, }, }, + 'UserView': { + 'id': 'UserView', + 'type': 'object', + 'description': 'Describes a user', + 'required': ['verified', 'anonymous', 'avatar'], + 'properties': { + 'verified': { + 'type': 'boolean', + 'description': 'Whether the user\'s email address has been verified' + }, + 'anonymous': { + 'type': 'boolean', + 'description': 'true if this user data represents a guest user' + }, + 'email': { + 'type': 'string', + 'description': 'The user\'s email address', + }, + 'avatar': { + 'type': 'string', + 'description': 'Avatar hash representing the user\'s icon' + }, + 'organizations': { + 'type': 'array', + 'description': 'Information about the organizations in which the user is a member' + }, + 'logins': { + 'type': 'array', + 'description': 'The list of external login providers against which the user has authenticated' + }, + 'can_create_repo': { + 'type': 'boolean', + 'description': 'Whether the user has permission to create repositories' + }, + 'preferred_namespace': { + 'type': 'boolean', + 'description': 'If true, the user\'s namespace is the preferred namespace to display' + } + } + }, } @require_scope(scopes.READ_USER) @nickname('getLoggedInUser') + @define_json_response('UserView') def get(self): """ Get user information for the authenticated user. """ user = get_authenticated_user() @@ -166,6 +206,7 @@ class User(ApiResource): @nickname('changeUserDetails') @internal_only @validate_json_request('UpdateUser') + @define_json_response('UserView') def put(self): """ Update a users details such as password or email. """ user = get_authenticated_user() @@ -526,6 +567,7 @@ class UserNotificationList(ApiResource): @resource('/v1/user/notifications/') +@path_param('uuid', 'The uuid of the user notification') @internal_only class UserNotification(ApiResource): schemas = { @@ -572,10 +614,12 @@ def authorization_view(access_token): 'name': oauth_app.name, 'description': oauth_app.description, 'url': oauth_app.application_uri, - 'gravatar': compute_hash(oauth_app.gravatar_email or oauth_app.organization.email), + 'avatar': avatar.compute_hash(oauth_app.avatar_email or oauth_app.organization.email, + name=oauth_app.name), 'organization': { 'name': oauth_app.organization.username, - 'gravatar': compute_hash(oauth_app.organization.email) + 'avatar': avatar.compute_hash(oauth_app.organization.email, + name=oauth_app.organization.username) } }, 'scopes': scopes.get_scope_information(access_token.scope), @@ -596,6 +640,7 @@ class UserAuthorizationList(ApiResource): @resource('/v1/user/authorizations/') +@path_param('access_token_uuid', 'The uuid of the access token') @internal_only class UserAuthorization(ApiResource): @require_user_admin diff --git a/endpoints/common.py b/endpoints/common.py index 15670b2ee..e81b4facf 100644 --- a/endpoints/common.py +++ b/endpoints/common.py @@ -198,6 +198,7 @@ def render_page_template(name, **kwargs): feature_set=json.dumps(features.get_features()), config_set=json.dumps(getFrontendVisibleConfig(app.config)), oauth_set=json.dumps(get_oauth_config()), + scope_set=json.dumps(scopes.ALL_SCOPES), mixpanel_key=app.config.get('MIXPANEL_KEY', ''), google_analytics_key=app.config.get('GOOGLE_ANALYTICS_KEY', ''), sentry_public_dsn=app.config.get('SENTRY_PUBLIC_DSN', ''), diff --git a/endpoints/web.py b/endpoints/web.py index 7fcb09daa..4717f7d40 100644 --- a/endpoints/web.py +++ b/endpoints/web.py @@ -1,15 +1,16 @@ import logging -import os from flask import (abort, redirect, request, url_for, make_response, Response, Blueprint, send_from_directory, jsonify) + +from avatar_generator import Avatar from flask.ext.login import current_user from urlparse import urlparse from health.healthcheck import HealthCheck from data import model from data.model.oauth import DatabaseAuthorizationProvider -from app import app, billing as stripe, build_logs +from app import app, billing as stripe, build_logs, avatar from auth.auth import require_session_login, process_oauth from auth.permissions import AdministerOrganizationPermission, ReadRepositoryPermission from util.invoice import renderInvoiceToPdf @@ -17,8 +18,8 @@ from util.seo import render_snapshot from util.cache import no_cache from endpoints.common import