예제 #1
0
    def post(self):
        user = authorize_user(self.request)
        password, errors = validate_password(self.request.body,
                                             self.request.charset)

        if errors:
            result = {'message': ','.join(errors)}
            return HTTPBadRequest(body=json.dumps(result),
                                  content_type='application/json')

        return self.passwords_manager.create(user, password)
예제 #2
0
    def delete(self):
        user = authorize_user(self.request)
        try:
            _id = bson.ObjectId(self.password_id)
        except bson.errors.InvalidId:
            return invalid_password_id()

        if self.passwords_manager.delete(user, _id):
            return ''
        else:
            return password_not_found()
예제 #3
0
    def get(self):
        user = authorize_user(self.request)
        try:
            _id = bson.ObjectId(self.password_id)
        except bson.errors.InvalidId:
            return invalid_password_id()

        password = self.passwords_manager.retrieve(user, _id)

        if password is None:
            return password_not_found()
        else:
            return password
예제 #4
0
    def put(self):
        user = authorize_user(self.request)
        try:
            _id = bson.ObjectId(self.password_id)
        except bson.errors.InvalidId:
            return invalid_password_id()

        password, errors = validate_password(self.request.body,
                                             self.request.charset,
                                             _id)

        if errors:
            result = {'message': ','.join(errors)}
            return HTTPBadRequest(body=json.dumps(result),
                                  content_type='application/json')

        result = self.passwords_manager.update(user, _id, password)
        if result is None:
            return password_not_found()
        else:
            return result
예제 #5
0
    def test_authorize_user(self):

        request = testing.FakeRequest(headers={})

        # The authorization header is required
        self.assertRaises(HTTPUnauthorized, authorize_user, request)

        request = testing.FakeRequest(
            headers={'Authorization': 'Basic foobar'})
        # Only the bearer method is allowed
        self.assertRaises(HTTPBadRequest, authorize_user, request)

        request = testing.FakeRequest(headers={
                'Authorization': 'Bearer 1234',
                }, db=self.db)
        # Invalid code
        self.assertRaises(HTTPUnauthorized, authorize_user, request)

        access_code_id = self.db.access_codes.insert({
                'code': '1234',
                'user': '******',
                }, safe=True)
        request = testing.FakeRequest(headers={
                'Authorization': 'Bearer 1234',
                }, db=self.db)
        # Invalid user
        self.assertRaises(HTTPUnauthorized, authorize_user, request)

        user_id = self.db.users.insert({
                'username': '******',
                }, safe=True)
        self.db.access_codes.update({'_id': access_code_id}, {
                '$set': {'user': user_id},
                }, safe=True)
        request = testing.FakeRequest(headers={
                'Authorization': 'Bearer 1234',
                }, db=self.db)
        # Invalid user
        authorized_user = authorize_user(request)
        self.assertEqual(authorized_user['username'], 'user1')
예제 #6
0
 def get(self):
     user = authorize_user(self.request)
     return list(self.passwords_manager.retrieve(user))
예제 #7
0
 def get(self):
     user = authorize_user(self.request)
     return user
예제 #8
0
 def get(self):
     return authorize_user(self.request)