tests/app/dao/test_api_key_dao.py

from datetime import datetime

from pytest import fail
from sqlalchemy.orm.exc import NoResultFound

from app.dao.api_key_dao import (save_model_api_key,
                                 get_model_api_keys,
                                 get_unsigned_secrets,
                                 get_unsigned_secret,
                                 _generate_secret,
                                 _get_secret, expire_api_key)
from app.models import ApiKey


def test_secret_is_signed_and_can_be_read_again(notify_api, mocker):
    with notify_api.test_request_context():
        mocker.patch("uuid.uuid4", return_value='some_uuid')
        signed_secret = _generate_secret()
        assert 'some_uuid' == _get_secret(signed_secret)
        assert signed_secret != 'some_uuid'


def test_save_api_key_should_create_new_api_key_and_history(notify_api,
                                                            notify_db,
                                                            notify_db_session,
                                                            sample_service):
    api_key = ApiKey(**{'service': sample_service,
                        'name': sample_service.name,
                        'created_by': sample_service.created_by})
    save_model_api_key(api_key)

    all_api_keys = get_model_api_keys(service_id=sample_service.id)
    assert len(all_api_keys) == 1
    assert all_api_keys[0] == api_key
    assert api_key.version == 1

    all_history = api_key.get_history_model().query.all()
    assert len(all_history) == 1
    assert all_history[0].id == api_key.id
    assert all_history[0].version == api_key.version


def test_expire_api_key_should_update_the_api_key_and_create_history_record(notify_api,
                                                                            notify_db,
                                                                            notify_db_session,
                                                                            sample_api_key):
    expire_api_key(service_id=sample_api_key.service_id, api_key_id=sample_api_key.id)
    all_api_keys = get_model_api_keys(service_id=sample_api_key.service_id)
    assert len(all_api_keys) == 1
    assert all_api_keys[0].expiry_date <= datetime.utcnow()
    assert all_api_keys[0].secret == sample_api_key.secret
    assert all_api_keys[0].id == sample_api_key.id
    assert all_api_keys[0].service_id == sample_api_key.service_id

    all_history = sample_api_key.get_history_model().query.all()
    assert len(all_history) == 2
    assert all_history[0].id == sample_api_key.id
    assert all_history[1].id == sample_api_key.id
    sorted_all_history = sorted(all_history, key=lambda hist: hist.version)
    sorted_all_history[0].version = 1
    sorted_all_history[1].version = 2


def test_get_api_key_should_raise_exception_when_api_key_does_not_exist(notify_api,
                                                                        notify_db,
                                                                        notify_db_session,
                                                                        sample_service,
                                                                        fake_uuid):
    try:
        get_model_api_keys(sample_service.id, id=fake_uuid)
        fail("Should have thrown a NoResultFound exception")
    except NoResultFound:
        pass


def test_should_return_api_key_for_service(notify_api, notify_db, notify_db_session, sample_api_key):
    api_key = get_model_api_keys(service_id=sample_api_key.service_id, id=sample_api_key.id)
    assert api_key == sample_api_key


def test_should_return_unsigned_api_keys_for_service_id(notify_api,
                                                        notify_db,
                                                        notify_db_session,
                                                        sample_api_key):
    unsigned_api_key = get_unsigned_secrets(sample_api_key.service_id)
    assert len(unsigned_api_key) == 1
    assert sample_api_key.secret != unsigned_api_key[0]
    assert unsigned_api_key[0] == _get_secret(sample_api_key.secret)


def test_get_unsigned_secret_returns_key(notify_api,
                                         notify_db,
                                         notify_db_session,
                                         sample_api_key):
    unsigned_api_key = get_unsigned_secret(sample_api_key.id)
    assert sample_api_key.secret != unsigned_api_key
    assert unsigned_api_key == _get_secret(sample_api_key.secret)


def test_should_not_allow_duplicate_key_names_per_service(notify_api,
                                                          notify_db,
                                                          notify_db_session,
                                                          sample_api_key,
                                                          fake_uuid):
    api_key = ApiKey(**{'id': fake_uuid,
                        'service': sample_api_key.service,
                        'name': sample_api_key.name,
                        'created_by': sample_api_key.created_by})
    try:
        save_model_api_key(api_key)
        fail("should throw IntegrityError")
    except:
        pass


def test_save_api_key_should_not_create_new_service_history(notify_api, notify_db, notify_db_session, sample_service):

    from app.models import Service

    assert Service.query.count() == 1
    assert Service.get_history_model().query.count() == 1

    api_key = ApiKey(**{'service': sample_service,
                        'name': sample_service.name,
                        'created_by': sample_service.created_by})
    save_model_api_key(api_key)

    assert Service.get_history_model().query.count() == 1
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`from datetime import datetime`

