From e69591c7d6fc423f54465fb805d170a02e8e1eef Mon Sep 17 00:00:00 2001
From: yackob03 <jacob.moshenko@gmail.com>
Date: Wed, 20 Nov 2013 19:43:19 -0500
Subject: [PATCH] Add the ability to login with a robot, use the wrench icon
 for robots all over the place.

---
 auth/auth.py                    | 14 ++++++++++++++
 data/model.py                   |  2 +-
 endpoints/api.py                | 17 ++++++++++++-----
 endpoints/index.py              |  7 +++++++
 static/js/app.js                |  4 +++-
 static/js/controllers.js        |  9 ++++-----
 static/partials/repo-admin.html |  5 +++--
 static/partials/team-view.html  |  3 ++-
 8 files changed, 46 insertions(+), 15 deletions(-)

diff --git a/auth/auth.py b/auth/auth.py
index 2d77d6094..a20e20129 100644
--- a/auth/auth.py
+++ b/auth/auth.py
@@ -48,6 +48,20 @@ def process_basic_auth(auth):
     except model.DataModelException:
       logger.debug('Invalid token: %s' % credentials[1])
 
+  elif '+' in credentials[0]:
+    logger.debug('Trying robot auth with credentials %s' % str(credentials))
+    # Use as robot auth
+    try:
+      robot = model.verify_robot(credentials[0], credentials[1])
+      logger.debug('Successfully validated robot: %s' % credentials[0])
+      ctx = _request_ctx_stack.top
+      ctx.authenticated_user = robot
+      
+      identity_changed.send(app, identity=Identity(robot.username, 'username'))
+      return
+    except model.InvalidRobotException:
+      logger.debug('Invalid robot or password for robot: %s' % credentials[0])
+
   else:
     authenticated = model.verify_user(credentials[0], credentials[1])
 
diff --git a/data/model.py b/data/model.py
index 822605b92..9fe51db65 100644
--- a/data/model.py
+++ b/data/model.py
@@ -627,7 +627,7 @@ def get_all_repo_teams(namespace_name, repository_name):
 
 
 def get_all_repo_users(namespace_name, repository_name):
-  select = RepositoryPermission.select(User.username, Role.name,
+  select = RepositoryPermission.select(User.username, User.robot, Role.name,
                                        RepositoryPermission)
   with_user = select.join(User)
   with_role = with_user.switch(RepositoryPermission).join(Role)
diff --git a/endpoints/api.py b/endpoints/api.py
index 202e723dd..aee4947d9 100644
--- a/endpoints/api.py
+++ b/endpoints/api.py
@@ -292,7 +292,8 @@ def get_matching_entities(prefix):
   def user_view(user):
     user_json = {
       'name': user.username,
-      'kind': 'robot' if user.is_robot else 'user',
+      'kind': 'user',
+      'is_robot': user.is_robot,
     }
 
     if user.is_org_member is not None:
@@ -455,7 +456,8 @@ def get_organization_private_allowed(orgname):
 
 def member_view(member):
   return {
-    'username': member.username
+    'username': member.username,
+    'is_robot': member.robot,
   }
 
 
@@ -917,6 +919,11 @@ def role_view(repo_perm_obj):
   }
 
 
+def wrap_role_view_user(role_json, user):
+  role_json['is_robot'] = user.robot
+  return role_json
+
+
 def wrap_role_view_org(role_json, org_member):
   role_json['is_org_member'] = org_member
   return role_json
@@ -1033,7 +1040,7 @@ def list_repo_user_permissions(namespace, repository):
       model.get_organization(namespace)  # Will raise an error if not org
       org_members = model.get_organization_member_set(namespace)
       def wrapped_role_view(repo_perm):
-        unwrapped = role_view(repo_perm)
+        unwrapped = wrap_role_view_user(role_view(repo_perm), repo_perm.user)
         return wrap_role_view_org(unwrapped,
                                   repo_perm.user.username in org_members)
 
@@ -1062,7 +1069,7 @@ def get_user_permissions(namespace, repository, username):
   permission = AdministerRepositoryPermission(namespace, repository)
   if permission.can():
     perm = model.get_user_reponame_permission(username, namespace, repository)
-    perm_view = role_view(perm)
+    perm_view = wrap_role_view_user(role_view(perm), perm.user)
 
     try:
       model.get_organization(namespace)
@@ -1107,7 +1114,7 @@ def change_user_permissions(namespace, repository, username):
 
     perm = model.set_user_repo_permission(username, namespace, repository,
                                           new_permission['role'])
-    perm_view = role_view(perm)
+    perm_view = wrap_role_view_user(role_view(perm), perm.user)
 
     try:
       model.get_organization(namespace)
diff --git a/endpoints/index.py b/endpoints/index.py
index 207ace697..13525d5e9 100644
--- a/endpoints/index.py
+++ b/endpoints/index.py
@@ -62,6 +62,13 @@ def create_user():
     except model.InvalidTokenException:
       abort(401)
 
