Improved authentication

api_specification.md

-# Specification of the Web API for the Video-AG Website (v0.6).
+# Specification of the Web API for the Video-AG Website (v0.8).
 
 ## Introduction
 
@@ -42,7 +42,7 @@ The **changelog** can be found [at the end](#changelog).
 
 ## Routes
 
-### Public Courses and Lectures
+### Miscellaneous
 
 ---
 
@@ -106,6 +106,8 @@ A [homepage](#homepage) object.
 
 ---
 
+### Courses and Lectures
+
 ###### Request:
 
 `GET /courses`
@@ -322,6 +324,8 @@ A [course](#course) object.
 
 ---
 
+### Authentication
+
 ###### Request:
 
 `POST /authentication/password`
@@ -474,6 +478,7 @@ Panels on the homepage showing text or featuring some lectures
 | description                    | string                        |                                                                                                                                                                      |
 | show_chapters_on_course        | boolean                       | If true, chapters should be shown on the course page                                                                                                                 |
 | default_authentication_methods | authentication_methods        | Default authentication methods for lectures in this course. Some Lectures might have different methods (A lecture object always contains its authentication methods) |
+| authentication_information     | ?string                       | May contain additional information on how the user can authenticate themselves                                                                                       |
 | lectures                       | ?array of [lecture](#lecture) | Only present if requested. All (public) lectures. Lectures will include chapters and media_sources                                                                   |
 
 #### lecture
@@ -562,6 +567,10 @@ Possible `error_code`:
 
 Only **changes**, no additions!
 
+### v0.8
+
+* Added `authentication_information` to `course` object
+
 ### v0.7
 
 * Added `bad_request` and `method_not_allowed` error codes

src/api/authentication.py

@@ -23,11 +23,11 @@ def get_effective_auth(auth_list_db: []) -> []:
     course_auth = []
     lecture_auth = []
     for auth_db in auth_list_db:
-        if "course_id" in auth_db:
+        if "course_id" in auth_db and auth_db["course_id"] is not None:
             course_auth.append(auth_db)
-        elif "lecture_id" in auth_db:
+        elif "lecture_id" in auth_db and auth_db["lecture_id"] is not None:
             lecture_auth.append(auth_db)
-        elif "video_id" in auth_db:
+        elif "video_id" in auth_db and auth_db["video_id"] is not None:
             pass  # Not supported anymore
         else:
             raise Exception("Permission has no course, lecture or video id set")
@@ -134,6 +134,7 @@ def authenticate_password(lecture_id: int, username: str, password: str):
         if "auth_data" not in session:
             session["auth_data"] = {}
         session["auth_data"][username] = password
+        session.modified = True
         return
     if not found_password:
         raise ApiClientException(ERROR_LECTURE_HAS_NO_PASSWORD)

src/api/course.py

@@ -2,6 +2,19 @@ from api.api import *
 
 from api.db_helper import *
 
+COURSE_SECONDARY_DB_SELECTION = """\
+    courses.handle AS course_handle, \
+    courses.title AS course_title, \
+    courses.short AS course_short, \
+    courses.organizer AS course_organizer, \
+    courses.subject AS course_subject, \
+    courses.description AS course_description, \
+    courses.coursechapters AS course_coursechapters, \
+    courses.semester AS course_semester, \
+    courses.login_info AS course_login_info, \
+    courses.listed AS course_listed, \
+    courses.visible AS course_visible \
+    """
 
 def course_list_db_to_json_no_lectures(courses_db: [], auth_db: []):
     """
@@ -26,30 +39,21 @@ def course_db_to_json_no_auth_lectures(course_db: {}):
         "full_name": course_db["title"],
         "short_name": course_db["short"],
         "organizer": course_db["organizer"],
+        "topic": course_db["subject"],
         "description": course_db["description"],
         "show_chapters_on_course": bool(course_db["coursechapters"])
     }
     if "semester" in course_db:
         course_json["semester"] = course_db["semester"]
     
+    if "login_info" in course_db and len(course_db["login_info"]) > 0:
+        course_json["authentication_information"] = course_db["login_info"]
     return course_json
 
 
 def course_db_to_json_no_lectures(course_db: {}, auth_db: []):
-    course_json = {
-        "id": course_db["id"],
-        "id_string": course_db["handle"],
-        "full_name": course_db["title"],
-        "short_name": course_db["short"],
-        "organizer": course_db["organizer"],
-        "topic": course_db["subject"],
-        "description": course_db["description"],
-        "show_chapters_on_course": bool(course_db["coursechapters"]),
-        "default_authentication_methods": authentication.get_authentication_methods(auth_db)
-    }
-    if "semester" in course_db:
-        course_json["semester"] = course_db["semester"]
-    
+    course_json = course_db_to_json_no_auth_lectures(course_db)
+    course_json["default_authentication_methods"] = authentication.get_authentication_methods(auth_db)
     return course_json
 
