Merge branch 'dev'

Separate the auth logic from the home view.
hel-repo · Sep 9, 2016 · b44c2a5 · b44c2a5
2 parents 729023a + 69882e9
commit b44c2a5
Show file tree

Hide file tree

Showing 7 changed files with 62 additions and 36 deletions.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -1,3 +1,7 @@
+0.4.0
+-----
+- Separated the auth logic from the home view, effectively enabling authorization via API.
+
 0.3.2
 -----
 - Added versions.num.changes field.

diff --git a/hel/__init__.py b/hel/__init__.py
@@ -93,5 +93,6 @@ def get_version(request):
     # Setup routes
     config.add_route('home', '/')
     config.add_route('teapot', '/teapot')
+    config.add_route('auth', '/auth')
     config.scan()
     return config.make_wsgi_app()
diff --git a/hel/tests/test_func.py b/hel/tests/test_func.py
@@ -209,7 +209,7 @@ def setUp(self):
         self.assertEqual(users[0]['nickname'], data['nickname'])
         data = copy.copy(self.user)
         data['log-in'] = True
-        res = self.test_app.post('/', data, status=302)
+        res = self.test_app.post('/', data, status=200)
         headers = res.headers
         auth_headers = ResponseHeaders()
         for k, v in headers.items():
@@ -228,7 +228,7 @@ def setUp(self):
         self.assertIsNotNone(logout)
         self.assertEqual(logout.form.span.span.string, '@' +
                          self.user['nickname'])
-        self.log_out_status = 302
+        self.log_out_status = 200
 
     def tearDown(self):
         FunctionalAuthTests.tearDown(self)

diff --git a/hel/tests/test_views.py b/hel/tests/test_views.py
@@ -12,21 +12,6 @@
 from hel.utils.query import PackagesSearcher
 
 
-class ViewTests(unittest.TestCase):
-
-    def setUp(self):
-        self.config = testing.setUp()
-
-    def tearDown(self):
-        testing.tearDown()
-
-    def test_view_home(self):
-        from hel.views import home
-        request = testing.DummyRequest()
-        info = home(request)
-        self.assertEqual(info['project'], 'hel')
-
-
 def one_value_param(name):
 
     def wrap(func):

diff --git a/hel/utils/__init__.py b/hel/utils/__init__.py
@@ -1,7 +1,7 @@
 import json
 
 
-VERSION = '0.3.2'
+VERSION = '0.4.0'
 
 
 def parse_search_phrase(s):

diff --git a/hel/utils/messages.py b/hel/utils/messages.py
@@ -20,3 +20,5 @@ class Messages:
     bad_user = 'This user data you provided contained an error.'
     wrong_dep_type = 'Unknown dependency type.'
     partial_ver = 'Version data you provided was partial.'
+    logged_out = 'Logged out successfully.'
+    logged_in = 'Logged in successfully.'
diff --git a/hel/views.py b/hel/views.py
@@ -7,14 +7,14 @@
 from pyramid.httpexceptions import (
     HTTPBadRequest,
     HTTPConflict,
-    HTTPFound,
     HTTPNotFound
 )
 from pyramid.request import Request
 from pyramid.response import Response
 from pyramid.security import forget, remember
 from pyramid.view import view_config
 import semantic_version as semver
+from webob.headers import ResponseHeaders
 
 from hel.resources import Package, Packages, User, Users
 from hel.utils import jexc
@@ -32,23 +32,58 @@
 log = logging.getLogger(__name__)
 
 
-# Home page
+# Home
 @view_config(route_name='home', renderer='templates/home.pt')
 def home(request):
+    message = ''
+    nickname = ''
+    email = ''
+    if request.authenticated_userid:
+        nickname = request.authenticated_userid
+    if any(x in ['log-out', 'log-in', 'register'] for x in request.POST):
+        subrequest = Request.blank(
+            '/auth', method='POST', POST=request.POST)
+        if hasattr(request, 'logged_in'):
+            subrequest.logged_in = request.logged_in
+        response = request.invoke_subrequest(subrequest, use_tweens=True)
+        request.response.headers = response.headers
+        cookie_headers = ResponseHeaders()
+        for k, v in response.headers.items():
+            if k.lower() == 'set-cookie':
+                cookie_headers.add('Cookie', v)
+        message = response.json['message']
+        if not nickname and 'nickname' in request.POST:
+            nickname = request.POST['nickname'].strip()
+        if 'email' in request.POST:
+            email = request.POST['email'].strip()
+    request.response.content_type = 'text/html'
+    return {
+        'project': 'hel',
+        'message': message,
+        'nickname': nickname,
+        'email': email,
+        'logged_in': request.logged_in,
+        'version': request.version
+    }
+
+
+# Auth controller
+@view_config(route_name='auth', renderer='json')
+def auth(request):
     message = ''
     nickname = ''
     password = ''
     email = ''
     passwd_confirm = ''
-    if not hasattr(request, 'logged_in'):
-        request.logged_in = False
-    if not hasattr(request, 'version'):
-        request.version = '?'
+    request.response.content_type = 'application/json'
     if request.logged_in:
         nickname = request.authenticated_userid
         if 'log-out' in request.POST:
             headers = forget(request)
-            return HTTPFound(location=request.url, headers=headers)
+            request.response.status = '200 OK'
+            for v in headers:
+                request.response.headers.add(v[0], v[1])
+            return {'success': True, 'message': Messages.logged_out}
     elif 'log-in' in request.POST:
         try:
             nickname = request.POST['nickname'].strip()
@@ -67,9 +102,10 @@ def home(request):
                     correct_hash = user['password']
                     if pass_hash == correct_hash:
                         headers = remember(request, nickname)
-                        response = HTTPFound(location=request.url,
-                                             headers=headers)
-                        return response
+                        request.response.status = '200 OK'
+                        for v in headers:
+                            request.response.headers.add(v[0], v[1])
+                        return {'success': True, 'message': Messages.logged_in}
                     else:
                         message = Messages.failed_login
                 else:
@@ -122,7 +158,10 @@ def home(request):
                                 subrequest, use_tweens=True)
                             if response.status_code == 201:
                                 # TODO: send activation email
-                                message = Messages.account_created_success
+                                request.response.status = '200 OK'
+                                return {'success': True,
+                                        'message':
+                                            Messages.account_created_success}
                             else:  # pragma: no cover
                                 message = Messages.internal_error
                                 log.error(
@@ -133,14 +172,9 @@ def home(request):
                                     ''.join(['\n * ' + str(x) + ' = ' + str(y)
                                              for x, y in locals().items()])
                                 )
-    request.response.content_type = 'text/html'
     return {
-        'project': 'hel',
-        'message': message,
-        'nickname': nickname,
-        'email': email,
-        'logged_in': request.logged_in,
-        'version': request.version
+        'success': False,
+        'message': message
     }