def before_request():
"""Before the request we're doing some authentication.
"""
# if the client is sending data to the server, verify it is valid json
if request.method in ['POST', 'PUT']:
# check for the json content-type
content_type = request.headers.get('Content-Type')
if not content_type or content_type != 'application/json':
return jsonify(message=strings.API_NOT_JSON_TYPE), 400
req_json = request.get_json(silent=True)
if not req_json:
return jsonify(message=strings.API_INVALID_JSON), 400
# if the client is trying to log in, don't enforce a token
if request.path == AUTHENTICATION_ROUTE:
return
# possibly get the token from the request headers
token = request.headers.get(TOKEN_HEADER_KEY)
# if they didn't supply a request token
if token is None:
return jsonify(message=strings.API_MISSING_TOKEN), 401
# validate the token
valid = AuthService.verify_token(token)
if not valid:
return jsonify(message=strings.API_BAD_TOKEN), 401
def before_request():
"""Before the request we're doing some authentication.
"""
# if the client is sending data to the server, verify it is valid json
if request.method in ['POST', 'PUT']:
# check for the json content-type
content_type = request.headers.get('Content-Type')
if not content_type or content_type != 'application/json':
return jsonify(message=strings.API_NOT_JSON_TYPE), 400
req_json = request.get_json(silent=True)
if not req_json:
return jsonify(message=strings.API_INVALID_JSON), 400
# if the client is trying to log in, don't enforce a token
if request.path == AUTHENTICATION_ROUTE:
return
# possibly get the token from the request headers
token = request.headers.get(TOKEN_HEADER_KEY)
# if they didn't supply a request token
if token is None:
return jsonify(message=strings.API_MISSING_TOKEN), 401
# validate the token
valid = AuthService.verify_token(token)
if not valid:
return jsonify(message=strings.API_BAD_TOKEN), 401
def test_return_false_if_not_valid_token(self, mock_get_session_by_token):
is_valid = AuthService.verify_token('not_a_token')
assert not is_valid
assert mock_get_session_by_token.call_count == 1
def test_return_true_if_valid_token(self, mock_get_session_by_token):
is_valid = AuthService.verify_token('token')
assert is_valid
assert mock_get_session_by_token.call_count == 1
def test_return_false_if_not_valid_token(self, mock_get_session_by_token):
is_valid = AuthService.verify_token('not_a_token')
assert not is_valid
assert mock_get_session_by_token.call_count == 1
def test_return_true_if_valid_token(self, mock_get_session_by_token):
is_valid = AuthService.verify_token('token')
assert is_valid
assert mock_get_session_by_token.call_count == 1
