From 724d54355cfc9b2ef4c0c384afccfcdbb3760b41 Mon Sep 17 00:00:00 2001
From: codl <codl@codl.fr>
Date: Tue, 8 Aug 2017 00:29:38 +0200
Subject: [PATCH] handle revoked privileges more smoothly

---
 lib/twitter.py | 26 +++++++++++++++++++++-----
 model.py       |  6 +++++-
 2 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/lib/twitter.py b/lib/twitter.py
index a9d1d8c..8f7e895 100644
--- a/lib/twitter.py
+++ b/lib/twitter.py
@@ -1,4 +1,4 @@
-from twitter import Twitter, OAuth
+from twitter import Twitter, OAuth, TwitterHTTPError
 from werkzeug.urls import url_decode
 from model import OAuthToken, Account, Post
 from app import db, app
@@ -55,10 +55,23 @@ def get_twitter_for_acc(account):
     consumer_key = app.config['TWITTER_CONSUMER_KEY']
     consumer_secret = app.config['TWITTER_CONSUMER_SECRET']
 
-    token = OAuthToken.query.with_parent(account).order_by(db.desc(OAuthToken.created_at)).first()
-    t = Twitter(
-            auth=OAuth(token.token, token.token_secret, consumer_key, consumer_secret))
-    return t
+    tokens = OAuthToken.query.with_parent(account).order_by(db.desc(OAuthToken.created_at)).all()
+    for token in tokens:
+        t = Twitter(
+                auth=OAuth(token.token, token.token_secret, consumer_key, consumer_secret))
+        try:
+            t.account.verify_credentials()
+            return t
+        except TwitterHTTPError as e:
+            if e.e.code == 401:
+                # token revoked
+                db.session.delete(token)
+                db.session.commit()
+
+    # if no tokens are valid, we log out the user so we'll get a fresh
+    # token when they log in again
+    account.force_log_out()
+    return None
 
 locale.setlocale(locale.LC_TIME, 'C')
 
@@ -82,6 +95,9 @@ def post_from_api_tweet_object(tweet, post=None):
 
 def fetch_acc(account, cursor, consumer_key=None, consumer_secret=None):
     t = get_twitter_for_acc(account)
+    if not t:
+        print("no twitter access, aborting")
+        return
 
     user = t.account.verify_credentials()
     db.session.merge(account_from_api_user_object(user))
diff --git a/model.py b/model.py
index 195122c..448b2eb 100644
--- a/model.py
+++ b/model.py
@@ -76,6 +76,7 @@ class Account(TimestampMixin, RemoteIDMixin):
     # backref: tokens
     # backref: twitter_archives
     # backref: posts
+    # backref: sessions
 
     def __repr__(self):
         return f"<Account({self.id}, {self.screen_name}, {self.display_name})>"
@@ -97,6 +98,9 @@ class Account(TimestampMixin, RemoteIDMixin):
         return query.count()
 
 
+    def force_log_out(self):
+        Session.query.with_parent(self).delete()
+        db.session.commit()
 
 
 class Account(Account, db.Model):
@@ -120,7 +124,7 @@ class Session(db.Model, TimestampMixin):
     id = db.Column(db.String, primary_key=True, default=lambda: secrets.token_urlsafe())
 
     account_id = db.Column(db.String, db.ForeignKey('accounts.id', ondelete='CASCADE', onupdate='CASCADE'), nullable=False)
-    account = db.relationship(Account, lazy='joined')
+    account = db.relationship(Account, lazy='joined', backref='sessions')
 
 class Post(db.Model, TimestampMixin, RemoteIDMixin):
     __tablename__ = 'posts'