From e5994bab9bb6e34fad36b3b8a128127ab3492f01 Mon Sep 17 00:00:00 2001 From: yackob03 Date: Mon, 11 Nov 2013 18:05:21 -0500 Subject: [PATCH 1/2] Check for the repository since we can no longer rely on permissions for the existence of repositories. --- endpoints/index.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/endpoints/index.py b/endpoints/index.py index 4647d43ff..6b0cde6d8 100644 --- a/endpoints/index.py +++ b/endpoints/index.py @@ -174,6 +174,10 @@ def update_images(namespace, repository): if permission.can(): repository = model.get_repository(namespace, repository) + if not repository: + # Make sure the repo actually exists. + abort(404) + image_with_checksums = json.loads(request.data) for image in image_with_checksums: @@ -196,6 +200,11 @@ def get_repository_images(namespace, repository): # TODO invalidate token? if permission.can() or model.repository_is_public(namespace, repository): + # We can't rely on permissions to tell us if a repo exists anymore + repo = model.get_repository(namespace, repository) + if not repo: + abort(404) + all_images = [] for image in model.get_repository_images(namespace, repository): new_image_view = { @@ -215,8 +224,7 @@ def get_repository_images(namespace, repository): return resp - # TODO Submit a pull to docker CLI to get it to accept 403s - abort(404) + abort(403) @app.route('/v1/repositories//images', methods=['DELETE']) From 6467e24ba2b9cf4eaf086f7b4f234d5279e61136 Mon Sep 17 00:00:00 2001 From: yackob03 Date: Mon, 11 Nov 2013 19:02:42 -0500 Subject: [PATCH 2/2] All for free user to free business migration. --- endpoints/api.py | 39 +++++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 16 deletions(-) diff --git a/endpoints/api.py b/endpoints/api.py index 88305f213..bd558de72 100644 --- a/endpoints/api.py +++ b/endpoints/api.py @@ -1190,7 +1190,8 @@ def subscribe_api(): token = request_data['token'] if 'token' in request_data else None user = current_user.db_user() return subscribe(user, plan, token, USER_PLANS) - + + def subscribe(user, plan, token, accepted_plans): plan_found = None for plan_obj in accepted_plans: @@ -1202,16 +1203,25 @@ def subscribe(user, plan, token, accepted_plans): private_repos = model.get_private_repo_count(user.username) - if not user.stripe_id: - # Create the customer and plan simultaneously - card = token - cus = stripe.Customer.create(email=user.email, plan=plan, card=card) - user.stripe_id = cus.id - user.save() + # This is the default response + response_json = { + 'plan': plan, + 'usedPrivateRepos': private_repos, + } + status_code = 200 - resp = jsonify(subscription_view(cus.subscription, private_repos)) - resp.status_code = 201 - return resp + if not user.stripe_id: + # Check if a non-paying user is trying to subscribe to a free plan + if not plan_found['price'] == 0: + # They want a real paying plan, create the customerand plan + # simultaneously + card = token + cus = stripe.Customer.create(email=user.email, plan=plan, card=card) + user.stripe_id = cus.id + user.save() + + response_json = subscription_view(cus.subscription, private_repos) + status_code = 201 else: # Change the plan @@ -1223,11 +1233,6 @@ def subscribe(user, plan, token, accepted_plans): cus.cancel_subscription() cus.save() - response_json = { - 'plan': plan, - 'usedPrivateRepos': private_repos, - } - else: cus.plan = plan # User may have been a previous customer who is resubscribing @@ -1237,7 +1242,9 @@ def subscribe(user, plan, token, accepted_plans): cus.save() response_json = subscription_view(cus.subscription, private_repos) - return jsonify(response_json) + resp = jsonify(response_json) + resp.status_code = status_code + return resp @app.route('/api/organization//plan', methods=['PUT'])