def authorize(self, request, *args, **kwargs):
try:
obj = super(SuperAppKeyProvider, self).authorize(request, *args, **kwargs)
if isinstance(obj, AuthenticationError):
return obj
obj = verify_request(request, "signature")
return obj
except AuthenticationError as ae:
return ae
except Exception as e:
return AuthenticationError(error_code=500, message="General error")
def testCorrectlySignedAuthVerifySignature(self):
a = Application()
a.id = "test_id"
a.client_secret = "test_secret"
parameters = OrderedDict()
parameters['test_param_1'] = random.randint(0,100)
parameters['test_param_2'] = ''.join(random.choice(string.ascii_uppercase + string.digits) for x in range(10))
parameters['signature'] = self.__build_signature(a.id, a.client_secret, parameters)
r = RequestFactory().get("/test", data=parameters)
self.assertEqual(a, verify_request(r, a)) # this is a valid request so the app should come back
def testIncorrectlySignedAuthVerifySignature(self):
a = Application()
a.id = "test_id"
a.client_secret = "test_secret"
parameters = OrderedDict({
"test_param_1": random.randint(0,100),
"test_param_2": ''.join(random.choice(string.ascii_uppercase + string.digits) for x in range(10))
})
parameters['signature'] = self.__build_signature(a.id, "bad_secret", parameters)
r = RequestFactory().get("/test", parameters)
# this throws an error since it isn't a valid signature
self.assertRaises(AuthenticationError, lambda: verify_request(r, a))