summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars Wirzenius <liw@liw.fi>2018-10-27 10:37:28 +0300
committerLars Wirzenius <liw@liw.fi>2018-10-27 10:37:28 +0300
commitcc2d1b21e67643e237d968793d31b7b9437a1640 (patch)
tree538e35e25bbec03167063f7cfda2679e2232676c
parent7ed16628456d3c9946e4288bacda7a4195b61730 (diff)
downloadmuck-poc-cc2d1b21e67643e237d968793d31b7b9437a1640.tar.gz
Change: require method for authz
-rw-r--r--muck/authz.py5
-rw-r--r--muck/authz_tests.py10
-rw-r--r--muck/request.py2
-rw-r--r--muck/request_tests.py2
4 files changed, 13 insertions, 6 deletions
diff --git a/muck/authz.py b/muck/authz.py
index c48294c..a9d5dda 100644
--- a/muck/authz.py
+++ b/muck/authz.py
@@ -21,7 +21,10 @@ class AuthorizationChecker:
def __init__(self, signing_key_text):
self._tc = muck.TokenChecker(signing_key_text.strip().encode('ascii'))
- def request_is_allowed(self, r, required_scopes):
+ def request_is_allowed(self, r, required_method, required_scopes):
+ if r.get_method() != required_method:
+ return False
+
token = self._get_token(r)
if token is None:
return False
diff --git a/muck/authz_tests.py b/muck/authz_tests.py
index 0128c6b..fffb96b 100644
--- a/muck/authz_tests.py
+++ b/muck/authz_tests.py
@@ -39,12 +39,16 @@ class AuthorizationCheckerTests(unittest.TestCase):
def test_denies_if_token_parsing_fails(self):
r = muck.Request(method='GET')
- self.assertFalse(self.ac.request_is_allowed(r, []))
+ self.assertFalse(self.ac.request_is_allowed(r, 'GET', []))
def test_denies_if_token_lacks_required_scope(self):
r = self.create_request([])
- self.assertFalse(self.ac.request_is_allowed(r, ['foo']))
+ self.assertFalse(self.ac.request_is_allowed(r, 'GET', ['foo']))
+
+ def test_denies_if_method_is_wrong(self):
+ r = self.create_request(['foo'])
+ self.assertFalse(self.ac.request_is_allowed(r, 'DELETE', ['foo']))
def test_allows_for_acceptable_request(self):
r = self.create_request(['foo'])
- self.assertTrue(self.ac.request_is_allowed(r, ['foo']))
+ self.assertTrue(self.ac.request_is_allowed(r, 'GET', ['foo']))
diff --git a/muck/request.py b/muck/request.py
index 4f0e86c..f6e406e 100644
--- a/muck/request.py
+++ b/muck/request.py
@@ -20,7 +20,7 @@ class Request:
self._method = method
self._headers = {}
- def method(self):
+ def get_method(self):
return self._method
def add_headers(self, headers):
diff --git a/muck/request_tests.py b/muck/request_tests.py
index 7151d67..7de2393 100644
--- a/muck/request_tests.py
+++ b/muck/request_tests.py
@@ -26,7 +26,7 @@ class RequestTests(unittest.TestCase):
def test_has_method(self):
r = muck.Request(method='GET')
- self.assertEqual(r.method(), 'GET')
+ self.assertEqual(r.get_method(), 'GET')
def test_returns_authorization_header(self):
r = muck.Request(method='GET')