def post(self): user = authorize_user(self.request) password, errors = validate_password(self.request.body, self.request.charset) if errors: result = {'message': ','.join(errors)} return HTTPBadRequest(body=json.dumps(result), content_type='application/json') return self.passwords_manager.create(user, password)
def delete(self): user = authorize_user(self.request) try: _id = bson.ObjectId(self.password_id) except bson.errors.InvalidId: return invalid_password_id() if self.passwords_manager.delete(user, _id): return '' else: return password_not_found()
def get(self): user = authorize_user(self.request) try: _id = bson.ObjectId(self.password_id) except bson.errors.InvalidId: return invalid_password_id() password = self.passwords_manager.retrieve(user, _id) if password is None: return password_not_found() else: return password
def put(self): user = authorize_user(self.request) try: _id = bson.ObjectId(self.password_id) except bson.errors.InvalidId: return invalid_password_id() password, errors = validate_password(self.request.body, self.request.charset, _id) if errors: result = {'message': ','.join(errors)} return HTTPBadRequest(body=json.dumps(result), content_type='application/json') result = self.passwords_manager.update(user, _id, password) if result is None: return password_not_found() else: return result
def test_authorize_user(self): request = testing.FakeRequest(headers={}) # The authorization header is required self.assertRaises(HTTPUnauthorized, authorize_user, request) request = testing.FakeRequest( headers={'Authorization': 'Basic foobar'}) # Only the bearer method is allowed self.assertRaises(HTTPBadRequest, authorize_user, request) request = testing.FakeRequest(headers={ 'Authorization': 'Bearer 1234', }, db=self.db) # Invalid code self.assertRaises(HTTPUnauthorized, authorize_user, request) access_code_id = self.db.access_codes.insert({ 'code': '1234', 'user': '******', }, safe=True) request = testing.FakeRequest(headers={ 'Authorization': 'Bearer 1234', }, db=self.db) # Invalid user self.assertRaises(HTTPUnauthorized, authorize_user, request) user_id = self.db.users.insert({ 'username': '******', }, safe=True) self.db.access_codes.update({'_id': access_code_id}, { '$set': {'user': user_id}, }, safe=True) request = testing.FakeRequest(headers={ 'Authorization': 'Bearer 1234', }, db=self.db) # Invalid user authorized_user = authorize_user(request) self.assertEqual(authorized_user['username'], 'user1')
def get(self): user = authorize_user(self.request) return list(self.passwords_manager.retrieve(user))
def get(self): user = authorize_user(self.request) return user
def get(self): return authorize_user(self.request)