def test_general_api_security(self):
##TODO: Add General API security test
"""This Tests the API security that is checked before all POST and GET request"""
get_return = self.app.get('/api/client_view',
headers={'API_KEY': 'api_key', 'Client_ID': 'testuser'})
assert 'Failure": "Incorrect API Key' in get_return.data
api_key = self.post_info()
get_return = self.app.get('/api/client_view',
headers={'API_KEY': api_key[0], 'Client_ID': 'fakeuser'})
assert 'Failure": "Invaild User' in get_return.data
user = User.query.filter_by(Client_id="testuser2").first()
get_return = self.app.get('/api/client_view',
headers={'API_KEY': user.api_key, 'Client_ID': 'testuser2'})
assert 'Failure": "Incorrect IP for Client, Please Re-login in' in get_return.data
signer = TimestampSigner(SECRET_KEY)
time.sleep(1)
try:
signer.unsign(api_key, max_age=1)
raise
except:
pass
评论列表
文章目录