我刚刚写了一些检查的身份验证

>如果消费者主机被识别
>请求包括哈希(通过加密POST的请求内容和GET的URL以及秘密API密钥计算)和
>哈希值有效

我希望能够为此编写一些单元测试,但我不确定如何因为我的函数使用请求对象.我应该嘲笑请求对象吗？

我会喜欢这方面的建议.

配置

API_CONSUMERS = [{'name': 'localhost','host': '12.0.0.1:5000','api_key': 'Ahth2ea5Ohngoop5'},{'name': 'localhost2','host': '127.0.0.1:5001','api_key': 'Ahth2ea5Ohngoop6'}]

验证方法

import hashlib
from flask import request
 
 
def is_authenticated(app):
    """
    Checks that the consumers host is valid,the request has a hash and the
    hash is the same when we excrypt the data with that hosts api key
 
    Arguments:
    app -- instance of the application
    """
    consumers = app.config.get('API_CONSUMERS')
    host = request.host
 
    try:
        api_key = next(d['api_key'] for d in consumers if d['host'] == host)
    except StopIteration:
        app.logger.info('Authentication Failed: Unknown Host (' + host + ')')
        return False
 
    if not request.headers.get('hash'):
        app.logger.info('Authentication Failed: Missing Hash (' + host + ')')
        return False
 
    if request.method == 'GET':
        hash = calculate_hash_from_url(api_key)
    elif request.method == 'POST':
        hash = calculate_hash_from_content(api_key)
 
    if hash != request.headers.get('hash'):
        app.logger.info('Authentication Failed: Hash Mismatch (' + host + ')')
        return False
    return True
 
 
def calculate_hash_from_url(api_key):
    """
    Calculates the hash using the url and that hosts api key
 
    Arguments:
    api_key -- api key for this host
    """
    data_to_hash = request.base_url + '?' + request.query_string
    data_to_hash += api_key
    return hashlib.sha1(request_uri).hexdigest()
 
 
def calculate_hash_from_content(api_key):
    """
    Calculates the hash using the request data and that hosts api key
 
    Arguments:
    api_key -- api key for this host
    """
    data_to_hash = request.data
    data_to_hash += api_key
    return hashlib.sha1(data_to_hash).hexdigest()