Mercurial Repository: p/roundup/code: doc/rest.txt comparison

comparison doc/rest.txt @ 5893:13f5ac918120

fix spacing on example code and typo fix.

author	John Rouillard <rouilj@ieee.org>
date	Wed, 02 Oct 2019 20:55:15 -0400
parents	afb5705d1fe5
children	45a104bb127e

comparison

equal deleted inserted replaced

-:afb5705d1fe5
+:13f5ac918120
 perm = db.security.addPermission(name='Create', klass='timelog',
 description="Allow timelog creation", props_only=False)
 db.security.addPermissionToRole("User:timelog", perm)
 perm = db.security.addPermission(name='View', klass='issue',
 properties=('id', 'times'),
-description="Allow timelog retreival for issue",
+description="Allow retrieving issue etag or timelog issue",
-	     props_only=False)
+props_only=False)
 db.security.addPermissionToRole("User:timelog", perm)
 perm = db.security.addPermission(name='Edit', klass='issue',
 properties=('id', 'times'),
-description="Allow editing timelog for issue", props_only=False)
+description="Allow editing timelog for issue",
+props_only=False)
 db.security.addPermissionToRole("User:timelog", perm)
 The role is named to work with the /rest/jwt/issue rest endpoint
 defined below. Starting the role name with ``User:`` allows the jwt
 issue code to create a token with this role if the user requesting the
 role has the User role.
 The role *must* have access to the issue ``id`` to retrieve the etag for
 the issue.  The etag is passed in the ``If-Match`` HTTP header when you
-make a call to patch or update the ``timess` property of the issue.
+make a call to patch or update the ``times` property of the issue.
 If you use a PATCH rest call with "@op=add" to append the new timelog,
 you don't need View access to the ``times`` property. If you replace the
 ``times`` value, you need to read the current value of ``times`` (using
 View permission), append the newly created timelog id to the (array)
 only been tested with python3)::
 from roundup.rest import Routing, RestfulInstance, _data_decorator
 class RestfulInstance(object):
-	@Routing.route("/jwt/issue", 'POST')
+@Routing.route("/jwt/issue", 'POST')
-	@_data_decorator
+@_data_decorator
-	def generate_jwt(self, input):
+def generate_jwt(self, input):
-	    import jwt
+import jwt
-	    import datetime
+import datetime
-	    from roundup.anypy.strings import b2s
+from roundup.anypy.strings import b2s
-	    # require basic auth to generate a token
+# require basic auth to generate a token
-	    # At some point we can support a refresh token.
+# At some point we can support a refresh token.
-	    # maybe a jwt with the "refresh": True claim generated
+# maybe a jwt with the "refresh": True claim generated
-	    # using: "refresh": True in the json request payload.
+# using: "refresh": True in the json request payload.
-	    denialmsg='Token creation requires login with basic auth.'
+denialmsg='Token creation requires login with basic auth.'
-	    if 'HTTP_AUTHORIZATION' in self.client.env:
+if 'HTTP_AUTHORIZATION' in self.client.env:
-		try:
+try:
-		    auth = self.client.env['HTTP_AUTHORIZATION']
+auth = self.client.env['HTTP_AUTHORIZATION']
-		    scheme, challenge = auth.split(' ', 1)
+scheme, challenge = auth.split(' ', 1)
-		except (ValueError, AttributeError):
+except (ValueError, AttributeError):
-		    # bad format for header
+# bad format for header
-		    raise Unauthorised(denialmsg)
+raise Unauthorised(denialmsg)
-		if scheme.lower() != 'basic':
+if scheme.lower() != 'basic':
-		    raise Unauthorised(denialmsg)
+raise Unauthorised(denialmsg)
-	    else:
+else:
-		raise Unauthorised(denialmsg)
+raise Unauthorised(denialmsg)
-	    # If we reach this point we have validated that the user has
+# If we reach this point we have validated that the user has
-	    # logged in with a password using basic auth.
+# logged in with a password using basic auth.
-	    all_roles = list(self.db.security.role.items())
+all_roles = list(self.db.security.role.items())
-	    rolenames = []
+rolenames = []
-	    for role in all_roles:
+for role in all_roles:
-		rolenames.append(role[0])
+rolenames.append(role[0])