common_login, render_page_template, route_show_if, param_required from endpoints.csrf import csrf_protect, generate_csrf_token +from endpoints.registry import set_cache_headers from util.names import parse_repository_name -from util.gravatar import compute_hash from util.useremails import send_email_changed from auth import scopes @@ -182,6 +183,20 @@ def status(): return response +@app.route("/avatar/") +@set_cache_headers +def render_avatar(avatar_hash, headers): + try: + size = int(request.args.get('size', 16)) + except ValueError: + size = 16 + + generated = Avatar.generate(size, avatar_hash, "PNG") + resp = make_response(generated, 200, {'Content-Type': 'image/png'}) + resp.headers.extend(headers) + return resp + + @web.route('/tos', methods=['GET']) @no_cache def tos(): @@ -391,7 +406,7 @@ def request_authorization_code(): if (not current_user.is_authenticated() or not provider.validate_has_scopes(client_id, current_user.db_user().username, scope)): - if not provider.validate_redirect_uri(client_id, redirect_uri): + if redirect_uri != 'display' and not provider.validate_redirect_uri(client_id, redirect_uri): current_app = provider.get_application_for_client_id(client_id) if not current_app: abort(404) @@ -411,9 +426,11 @@ def request_authorization_code(): 'name': oauth_app.name, 'description': oauth_app.description, 'url': oauth_app.application_uri, + 'avatar': avatar.compute_hash(oauth_app.avatar_email, name=oauth_app.name), 'organization': { 'name': oauth_app.organization.username, - 'gravatar': compute_hash(oauth_app.organization.email) + 'avatar': avatar.compute_hash(oauth_app.organization.email, + name=oauth_app.organization.username) } } @@ -431,7 +448,6 @@ def request_authorization_code(): else: return provider.get_authorization_code(response_type, client_id, redirect_uri, scope=scope) - @web.route('/oauth/access_token', methods=['POST']) @no_cache @param_required('grant_type') diff --git a/requirements-nover.txt b/requirements-nover.txt index 7772b3145..c1bf6c19f 100644 --- a/requirements-nover.txt +++ b/requirements-nover.txt @@ -23,7 +23,7 @@ redis hiredis docker-py pygithub -flask-restful +flask-restful==0.2.12 jsonschema git+https://github.com/NateFerrero/oauth2lib.git alembic @@ -39,4 +39,5 @@ psycopg2 pyyaml git+https://github.com/DevTable/aniso8601-fake.git git+https://github.com/DevTable/anunidecode.git +git+https://github.com/DevTable/avatar-generator.git gipc diff --git a/requirements.txt b/requirements.txt index 14d5cb33f..86e69157c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -15,10 +15,11 @@ PyPDF2==1.23 PyYAML==3.11 SQLAlchemy==0.9.8 Werkzeug==0.9.6 +alembic==0.7.0 git+https://github.com/DevTable/aniso8601-fake.git git+https://github.com/DevTable/anunidecode.git +git+https://github.com/DevTable/avatar-generator.git aiowsgi==0.3 -alembic==0.6.7 autobahn==0.9.3-3 backports.ssl-match-hostname==3.4.0.2 beautifulsoup4==4.3.2 @@ -36,10 +37,10 @@ html5lib==0.999 itsdangerous==0.24 jsonschema==2.4.0 marisa-trie==0.6 -git+https://github.com/NateFerrero/oauth2lib.git mixpanel-py==3.2.0 +git+https://github.com/NateFerrero/oauth2lib.git paramiko==1.15.1 -peewee==2.4.2 +peewee==2.4.3 psycopg2==2.5.4 py-bcrypt==0.4 pycrypto==2.6.1 diff --git a/static/css/quay.css b/static/css/quay.css index 8c22856e6..d15ca1cb4 100644 --- a/static/css/quay.css +++ b/static/css/quay.css @@ -4264,9 +4264,10 @@ pre.command:before { display: block !important; } -.auth-header > img { +.auth-header > .avatar { float: left; - margin-top: 8px; + display: inline-block; + margin-top: 12px; margin-right: 20px; } @@ -4827,7 +4828,7 @@ i.slack-icon { margin-bottom: 10px; } -.member-listing .gravatar { +.member-listing .avatar { vertical-align: middle; margin-right: 10px; } @@ -4887,4 +4888,12 @@ i.slack-icon { half (although it is still not great) */ transform: translateZ(0); -} \ No newline at end of file +} + +#gen-token table { + margin: 10px; +} + +#gen-token input[type="checkbox"] { + margin-right: 10px; +} diff --git a/static/directives/application-info.html b/static/directives/application-info.html index bbaf56454..241fec279 100644 --- a/static/directives/application-info.html +++ b/static/directives/application-info.html @@ -1,6 +1,6 @@
- +

