def test_is_security_enabled(self):
     oldMethod = configuration._get_option_with_default;
     configuration._get_option_with_default = Mock()
     configuration._get_option_with_default.return_value = ' true '        
     assert(configuration.is_security_enabled())    
     configuration._get_option_with_default = Mock()    
     configuration._get_option_with_default.return_value = ' false '        
     assert not configuration.is_security_enabled()        
     configuration._get_option_with_default.return_value = ' blargh '
     assert(configuration.is_security_enabled())
     configuration._get_option_with_default = oldMethod
def _do_auth_check():
    """ checks the user's credential with what is in the config """        
    authorized = False
    allowed_ip = False
    ip = 'Unknown IP' 
    pretty_now_datetime = misc_utils.timestamp_to_datetime(time.time()).strftime("%c")   
    enviroment_list = request.environ
    
    if enviroment_list.get('REMOTE_ADDR') is not None:
        ip = enviroment_list.get('REMOTE_ADDR')
    if enviroment_list.get('REMOTE_ADDR') is None:        
        allowed_ip = configuration.is_ip_allowed(ip) | (ip == 'Unknown IP')    
    if not configuration.is_security_enabled(): 
        authorized = True
    elif request.auth is not None:        
        user, password = request.auth
        allowed_ip = configuration.is_ip_allowed(ip)        
        # print user + '==' + configuration.web_user() + ':' + str(user == configuration.web_user())
        # print password + '==' + configuration.web_pwd() + ':' + str(password == configuration.web_pwd())
        if (user == configuration.web_user()) & (password == configuration.web_pwd()) & (allowed_ip):    
            authorized = True    
    if authorized:
        # disabled due to spam! need  to find a smarter way for this
        #_log_and_print_security_message(pretty_now_datetime + ': Address [' + ip + '] accessed the API')
        return  # all good
    else:       
        message = pretty_now_datetime + ': Unauthorized access from [' + ip + ']'         
        if (user is not None) | (password is not None):
            message = message + ' with credentials ' + user + ':' + password
        if not allowed_ip:
            message = message + '. Reason: User was blocked due to IP restriction.'
        elif not authorized:
            message = message + '. Reason: Credentials were wrong.'
        _log_and_print_security_message(message)
        if (not authorized) | (not allowed_ip): emailer.escalate("Unauthorized access", message)
        abort(401, "This method requires basic authentication")