def test_authorize_verb(self):
     user = self.create_saved_test_user()
     
     auth_code = user.authcode
     user_id = user.user_obj.id
     api_key = gen_api_key(auth_code, user_id)
     
     client_side_signature_a = gen_signature("get", "noun", api_key)
     client_side_signature_b = gen_signature("not_get", "noun", api_key)
     
     assert is_api_key_validated(auth_code, user_id, client_side_signature_a, "get", "noun")
     assert not is_api_key_validated(auth_code, user_id, client_side_signature_b, "get", "noun")
Example #2
0
def new_like():
    """
    (PUT: like)
    Instantiates a new <<CheckpointLike>> from a user on a <<UserCheckpoint>>
    """
    
    #req var
    user_id = request.form.get("user_id")
    signature = request.form.get("signature")
    user_checkpoint_id = request.form.get("user_checkpoint_id")
    
    #generated var
    verb = "put"
    noun = "like"
    user = get_user(user_id)
    user_checkpoint = get_user_checkpoint(user_checkpoint_id)
    access_token = user.access_token
    
    #authorization check
    if not is_api_key_validated(access_token, user_id, signature, verb, noun):
        return authorization_fail()
    
    like = add_like(user, user_checkpoint)
    
    return jsonify({
                    "status": "ok",
                    "result": {
                               "like_id": like.id, 
                               }
                    })
Example #3
0
def delete_like():
    """
    (DELETE: like)
    Deletes an existing <<CheckpointLike>> between a user and a <<UserCheckpoint>>
    if it exists
    """
    #req var
    
    user_id = request.args.get("user_id")
    signature = request.args.get("signature")
    user_checkpoint_id = request.args.get("user_checkpoint_id")
    
    
    #generated var
    verb = "delete"
    noun = "like"
    user = get_user(user_id)
    user_checkpoint = get_user_checkpoint(user_checkpoint_id)
    access_token = user.access_token
    
    #authorization check
    if not is_api_key_validated(access_token, user_id, signature, verb, noun):
        return authorization_fail()

    delete_like_action(user, user_checkpoint)
    
    return jsonify({
                    "status": "ok",
                    })
Example #4
0
def authorize(verb, noun, user_id, signature):
    #auth vars
    user = get_user(user_id)
    access_token = user.access_token
    
    if not is_api_key_validated(access_token, user_id, signature, verb, noun):
        return False
    return True
Example #5
0
 def dec(fn):
     
     #auth vars
     from flask.globals import request
     user_id = request.form.get("user_id")
     signature = request.form.get("signature")
     user = get_user(user_id)
     auth_code = user.auth_code
     
     if not is_api_key_validated(auth_code, user_id, signature, verb, noun):
         return authorization_fail()
     
     return fn