{{ application.name }}

{{ application.organization.name }} diff --git a/static/directives/avatar.html b/static/directives/avatar.html new file mode 100644 index 000000000..46c56afe5 --- /dev/null +++ b/static/directives/avatar.html @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/static/directives/entity-reference.html b/static/directives/entity-reference.html index 1406b632f..0252515dc 100644 --- a/static/directives/entity-reference.html +++ b/static/directives/entity-reference.html @@ -7,15 +7,15 @@ - + {{entity.name}} {{entity.name}} - - + + diff --git a/static/directives/header-bar.html b/static/directives/header-bar.html index 748948b1d..3b21e8d04 100644 --- a/static/directives/header-bar.html +++ b/static/directives/header-bar.html @@ -35,7 +35,7 @@
  • - + {{ user.username }} diff --git a/static/directives/namespace-selector.html b/static/directives/namespace-selector.html index 5cc7985b6..dba839bc5 100644 --- a/static/directives/namespace-selector.html +++ b/static/directives/namespace-selector.html @@ -1,19 +1,19 @@ - + {{user.username}}
    diff --git a/static/directives/organization-header.html b/static/directives/organization-header.html index 513aa300d..163819b6e 100644 --- a/static/directives/organization-header.html +++ b/static/directives/organization-header.html @@ -1,5 +1,5 @@
    - + {{ organization.name }} diff --git a/static/directives/trigger-setup-github.html b/static/directives/trigger-setup-github.html index 0ef1981c9..0d6baaf74 100644 --- a/static/directives/trigger-setup-github.html +++ b/static/directives/trigger-setup-github.html @@ -9,7 +9,7 @@
    + ng-src="{{ state.currentRepo.avatar_url ? state.currentRepo.avatar_url : '/static/img/empty.png' }}"> {{ state.currentRepo.repo }}
    @@ -53,7 +53,7 @@ + ng-src="{{ state.currentRepo.avatar_url ? state.currentRepo.avatar_url : '/static/image/empty.png' }}">

    • -
    - -

    Jacob graduated from The University of Michigan with a Bachelors in Computer Engineering. From there he allowed his love of flight and mountains to lure him to Seattle where he took a job with Boeing Commercial Airplanes working on the world's most accurate flight simulator. When he realized how much he also loved web development, he moved to Amazon to work on the e-commerce back-end. Finally, desiring to move to New York City, he moved to Google, where he worked on several products related to Google APIs.

    @@ -71,9 +68,6 @@ Co-Founder
    -
    - -

    Joseph graduated from University of Pennsylvania with a Bachelors and Masters in Computer Science. After a record setting (probably) five internships with Google, he took a full time position there to continue his work on exciting products such as Google Spreadsheets, the Google Closure Compiler, and Google APIs.

    diff --git a/static/partials/landing-login.html b/static/partials/landing-login.html index 0a3046d2a..82c51fbb9 100644 --- a/static/partials/landing-login.html +++ b/static/partials/landing-login.html @@ -47,7 +47,7 @@
    - +
    Welcome {{ user.username }}!
    Browse all repositories Create a new repository diff --git a/static/partials/landing-normal.html b/static/partials/landing-normal.html index 6ad95f113..0a0dedc3a 100644 --- a/static/partials/landing-normal.html +++ b/static/partials/landing-normal.html @@ -57,7 +57,7 @@
    - +
    Welcome {{ user.username }}!
    Browse all repositories Create a new repository diff --git a/static/partials/manage-application.html b/static/partials/manage-application.html index 0c6f11427..e45fddf5f 100644 --- a/static/partials/manage-application.html +++ b/static/partials/manage-application.html @@ -7,10 +7,10 @@
    - +

