From 0c6ccca5fac44ab40671627fd3181e9b138672fa Mon Sep 17 00:00:00 2001
From: Fabian Mastenbroek <mail.fabianm@gmail.com>
Date: Fri, 14 May 2021 15:17:49 +0200
Subject: api: Migrate to Auth0 for API authorization

This change updates the OpenDC API to use Auth0 for API authorization.
This removes the hard dependency on Google for logging into OpenDC and
simplifies implementation as we do not have to store user information
anymore, other than the user identifier.
---
 .../opendc-web-api/opendc/api/v2/scenarios/scenarioId/endpoint.py   | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'opendc-web/opendc-web-api/opendc/api/v2/scenarios/scenarioId/endpoint.py')

diff --git a/opendc-web/opendc-web-api/opendc/api/v2/scenarios/scenarioId/endpoint.py b/opendc-web/opendc-web-api/opendc/api/v2/scenarios/scenarioId/endpoint.py
index 88a74e9c..7399f98c 100644
--- a/opendc-web/opendc-web-api/opendc/api/v2/scenarios/scenarioId/endpoint.py
+++ b/opendc-web/opendc-web-api/opendc/api/v2/scenarios/scenarioId/endpoint.py
@@ -11,7 +11,7 @@ def GET(request):
     scenario = Scenario.from_id(request.params_path['scenarioId'])
 
     scenario.check_exists()
-    scenario.check_user_access(request.google_id, False)
+    scenario.check_user_access(request.current_user['sub'], False)
 
     return Response(200, 'Successfully retrieved scenario.', scenario.obj)
 
@@ -26,7 +26,7 @@ def PUT(request):
     scenario = Scenario.from_id(request.params_path['scenarioId'])
 
     scenario.check_exists()
-    scenario.check_user_access(request.google_id, True)
+    scenario.check_user_access(request.current_user['sub'], True)
 
     scenario.set_property('name',
                           request.params_body['scenario']['name'])
@@ -44,7 +44,7 @@ def DELETE(request):
     scenario = Scenario.from_id(request.params_path['scenarioId'])
 
     scenario.check_exists()
-    scenario.check_user_access(request.google_id, True)
+    scenario.check_user_access(request.current_user['sub'], True)
 
     scenario_id = scenario.get_id()
 
-- 
cgit v1.2.3


From 2281d3265423d01e60f8cc088de5a5730bb8a910 Mon Sep 17 00:00:00 2001
From: Fabian Mastenbroek <mail.fabianm@gmail.com>
Date: Sat, 15 May 2021 13:09:06 +0200
Subject: api: Migrate to Flask Restful

This change updates the API to use Flask Restful instead of our own
in-house REST library. This change reduces the maintenance effort and
allows us to drastically simplify the API implementation needed for the
OpenDC v2 API.
---
 .../opendc/api/v2/scenarios/scenarioId/endpoint.py | 59 ----------------------
 1 file changed, 59 deletions(-)
 delete mode 100644 opendc-web/opendc-web-api/opendc/api/v2/scenarios/scenarioId/endpoint.py

(limited to 'opendc-web/opendc-web-api/opendc/api/v2/scenarios/scenarioId/endpoint.py')

diff --git a/opendc-web/opendc-web-api/opendc/api/v2/scenarios/scenarioId/endpoint.py b/opendc-web/opendc-web-api/opendc/api/v2/scenarios/scenarioId/endpoint.py
deleted file mode 100644
index 7399f98c..00000000
--- a/opendc-web/opendc-web-api/opendc/api/v2/scenarios/scenarioId/endpoint.py
+++ /dev/null
@@ -1,59 +0,0 @@
-from opendc.models.scenario import Scenario
-from opendc.models.portfolio import Portfolio
-from opendc.util.rest import Response
-
-
-def GET(request):
-    """Get this Scenario."""
-
-    request.check_required_parameters(path={'scenarioId': 'string'})
-
-    scenario = Scenario.from_id(request.params_path['scenarioId'])
-
-    scenario.check_exists()
-    scenario.check_user_access(request.current_user['sub'], False)
-
-    return Response(200, 'Successfully retrieved scenario.', scenario.obj)
-
-
-def PUT(request):
-    """Update this Scenarios name."""
-
-    request.check_required_parameters(path={'scenarioId': 'string'}, body={'scenario': {
-        'name': 'string',
-    }})
-
-    scenario = Scenario.from_id(request.params_path['scenarioId'])
-
-    scenario.check_exists()
-    scenario.check_user_access(request.current_user['sub'], True)
-
-    scenario.set_property('name',
-                          request.params_body['scenario']['name'])
-
-    scenario.update()
-
-    return Response(200, 'Successfully updated scenario.', scenario.obj)
-
-
-def DELETE(request):
-    """Delete this Scenario."""
-
-    request.check_required_parameters(path={'scenarioId': 'string'})
-
-    scenario = Scenario.from_id(request.params_path['scenarioId'])
-
-    scenario.check_exists()
-    scenario.check_user_access(request.current_user['sub'], True)
-
-    scenario_id = scenario.get_id()
-
-    portfolio = Portfolio.from_id(scenario.obj['portfolioId'])
-    portfolio.check_exists()
-    if scenario_id in portfolio.obj['scenarioIds']:
-        portfolio.obj['scenarioIds'].remove(scenario_id)
-    portfolio.update()
-
-    old_object = scenario.delete()
-
-    return Response(200, 'Successfully deleted scenario.', old_object)
-- 
cgit v1.2.3