From 62d14bf50baf45ac15fe5276be74b073de880f77 Mon Sep 17 00:00:00 2001
From: Sebastian Spaeth <Sebastian@SSpaeth.de>
Date: Thu, 15 Nov 2012 16:55:15 +0100
Subject: Transition webob.HttpForbidden to webob's exceptions Forbidden

Also the BadRequest exception.
---
 mediagoblin/plugins/api/tools.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'mediagoblin/plugins/api/tools.py')

diff --git a/mediagoblin/plugins/api/tools.py b/mediagoblin/plugins/api/tools.py
index ecc50364..c4073d23 100644
--- a/mediagoblin/plugins/api/tools.py
+++ b/mediagoblin/plugins/api/tools.py
@@ -18,8 +18,9 @@ import logging
 import json
 
 from functools import wraps
-from webob import exc, Response
+from webob import Response
 from urlparse import urljoin
+from werkzeug.exceptions import Forbidden
 
 from mediagoblin import mg_globals
 from mediagoblin.tools.pluginapi import PluginManager
@@ -143,7 +144,7 @@ def api_auth(controller):
         # If we can't find any authentication methods, we should not let them
         # pass.
         if not auth_candidates:
-            return exc.HTTPForbidden()
+            return Forbidden()
 
         # For now, just select the first one in the list
         auth = auth_candidates[0]
@@ -157,7 +158,7 @@ def api_auth(controller):
                         'status': 403,
                         'errors': auth.errors})
 
-            return exc.HTTPForbidden()
+            return Forbidden()
 
         return controller(request, *args, **kw)
 
-- 
cgit v1.2.3


From 7c552c0bd76a4bb0292bbdf694d0ce4ba65de0a7 Mon Sep 17 00:00:00 2001
From: Sebastian Spaeth <Sebastian@SSpaeth.de>
Date: Wed, 12 Dec 2012 11:38:51 +0100
Subject: plugins/api: use headers.set(), not headers.update()

The werkzeug.Response().headers do not offer an update() method as
the same key can be twice in the header 'dict'. Thus, iterate over
the header keys and use header.set(key, value) which replaces an
existing header key.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
---
 mediagoblin/plugins/api/tools.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'mediagoblin/plugins/api/tools.py')

diff --git a/mediagoblin/plugins/api/tools.py b/mediagoblin/plugins/api/tools.py
index c4073d23..333a5682 100644
--- a/mediagoblin/plugins/api/tools.py
+++ b/mediagoblin/plugins/api/tools.py
@@ -71,7 +71,7 @@ def json_response(serializable, _disable_cors=False, *args, **kw):
                 'Access-Control-Allow-Origin': '*',
                 'Access-Control-Allow-Methods': 'POST, GET, OPTIONS',
                 'Access-Control-Allow-Headers': 'Content-Type, X-Requested-With'}
-        response.headers.update(cors_headers)
+        (response.headers.set(key, value) for key, value in cors_headers)
 
     return response
 
-- 
cgit v1.2.3


From cc195d5b821319732038fbd5d13bcc8b5a951ffc Mon Sep 17 00:00:00 2001
From: Sebastian Spaeth <Sebastian@SSpaeth.de>
Date: Fri, 16 Nov 2012 11:31:16 +0100
Subject: plugins/api: webob.Response -> werkzeug.Response

---
 mediagoblin/plugins/api/tools.py | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

(limited to 'mediagoblin/plugins/api/tools.py')

diff --git a/mediagoblin/plugins/api/tools.py b/mediagoblin/plugins/api/tools.py
index 333a5682..0ef91127 100644
--- a/mediagoblin/plugins/api/tools.py
+++ b/mediagoblin/plugins/api/tools.py
@@ -18,10 +18,9 @@ import logging
 import json
 
 from functools import wraps
-from webob import Response
 from urlparse import urljoin
 from werkzeug.exceptions import Forbidden
-
+from werkzeug.wrappers import Response
 from mediagoblin import mg_globals
 from mediagoblin.tools.pluginapi import PluginManager
 from mediagoblin.storage.filestorage import BasicFileStorage
@@ -55,16 +54,15 @@ class Auth(object):
 
 def json_response(serializable, _disable_cors=False, *args, **kw):
     '''
-    Serializes a json objects and returns a webob.Response object with the
+    Serializes a json objects and returns a werkzeug Response object with the
     serialized value as the response body and Content-Type: application/json.
 
