From the course: Secure Coding in Python

Unlock this course with a free trial

Join today to access over 25,500 courses taught by industry experts.

Solution: Secure the endpoint

Solution: Secure the endpoint - Python Tutorial

From the course: Secure Coding in Python

Start my 1-month free trial Buy for my team

Solution: Secure the endpoint

The goal of our challenge was to secure an API endpoint and make sure that it runs predictably, regardless of whether we run it in optimized mode or not. Now, here I am in Views. py, and here I have assertions, and assertions are ignored by optimized mode. So the way I can fix this is to delete this try right here. And instead of assert, I can say if, this can also go, user. is_authenticated is true. And then I have this indentation right here, which means that success will equal true. Here I could add an else as well, or I could just return this response, and that's a matter of preference. So for this one, I'm just going to add an else. So we have eliminated our assertion. And let's go ahead and check this with pipenv run python -O vulnerable_server. And I'll open this in my browser. And success is false, since I'm not authenticated. And I also want to make sure that I didn't break anything, that I didn't introduce a regression. And this is where testing goes a long way. I'm going to…

Contents