apply auth requirement to virtually all endpoints

atst/routes/requests/financial_verification.py

@@ -4,9 +4,11 @@ from flask import request as http_request
 from . import requests_bp
 from atst.domain.requests import Requests
 from atst.forms.financial import FinancialForm
+from atst.domain.auth import login_required
 
 
 @requests_bp.route("/requests/verify/<string:request_id>", methods=["GET"])
+@login_required
 def financial_verification(request_id=None):
     request = Requests.get(request_id)
     form = FinancialForm(data=request.body.get("financial_verification"))
@@ -16,6 +18,7 @@ def financial_verification(request_id=None):
 
 
 @requests_bp.route("/requests/verify/<string:request_id>", methods=["POST"])
+@login_required
 def update_financial_verification(request_id):
     post_data = http_request.form
     existing_request = Requests.get(request_id)
@@ -40,5 +43,6 @@ def update_financial_verification(request_id):
 
 
 @requests_bp.route("/requests/financial_verification_submitted")
+@login_required
 def financial_verification_submitted():
     pass

atst/routes/requests/index.py

@@ -3,6 +3,7 @@ from flask import render_template, g
 
 from . import requests_bp
 from atst.domain.requests import Requests
+from atst.domain.auth import login_required
 
 
 def map_request(user, request):
@@ -20,6 +21,7 @@ def map_request(user, request):
 
 
 @requests_bp.route("/requests", methods=["GET"])
+@login_required
 def requests_index():
     requests = []
     if (

atst/routes/requests/requests_form.py

@@ -3,10 +3,11 @@ from flask import g, redirect, render_template, url_for, request as http_request
 from . import requests_bp
 from atst.domain.requests import Requests
 from atst.routes.requests.jedi_request_flow import JEDIRequestFlow
+from atst.domain.auth import login_required
 
 
-@requests_bp.route("/requests/new", defaults={"screen": 1})
 @requests_bp.route("/requests/new/<int:screen>", methods=["GET"])
+@login_required
 def requests_form_new(screen):
     jedi_flow = JEDIRequestFlow(screen, request=None)
 
@@ -25,6 +26,7 @@ def requests_form_new(screen):
     "/requests/new/<int:screen>", methods=["GET"], defaults={"request_id": None}
 )
 @requests_bp.route("/requests/new/<int:screen>/<string:request_id>", methods=["GET"])
+@login_required
 def requests_form_update(screen=1, request_id=None):
     request = Requests.get(request_id) if request_id is not None else None
     jedi_flow = JEDIRequestFlow(screen, request, request_id=request_id)
@@ -45,6 +47,7 @@ def requests_form_update(screen=1, request_id=None):
     "/requests/new/<int:screen>", methods=["POST"], defaults={"request_id": None}
 )
 @requests_bp.route("/requests/new/<int:screen>/<string:request_id>", methods=["POST"])
+@login_required
 def requests_update(screen=1, request_id=None):
     screen = int(screen)
     post_data = http_request.form
@@ -89,6 +92,7 @@ def requests_update(screen=1, request_id=None):
 
 
 @requests_bp.route("/requests/submit/<string:request_id>", methods=["POST"])
+@login_required
 def requests_submit(request_id=None):
     request = Requests.get(request_id)
     Requests.submit(request)

atst/routes/workspaces.py

@@ -1,6 +1,7 @@
 from flask import Blueprint, render_template
 
 from atst.domain.workspaces import Projects, Members
+from atst.domain.auth import login_required
 
 
 bp = Blueprint("workspaces", __name__)
@@ -16,11 +17,13 @@ mock_workspaces = [
 
 
 @bp.route("/workspaces")
+@login_required
 def workspaces():
     return render_template("workspaces.html", page=5, workspaces=mock_workspaces)
 
 
 @bp.route("/workspaces/<workspace_id>/projects")
+@login_required
 def workspace_projects(workspace_id):
     projects_repo = Projects()
     projects = projects_repo.get_many(workspace_id)
@@ -30,6 +33,7 @@ def workspace_projects(workspace_id):
 
 
 @bp.route("/workspaces/<workspace_id>/members")
+@login_required
 def workspace_members(workspace_id):
     members_repo = Members()
     members = members_repo.get_many(workspace_id)