handle revoked privileges more smoothly

2017-08-08 00:29:38 +02:00 · 2017-08-08 00:29:38 +02:00 · 724d54355c
parent 4f40853b78
commit 724d54355c
2 changed files with 26 additions and 6 deletions
--- a/lib/twitter.py
+++ b/lib/twitter.py
@ -1,4 +1,4 @@
-from twitter import Twitter, OAuth
+from twitter import Twitter, OAuth, TwitterHTTPError
 from werkzeug.urls import url_decode
 from model import OAuthToken, Account, Post
 from app import db, app
@ -55,10 +55,23 @@ def get_twitter_for_acc(account):
    consumer_key = app.config['TWITTER_CONSUMER_KEY']
    consumer_secret = app.config['TWITTER_CONSUMER_SECRET']

-    token = OAuthToken.query.with_parent(account).order_by(db.desc(OAuthToken.created_at)).first()
-    t = Twitter(
-            auth=OAuth(token.token, token.token_secret, consumer_key, consumer_secret))
-    return t
+    tokens = OAuthToken.query.with_parent(account).order_by(db.desc(OAuthToken.created_at)).all()
+    for token in tokens:
+        t = Twitter(
+                auth=OAuth(token.token, token.token_secret, consumer_key, consumer_secret))
+        try:
+            t.account.verify_credentials()
+            return t
+        except TwitterHTTPError as e:
+            if e.e.code == 401:
+                # token revoked
+                db.session.delete(token)
+                db.session.commit()
+
+    # if no tokens are valid, we log out the user so we'll get a fresh
+    # token when they log in again
+    account.force_log_out()
+    return None

 locale.setlocale(locale.LC_TIME, 'C')

@ -82,6 +95,9 @@ def post_from_api_tweet_object(tweet, post=None):

 def fetch_acc(account, cursor, consumer_key=None, consumer_secret=None):
    t = get_twitter_for_acc(account)
+    if not t:
+        print("no twitter access, aborting")
+        return

    user = t.account.verify_credentials()
    db.session.merge(account_from_api_user_object(user))
--- a/model.py
+++ b/model.py
@ -76,6 +76,7 @@ class Account(TimestampMixin, RemoteIDMixin):
    # backref: tokens
    # backref: twitter_archives
    # backref: posts
+    # backref: sessions

    def __repr__(self):
        return f"<Account({self.id}, {self.screen_name}, {self.display_name})>"
@ -97,6 +98,9 @@ class Account(TimestampMixin, RemoteIDMixin):
        return query.count()


+    def force_log_out(self):
+        Session.query.with_parent(self).delete()
+        db.session.commit()


 class Account(Account, db.Model):
@ -120,7 +124,7 @@ class Session(db.Model, TimestampMixin):
    id = db.Column(db.String, primary_key=True, default=lambda: secrets.token_urlsafe())

    account_id = db.Column(db.String, db.ForeignKey('accounts.id', ondelete='CASCADE', onupdate='CASCADE'), nullable=False)
-    account = db.relationship(Account, lazy='joined')
+    account = db.relationship(Account, lazy='joined', backref='sessions')

 class Post(db.Model, TimestampMixin, RemoteIDMixin):
    __tablename__ = 'posts'