This change prevent the username/API token from being displayed in the server logs
and makes the API actually working in a more standardized maner, using the http
headers as they are expected to be.
---
The interesting part about conference is that you learn cool stuff :)
Here is a change which I think makes quite sense and prevents to display user's
personnal information in the server logs.
copr_cli/subcommands.py | 8 ++++++--
coprs_frontend/coprs/views/misc.py | 10 ++++++++--
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/copr_cli/subcommands.py b/copr_cli/subcommands.py
index cb112f2..7e63f52 100644
--- a/copr_cli/subcommands.py
+++ b/copr_cli/subcommands.py
@@ -101,7 +101,9 @@ class AddCopr(Command):
for chroot in args.chroots:
data[chroot] = 'y'
- req = requests.post(URL, params=user, data=data)
+ req = requests.post(URL,
+ auth=(user['username'], user['token']),
+ data=data)
output = json.loads(req.text)
if output['output'] == 'ok':
print output['message']
@@ -136,7 +138,9 @@ class Build(Command):
'timeout': args.timeout
}
- req = requests.post(URL, params=user, data=data)
+ req = requests.post(URL,
+ auth=(user['username'], user['token']),
+ data=data)
output = json.loads(req.text)
if req.status_code == 200:
print 'Something went wrong:\n {0}'.format(output['error'])
diff --git a/coprs_frontend/coprs/views/misc.py b/coprs_frontend/coprs/views/misc.py
index 48a1f3a..d7eb73e 100644
--- a/coprs_frontend/coprs/views/misc.py
+++ b/coprs_frontend/coprs/views/misc.py
@@ -1,3 +1,4 @@
+import base64
import datetime
import functools
@@ -79,8 +80,13 @@ def logout():
def login_required(f):
@functools.wraps(f)
def decorated_function(*args, **kwargs):
- token = flask.request.args.get('token')
- username = flask.request.args.get('username')
+ token = None
+ username = None
+ if 'Authorization' in flask.request.headers:
+ base64string = flask.request.headers['Authorization']
+ base64string = base64string.split()[1].strip()
+ userstring = base64.b64decode(base64string)
+ (username, token) = userstring.split(':')
token_auth = False
if token and username:
user = models.User.query.filter(
--
1.8.1