def validate_request():
if not current_app.debug or current_app.config.get('force_verification'):
verify_request()
app_id = current_app.config.get('app_id')
incoming_app_id = flask_request.json.get(
'session', {}).get('application', {}).get('applicationId')
if app_id and incoming_app_id != app_id:
raise InvalidRequest('Request contains incorrect applicationId')
def should_not_raise_error_when_valid(self):
try:
verify_request()
except InvalidRequest:
self.fail('InvalidRequest exception should not have been raised')
def should_raise_error_if_signature_not_verified(self):
self.verify_signature.return_value = False
with self.assertRaises(InvalidRequest):
verify_request()
self.verify_signature.assert_called_once_with(
self.signature, self.cert_chain_url, self.request_mock.get_data.return_value)
def should_raise_error_if_no_signature(self):
self.request_mock.headers['Signature'] = None
with self.assertRaises(InvalidRequest):
verify_request()
def should_raise_error_if_timestamp_not_valid(self):
self.is_within_time_tolerance.return_value = False
with self.assertRaises(InvalidRequest):
verify_request()
self.is_within_time_tolerance.assert_called_once_with(self.timestamp)
def should_raise_error_if_cert_chain_invalid(self):
self.is_cert_chain_url_valid.return_value = False
with self.assertRaises(InvalidRequest):
verify_request()
self.is_cert_chain_url_valid.assert_called_once_with(self.cert_chain_url)