def test_signing_url(dummy_user):
dummy_user.signing_secret = 'sixtyten'
url = signed_url_for(dummy_user,
'users.user_dashboard',
url_params={'user_id': '70'})
assert url == '/user/70/dashboard/?token=6bO-FgjAvYPiZ8Uft5_DmOC4Oow'
url = signed_url_for(dummy_user,
'users.user_dashboard',
url_params={'user_id': '71'},
q='roygbiv')
assert url == '/user/71/dashboard/?q=roygbiv&token=YNgcXP02LpIYCWMAN80xXg6l6jM'
def test_full_urls(dummy_user):
dummy_user.signing_secret = 'aquarius'
url = signed_url_for(dummy_user, 'users.user_dashboard', url_params={'user_id': '71'}, _external=True)
assert url == 'http://localhost/user/71/dashboard/?token=OsONJbxTpPzUYtSxgykZP7NZUHg'
assert is_signed_url_valid(dummy_user, url)
# the hostname part, etc... shouldn't be included in the signature
assert is_signed_url_valid(dummy_user, 'http://indico.test/user/71/dashboard/?token=OsONJbxTpPzUYtSxgykZP7NZUHg')
def _process(self):
endpoint = request.json.get('endpoint')
if not endpoint:
raise BadRequest
# filter out non-standard args
url_params = request.json.get('url_params', {})
url_params = {k: v for k, v in url_params.viewitems() if not k.startswith('_')}
query_params = request.json.get('query_params', {})
query_params = {k: v for k, v in query_params.viewitems() if not k.startswith('_')}
url = signed_url_for(session.user, endpoint, url_params=url_params, _external=True, **query_params)
Logger.get('url_signing').info("%s signed URL for endpoint '%s' (%s)", session.user, endpoint, url)
return jsonify(url=url)