    {{ application.name || '(Untitled)' }}

    - + {{ organization.name }}

    @@ -30,6 +30,7 @@
    @@ -59,9 +60,9 @@
    - - -
    An e-mail address representing the Gravatar for the application. See above for the icon.
    + + +
    An e-mail address representing the Avatar for the application. See above for the icon.
    @@ -91,6 +92,31 @@
    + +
    +
    + Click the button below to generate a new OAuth 2 Access Token. +
    + +
    + Note: The generated token will act on behalf of user + + {{ user.username }} +
    + + + + + +
    + + + Generate Access Token + +
    +
    diff --git a/static/partials/org-admin.html b/static/partials/org-admin.html index 464256ab5..0da193d09 100644 --- a/static/partials/org-admin.html +++ b/static/partials/org-admin.html @@ -43,7 +43,7 @@
    - +
    diff --git a/static/partials/team-view.html b/static/partials/team-view.html index 6b42fc0b6..2de41e650 100644 --- a/static/partials/team-view.html +++ b/static/partials/team-view.html @@ -36,7 +36,7 @@ diff --git a/static/partials/user-admin.html b/static/partials/user-admin.html index 478b9b2d6..0b09ca90e 100644 --- a/static/partials/user-admin.html +++ b/static/partials/user-admin.html @@ -9,7 +9,7 @@
    - + {{ user.username }} @@ -72,7 +72,7 @@
    - + - + - + {{ member.email }}
    - + {{ authInfo.application.name }} @@ -291,7 +291,7 @@
    - + {{ user.username }}
    This will continue to be the namespace for your repositories
    diff --git a/templates/base.html b/templates/base.html index a74d7c26f..9c4b0fed0 100644 --- a/templates/base.html +++ b/templates/base.html @@ -45,6 +45,7 @@ window.__features = {{ feature_set|safe }}; window.__config = {{ config_set|safe }}; window.__oauth = {{ oauth_set|safe }}; + window.__auth_scopes = {{ scope_set|safe }}; window.__token = '{{ csrf_token() }}'; diff --git a/templates/oauthorize.html b/templates/oauthorize.html index 714d9f6e7..0997f1e1b 100644 --- a/templates/oauthorize.html +++ b/templates/oauthorize.html @@ -13,10 +13,11 @@
    - +

    {{ application.name }}

    - + {{ application.organization.name }}

    diff --git a/test/test_api_usage.py b/test/test_api_usage.py index 24469d36d..ff7ab5f10 100644 --- a/test/test_api_usage.py +++ b/test/test_api_usage.py @@ -2114,14 +2114,14 @@ class TestOrganizationApplicationResource(ApiTestCase): edit_json = self.putJsonResponse(OrganizationApplicationResource, params=dict(orgname=ORGANIZATION, client_id=FAKE_APPLICATION_CLIENT_ID), data=dict(name="Some App", description="foo", application_uri="bar", - redirect_uri="baz", gravatar_email="meh")) + redirect_uri="baz", avatar_email="meh")) self.assertEquals(FAKE_APPLICATION_CLIENT_ID, edit_json['client_id']) self.assertEquals("Some App", edit_json['name']) self.assertEquals("foo", edit_json['description']) self.assertEquals("bar", edit_json['application_uri']) self.assertEquals("baz", edit_json['redirect_uri']) - self.assertEquals("meh", edit_json['gravatar_email']) + self.assertEquals("meh", edit_json['avatar_email']) # Retrieve the application again. json = self.getJsonResponse(OrganizationApplicationResource, diff --git a/util/gravatar.py b/util/gravatar.py deleted file mode 100644 index 8cee241cc..000000000 --- a/util/gravatar.py +++ /dev/null @@ -1,5 +0,0 @@ -import hashlib - - -def compute_hash(email_address): - return hashlib.md5(email_address.strip().lower()).hexdigest() diff --git a/util/jinjautil.py b/util/jinjautil.py index 2d10414f8..36095a1d8 100644 --- a/util/jinjautil.py +++ b/util/jinjautil.py @@ -1,6 +1,5 @@ -from app import get_app_url +from app import get_app_url, avatar from data import model -from util.gravatar import compute_hash from util.names import parse_robot_username from jinja2 import Template, Environment, FileSystemLoader, contextfilter @@ -25,10 +24,10 @@ def user_reference(username): alt = 'Organization' if user.organization else 'User' return """ - %s %s - """ % (compute_hash(user.email), alt, username) + """ % (avatar.get_url(user.email, 16), alt, username) def repository_tag_reference(repository_path_and_tag): @@ -55,10 +54,10 @@ def repository_reference(pair): return """ - + %s/%s - """ % (compute_hash(owner.email), get_app_url(), namespace, repository, namespace, repository) + """ % (avatar.get_url(owner.email, 16), get_app_url(), namespace, repository, namespace, repository) def admin_reference(username): diff --git a/util/useremails.py b/util/useremails.py index 9dfa802fb..0b8790b3b 100644 --- a/util/useremails.py +++ b/util/useremails.py @@ -5,7 +5,6 @@ from flask.ext.mail import Message from app import mail, app, get_app_url from data import model -from util.gravatar import compute_hash from util.jinjautil import get_template_env logger = logging.getLogger(__name__)