pythonthings
diff --git a/‎.gitignore
Lines changed: 1 addition & 0 deletions b/‎.gitignore
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/source/api-reference/apps.rst
Lines changed: 18 additions & 0 deletions b/‎docs/source/api-reference/apps.rst
Lines changed: 18 additions & 0 deletions
diff --git a/‎docs/source/api-reference/index.rst
Lines changed: 1 addition & 0 deletions b/‎docs/source/api-reference/index.rst
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/source/release-notes/1.2.0.rst
Lines changed: 43 additions & 0 deletions b/‎docs/source/release-notes/1.2.0.rst
Lines changed: 43 additions & 0 deletions
diff --git a/‎setup.cfg
Lines changed: 1 addition & 0 deletions b/‎setup.cfg
Lines changed: 1 addition & 0 deletions
diff --git a/‎setup.py
Lines changed: 2 additions & 1 deletion b/‎setup.py
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/github3/apps.py
Lines changed: 195 additions & 0 deletions b/‎src/github3/apps.py
Lines changed: 195 additions & 0 deletions
diff --git a/‎src/github3/decorators.py
Lines changed: 36 additions & 0 deletions b/‎src/github3/decorators.py
Lines changed: 36 additions & 0 deletions
@@ -23,3 +23,4 @@ tests/id_rsa
 .mypy_cache/
 .pytest_cache/
 t.py
+*.pem
@@ -0,0 +1,18 @@
+==================================
+ App and Installation API Objects
+==================================
+
+This section of the documentation covers the representations of various
+objects related to the `Apps API`_.
+
+.. autoclass:: github3.apps.App
+    :inherited-members:
+
+.. autoclass:: github3.apps.Installation
+    :inherited-members:
+
+.. ---
+.. links
+.. _Apps API:
+   https://developer.github.com/v3/apps
@@ -6,6 +6,7 @@
     :maxdepth: 3
 
     api
+    apps
     auths
     events
     gists
 
@@ -6,6 +6,38 @@ This is a small release with some enhancements.
 Features Added
 ``````````````
 
+- Partial GitHub Apps support. We added the following:
+
+  - ``GitHub.login_as_app`` to login using JWT as an Application
+
+  - ``GitHub.login_as_app_installation`` to login using a token obtained from
+    an App's JWT
+
+  - ``GitHub.app`` to retrieve an application by its "slug"
+
+  - ``GitHub.app_installation`` to retrieve a specific installation by its ID
+
+  - ``GitHub.app_installations`` to retrieve all of an App's installations
+
+  - ``GitHub.app_installation_for_organization`` to retrieve an organization's
+    installation of an App
+
+  - ``GitHub.app_installation_for_repository`` to retrieve an installation for
+    a specific repository
+
+  - ``GitHub.app_installation_for_user`` to retrieve an installation for a
+    specific user
+
+  - ``GitHub.authenticated_app`` to retrieve the metadata for a specific App
+
+  - Not supported as of this release:
+
+    - `Installations API`_
+
+    - `List installations for user`_
+
+    - `User-to-server OAuth access token`_
+
 - Organization Invitations Preview API is now supported. This includes an
   additional ``Invitation`` object. This is the result of hard work by Hal
   Wine.
@@ -14,3 +46,14 @@ Features Added
   representation of labels returned by the API.
 
 - The branch protections API is now completely represented in github3.py.