 
@@ -68,6 +72,8 @@ def course_secondary_db_to_json_no_lectures(secondary_course_db: {}, auth_db: []
     if "course_semester" in secondary_course_db:
         course_json["semester"] = secondary_course_db["course_semester"]
     
+    if "course_login_info" in secondary_course_db and len(secondary_course_db["course_login_info"]) > 0:
+        course_json["authentication_information"] = secondary_course_db["course_login_info"]
     return course_json
 
 

src/api/errors.py

 from api.api import *
 import json
 
+
 class ApiError:
     
     def __init__(self, error_code: str, http_status_code: int, message: str):

src/api/routes/site.py

@@ -57,16 +57,8 @@ def api_homepage():
 def get_homepage_upcoming_lectures(courses_context: {}):
     upcoming_start: date = date.today()
     upcoming_end: date = upcoming_start + timedelta(days=7)
-    upcoming_db = query("""\
-        SELECT lectures.*, \
-            courses.handle AS course_handle, \
-            courses.title AS course_title, \
-            courses.short AS course_short, \
-            courses.organizer AS course_organizer, \
-            courses.subject AS course_subject, \
-            courses.description AS course_description, \
-            courses.coursechapters AS course_coursechapters, \
-            courses.semester AS course_semester \
+    upcoming_db = query(f"""\
+        SELECT lectures.*, {COURSE_SECONDARY_DB_SELECTION} \
         FROM lectures \
         JOIN courses ON (lectures.course_id = courses.id) \
         WHERE (time >= ?) \
@@ -113,16 +105,8 @@ def get_homepage_upcoming_lectures(courses_context: {}):
 
 
 def get_homepage_latest_lectures(courses_context: {}):
-    latest_media_db = query("""\
-        SELECT lectures.*, \
-            courses.handle AS course_handle, \
-            courses.title AS course_title, \
-            courses.short AS course_short, \
-            courses.organizer AS course_organizer, \
-            courses.subject AS course_subject, \
-            courses.description AS course_description, \
-            courses.coursechapters AS course_coursechapters, \
-            courses.semester AS course_semester \
+    latest_media_db = query(f"""\
+        SELECT lectures.*, {COURSE_SECONDARY_DB_SELECTION} \
         FROM lectures \
         JOIN videos ON (videos.lecture_id = lectures.id) \
         JOIN courses ON (lectures.course_id = courses.id) \
@@ -147,16 +131,8 @@ def get_homepage_latest_lectures(courses_context: {}):
             JOIN perm ON (perm.lecture_id = sub_lecture_id OR perm.course_id = sub_course_id) \
             WHERE (NOT perm.deleted) \
         """)  # Might be inconsistent if database was updated in between
-    active_livestreams_db = query("""\
-        SELECT lectures.*, \
-            courses.handle AS course_handle, \
-            courses.title AS course_title, \
-            courses.short AS course_short, \
-            courses.organizer AS course_organizer, \
-            courses.subject AS course_subject, \
-            courses.description AS course_description, \
-            courses.coursechapters AS course_coursechapters, \
-            courses.semester AS course_semester \
+    active_livestreams_db = query(f"""\
+        SELECT lectures.*, {COURSE_SECONDARY_DB_SELECTION} \
         FROM lectures \
         JOIN courses ON (lectures.course_id = courses.id) \
         WHERE (lectures.stream_job IS NOT NULL) \
@@ -223,16 +199,8 @@ def get_homepage_featured(courses_context: {}):
             })
         elif featured_db["type"] == "video":
             lecture_id = int(featured_db["param"])
-            lecture_list_db = query("""\
-                SELECT lectures.*, \
-                    courses.handle AS course_handle, \
-                    courses.title AS course_title, \
-                    courses.short AS course_short, \
-                    courses.organizer AS course_organizer, \
-                    courses.subject AS course_subject, \
-                    courses.description AS course_description, \
-                    courses.coursechapters AS course_coursechapters, \
-                    courses.semester AS course_semester \
+            lecture_list_db = query(f"""\
+                SELECT lectures.*, {COURSE_SECONDARY_DB_SELECTION}
                 FROM lectures \
                 JOIN courses ON (lectures.course_id = courses.id) \
                 WHERE lectures.id = ? \