def _get_user_via_basic_auth(auth_header):
"""Given a basic auth header, return a User object.
"""
try:
creds = binascii.a2b_base64(auth_header[len('Basic '):]).split(':', 1)
except binascii.Error:
raise Response(400, 'Malformed "Authorization" header')
if len(creds) != 2:
raise Response(401)
userid, api_key = creds
if len(userid) == 36 and '-' in userid:
user = _get_user_via_api_key(userid) # For backward-compatibility
else:
try:
userid = int(userid)
except ValueError:
raise Response(401)
user = User.from_id(userid)
if user.ANON or not constant_time_compare(user.participant.api_key, api_key):
raise Response(401)
return user
def _get_user_via_basic_auth(auth_header):
"""Given a basic auth header, return a User object.
"""
try:
creds = binascii.a2b_base64(auth_header[len('Basic '):]).split(':', 1)
except binascii.Error:
raise Response(400, 'Malformed "Authorization" header')
if len(creds) != 2:
raise Response(401)
userid, api_key = creds
if len(userid) == 36 and '-' in userid:
user = _get_user_via_api_key(userid) # For backward-compatibility
else:
try:
userid = int(userid)
except ValueError:
raise Response(401)
user = User.from_id(userid)
if user.ANON or not constant_time_compare(user.participant.api_key,
api_key):
raise Response(401)
return user
def test_user_can_be_loaded_from_id(self):
alice = self.make_participant('alice')
actual = User.from_id(alice.id).participant.username
assert actual == 'alice'
def test_user_from_None_id_is_anonymous(self):
user = User.from_id(None)
assert user.ANON
def test_user_from_bad_id_is_anonymous(self):
user = User.from_id(1786541)
assert user.ANON
