def test_verify_request_mixedcase_headers(self): issue_time = make_issue_time() request = make_request('Consumer', 'alice', issue_time) request.headers['X-Annotator-Consumer-Key'] = request.headers[ 'x-annotator-consumer-key'] assert auth.verify_request( request ), "request with mixed-case headers should have been verified"
def index(): uid = current_user_id() if uid: if not auth.verify_request(request): return _failed_auth_response() annotations = Annotation.search(_user_id=uid) else: annotations = Annotation.search() return jsonify(annotations)
def search_annotations(): kwargs = dict(request.args.items()) uid = current_user_id() if uid: if not auth.verify_request(request): return _failed_auth_response() results = Annotation.search(**kwargs) results = filter(lambda a: authz.authorize(a, 'read', uid), results) total = Annotation.count(**kwargs) return jsonify({ 'total': total, 'rows': results, })
def create_annotation(): # Only registered users can create annotations if not auth.verify_request(request): return _failed_auth_response() if request.json: annotation = Annotation(_filter_input(request.json)) annotation['consumer'] = request.headers[auth.HEADER_PREFIX + 'consumer-key'] annotation['user'] = request.headers[auth.HEADER_PREFIX + 'user-id'] annotation.save() return jsonify(annotation) else: return jsonify('No JSON payload sent. Annotation not created.', status=400)
def test_verify_request(self): expiryTime = iso8601('future') request = make_request('testAccount', 'alice', expiryTime) assert auth.verify_request(request), "request should have been verified"
def test_verify_request_mixedcase_headers(self): issueTime = iso8601('now') request = make_request('testConsumer', 'alice', issueTime) request.headers['X-Annotator-Consumer-Key'] = request.headers['x-annotator-consumer-key'] assert auth.verify_request(request), "request with mixed-case headers should have been verified"
def test_reject_request_missing_headers(self): issueTime = iso8601('now') request = make_request('testConsumer', 'alice', issueTime) del request.headers['x-annotator-consumer-key'] assert not auth.verify_request(request), "request missing consumerKey should have been rejected"
def test_verify_request(self): issueTime = iso8601('now') request = make_request('testConsumer', 'alice', issueTime) assert auth.verify_request(request), "request should have been verified"
def _check_action(annotation, action, uid): if not authz.authorize(annotation, action, uid): return _failed_authz_response() if uid and not auth.verify_request(request): return _failed_auth_response()
def test_reject_request_missing_headers(self): issue_time = make_issue_time() request = make_request('Consumer', 'alice', issue_time) del request.headers['x-annotator-consumer-key'] assert not auth.verify_request(request), "request missing consumer key should have been rejected"
def test_reject_request_missing_headers(self): expiryTime = iso8601('future') request = make_request('testAccount', 'alice', expiryTime) del request.headers['x-annotator-account-id'] assert not auth.verify_request(request), "request missing account_id should have been rejected"
def test_reject_request_missing_headers(self): issue_time = make_issue_time() request = make_request('Consumer', 'alice', issue_time) del request.headers['x-annotator-consumer-key'] assert not auth.verify_request( request), "request missing consumer key should have been rejected"
def test_verify_request(self): issue_time = make_issue_time() request = make_request('Consumer', 'alice', issue_time) assert auth.verify_request( request), "request should have been verified"
def test_verify_request_mixedcase_headers(self): expiryTime = iso8601('future') request = make_request('testAccount', 'alice', expiryTime) request.headers['X-Annotator-Account-Key'] = request.headers['x-annotator-account-id'] assert auth.verify_request(request), "request with mixed-case headers should have been verified"
def test_verify_request(self): issue_time = make_issue_time() request = make_request('Consumer', 'alice', issue_time) assert auth.verify_request(request), "request should have been verified"