def test_with_token_lacking_scope(self):
"""Client auth token lacks required public read scope."""
token = helpers.generate_token('1234',
'*****@*****.**',
'foouser',
scope=[Scope('something', 'read')])
response = self.client.get('/', headers={'Authorization': token})
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_with_token_lacking_scope(self):
"""Client auth token lacks required public read scope."""
token = helpers.generate_token(
"1234",
"*****@*****.**",
"foouser",
scope=[Scope("something", "read")],
)
response = self.client.get("/", headers={"Authorization": token})
self.assertEqual(response.status_code, HTTPStatus.FORBIDDEN)
from flask.json import jsonify
from flask import Blueprint, request, Response, make_response, send_file
from werkzeug.exceptions import NotFound, Forbidden, Unauthorized, \
InternalServerError, HTTPException, BadRequest
from arxiv import status
from arxiv.users.domain import Scope
from arxiv.users.auth.decorators import scoped
from .. import controllers
# Normally these would be defined in the ``arxiv.users`` package, so that we
# can explicitly grant them when an authenticated session is created. These
# are defined here for demonstration purposes only.
READ_THING = Scope('thing', Scope.actions.READ)
WRITE_THING = Scope('thing', Scope.actions.UPDATE)
blueprint = Blueprint('external_api', __name__, url_prefix='/zero/api')
@blueprint.route('/status', methods=['GET'])
def ok() -> Response:
"""Health check endpoint."""
response: Response = jsonify({'status': 'nobody but us hamsters'})
return response
@blueprint.route('/baz/<int:baz_id>', methods=['GET'])
def read_baz(baz_id: int) -> Response:
"""Provide some data about the baz."""