def test_security_headers_in_production(): test_client = _app.create_app('production').test_client() """Test the the application should not raises 403 response with security header in production mode""" res = test_client.get('/queries', headers={ AUTHENTICATED_USER_EMAIL_HEADER: 'test:[email protected]', AUTHENTICATED_USER_ID_HEADER: '3475023457204720447240', IAP_JWT_ASSERTION_HEADER: '34nhto043y90t2975tr04g09083u539yt94590h648u065' }) assert res.status_code == 200, 'Status code should be 403'
def create_app(): """Create app in development configuration""" return _app.create_app('development')
import os from flask_cors import CORS from query_builder.application.app import (create_app, create_database) from query_builder.domain_model.services.configuration_service import is_production_environment MODE = os.getenv('APP_ENV', 'development') create_database() APP = create_app(mode=MODE) CORS(APP) if __name__ == '__main__': APP.run(**APP.config.get_namespace('RUN_'))
def app(): return _app.create_app('development')
def test_missing_security_headers_in_development(): test_client = _app.create_app('development').test_client() """Test the the application should not raises 403 response with missing header in development mode""" res = test_client.get('/queries') assert res.status_code == 200, 'Status code should be 200'
def test_missing_security_headers_in_production(): test_client = _app.create_app('production').test_client() """Test the the application raises 403 response with missing header in production mode""" res = test_client.get('/queries') assert res.status_code == 403, 'Status code should be 403'