+
+
+.. links
+.. _Installations API:
+    https://developer.github.com/v3/apps/installations/
+
+.. _List installations for user:
+    https://developer.github.com/v3/apps/#list-installations-for-user
+
+.. _User-to-server OAuth access token:
+    https://developer.github.com/apps/building-github-apps/identifying-and-authorizing-users-for-github-apps/#identifying-users-on-your-site
@@ -6,6 +6,7 @@ requires-dist=
     requests>=2.0
     uritemplate>=3.0.0
     python-dateutil>=2.6.0
+    jwcrypto>=0.5.0
     pyOpenSSL>=0.13; python_version<="2.7"
     ndg-httpsclient; python_version<="2.7"
     pyasn1; python_version<="2.7"
@@ -21,7 +21,7 @@
 SNI_requirements = [
     'pyOpenSSL',
     'ndg-httpsclient',
-    'pyasn1'
+    'pyasn1',
 ]
 
 kwargs['tests_require'] = ['betamax>=0.8.0', 'pytest>2.3.5',
@@ -39,6 +39,7 @@
     "requests >= 2.18",
     "uritemplate >= 3.0.0",
     "python-dateutil >= 2.6.0",
+    "jwcrypto >= 0.5.0",
 ])
 
 __version__ = ''
 
@@ -0,0 +1,195 @@
+"""Module containing helpers for dealing with GitHub Apps.
+
+https://developer.github.com/apps/building-github-apps/
+"""
+import time
+
+from jwcrypto import jwk
+from jwcrypto import jwt
+
+from . import models
+from . import users
+
+TEN_MINUTES_AS_SECONDS = 10 * 60
+DEFAULT_JWT_TOKEN_EXPIRATION = TEN_MINUTES_AS_SECONDS
+APP_PREVIEW_HEADERS = {
+    'Accept': 'application/vnd.github.machine-man-preview+json',
+}
+
+
+class App(models.GitHubCore):
+    """An object representing a GitHub App.
+
+    .. versionadded:: 1.2.0
+
+    .. seealso::
+
+        `GitHub Apps`_
+            Documentation for Apps on GitHub
+
+        `GitHub Apps API Documentation`_
+            API documentation of what's available about an App.
+
+    This object has the following attributes:
+
+    .. attribute:: created_at
+
+        A :class:`~datetime.datetime` object representing the day and time
+        the App was created.
+
+    .. attribute:: description
+
+        The description of the App provided by the owner.
+
+    .. attribute:: external_url
+
+        The URL provided for the App by the owner.
+
+    .. attribute:: html_url
+
+        The HTML URL provided for the App by the owner.
+
+    .. attribute:: id
+
+        The unique identifier for the App. This is useful in cases where you
+        may want to authenticate either as an App or as a specific
+        installation of an App.
+
+    .. attribute:: name
+
+        The display name of the App that the user sees.
+
+    .. attribute:: node_id
+
+        A base64-encoded blob returned by the GitHub API for who knows what
+        reason.
+
+    .. attribute:: owner
+
+        A :class:`~github3.users.ShortUser` object representing the GitHub
+        user who owns the App.
+
+    .. attribute:: updated_at
+
+        A :class:`~datetime.datetime` object representing the day and time
+        the App was last updated.
+
+    .. _GitHub Apps:
+        https://developer.github.com/apps/
+    .. _GitHub Apps API Documentation:
+        https://developer.github.com/v3/apps/
+    """
+
+    def _update_attributes(self, json):
+        self.created_at = self._strptime(json['created_at'])
+        self.description = json['description']
+        self.external_url = json['external_url']
+        self.html_url = json['html_url']
+        self.id = json['id']
+        self.name = json['name']
+        self.node_id = json['node_id']
+        self.owner = users.ShortUser(json['owner'], self)
+        self.updated_at = self._strptime(json['updated_at'])
+
+    def _repr(self):
+        return '<App ["{}" by {}]>'.format(self.name, str(self.owner))
+
+
+class Installation(models.GitHubCore):
+    """An installation of a GitHub App either on a User or Org.
