def check_auth(request):
auth_header = request.environ.get('HTTP_AUTHORIZATION')
# 无 Token 直接返回
if not auth_header:
return
# Token 格式是否正确
if not auth_header.startswith('Bearer '):
# raise OAuthError(*err.auth_access_token_is_missing)
# 考虑到需要兼容 qaci 使用 Basic auth 的场景,先不 raise
auth = AuthCode(auth_header)
if auth.confirm():
request.user = auth.user
return
oauth_token = auth_header[7:]
token = ApiToken.get_by_token(oauth_token)
# ApiToken 是否存在
if not token:
raise OAuthError(*err.auth_invalid_access_token)
# ApiKey 是否存在
if not token.key:
raise OAuthError(*err.auth_invalid_apikey)
# ApiKey 是否可用
if token.key.status == ApiKey.STATUS_BLOCKED:
raise OAuthError(*err.auth_apikey_blocked)
# ApiToken 是否过期
if datetime.now() > token.expire_time:
raise OAuthError(*err.auth_access_token_has_expired)
request.user = token.user
request.client_id = token.client_id
def test_get_token_by_token(self):
token = self._add_api_token()
target_token = ApiToken.get_by_token(token.token)
eq_(token, target_token)
def test_get_token_by_token(self):
token = self._add_api_token()
target_token = ApiToken.get_by_token(token.token)
eq_(token, target_token)