From 42dbb26a13190cb1fcd1723367e8811eff6d8d25 Mon Sep 17 00:00:00 2001 From: Rodney Ewing Date: Thu, 19 Sep 2013 08:02:30 -0700 Subject: [PATCH] not all JSONEncoded fields should be mutable dicts --- mediagoblin/db/migrations.py | 4 +-- mediagoblin/db/models.py | 3 +-- mediagoblin/oauth/views.py | 50 ++++++++++++++++++------------------ 3 files changed, 28 insertions(+), 29 deletions(-) diff --git a/mediagoblin/db/migrations.py b/mediagoblin/db/migrations.py index a88518f4..423508f6 100644 --- a/mediagoblin/db/migrations.py +++ b/mediagoblin/db/migrations.py @@ -26,7 +26,7 @@ from sqlalchemy.sql import and_ from migrate.changeset.constraint import UniqueConstraint -from mediagoblin.db.extratypes import JSONEncoded +from mediagoblin.db.extratypes import JSONEncoded, MutationDict from mediagoblin.db.migration_tools import RegisterMigration, inspect_table from mediagoblin.db.models import MediaEntry, Collection, User, MediaComment @@ -502,7 +502,7 @@ def add_file_metadata(db): metadata = MetaData(bind=db.bind) media_file_table = inspect_table(metadata, "core__mediafiles") - col = Column('file_metadata', JSONEncoded) + col = Column('file_metadata', MutationDict.as_mutable(JSONEncoded)) col.create(media_file_table) db.commit() diff --git a/mediagoblin/db/models.py b/mediagoblin/db/models.py index a1328370..5e8b6641 100644 --- a/mediagoblin/db/models.py +++ b/mediagoblin/db/models.py @@ -48,7 +48,6 @@ from migrate import changeset _log = logging.getLogger(__name__) -MutationDict.associate_with(JSONEncoded) class User(Base, UserMixin): @@ -395,7 +394,7 @@ class MediaFile(Base): nullable=False) name_id = Column(SmallInteger, ForeignKey(FileKeynames.id), nullable=False) file_path = Column(PathTupleWithSlashes) - file_metadata = Column(JSONEncoded) + file_metadata = Column(MutationDict.as_mutable(JSONEncoded)) __table_args__ = ( PrimaryKeyConstraint('media_entry', 'name_id'), diff --git a/mediagoblin/oauth/views.py b/mediagoblin/oauth/views.py index 116eb023..14c8ab14 100644 --- a/mediagoblin/oauth/views.py +++ b/mediagoblin/oauth/views.py @@ -18,12 +18,12 @@ import datetime from oauthlib.oauth1 import (RequestTokenEndpoint, AuthorizationEndpoint, AccessTokenEndpoint) - + from mediagoblin.decorators import require_active_login from mediagoblin.tools.translate import pass_to_ugettext from mediagoblin.meddleware.csrf import csrf_exempt from mediagoblin.tools.request import decode_request -from mediagoblin.tools.response import (render_to_response, redirect, +from mediagoblin.tools.response import (render_to_response, redirect, json_response, render_400, form_response) from mediagoblin.tools.crypto import random_string @@ -41,7 +41,7 @@ client_types = ["web", "native"] # currently what pump supports def client_register(request): """ Endpoint for client registration """ try: - data = decode_request(request) + data = decode_request(request) except ValueError: error = "Could not decode data." return json_response({"error": error}, status=400) @@ -56,7 +56,7 @@ def client_register(request): if data.get("application_type", None) not in client_types: error = "Unknown application_type." return json_response({"error": error}, status=400) - + client_type = data["type"] if client_type == "client_update": @@ -69,7 +69,7 @@ def client_register(request): return json_response({"error": error}, status=400) client = Client.query.filter_by( - id=data["client_id"], + id=data["client_id"], secret=data["client_secret"] ).first() @@ -78,7 +78,7 @@ def client_register(request): return json_response({"error": error}, status=403) client.application_name = data.get( - "application_name", + "application_name", client.application_name ) @@ -108,12 +108,12 @@ def client_register(request): client_secret = random_string(43) # again, seems to be what pump uses expirey = 0 # for now, lets not have it expire expirey_db = None if expirey == 0 else expirey - application_type = data["application_type"] - + application_type = data["application_type"] + # save it client = Client( - id=client_id, - secret=client_secret, + id=client_id, + secret=client_secret, expirey=expirey_db, application_type=application_type, ) @@ -126,12 +126,12 @@ def client_register(request): if logo_url is not None and not validate_url(logo_url): error = "Logo URL {0} is not a valid URL.".format(logo_url) return json_response( - {"error": error}, + {"error": error}, status=400 ) else: client.logo_url = logo_url - + client.application_name = data.get("application_name", None) contacts = data.get("contacts", None) @@ -146,8 +146,8 @@ def client_register(request): # not a valid email error = "Email {0} is not a valid email.".format(contact) return json_response({"error": error}, status=400) - - + + client.contacts = contacts redirect_uris = data.get("redirect_uris", None) @@ -166,7 +166,7 @@ def client_register(request): client.redirect_uri = redirect_uris - + client.save() expirey = 0 if client.expirey is None else client.expirey @@ -182,7 +182,7 @@ def client_register(request): def request_token(request): """ Returns request token """ try: - data = decode_request(request) + data = decode_request(request) except ValueError: error = "Could not decode data." return json_response({"error": error}, status=400) @@ -193,7 +193,7 @@ def request_token(request): if not data and request.headers: data = request.headers - + data = dict(data) # mutableifying authorization = decode_authorization_header(data) @@ -226,12 +226,12 @@ def request_token(request): return form_response(tokens) -@require_active_login +@require_active_login def authorize(request): """ Displays a page for user to authorize """ if request.method == "POST": return authorize_finish(request) - + _ = pass_to_ugettext token = request.args.get("oauth_token", None) if token is None: @@ -243,10 +243,10 @@ def authorize(request): if oauth_request is None: err_msg = _("No request token found.") return render_400(request, err_msg) - + if oauth_request.used: return authorize_finish(request) - + if oauth_request.verifier is None: orequest = GMGRequest(request) request_validator = GMGRequestValidator() @@ -279,7 +279,7 @@ def authorize(request): "mediagoblin/api/authorize.html", context ) - + def authorize_finish(request): """ Finishes the authorize """ @@ -288,7 +288,7 @@ def authorize_finish(request): verifier = request.form["oauth_verifier"] oauth_request = RequestToken.query.filter_by(token=token, verifier=verifier) oauth_request = oauth_request.first() - + if oauth_request is None: # invalid token or verifier err_msg = _("No request token found.") @@ -321,10 +321,10 @@ def authorize_finish(request): @csrf_exempt def access_token(request): - """ Provides an access token based on a valid verifier and request token """ + """ Provides an access token based on a valid verifier and request token """ data = request.headers - parsed_tokens = decode_authorization_header(data) + parsed_tokens = decode_authorization_header(data) if parsed_tokens == dict() or "oauth_token" not in parsed_tokens: error = "Missing required parameter." -- 2.25.1