def test_security_headers_in_production():
test_client = _app.create_app('production').test_client()
"""Test the the application should not raises 403 response with security header in production mode"""
res = test_client.get('/queries',
headers={
AUTHENTICATED_USER_EMAIL_HEADER:
'test:[email protected]',
AUTHENTICATED_USER_ID_HEADER:
'3475023457204720447240',
IAP_JWT_ASSERTION_HEADER:
'34nhto043y90t2975tr04g09083u539yt94590h648u065'
})
assert res.status_code == 200, 'Status code should be 403'
def create_app():
"""Create app in development configuration"""
return _app.create_app('development')
import os
from flask_cors import CORS
from query_builder.application.app import (create_app, create_database)
from query_builder.domain_model.services.configuration_service import is_production_environment
MODE = os.getenv('APP_ENV', 'development')
create_database()
APP = create_app(mode=MODE)
CORS(APP)
if __name__ == '__main__':
APP.run(**APP.config.get_namespace('RUN_'))
def app():
return _app.create_app('development')
def test_missing_security_headers_in_development():
test_client = _app.create_app('development').test_client()
"""Test the the application should not raises 403 response with missing header in development mode"""
res = test_client.get('/queries')
assert res.status_code == 200, 'Status code should be 200'
def test_missing_security_headers_in_production():
test_client = _app.create_app('production').test_client()
"""Test the the application raises 403 response with missing header in production mode"""
res = test_client.get('/queries')
assert res.status_code == 403, 'Status code should be 403'