def _get_user_via_basic_auth(auth_header): """Given a basic auth header, return a User object. """ try: creds = binascii.a2b_base64(auth_header[len('Basic '):]).split(':', 1) except binascii.Error: raise Response(400, 'Malformed "Authorization" header') if len(creds) != 2: raise Response(401) userid, api_key = creds if len(userid) == 36 and '-' in userid: user = _get_user_via_api_key(userid) # For backward-compatibility else: try: userid = int(userid) except ValueError: raise Response(401) user = User.from_id(userid) if user.ANON or not constant_time_compare(user.participant.api_key, api_key): raise Response(401) return user
def test_user_can_be_loaded_from_id(self): alice = self.make_participant('alice') actual = User.from_id(alice.id).participant.username assert actual == 'alice'
def test_user_from_None_id_is_anonymous(self): user = User.from_id(None) assert user.ANON
def test_user_from_bad_id_is_anonymous(self): user = User.from_id(1786541) assert user.ANON