Merge pull request #1993 from chaoss/cherrypick-login-dev

Cherrypick login dev

augur/api/routes/collection_status.py

@@ -6,10 +6,11 @@
 
 AUGUR_API_VERSION = 'api/unstable'
 
+
 def create_routes(server):
 
     @server.app.route('/{}/collection_status/commits'.format(AUGUR_API_VERSION))
-    def commit_collection_status(): #TODO: make this name automatic - wrapper?
+    def commit_collection_status():  # TODO: make this name automatic - wrapper?
         commit_collection_sql = s.sql.text("""
             SELECT
                 repo_id,
@@ -34,13 +35,14 @@ def commit_collection_status(): #TODO: make this name automatic - wrapper?
                 repo_status = 'Complete'
         """)
         results = pd.read_sql(commit_collection_sql,  server.engine)
-        data = results.to_json(orient="records", date_format='iso', date_unit='ms')
+        data = results.to_json(
+            orient="records", date_format='iso', date_unit='ms')
         return Response(response=data,
                         status=200,
                         mimetype="application/json")
 
     @server.app.route('/{}/collection_status/issues'.format(AUGUR_API_VERSION))
-    def issue_collection_status(): #TODO: make this name automatic - wrapper?
+    def issue_collection_status():  # TODO: make this name automatic - wrapper?
         issue_collection_sql = s.sql.text("""
             SELECT
                 *
@@ -94,14 +96,15 @@ def issue_collection_status(): #TODO: make this name automatic - wrapper?
             WHERE d.issues_enabled = 'true';
         """)
         results = pd.read_sql(issue_collection_sql,  server.engine)
-        data = results.to_json(orient="records", date_format='iso', date_unit='ms')
+        data = results.to_json(
+            orient="records", date_format='iso', date_unit='ms')
         parsed_data = json.loads(data)
         return Response(response=data,
                         status=200,
                         mimetype="application/json")
 
     @server.app.route('/{}/collection_status/pull_requests'.format(AUGUR_API_VERSION))
-    def pull_request_collection_status(): #TODO: make this name automatic - wrapper?
+    def pull_request_collection_status():  # TODO: make this name automatic - wrapper?
         pull_request_collection_sql = s.sql.text("""
             SELECT
                 *
@@ -163,7 +166,8 @@ def pull_request_collection_status(): #TODO: make this name automatic - wrapper?
                 ratio_abs;
         """)
         results = pd.read_sql(pull_request_collection_sql,  server.engine)
-        data = results.to_json(orient="records", date_format='iso', date_unit='ms')
+        data = results.to_json(
+            orient="records", date_format='iso', date_unit='ms')
         parsed_data = json.loads(data)
         return Response(response=data,
                         status=200,

augur/api/routes/config.py

@@ -5,9 +5,12 @@
 import logging
 import requests
 import json
+import os
 from flask import request, jsonify, Response
 import sqlalchemy as s
 
+# Disable the requirement for SSL by setting env["AUGUR_DEV"] = True
+development = os.getenv("AUGUR_DEV") or False
 
 from augur.application.db.models import Config
 from augur.application.db.session import DatabaseSession
@@ -31,9 +34,9 @@ def unsupported_method(error):
         return jsonify({"status": "Unsupported method"}), 405
 
 
-    @server.app.route(f"/{AUGUR_API_VERSION}/config/get", methods=['POST'])
+    @server.app.route(f"/{AUGUR_API_VERSION}/config/get", methods=['GET', 'POST'])
     def get_config():
-        if not request.is_secure:
+        if not development and not request.is_secure:
             return generate_upgrade_request()
 
         with DatabaseSession(logger) as session:
@@ -45,10 +48,10 @@ def get_config():
 
     @server.app.route(f"/{AUGUR_API_VERSION}/config/update", methods=['POST'])
     def update_config():
-        if not request.is_secure:
+        if not development and not request.is_secure:
             return generate_upgrade_request()
 
