def test_token(self):
authz = Authz.from_role(self.admin)
token = authz.to_token()
with self.assertRaises(Unauthorized):
Authz.from_token("banana")
sauthz = Authz.from_token(token)
assert sauthz.id == authz.id
def test_scope(self):
authz = Authz.from_role(self.admin)
token = authz.to_token(scope="/bla")
with self.assertRaises(Unauthorized):
Authz.from_token(token)
with self.assertRaises(Unauthorized):
Authz.from_token(token, scope="/blubb")
sauthz = Authz.from_token(token, scope="/bla")
assert sauthz.id == authz.id
assert abs(sauthz.expire - authz.expire) < timedelta(seconds=2)
assert sauthz.expire > datetime.utcnow()
def _get_credential_authz(credential):
if credential is None or not len(credential):
return
if " " in credential:
method, credential = credential.split(" ", 1)
if method == "Token":
return Authz.from_token(credential)
role = Role.by_api_key(credential)
if role is not None:
return Authz.from_role(role=role)
def _get_credential_authz(credential):
if credential is None or not len(credential):
return
if ' ' in credential:
mechanism, credential = credential.split(' ', 1)
authz = Authz.from_token(credential, scope=request.path)
if authz is not None:
return authz
role = Role.by_api_key(credential)
if role is not None:
return Authz.from_role(role=role)
