diff --git a/app/__init__.py b/app/__init__.py index 841580e1f..2b4f8416f 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -2,7 +2,6 @@ import os import re import dateutil -import datetime import urllib from flask import ( Flask, @@ -16,10 +15,10 @@ from flask import ( from flask._compat import string_types from flask_login import LoginManager from flask_wtf import CsrfProtect -from notifications_python_client import HTTPError +from notifications_python_client.errors import HTTPError from pygments import highlight -from pygments.lexers import JavascriptLexer -from pygments.formatters import HtmlFormatter +from pygments.formatters.html import HtmlFormatter +from pygments.lexers.javascript import JavascriptLexer from werkzeug.exceptions import abort from app.notify_client.api_client import ServiceAPIClient diff --git a/app/main/views/invites.py b/app/main/views/invites.py index 19fa49c8a..3d9544b8e 100644 --- a/app/main/views/invites.py +++ b/app/main/views/invites.py @@ -7,9 +7,6 @@ from flask import ( abort ) - -from notifications_python_client.errors import HTTPError - from app.main import main from app import ( diff --git a/app/main/views/manage_users.py b/app/main/views/manage_users.py index eecaab1e2..7f2e1e2fc 100644 --- a/app/main/views/manage_users.py +++ b/app/main/views/manage_users.py @@ -14,7 +14,7 @@ from flask_login import ( current_user ) -from notifications_python_client import HTTPError +from notifications_python_client.errors import HTTPError from app.main import main from app.main.forms import ( InviteUserForm, diff --git a/app/main/views/service_settings.py b/app/main/views/service_settings.py index a86b45ce4..ef8cb6f95 100644 --- a/app/main/views/service_settings.py +++ b/app/main/views/service_settings.py @@ -11,7 +11,7 @@ from flask_login import ( login_required, current_user ) -from notifications_python_client import HTTPError +from notifications_python_client.errors import HTTPError from app import service_api_client from app.main import main diff --git a/app/main/views/verify.py b/app/main/views/verify.py index 75c94c09c..e4929d4d6 100644 --- a/app/main/views/verify.py +++ b/app/main/views/verify.py @@ -14,7 +14,6 @@ from itsdangerous import SignatureExpired from flask_login import login_user -from notifications_python_client.errors import HTTPError from notifications_utils.url_safe_token import check_token from app.main import main diff --git a/app/status/views/healthcheck.py b/app/status/views/healthcheck.py index 24ba722e6..4d5515d57 100644 --- a/app/status/views/healthcheck.py +++ b/app/status/views/healthcheck.py @@ -1,7 +1,7 @@ from flask import jsonify, request from app import (version, status_api_client) from app.status import status -from notifications_python_client import HTTPError +from notifications_python_client.errors import HTTPError @status.route('/_status', methods=['GET']) diff --git a/app/templates/views/documentation.html b/app/templates/views/documentation.html index 9302ca79a..60bcf046d 100644 --- a/app/templates/views/documentation.html +++ b/app/templates/views/documentation.html @@ -48,26 +48,10 @@ { iss: 'string', // service id iat: 0, // creation time in epoch seconds (UTC) - req: 'string', // signed request - pay: 'string', // signed payload (POST requests only) } """|syntax_highlight_json}}
-

Notify API tokens sign both the request being made, and for POST requests, the payload.

- -

- The signing algorithm is HMAC signature, using provided key SHA256 hashing algorithm. -

- -

Request signing is of the form HTTP METHOD PATH.

- - {{ "GET /notification/1234"|syntax_highlight_json }} - -

- -

Payload signing requires the actual payload to be signed, NOT the JSON object. Serialize the object first - then sign the serialized object.

API endpoints diff --git a/docs/index.md b/docs/index.md index 2f20182a0..12b1376c8 100644 --- a/docs/index.md +++ b/docs/index.md @@ -75,8 +75,6 @@ For examples of how to encode and decode JSON Web Tokens, see [authentication.py A JSON Web Token contains, in encrypted format: * your service ID - identifies your service * your API key (in JSON Web Token terms this is called the client ID) - used to sign tokens during requests for API resources -* an indication of what you're trying to do - GET, POST, etc. -* the endpoint you're trying to access Use the [GOV.UK Notify](https://www.notifications.service.gov.uk/) web application to find your service ID and create API keys. @@ -100,24 +98,11 @@ GOV.UK Notify application-specific claims: { iss: 'string', // service id iat: 0, // creation time in epoch seconds (UTC) - req: 'string', // signed request - pay: 'string', // signed payload (POST requests only) } ``` -The GOV.UK Notify API tokens sign the: -* request being made -* payload (for POST requests) - The signing algorithm is the HMAC signature, using the provided key SHA256 hashing algorithm. -Request signing is of the form HTTP METHOD PATH: -``` -GET /notification/1234 -``` - -Payload signing requires the actual payload to be signed, not the JSON object. Make sure you serialize the object first, then sign the serialized object. - API client libraries --------------------- diff --git a/requirements.txt b/requirements.txt index 9a260032b..c1383edab 100644 --- a/requirements.txt +++ b/requirements.txt @@ -12,6 +12,6 @@ credstash==1.8.0 boto3==1.2.3 Pygments==2.0.2 -git+https://github.com/alphagov/notifications-python-client.git@0.3.1#egg=notifications-python-client==0.3.1 +git+https://github.com/alphagov/notifications-python-client.git@0.5.0#egg=notifications-python-client==0.5.0 git+https://github.com/alphagov/notifications-utils.git@4.1.3#egg=notifications-utils==4.1.3