I have a Flask app that is using Flask-Restless to serve an API.
I have just written some authentication that checks
- If the consumers host is recognised
- The request includes a hash (calculated by encrypting the request content for POST and URL for GET along with a secret API key) and
- The hash is valid
I want to be able to write some unit tests for this, but I'm not sure how because my functions use the request object. Should I be mocking the request object?
Would love some advice on this.
Config
API_CONSUMERS = [{'name': 'localhost','host': '12.0.0.1:5000','api_key': 'Ahth2ea5Ohngoop5'},{'name': 'localhost2','host': '127.0.0.1:5001','api_key': 'Ahth2ea5Ohngoop6'}]
Authentication methods
import hashlib
from flask import requestdef is_authenticated(app):"""Checks that the consumers host is valid, the request has a hash and thehash is the same when we excrypt the data with that hosts api keyArguments:app -- instance of the application"""consumers = app.config.get('API_CONSUMERS')host = request.hosttry:api_key = next(d['api_key'] for d in consumers if d['host'] == host)except StopIteration:app.logger.info('Authentication failed: Unknown Host (' + host + ')')return Falseif not request.headers.get('hash'):app.logger.info('Authentication failed: Missing Hash (' + host + ')')return Falseif request.method == 'GET':hash = calculate_hash_from_url(api_key)elif request.method == 'POST':hash = calculate_hash_from_content(api_key)if hash != request.headers.get('hash'):app.logger.info('Authentication failed: Hash Mismatch (' + host + ')')return Falsereturn Truedef calculate_hash_from_url(api_key):"""Calculates the hash using the url and that hosts api keyArguments:api_key -- api key for this host"""data_to_hash = request.base_url + '?' + request.query_stringdata_to_hash += api_keyreturn hashlib.sha1(request_uri).hexdigest()def calculate_hash_from_content(api_key):"""Calculates the hash using the request data and that hosts api keyArguments:api_key -- api key for this host"""data_to_hash = request.datadata_to_hash += api_keyreturn hashlib.sha1(data_to_hash).hexdigest()