def wrapper(request, *args, **kwargs): if request.method != "POST": return HttpResponseNotAllowed(['POST']) if request.META.get('CONTENT_TYPE', '') != 'application/json': return HttpResponseBadRequest('Request must have the content-type "application/json"') d = json.loads(request.raw_post_data) if not 'signature' in d: return HttpResponseBadRequest('Request JSON must include an "signature" element.') if not 'client_name' in d: return HttpResponseBadRequest('Request JSON must include an "client_name" element.') try: client = Client.objects.get(name=d.get('client_name')) except Client.DoesNotExist: return HttpResponseForbidden('Access for that "client_name" is denied.') if not check_signature(d, client.auth_key): return HttpResponseForbidden('Access for that "client_name" is denied.') request.api_client = client output = f(request, *args, **kwargs) return HttpResponse(json.dumps(output), content_type='application/json')
def testCheckSignature(self): s = "secret" d = {'1':'2', '3':'4', 'signature':hashlib.sha256('1=23=4' + s).hexdigest()} self.assertTrue(utils.check_signature(d, s))