def delete_list(self, object_list, bundle): """ Returns a list of all the objects a user is allowed to delete. """ if is_access_token_valid(bundle.request): return object_list raise Unauthorized
def update_detail(self, object_list, bundle): """ Returns either ``True`` if the user is allowed to update the object in question or throw ``Unauthorized`` if they are not. """ if is_access_token_valid(bundle.request): return True raise Unauthorized
def test_bearer_token_success(self): """ Authorization header contains valid access token """ response = Response() validation.requests.get = Mock(return_value=response) request = Request(META={'HTTP_AUTHORIZATION': 'Bearer foo'}) self.assertTrue(validation.is_access_token_valid(request))
def test_query_string_token_success(self): """ Query string contains valid access token """ response = Response() validation.requests.get = Mock(return_value=response) request = Request(GET={'access_token': 'foo'}) self.assertTrue(validation.is_access_token_valid(request))
def test_non_json_response(self): """ OIC server returns non-JSON response """ response = Response(text='bar') validation.requests.get = Mock(return_value=response) request = Request(GET={'access_token': 'foo'}) self.assertFalse(validation.is_access_token_valid(request))
def test_missing_response_field(self): """ OIC server is missing the "expiration" field """ response = Response(text='{"user_id":"id3oicserver"}') validation.requests.get = Mock(return_value=response) request = Request(GET={'access_token': 'foo'}) self.assertFalse(validation.is_access_token_valid(request))
def test_token_expired(self): """ OIC server reports a token expiration date in the past """ response = Response(text=RESP_EXP) validation.requests.get = Mock(return_value=response) request = Request(GET={'access_token': 'foo'}) self.assertFalse(validation.is_access_token_valid(request))
def test_bad_status_code(self): """ OIC server returns a non-2xx status code """ response = Response(status_code=500) validation.requests.get = Mock(return_value=response) request = Request(GET={'access_token': 'foo'}) self.assertFalse(validation.is_access_token_valid(request))
def test_missing_query_string_token(self): """ Blank access token in the query string """ request = Request(GET={'access_token': ''}) self.assertFalse(validation.is_access_token_valid(request))
def test_missing_token(self): """ No token in the request """ request = Request() self.assertFalse(validation.is_access_token_valid(request))
def test_missing_bearer_token_2(self): """ Blank access token in the Authorization header """ request = Request(META={'HTTP_AUTHORIZATION': 'Bearer'}) self.assertFalse(validation.is_access_token_valid(request))
def wrapper(request, *args, **kwargs): if is_access_token_valid(request): return f(request, *args, **kwargs) return HttpResponse(status=401)
def is_authorized(self, request, object=None): """ Returns ``True`` if the access token is valid and ``False`` otherwise. """ return is_access_token_valid(request)