def post(self):
user = authorize_user(self.request)
password, errors = validate_password(self.request.body,
self.request.charset)
if errors:
result = {'message': ','.join(errors)}
return HTTPBadRequest(body=json.dumps(result),
content_type='application/json')
return self.passwords_manager.create(user, password)
def delete(self):
user = authorize_user(self.request)
try:
_id = bson.ObjectId(self.password_id)
except bson.errors.InvalidId:
return invalid_password_id()
if self.passwords_manager.delete(user, _id):
return ''
else:
return password_not_found()
def get(self):
user = authorize_user(self.request)
try:
_id = bson.ObjectId(self.password_id)
except bson.errors.InvalidId:
return invalid_password_id()
password = self.passwords_manager.retrieve(user, _id)
if password is None:
return password_not_found()
else:
return password
def put(self):
user = authorize_user(self.request)
try:
_id = bson.ObjectId(self.password_id)
except bson.errors.InvalidId:
return invalid_password_id()
password, errors = validate_password(self.request.body,
self.request.charset,
_id)
if errors:
result = {'message': ','.join(errors)}
return HTTPBadRequest(body=json.dumps(result),
content_type='application/json')
result = self.passwords_manager.update(user, _id, password)
if result is None:
return password_not_found()
else:
return result
def test_authorize_user(self):
request = testing.FakeRequest(headers={})
# The authorization header is required
self.assertRaises(HTTPUnauthorized, authorize_user, request)
request = testing.FakeRequest(
headers={'Authorization': 'Basic foobar'})
# Only the bearer method is allowed
self.assertRaises(HTTPBadRequest, authorize_user, request)
request = testing.FakeRequest(headers={
'Authorization': 'Bearer 1234',
}, db=self.db)
# Invalid code
self.assertRaises(HTTPUnauthorized, authorize_user, request)
access_code_id = self.db.access_codes.insert({
'code': '1234',
'user': '******',
}, safe=True)
request = testing.FakeRequest(headers={
'Authorization': 'Bearer 1234',
}, db=self.db)
# Invalid user
self.assertRaises(HTTPUnauthorized, authorize_user, request)
user_id = self.db.users.insert({
'username': '******',
}, safe=True)
self.db.access_codes.update({'_id': access_code_id}, {
'$set': {'user': user_id},
}, safe=True)
request = testing.FakeRequest(headers={
'Authorization': 'Bearer 1234',
}, db=self.db)
# Invalid user
authorized_user = authorize_user(request)
self.assertEqual(authorized_user['username'], 'user1')
def get(self):
user = authorize_user(self.request)
return list(self.passwords_manager.retrieve(user))
def get(self):
user = authorize_user(self.request)
return user
def get(self):
return authorize_user(self.request)