			`from pytest import fail`
			`from sqlalchemy.orm.exc import NoResultFound`

			`from app.dao.api_key_dao import (save_model_api_key,`
			`get_model_api_keys,`
Allow for multiple api keys for a service. 2016-01-19 18:25:21 +00:00			`get_unsigned_secrets,`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`get_unsigned_secret,`
			`_generate_secret,`
Refactor the api_key_dao. The only update we should be doing to an api key is to expire/revoke the api key. Removed the update_dict from the the save method. Added an expire_api_key method that only updates the api key with an expiry date. 2016-06-22 15:27:28 +01:00			`_get_secret, expire_api_key)`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`from app.models import ApiKey`


Refactor the api_key_dao. The only update we should be doing to an api key is to expire/revoke the api key. Removed the update_dict from the the save method. Added an expire_api_key method that only updates the api key with an expiry date. 2016-06-22 15:27:28 +01:00			`def test_secret_is_signed_and_can_be_read_again(notify_api, mocker):`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`with notify_api.test_request_context():`
Refactor the api_key_dao. The only update we should be doing to an api key is to expire/revoke the api key. Removed the update_dict from the the save method. Added an expire_api_key method that only updates the api key with an expiry date. 2016-06-22 15:27:28 +01:00			`mocker.patch("uuid.uuid4", return_value='some_uuid')`
			`signed_secret = _generate_secret()`
			`assert 'some_uuid' == _get_secret(signed_secret)`
			`assert signed_secret != 'some_uuid'`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00

Added functionality to archive a template. Renamed migration file. 2016-04-25 16:28:08 +01:00			`def test_save_api_key_should_create_new_api_key_and_history(notify_api,`
			`notify_db,`
			`notify_db_session,`
			`sample_service):`
Added version history to api keys. This needed a bit of change to create history to handle foreign keys better. There may yet be a better way of doing this that I have not found yet in sqlalchemy docs. 2016-04-20 17:25:20 +01:00			`api_key = ApiKey(**{'service': sample_service,`
			`'name': sample_service.name,`
			`'created_by': sample_service.created_by})`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`save_model_api_key(api_key)`

