def test_authorize_verb(self): user = self.create_saved_test_user() auth_code = user.authcode user_id = user.user_obj.id api_key = gen_api_key(auth_code, user_id) client_side_signature_a = gen_signature("get", "noun", api_key) client_side_signature_b = gen_signature("not_get", "noun", api_key) assert is_api_key_validated(auth_code, user_id, client_side_signature_a, "get", "noun") assert not is_api_key_validated(auth_code, user_id, client_side_signature_b, "get", "noun")
def new_like(): """ (PUT: like) Instantiates a new <<CheckpointLike>> from a user on a <<UserCheckpoint>> """ #req var user_id = request.form.get("user_id") signature = request.form.get("signature") user_checkpoint_id = request.form.get("user_checkpoint_id") #generated var verb = "put" noun = "like" user = get_user(user_id) user_checkpoint = get_user_checkpoint(user_checkpoint_id) access_token = user.access_token #authorization check if not is_api_key_validated(access_token, user_id, signature, verb, noun): return authorization_fail() like = add_like(user, user_checkpoint) return jsonify({ "status": "ok", "result": { "like_id": like.id, } })
def delete_like(): """ (DELETE: like) Deletes an existing <<CheckpointLike>> between a user and a <<UserCheckpoint>> if it exists """ #req var user_id = request.args.get("user_id") signature = request.args.get("signature") user_checkpoint_id = request.args.get("user_checkpoint_id") #generated var verb = "delete" noun = "like" user = get_user(user_id) user_checkpoint = get_user_checkpoint(user_checkpoint_id) access_token = user.access_token #authorization check if not is_api_key_validated(access_token, user_id, signature, verb, noun): return authorization_fail() delete_like_action(user, user_checkpoint) return jsonify({ "status": "ok", })
def authorize(verb, noun, user_id, signature): #auth vars user = get_user(user_id) access_token = user.access_token if not is_api_key_validated(access_token, user_id, signature, verb, noun): return False return True
def dec(fn): #auth vars from flask.globals import request user_id = request.form.get("user_id") signature = request.form.get("signature") user = get_user(user_id) auth_code = user.auth_code if not is_api_key_validated(auth_code, user_id, signature, verb, noun): return authorization_fail() return fn