Ejemplo n.º 1
0
def before_request():
    """Before the request we're doing some authentication.

    """
    # if the client is sending data to the server, verify it is valid json
    if request.method in ['POST', 'PUT']:
        # check for the json content-type
        content_type = request.headers.get('Content-Type')
        if not content_type or content_type != 'application/json':
            return jsonify(message=strings.API_NOT_JSON_TYPE), 400
        req_json = request.get_json(silent=True)
        if not req_json:
            return jsonify(message=strings.API_INVALID_JSON), 400
    # if the client is trying to log in, don't enforce a token
    if request.path == AUTHENTICATION_ROUTE:
        return
    # possibly get the token from the request headers
    token = request.headers.get(TOKEN_HEADER_KEY)
    # if they didn't supply a request token
    if token is None:
        return jsonify(message=strings.API_MISSING_TOKEN), 401
    # validate the token
    valid = AuthService.verify_token(token)
    if not valid:
        return jsonify(message=strings.API_BAD_TOKEN), 401
Ejemplo n.º 2
0
def before_request():
    """Before the request we're doing some authentication.

    """
    # if the client is sending data to the server, verify it is valid json
    if request.method in ['POST', 'PUT']:
        # check for the json content-type
        content_type = request.headers.get('Content-Type')
        if not content_type or content_type != 'application/json':
            return jsonify(message=strings.API_NOT_JSON_TYPE), 400
        req_json = request.get_json(silent=True)
        if not req_json:
            return jsonify(message=strings.API_INVALID_JSON), 400
    # if the client is trying to log in, don't enforce a token
    if request.path == AUTHENTICATION_ROUTE:
        return
    # possibly get the token from the request headers
    token = request.headers.get(TOKEN_HEADER_KEY)
    # if they didn't supply a request token
    if token is None:
        return jsonify(message=strings.API_MISSING_TOKEN), 401
    # validate the token
    valid = AuthService.verify_token(token)
    if not valid:
        return jsonify(message=strings.API_BAD_TOKEN), 401
Ejemplo n.º 3
0
 def test_return_false_if_not_valid_token(self, mock_get_session_by_token):
     is_valid = AuthService.verify_token('not_a_token')
     assert not is_valid
     assert mock_get_session_by_token.call_count == 1
Ejemplo n.º 4
0
 def test_return_true_if_valid_token(self, mock_get_session_by_token):
     is_valid = AuthService.verify_token('token')
     assert is_valid
     assert mock_get_session_by_token.call_count == 1
Ejemplo n.º 5
0
 def test_return_false_if_not_valid_token(self, mock_get_session_by_token):
     is_valid = AuthService.verify_token('not_a_token')
     assert not is_valid
     assert mock_get_session_by_token.call_count == 1
Ejemplo n.º 6
0
 def test_return_true_if_valid_token(self, mock_get_session_by_token):
     is_valid = AuthService.verify_token('token')
     assert is_valid
     assert mock_get_session_by_token.call_count == 1