def before_request(): """Before the request we're doing some authentication. """ # if the client is sending data to the server, verify it is valid json if request.method in ['POST', 'PUT']: # check for the json content-type content_type = request.headers.get('Content-Type') if not content_type or content_type != 'application/json': return jsonify(message=strings.API_NOT_JSON_TYPE), 400 req_json = request.get_json(silent=True) if not req_json: return jsonify(message=strings.API_INVALID_JSON), 400 # if the client is trying to log in, don't enforce a token if request.path == AUTHENTICATION_ROUTE: return # possibly get the token from the request headers token = request.headers.get(TOKEN_HEADER_KEY) # if they didn't supply a request token if token is None: return jsonify(message=strings.API_MISSING_TOKEN), 401 # validate the token valid = AuthService.verify_token(token) if not valid: return jsonify(message=strings.API_BAD_TOKEN), 401
def before_request(): """Before the request we're doing some authentication. """ # if the client is sending data to the server, verify it is valid json if request.method in ['POST', 'PUT']: # check for the json content-type content_type = request.headers.get('Content-Type') if not content_type or content_type != 'application/json': return jsonify(message=strings.API_NOT_JSON_TYPE), 400 req_json = request.get_json(silent=True) if not req_json: return jsonify(message=strings.API_INVALID_JSON), 400 # if the client is trying to log in, don't enforce a token if request.path == AUTHENTICATION_ROUTE: return # possibly get the token from the request headers token = request.headers.get(TOKEN_HEADER_KEY) # if they didn't supply a request token if token is None: return jsonify(message=strings.API_MISSING_TOKEN), 401 # validate the token valid = AuthService.verify_token(token) if not valid: return jsonify(message=strings.API_BAD_TOKEN), 401
def test_return_false_if_not_valid_token(self, mock_get_session_by_token): is_valid = AuthService.verify_token('not_a_token') assert not is_valid assert mock_get_session_by_token.call_count == 1
def test_return_true_if_valid_token(self, mock_get_session_by_token): is_valid = AuthService.verify_token('token') assert is_valid assert mock_get_session_by_token.call_count == 1
def test_return_false_if_not_valid_token(self, mock_get_session_by_token): is_valid = AuthService.verify_token('not_a_token') assert not is_valid assert mock_get_session_by_token.call_count == 1
def test_return_true_if_valid_token(self, mock_get_session_by_token): is_valid = AuthService.verify_token('token') assert is_valid assert mock_get_session_by_token.call_count == 1