def test_verify_request_mixedcase_headers(self):
issue_time = make_issue_time()
request = make_request('Consumer', 'alice', issue_time)
request.headers['X-Annotator-Consumer-Key'] = request.headers[
'x-annotator-consumer-key']
assert auth.verify_request(
request
), "request with mixed-case headers should have been verified"
def index():
uid = current_user_id()
if uid:
if not auth.verify_request(request):
return _failed_auth_response()
annotations = Annotation.search(_user_id=uid)
else:
annotations = Annotation.search()
return jsonify(annotations)
def index():
uid = current_user_id()
if uid:
if not auth.verify_request(request):
return _failed_auth_response()
annotations = Annotation.search(_user_id=uid)
else:
annotations = Annotation.search()
return jsonify(annotations)
def search_annotations():
kwargs = dict(request.args.items())
uid = current_user_id()
if uid:
if not auth.verify_request(request):
return _failed_auth_response()
results = Annotation.search(**kwargs)
results = filter(lambda a: authz.authorize(a, 'read', uid), results)
total = Annotation.count(**kwargs)
return jsonify({
'total': total,
'rows': results,
})
def search_annotations():
kwargs = dict(request.args.items())
uid = current_user_id()
if uid:
if not auth.verify_request(request):
return _failed_auth_response()
results = Annotation.search(**kwargs)
results = filter(lambda a: authz.authorize(a, 'read', uid), results)
total = Annotation.count(**kwargs)
return jsonify({
'total': total,
'rows': results,
})
def create_annotation():
# Only registered users can create annotations
if not auth.verify_request(request):
return _failed_auth_response()
if request.json:
annotation = Annotation(_filter_input(request.json))
annotation['consumer'] = request.headers[auth.HEADER_PREFIX + 'consumer-key']
annotation['user'] = request.headers[auth.HEADER_PREFIX + 'user-id']
annotation.save()
return jsonify(annotation)
else:
return jsonify('No JSON payload sent. Annotation not created.', status=400)
def create_annotation():
# Only registered users can create annotations
if not auth.verify_request(request):
return _failed_auth_response()
if request.json:
annotation = Annotation(_filter_input(request.json))
annotation['consumer'] = request.headers[auth.HEADER_PREFIX +
'consumer-key']
annotation['user'] = request.headers[auth.HEADER_PREFIX + 'user-id']
annotation.save()
return jsonify(annotation)
else:
return jsonify('No JSON payload sent. Annotation not created.',
status=400)
def test_verify_request(self):
expiryTime = iso8601('future')
request = make_request('testAccount', 'alice', expiryTime)
assert auth.verify_request(request), "request should have been verified"
def test_verify_request_mixedcase_headers(self):
issueTime = iso8601('now')
request = make_request('testConsumer', 'alice', issueTime)
request.headers['X-Annotator-Consumer-Key'] = request.headers['x-annotator-consumer-key']
assert auth.verify_request(request), "request with mixed-case headers should have been verified"
def test_reject_request_missing_headers(self):
issueTime = iso8601('now')
request = make_request('testConsumer', 'alice', issueTime)
del request.headers['x-annotator-consumer-key']
assert not auth.verify_request(request), "request missing consumerKey should have been rejected"
def test_verify_request(self):
issueTime = iso8601('now')
request = make_request('testConsumer', 'alice', issueTime)
assert auth.verify_request(request), "request should have been verified"
def _check_action(annotation, action, uid):
if not authz.authorize(annotation, action, uid):
return _failed_authz_response()
if uid and not auth.verify_request(request):
return _failed_auth_response()
def _check_action(annotation, action, uid):
if not authz.authorize(annotation, action, uid):
return _failed_authz_response()
if uid and not auth.verify_request(request):
return _failed_auth_response()
def test_reject_request_missing_headers(self):
issue_time = make_issue_time()
request = make_request('Consumer', 'alice', issue_time)
del request.headers['x-annotator-consumer-key']
assert not auth.verify_request(request), "request missing consumer key should have been rejected"
def test_reject_request_missing_headers(self):
expiryTime = iso8601('future')
request = make_request('testAccount', 'alice', expiryTime)
del request.headers['x-annotator-account-id']
assert not auth.verify_request(request), "request missing account_id should have been rejected"
def test_reject_request_missing_headers(self):
issue_time = make_issue_time()
request = make_request('Consumer', 'alice', issue_time)
del request.headers['x-annotator-consumer-key']
assert not auth.verify_request(
request), "request missing consumer key should have been rejected"
def test_verify_request(self):
issue_time = make_issue_time()
request = make_request('Consumer', 'alice', issue_time)
assert auth.verify_request(
request), "request should have been verified"
def test_verify_request_mixedcase_headers(self):
expiryTime = iso8601('future')
request = make_request('testAccount', 'alice', expiryTime)
request.headers['X-Annotator-Account-Key'] = request.headers['x-annotator-account-id']
assert auth.verify_request(request), "request with mixed-case headers should have been verified"
def test_verify_request(self):
issue_time = make_issue_time()
request = make_request('Consumer', 'alice', issue_time)
assert auth.verify_request(request), "request should have been verified"
