def is_coorganizer_endpoint_related_to_event(view, view_args, view_kwargs, *args, **kwargs): """ If the authorization header is present (but expired) and the eventbeing accessed is not published - And the user is related to the event (organizer, co-organizer etc) show a 401 - Else show a 404 :param view: :param view_args: :param view_kwargs: :param args: :param kwargs: :return: """ user = get_identity() if user.is_staff: verify_jwt_in_request() return view(*view_args, **view_kwargs) if user.has_event_access(kwargs['event_id']): verify_jwt_in_request() return view(*view_args, **view_kwargs) raise ForbiddenError({'source': ''}, 'Co-organizer access is required.')
def is_coorganizer_endpoint_related_to_event(view, view_args, view_kwargs, *args, **kwargs): """ If the authorization header is present (but expired) and the event being accessed is not published - And the user is related to the event (organizer, co-organizer etc) show a 401 - Else show a 404 :param view: :param view_args: :param view_kwargs: :param args: :param kwargs: :return: """ user = get_identity() if user.is_staff: _jwt_required(app.config['JWT_DEFAULT_REALM']) return view(*view_args, **view_kwargs) if user.is_organizer(kwargs['event_id']) or user.is_coorganizer( kwargs['event_id']): _jwt_required(app.config['JWT_DEFAULT_REALM']) return view(*view_args, **view_kwargs) return ForbiddenError({ 'source': '' }, 'Co-organizer access is required.').respond()
def test_get_identity(self): """Check JWTHelper: get user identity""" with app.test_request_context(): mixer.init_app(app) user = mixer.blend(User) # Authenticate User self.auth = {'Authorization': "JWT " + _default_jwt_encode_handler(user)} with app.test_request_context(headers=self.auth): self.assertEquals(get_identity().id, user.id)
def test_get_identity(self): with app.test_request_context(): user = UserFactory() db.session.add(user) db.session.commit() event = EventFactoryBasic() event.user_id = user.id db.session.add(event) db.session.commit() # Authenticate User self.auth = {'Authorization': "JWT " + _default_jwt_encode_handler(user)} with app.test_request_context(headers=self.auth): self.assertEquals(get_identity().id, user.id)
def test_get_identity(self): """Method to test identity of authenticated user""" with self.app.test_request_context(): user = UserFactory() save_to_db(user) event = EventFactoryBasic() event.user_id = user.id save_to_db(event) # Authenticate User self.auth = {'Authorization': "JWT " + create_access_token(user.id, fresh=True)} with self.app.test_request_context(headers=self.auth): self.assertEquals(get_identity().id, user.id)
def test_get_identity(self): """Method to test identity of authenticated user""" with app.test_request_context(): user = UserFactory() save_to_db(user) event = EventFactoryBasic() event.user_id = user.id save_to_db(event) # Authenticate User self.auth = { 'Authorization': "JWT " + str(_default_jwt_encode_handler(user), 'utf-8') } with app.test_request_context(headers=self.auth): self.assertEquals(get_identity().id, user.id)
def is_coorganizer_endpoint_related_to_event(view, view_args, view_kwargs, *args, **kwargs): """ If the authorization header is present (but expired) and the event being accessed is not published - And the user is related to the event (organizer, co-organizer etc) show a 401 - Else show a 404 :param view: :param view_args: :param view_kwargs: :param args: :param kwargs: :return: """ user = get_identity() if user.is_staff: _jwt_required(app.config['JWT_DEFAULT_REALM']) return view(*view_args, **view_kwargs) if user.is_organizer(kwargs['event_id']) or user.is_coorganizer(kwargs['event_id']): _jwt_required(app.config['JWT_DEFAULT_REALM']) return view(*view_args, **view_kwargs) return ForbiddenError({'source': ''}, 'Co-organizer access is required.').respond()