authentication implemented and tested as much as possible without authentication in thrimbletrimmer

pull/73/head^2
Christopher Usher 5 years ago
parent 057bd031a2
commit 36fe22bf99

@ -46,7 +46,7 @@ def authenticate(f):
Reference: https://developers.google.com/identity/sign-in/web/backend-auth""" Reference: https://developers.google.com/identity/sign-in/web/backend-auth"""
@wraps(f) @wraps(f)
def decorated_function(*args): def decorated_function(*args, **kwargs):
if flask.request.method == 'POST': if flask.request.method == 'POST':
userToken = flask.request.json['token'] userToken = flask.request.json['token']
# check whether token is valid # check whether token is valid
@ -67,13 +67,22 @@ def authenticate(f):
if row is None: if row is None:
return 'Unknown user. Access denied.', 403 return 'Unknown user. Access denied.', 403
return f(*args, editor=email) return f(*args, editor=email, **kwargs)
else: else:
return f(*args) return f(*args, **kwargs)
return decorated_function return decorated_function
@app.route('/thrimshim/test', methods=['GET', 'POST'])
@request_stats
@authenticate
def test(editor=None):
if flask.request.method == 'POST':
return json.dumps(editor)
else:
return "Hello World!"
@app.route('/thrimshim/auth-test', methods=['GET', 'POST']) @app.route('/thrimshim/auth-test', methods=['GET', 'POST'])
@request_stats @request_stats
@ -125,6 +134,7 @@ def get_all_rows():
return json.dumps(rows) return json.dumps(rows)
@app.route('/thrimshim/<uuid:ident>', methods=['GET', 'POST']) @app.route('/thrimshim/<uuid:ident>', methods=['GET', 'POST'])
@authenticate
@request_stats @request_stats
def thrimshim(ident, editor=None): def thrimshim(ident, editor=None):
"""Comunicate between Thrimbletrimmer and the Wubloader database.""" """Comunicate between Thrimbletrimmer and the Wubloader database."""
@ -233,6 +243,7 @@ def update_row(ident, new_row, editor):
return '' return ''
@app.route('/thrimshim/manual-link/<uuid:ident>', methods=['POST']) @app.route('/thrimshim/manual-link/<uuid:ident>', methods=['POST'])
@authenticate
@request_stats @request_stats
def manual_link(ident, editor=None): def manual_link(ident, editor=None):
"""Manually set a video_link if the state is 'UNEDITED' or 'DONE' and the """Manually set a video_link if the state is 'UNEDITED' or 'DONE' and the
@ -260,6 +271,7 @@ def manual_link(ident, editor=None):
@app.route('/thrimshim/reset/<uuid:ident>', methods=['POST']) @app.route('/thrimshim/reset/<uuid:ident>', methods=['POST'])
@authenticate
@request_stats @request_stats
def reset_row(ident, editor=None): def reset_row(ident, editor=None):
"""Clear state and video_link columns and reset state to 'UNEDITED'.""" """Clear state and video_link columns and reset state to 'UNEDITED'."""

Loading…
Cancel
Save