-        update_dict= request.get_json()
+        update_dict = request.get_json()
 
         with DatabaseSession(logger) as session:
 

augur/api/routes/user.py

@@ -6,19 +6,24 @@
 import logging
 import requests
 import json
+import os
 from flask import request, Response, jsonify
 from werkzeug.security import generate_password_hash, check_password_hash
 from sqlalchemy.sql import text
 from sqlalchemy.orm import sessionmaker
 
 from augur.application.db.models import User
 
+# Disable the requirement for SSL by setting env["AUGUR_DEV"] = True
+development = os.getenv("AUGUR_DEV") or False
+
 logger = logging.getLogger(__name__)
 from augur.application.db.engine import create_database_engine
 Session = sessionmaker(bind=create_database_engine())
 
 AUGUR_API_VERSION = 'api/unstable'
 
+# TODO This should probably be available to all endpoints
 def generate_upgrade_request():
     # https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/426
     response = jsonify({"status": "SSL Required"})
@@ -28,15 +33,16 @@ def generate_upgrade_request():
     return response, 426
 
 def create_routes(server):
-
+    # TODO This functionality isn't specific to the User endpoints, and should be moved
     @server.app.errorhandler(405)
     def unsupported_method(error):
         return jsonify({"status": "Unsupported method"}), 405
 
     @server.app.route(f"/{AUGUR_API_VERSION}/user/validate", methods=['POST'])
     def validate_user():
-        if not request.is_secure:
+        if not development and not request.is_secure:
             return generate_upgrade_request()
+
         session = Session()
         username = request.args.get("username")
         password = request.args.get("password")
@@ -51,10 +57,27 @@ def validate_user():
         if checkPassword == False:
             return jsonify({"status": "Invalid password"})
         return jsonify({"status": "Validated"})
+
+    @server.app.route(f"/{AUGUR_API_VERSION}/user/query", methods=['POST'])
+    def query_user():
+        if not development and not request.is_secure:
+            return generate_upgrade_request()
+
+        session = Session()
+        username = request.args.get("username")
+        if username is None:
+            # https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/400
+            return jsonify({"status": "Missing argument"}), 400
+        user = session.query(User).filter(User.login_name == username).first()
+
+        if user is None:
+            return jsonify({"status": "Invalid username"})
 
-    @server.app.route(f"/{AUGUR_API_VERSION}/user/create", methods=['POST', 'GET'])
+        return jsonify({"status": True})
+
+    @server.app.route(f"/{AUGUR_API_VERSION}/user/create", methods=['POST'])
     def create_user():
-        if not request.is_secure:
+        if not development and not request.is_secure:
             return generate_upgrade_request()
 
         session = Session()
@@ -63,6 +86,7 @@ def create_user():
         email = request.args.get("email")
         first_name = request.args.get("first_name")
         last_name = request.args.get("last_name")
+        admin = request.args.get("create_admin") or False
 
         if username is None or password is None or email is None:
             # https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/400
@@ -74,17 +98,18 @@ def create_user():
         if emailCheck is not None:
             return jsonify({"status": "Email already exists"})
         try:
-            user = User(login_name = username, login_hashword = generate_password_hash(password), email = email, first_name = first_name, last_name = last_name, tool_source="User API", tool_version=None, data_source="API")
+            user = User(login_name = username, login_hashword = generate_password_hash(password), email = email, first_name = first_name, last_name = last_name, admin=admin, tool_source="User API", tool_version=None, data_source="API")
             session.add(user)
             session.commit()
             return jsonify({"status": "User created"})
         except AssertionError as exception_message: 
             return jsonify(msg='Error: {}. '.format(exception_message)), 400
 
-    @server.app.route(f"/{AUGUR_API_VERSION}/user/remove", methods=['GET', 'PUT','DELETE'])
+    @server.app.route(f"/{AUGUR_API_VERSION}/user/remove", methods=['POST', 'DELETE'])
     def delete_user():
-        if not request.is_secure:
+        if not development and not request.is_secure:
             return generate_upgrade_request()
+
         session = Session()
         username = request.args.get("username")
         if username is None:
@@ -97,8 +122,11 @@ def delete_user():
             session.commit()
             return jsonify({"status": "User deleted"}), 200
 
-    @server.app.route(f"/{AUGUR_API_VERSION}/user/update", methods=['GET', 'POST'])
+    @server.app.route(f"/{AUGUR_API_VERSION}/user/update", methods=['POST'])
     def update_user():
+        if not development and not request.is_secure:
+            return generate_upgrade_request()
+
         session = Session()
         username = request.args.get("username")
         password = request.args.get("password")