     :param serializable: A json-serializable object
 
     Any extra arguments and keyword arguments are passed to the
-    webob.Response.__init__ method.
+    Response.__init__ method.
     '''
-    response = Response(json.dumps(serializable), *args, **kw)
-    response.headers['Content-Type'] = 'application/json'
+    response = Response(json.dumps(serializable), *args, content_type='application/json', **kw)
 
     if not _disable_cors:
         cors_headers = {
-- 
cgit v1.2.3


From cfa922295e5ddfaab336a3c2c0403422f77758b6 Mon Sep 17 00:00:00 2001
From: Sebastian Spaeth <Sebastian@SSpaeth.de>
Date: Sun, 23 Dec 2012 11:58:51 +0100
Subject: Convert return HttpException to raise HttpException

controllers (view function) raise HttpException's and do not return them.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
---
 mediagoblin/plugins/api/tools.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'mediagoblin/plugins/api/tools.py')

diff --git a/mediagoblin/plugins/api/tools.py b/mediagoblin/plugins/api/tools.py
index 0ef91127..03f528ce 100644
--- a/mediagoblin/plugins/api/tools.py
+++ b/mediagoblin/plugins/api/tools.py
@@ -142,7 +142,7 @@ def api_auth(controller):
         # If we can't find any authentication methods, we should not let them
         # pass.
         if not auth_candidates:
-            return Forbidden()
+            raise Forbidden()
 
         # For now, just select the first one in the list
         auth = auth_candidates[0]
@@ -156,7 +156,7 @@ def api_auth(controller):
                         'status': 403,
                         'errors': auth.errors})
 
-            return Forbidden()
+            raise Forbidden()
 
         return controller(request, *args, **kw)
 
-- 
cgit v1.2.3


From 57c6473aa2146f3337a42cb4b9c54dc164b7b76a Mon Sep 17 00:00:00 2001
From: Joar Wandborg <git@wandborg.com>
Date: Sun, 23 Dec 2012 00:34:27 +0100
Subject: Added API tests

---
 mediagoblin/plugins/api/tools.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'mediagoblin/plugins/api/tools.py')

diff --git a/mediagoblin/plugins/api/tools.py b/mediagoblin/plugins/api/tools.py
index 03f528ce..e5878258 100644
--- a/mediagoblin/plugins/api/tools.py
+++ b/mediagoblin/plugins/api/tools.py
@@ -135,8 +135,8 @@ def api_auth(controller):
         auth_candidates = []
 
         for auth in PluginManager().get_hook_callables('auth'):
-            _log.debug('Plugin auth: {0}'.format(auth))
             if auth.trigger(request):
+                _log.debug('{0} believes it is capable of authenticating this request.'.format(auth))
                 auth_candidates.append(auth)
 
         # If we can't find any authentication methods, we should not let them
-- 
cgit v1.2.3


From 9b2cd962af78ce8fbe2bce88d7b9d3a9d01e4aa9 Mon Sep 17 00:00:00 2001
From: Runar Petursson <runar@betur.com>
Date: Fri, 15 Feb 2013 10:17:24 +0800
Subject: plugins/api: fix for cross origin requests

The response headers were never getting set because of a bug in the 7c552c0
commit.  This expands the loop into a more readable form and results in the
headers getting set.
---
 mediagoblin/plugins/api/tools.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'mediagoblin/plugins/api/tools.py')

diff --git a/mediagoblin/plugins/api/tools.py b/mediagoblin/plugins/api/tools.py
index e5878258..92411f4b 100644
--- a/mediagoblin/plugins/api/tools.py
+++ b/mediagoblin/plugins/api/tools.py
@@ -69,7 +69,8 @@ def json_response(serializable, _disable_cors=False, *args, **kw):
                 'Access-Control-Allow-Origin': '*',
                 'Access-Control-Allow-Methods': 'POST, GET, OPTIONS',
                 'Access-Control-Allow-Headers': 'Content-Type, X-Requested-With'}
-        (response.headers.set(key, value) for key, value in cors_headers)
+        for key, value in cors_headers.iteritems():
+            response.headers.set(key, value)
 
     return response
 
-- 
cgit v1.2.3