+  elif '+' in username:
+    try:
+      model.verify_robot(username, password)
+      return make_response('Verified', 201)
+    except model.InvalidRobotException:
+      abort(401)
+
   existing_user = model.get_user(username)
   if existing_user:
     verified = model.verify_user(username, password)
diff --git a/static/js/app.js b/static/js/app.js
index 04a887b8c..376c0feb3 100644
--- a/static/js/app.js
+++ b/static/js/app.js
@@ -643,8 +643,10 @@ quayApp.directive('entitySearch', function () {
         },
         template: function (datum) {
           template = '<div class="entity-mini-listing">';
-          if (datum.entity.kind == 'user') {
+          if (datum.entity.kind == 'user' && !datum.entity.is_robot) {
             template += '<i class="fa fa-user fa-lg"></i>';
+          } else if (datum.entity.kind == 'user' && datum.entity.is_robot) {
+            template += '<i class="fa fa-wrench fa-lg"></i>';            
           } else if (datum.entity.kind == 'team') {
             template += '<i class="fa fa-group fa-lg"></i>';
           }
diff --git a/static/js/controllers.js b/static/js/controllers.js
index a83f375a2..4172835ee 100644
--- a/static/js/controllers.js
+++ b/static/js/controllers.js
@@ -527,7 +527,7 @@ function RepoAdminCtrl($scope, Restangular, $routeParams, $rootScope) {
     // Need the $scope.apply for both the permission stuff to change and for
     // the XHR call to be made.
     $scope.$apply(function() {
-      $scope.addRole(entity.name, 'read', entity.kind, entity.is_org_member)
+      $scope.addRole(entity.name, 'read', entity.kind);
     });
   };
 
@@ -545,15 +545,14 @@ function RepoAdminCtrl($scope, Restangular, $routeParams, $rootScope) {
     });
   };
 
-  $scope.addRole = function(entityName, role, kind, is_org_member) {
+  $scope.addRole = function(entityName, role, kind) {
     var permission = {
       'role': role,
-      'is_org_member': is_org_member
     };
 
     var permissionPost = Restangular.one(getRestUrl('repository', namespace, name, 'permissions', kind, entityName));
-    permissionPost.customPOST(permission).then(function() {
-      $scope.permissions[kind][entityName] = permission;
+    permissionPost.customPOST(permission).then(function(result) {
+      $scope.permissions[kind][entityName] = result;
     }, function(result) {
       $('#cannotchangeModal').modal({});
     });
diff --git a/static/partials/repo-admin.html b/static/partials/repo-admin.html
index 89442c88f..3d169340f 100644
--- a/static/partials/repo-admin.html
+++ b/static/partials/repo-admin.html
@@ -71,8 +71,9 @@
                 
                 <!-- User Permissions -->
                 <tr ng-repeat="(name, permission) in permissions['user']">
-                  <td class="{{ 'user entity ' + (permission.is_org_member? '' : 'outside') }}">
-                    <i class="fa fa-user"></i> 
+                  <td class="{{ 'user entity ' + (permission.is_org_member ? '' : 'outside') }}">
+                    <i class="fa fa-user" ng-show="!permission.is_robot"></i> 
+                    <i class="fa fa-wrench" ng-show="permission.is_robot"></i> 
                     <span>{{name}}</span>
                     <i class="fa fa-exclamation-triangle" ng-show="permission.is_org_member === false" data-trigger="hover" bs-popover="{'content': 'This user is not a member of the organization'}"></i>
                   </td>
diff --git a/static/partials/team-view.html b/static/partials/team-view.html
index 1d8d66d5c..fcb275c9a 100644
--- a/static/partials/team-view.html
+++ b/static/partials/team-view.html
@@ -20,7 +20,8 @@
       <table class="permissions">        
         <tr ng-repeat="(name, member) in members">
           <td class="user entity">
-            <i class="fa fa-user"></i> 
+            <i class="fa fa-user" ng-show="!member.is_robot"></i> 
+            <i class="fa fa-wrench" ng-show="member.is_robot"></i> 
             <span>{{ member.username }}</span>
           </td>
           <td>