+
+    .. versionadded:: 1.2.0
+
+    This has the following attributes:
+
+    .. attribute:: access_tokens_url
+    .. attribute:: account
+    .. attribute:: app_id
+    .. attribute:: created_at
+    .. attribute:: events
+    .. attribute:: html_url
+    .. attribute:: id
+    .. attribute:: permissions
+    .. attribute:: repositories_url
+    .. attribute:: repository_selection
+    .. attribute:: single_file_name
+    .. attribute:: target_id
+    .. attribute:: target_type
+    .. attribute:: updated_at
+    """
+
+    def _update_attributes(self, json):
+        self.access_tokens_url = json['access_tokens_url']
+        self.account = json['account']
+        self.app_id = json['app_id']
+        self.created_at = self._strptime(json['created_at'])
+        self.events = json['events']
+        self.html_url = json['html_url']
+        self.id = json['id']
+        self.permissions = json['permissions']
+        self.repositories_url = json['repositories_url']
+        self.repository_selection = json['repository_selection']
+        self.single_file_name = json['single_file_name']
+        self.target_id = json['target_id']
+        self.target_type = json['target_type']
+        self.updated_at = self._strptime(json['updated_at'])
+
+
+def _load_private_key(pem_key_bytes):
+    return jwk.JWK.from_pem(pem_key_bytes)
+
+
+def create_token(private_key_pem, app_id, expire_in=TEN_MINUTES_AS_SECONDS):
+    """Create an encrypted token for the specified App.
+
+    :param bytes private_key_pem:
+        The bytes of the private key for this GitHub Application.
+    :param int app_id:
+        The integer identifier for this GitHub Application.
+    :param int expire_in:
+        The length in seconds for this token to be valid for.
+        Default: 600 seconds (10 minutes)
+    :returns:
+        Serialized encrypted token.
+    :rtype:
+        text
+    """
+    if not isinstance(private_key_pem, bytes):
+        raise ValueError('"private_key_pem" parameter must be byte-string')
+    key = _load_private_key(private_key_pem)
+    now = int(time.time())
+    token = jwt.JWT(
+        header={
+            'alg': 'RS256'
+        },
+        claims={
+            'iat': now,
+            'exp': now + expire_in,
+            'iss': app_id,
+        },
+        algs=['RS256'],
+    )
+    token.make_signed_token(key)
+    return token.serialize()
+
+
+def create_jwt_headers(private_key_pem, app_id,
+                       expire_in=DEFAULT_JWT_TOKEN_EXPIRATION):
+    """Create an encrypted token for the specified App.
+
+    :param bytes private_key_pem:
+        The bytes of the private key for this GitHub Application.
+    :param int app_id:
+        The integer identifier for this GitHub Application.
+    :param int expire_in:
+        The length in seconds for this token to be valid for.
+        Default: 600 seconds (10 minutes)
+    :returns:
+        Dictionary of headers for retrieving a token from a JWT.
+    :rtype:
+        dict
+    """
+    jwt_token = create_token(private_key_pem, app_id, expire_in)
+    headers = {'Authorization': 'Bearer {}'.format(jwt_token)}
+    headers.update(APP_PREVIEW_HEADERS)
+    return headers
@@ -82,6 +82,42 @@ def auth_wrapper(self, *args, **kwargs):
     return auth_wrapper
 
 
+def requires_app_bearer_auth(func):
+    """Require the use of application authentication.
+
+    .. versionadded:: 1.2.0
+    """
+    @wraps(func)
+    def auth_wrapper(self, *args, **kwargs):
+        from . import session
+        if isinstance(self.session.auth, session.AppBearerTokenAuth):
+            return func(self, *args, **kwargs)
+        else:
+            from . import exceptions
+            raise exceptions.MissingAppBearerAuthentication(
+                "This method requires GitHub App authentication."
+            )
+    return auth_wrapper
+
+
+def requires_app_installation_auth(func):
+    """Require the use of App's installation authentication.
+
+    .. versionadded:: 1.2.0
+    """
+    @wraps(func)
+    def auth_wrapper(self, *args, **kwargs):
+        from . import session
+        if isinstance(self.session.auth, session.AppInstallationTokenAuth):
+            return func(self, *args, **kwargs)
+        else:
+            from . import exceptions
+            raise exceptions.MissingAppInstallationAuthentication(
+                "This method requires GitHub App authentication."
+            )
+    return auth_wrapper
+
+
 def generate_fake_error_response(msg, status_code=401, encoding='utf-8'):
     """Generate a fake Response from requests."""
     r = Response()
-Original file line number
+Diff line change
     :maxdepth: 3
     api
 +    apps
     auths
     events
     gists