Sync logic

[ntoll]

This PR contains a solution for #5. However, it's a work in progress and given that I'm "new" to this project I'm keen to get feedback about style/approach.

This is stacked on PR #23.

Questions:

• I've included unit tests. What about integration tests. Thoughts / approaches please?
• I'm using the dependency injection pattern -- I'm assuming the app will make the api and database session objects these functions depend upon.
• The concept of a "reply" is not addressed, but I imagine will need to be in a similar fashion to sources and submissions. It would be trivial to add, so happy to do so as additional work on this PR.

[ntoll]

Dammit... the build has failed because sdclientapi isn't available. This is the first time I've used pipenv so I'm not too sure how to include something from GitHub rather than PyPI. If you point me at instructions I'll fix up tomorrow. Thanks.

[kushaldas]

@ntoll try this::

pipenv install git+https://github.com/freedomofpress/securedrop-sdk.git#egg=securedrop-sdk

[ntoll]

Thanks @kushaldas -- CI is working now. :-)

[redshiftzero]

hey @ntoll gave this a look over today, super clear implementation, this is exactly what we're lookin for! let's add the replies to this, and one note on that to bear in mind (apologies if you thought about/realized this already): as journalist users are observed in replies we want to add the journalist username/UUID to the database (and usernames can change so we need to update them too).

[ntoll]

@redshiftzero OK... added reply and user handling.

[redshiftzero]

looks great!

[redshiftzero]

I foresee confusion between the sqlalchemy models and the SDK objects (not introduced in this PR, just a thought). Maybe we can change the names of the sqlalchemy objects to SourceDatabaseObject or something similar for the sake of being explicit (I don't love that name but you get the idea)