def test_token(self): authz = Authz.from_role(self.admin) token = authz.to_token() with self.assertRaises(Unauthorized): Authz.from_token("banana") sauthz = Authz.from_token(token) assert sauthz.id == authz.id
def test_scope(self): authz = Authz.from_role(self.admin) token = authz.to_token(scope="/bla") with self.assertRaises(Unauthorized): Authz.from_token(token) with self.assertRaises(Unauthorized): Authz.from_token(token, scope="/blubb") sauthz = Authz.from_token(token, scope="/bla") assert sauthz.id == authz.id assert abs(sauthz.expire - authz.expire) < timedelta(seconds=2) assert sauthz.expire > datetime.utcnow()
def _get_credential_authz(credential): if credential is None or not len(credential): return if " " in credential: method, credential = credential.split(" ", 1) if method == "Token": return Authz.from_token(credential) role = Role.by_api_key(credential) if role is not None: return Authz.from_role(role=role)
def _get_credential_authz(credential): if credential is None or not len(credential): return if ' ' in credential: mechanism, credential = credential.split(' ', 1) authz = Authz.from_token(credential, scope=request.path) if authz is not None: return authz role = Role.by_api_key(credential) if role is not None: return Authz.from_role(role=role)