-	    user_roles = list(self.db.user.get_roles(self.db.getuid()))
+user_roles = list(self.db.user.get_roles(self.db.getuid()))
-	    claim= { 'sub': self.db.getuid(),
+claim= { 'sub': self.db.getuid(),
-		     'iss': self.db.config.TRACKER_WEB,
+'iss': self.db.config.TRACKER_WEB,
-		     'aud': self.db.config.TRACKER_WEB,
+'aud': self.db.config.TRACKER_WEB,
-		     'iat': datetime.datetime.utcnow(),
+'iat': datetime.datetime.utcnow(),
-		   }
+}
-	    lifetime = 0
+lifetime = 0
-	    if 'lifetime' in input:
+if 'lifetime' in input:
-		if input['lifetime'].value != 'unlimited':
+if input['lifetime'].value != 'unlimited':
-		    try:
+try:
-			lifetime = datetime.timedelta(seconds=int(input['lifetime'].value))
+lifetime = datetime.timedelta(seconds=int(input['lifetime'].value))
-		    except ValueError:
+except ValueError:
-			raise UsageError("Value 'lifetime' must be 'unlimited' or an integer to specify" +
+raise UsageError("Value 'lifetime' must be 'unlimited' or an integer to specify" +
-					 " lifetime in seconds. Got %s."%input['lifetime'].value)
+" lifetime in seconds. Got %s."%input['lifetime'].value)
-	    else:
+else:
-		lifetime = datetime.timedelta(seconds=86400) # 1 day by default
+lifetime = datetime.timedelta(seconds=86400) # 1 day by default
-	    if lifetime: # if lifetime = 0 make unlimited by omitting exp claim
+if lifetime: # if lifetime = 0 make unlimited by omitting exp claim
-		claim['exp'] = datetime.datetime.utcnow() + lifetime
+claim['exp'] = datetime.datetime.utcnow() + lifetime
-	    newroles = []
+newroles = []
-	    if 'roles' in input:
+if 'roles' in input:
-		for role in input['roles'].value:
+for role in input['roles'].value:
-		    if role not in rolenames:
+if role not in rolenames:
-			raise UsageError("Role %s is not valid."%role)
+raise UsageError("Role %s is not valid."%role)
-		    if role in user_roles:
+if role in user_roles:
-			newroles.append(role)
+newroles.append(role)
-			continue
+continue
-		    parentrole = role.split(':', 1)[0]
+parentrole = role.split(':', 1)[0]
-		    if parentrole in user_roles:
+if parentrole in user_roles:
-			newroles.append(role)
+newroles.append(role)
-			continue
+continue
-		    raise UsageError("Role %s is not permitted."%role)
+raise UsageError("Role %s is not permitted."%role)
-		claim['roles'] = newroles
+claim['roles'] = newroles
-	    else:
+else:
-		claim['roles'] = user_roles
+claim['roles'] = user_roles
-	    secret = self.db.config.WEB_JWT_SECRET
+secret = self.db.config.WEB_JWT_SECRET
-	    myjwt = jwt.encode(claim, secret, algorithm='HS256')
+myjwt = jwt.encode(claim, secret, algorithm='HS256')
-	    result = {"jwt": b2s(myjwt),
+result = {"jwt": b2s(myjwt),
-		     }
+}
-	    return 200, result
+return 200, result
-	@Routing.route("/jwt/validate", 'GET')
+@Routing.route("/jwt/validate", 'GET')
-	@_data_decorator
+@_data_decorator
-	def validate_jwt(self,input):
+def validate_jwt(self,input):
-	    import jwt
+import jwt
-	    if not 'jwt' in input:
+if not 'jwt' in input:
-		raise UsageError("jwt key must be specified")
+raise UsageError("jwt key must be specified")
-	    myjwt = input['jwt'].value
+myjwt = input['jwt'].value
-	    secret = self.db.config.WEB_JWT_SECRET
+secret = self.db.config.WEB_JWT_SECRET
-	    try:
+try:
-		result = jwt.decode(myjwt, secret,
+result = jwt.decode(myjwt, secret,
-				    algorithms=['HS256'],
+algorithms=['HS256'],
-				    audience=self.db.config.TRACKER_WEB,
+audience=self.db.config.TRACKER_WEB,
-				    issuer=self.db.config.TRACKER_WEB,
+issuer=self.db.config.TRACKER_WEB,
-		)
+)
-	    except jwt.exceptions.InvalidTokenError as err:
+except jwt.exceptions.InvalidTokenError as err:
-		return 401, str(err)
+return 401, str(err)
-	    return 200, result
+return 200, result
 **Note this is sample code. Use at your own risk.** It breaks a few
 rules about jwts (e.g. it allows you to make unlimited lifetime
 jwts). If you subscribe to the concept of jwt refresh tokens, this code
 will have to be changed as it will only generate jwts with

Mercurial > p > roundup > code

comparison doc/rest.txt @ 5893:13f5ac918120