def setUp(self): app = Flask(__name__) app.config['TESTING'] = True app.config['HMAC_KEYS'] = {'a': 'aa', 'b': 'bb'} self.hmac = Hmac(app) self.app = app.test_client() @app.route('/autodecorated') def autodecorated(): return 'autodecorated' @app.before_request def before_request(): try: self.hmac.validate_signature(request) except HmacException: return abort(400)
class TestHmacSignatureFlaskBeforeQuestClientSecrets(unittest.TestCase): def setUp(self): app = Flask(__name__) app.config['TESTING'] = True app.config['HMAC_KEYS'] = {'a': 'aa', 'b': 'bb'} self.hmac = Hmac(app) self.app = app.test_client() @app.route('/autodecorated') def autodecorated(): return 'autodecorated' @app.before_request def before_request(): try: self.hmac.validate_signature(request) except HmacException: return abort(400) def test_signature_hook(self): response = self.app.get('/autodecorated') assert 400 == response.status_code def test_valid_signature(self): sig = self.hmac.make_hmac_for('a') response = self.app.get('/autodecorated', headers={self.hmac.header: sig}) assert 200 == response.status_code def test_invalid_generated_signature(self): sig = self.hmac.make_hmac_for('a', 'some data') response = self.app.get('/autodecorated', headers={self.hmac.header: sig}) assert 400 == response.status_code def test_invalid_signature(self): response = self.app.get('/autodecorated', headers={self.hmac.header: '00'}) assert 400 == response.status_code
class TestHmacSignatureFlaskBeforeQuest(unittest.TestCase): def setUp(self): app = Flask(__name__) app.config['TESTING'] = True app.config['HMAC_KEY'] = 's3cr3tk3y' self.hmac = Hmac(app) @app.route('/autodecorated') def autodecorated(): return 'autodecorated' @app.before_request def before_request(): try: self.hmac.validate_signature(request) except HmacException: return abort(400) self.app = app.test_client() def test_signature_hook(self): response = self.app.get('/autodecorated') assert 400 == response.status_code
# Standard Libs import json import unittest # Third Party Libs from flask import Flask, abort, request # First Party Libs from flask_hmac import Hmac from flask_hmac.exceptions import HmacException, UnknownKeyName hmac = Hmac() def create_app(disable_hmac=None): app = Flask(__name__) app.config['TESTING'] = True app.config['HMAC_KEY'] = 's3cr3tk3y' app.config['HMAC_KEYS'] = { 'a': 'f00', 'b': 'b4r', } if disable_hmac: app.config['HMAC_DISARM'] = disable_hmac hmac.init_app(app) @app.route('/no_auth_view') def no_auth_view(): return 'no_auth_view' @app.route('/hmac_auth_view', methods=['GET', 'POST'])