def delete_list(self, object_list, bundle):
"""
Returns a list of all the objects a user is allowed to delete.
"""
if is_access_token_valid(bundle.request):
return object_list
raise Unauthorized
def update_detail(self, object_list, bundle):
"""
Returns either ``True`` if the user is allowed to update the object in
question or throw ``Unauthorized`` if they are not.
"""
if is_access_token_valid(bundle.request):
return True
raise Unauthorized
def test_bearer_token_success(self):
"""
Authorization header contains valid access token
"""
response = Response()
validation.requests.get = Mock(return_value=response)
request = Request(META={'HTTP_AUTHORIZATION': 'Bearer foo'})
self.assertTrue(validation.is_access_token_valid(request))
def test_query_string_token_success(self):
"""
Query string contains valid access token
"""
response = Response()
validation.requests.get = Mock(return_value=response)
request = Request(GET={'access_token': 'foo'})
self.assertTrue(validation.is_access_token_valid(request))
def test_non_json_response(self):
"""
OIC server returns non-JSON response
"""
response = Response(text='bar')
validation.requests.get = Mock(return_value=response)
request = Request(GET={'access_token': 'foo'})
self.assertFalse(validation.is_access_token_valid(request))
def test_missing_response_field(self):
"""
OIC server is missing the "expiration" field
"""
response = Response(text='{"user_id":"id3oicserver"}')
validation.requests.get = Mock(return_value=response)
request = Request(GET={'access_token': 'foo'})
self.assertFalse(validation.is_access_token_valid(request))
def test_token_expired(self):
"""
OIC server reports a token expiration date in the past
"""
response = Response(text=RESP_EXP)
validation.requests.get = Mock(return_value=response)
request = Request(GET={'access_token': 'foo'})
self.assertFalse(validation.is_access_token_valid(request))
def test_bad_status_code(self):
"""
OIC server returns a non-2xx status code
"""
response = Response(status_code=500)
validation.requests.get = Mock(return_value=response)
request = Request(GET={'access_token': 'foo'})
self.assertFalse(validation.is_access_token_valid(request))
def test_missing_query_string_token(self):
"""
Blank access token in the query string
"""
request = Request(GET={'access_token': ''})
self.assertFalse(validation.is_access_token_valid(request))
def test_missing_token(self):
"""
No token in the request
"""
request = Request()
self.assertFalse(validation.is_access_token_valid(request))
def test_missing_bearer_token_2(self):
"""
Blank access token in the Authorization header
"""
request = Request(META={'HTTP_AUTHORIZATION': 'Bearer'})
self.assertFalse(validation.is_access_token_valid(request))
def wrapper(request, *args, **kwargs):
if is_access_token_valid(request):
return f(request, *args, **kwargs)
return HttpResponse(status=401)
def is_authorized(self, request, object=None):
"""
Returns ``True`` if the access token is valid and ``False`` otherwise.
"""
return is_access_token_valid(request)