Update api-key/revoke endpoint to expire the key for the service. Previously we assumed there was only one api key that was valid. 2016-01-20 14:48:44 +00:00			`all_api_keys = get_model_api_keys(service_id=sample_service.id)`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`assert len(all_api_keys) == 1`
			`assert all_api_keys[0] == api_key`
Added version history to api keys. This needed a bit of change to create history to handle foreign keys better. There may yet be a better way of doing this that I have not found yet in sqlalchemy docs. 2016-04-20 17:25:20 +01:00			`assert api_key.version == 1`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00
Added version history to api keys. This needed a bit of change to create history to handle foreign keys better. There may yet be a better way of doing this that I have not found yet in sqlalchemy docs. 2016-04-20 17:25:20 +01:00			`all_history = api_key.get_history_model().query.all()`
			`assert len(all_history) == 1`
			`assert all_history[0].id == api_key.id`
			`assert all_history[0].version == api_key.version`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00
Added version history to api keys. This needed a bit of change to create history to handle foreign keys better. There may yet be a better way of doing this that I have not found yet in sqlalchemy docs. 2016-04-20 17:25:20 +01:00
			`def test_expire_api_key_should_update_the_api_key_and_create_history_record(notify_api,`
			`notify_db,`
			`notify_db_session,`
			`sample_api_key):`
Refactor the api_key_dao. The only update we should be doing to an api key is to expire/revoke the api key. Removed the update_dict from the the save method. Added an expire_api_key method that only updates the api key with an expiry date. 2016-06-22 15:27:28 +01:00			`expire_api_key(service_id=sample_api_key.service_id, api_key_id=sample_api_key.id)`
Update api-key/revoke endpoint to expire the key for the service. Previously we assumed there was only one api key that was valid. 2016-01-20 14:48:44 +00:00			`all_api_keys = get_model_api_keys(service_id=sample_api_key.service_id)`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`assert len(all_api_keys) == 1`
Refactor the api_key_dao. The only update we should be doing to an api key is to expire/revoke the api key. Removed the update_dict from the the save method. Added an expire_api_key method that only updates the api key with an expiry date. 2016-06-22 15:27:28 +01:00			`assert all_api_keys[0].expiry_date <= datetime.utcnow()`
			`assert all_api_keys[0].secret == sample_api_key.secret`
			`assert all_api_keys[0].id == sample_api_key.id`
			`assert all_api_keys[0].service_id == sample_api_key.service_id`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00
Refactor the api_key_dao. The only update we should be doing to an api key is to expire/revoke the api key. Removed the update_dict from the the save method. Added an expire_api_key method that only updates the api key with an expiry date. 2016-06-22 15:27:28 +01:00			`all_history = sample_api_key.get_history_model().query.all()`
Added version history to api keys. This needed a bit of change to create history to handle foreign keys better. There may yet be a better way of doing this that I have not found yet in sqlalchemy docs. 2016-04-20 17:25:20 +01:00			`assert len(all_history) == 2`
Refactor the api_key_dao. The only update we should be doing to an api key is to expire/revoke the api key. Removed the update_dict from the the save method. Added an expire_api_key method that only updates the api key with an expiry date. 2016-06-22 15:27:28 +01:00			`assert all_history[0].id == sample_api_key.id`
			`assert all_history[1].id == sample_api_key.id`
Added version history to api keys. This needed a bit of change to create history to handle foreign keys better. There may yet be a better way of doing this that I have not found yet in sqlalchemy docs. 2016-04-20 17:25:20 +01:00			`sorted_all_history = sorted(all_history, key=lambda hist: hist.version)`
			`sorted_all_history[0].version = 1`
			`sorted_all_history[1].version = 2`

Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00
Rebased migrations, all tests working. 2016-04-08 13:34:46 +01:00			`def test_get_api_key_should_raise_exception_when_api_key_does_not_exist(notify_api,`
			`notify_db,`
			`notify_db_session,`
			`sample_service,`
			`fake_uuid):`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`try:`
Rebased migrations, all tests working. 2016-04-08 13:34:46 +01:00			`get_model_api_keys(sample_service.id, id=fake_uuid)`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`fail("Should have thrown a NoResultFound exception")`
			`except NoResultFound:`
			`pass`


			`def test_should_return_api_key_for_service(notify_api, notify_db, notify_db_session, sample_api_key):`
Update api-key/revoke endpoint to expire the key for the service. Previously we assumed there was only one api key that was valid. 2016-01-20 14:48:44 +00:00			`api_key = get_model_api_keys(service_id=sample_api_key.service_id, id=sample_api_key.id)`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`assert api_key == sample_api_key`


Allow for multiple api keys for a service. 2016-01-19 18:25:21 +00:00			`def test_should_return_unsigned_api_keys_for_service_id(notify_api,`
			`notify_db,`
			`notify_db_session,`
			`sample_api_key):`
			`unsigned_api_key = get_unsigned_secrets(sample_api_key.service_id)`
			`assert len(unsigned_api_key) == 1`
			`assert sample_api_key.secret != unsigned_api_key[0]`
			`assert unsigned_api_key[0] == _get_secret(sample_api_key.secret)`


			`def test_get_unsigned_secret_returns_key(notify_api,`
			`notify_db,`
			`notify_db_session,`
			`sample_api_key):`
			`unsigned_api_key = get_unsigned_secret(sample_api_key.id)`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`assert sample_api_key.secret != unsigned_api_key`
			`assert unsigned_api_key == _get_secret(sample_api_key.secret)`
Add unique constraint for api_key on service_id and name 2016-01-21 16:53:53 +00:00

			`def test_should_not_allow_duplicate_key_names_per_service(notify_api,`
			`notify_db,`
			`notify_db_session,`
Rebased migrations, all tests working. 2016-04-08 13:34:46 +01:00			`sample_api_key,`
			`fake_uuid):`
Added version history to api keys. This needed a bit of change to create history to handle foreign keys better. There may yet be a better way of doing this that I have not found yet in sqlalchemy docs. 2016-04-20 17:25:20 +01:00			`api_key = ApiKey(**{'id': fake_uuid,`
			`'service': sample_api_key.service,`
			`'name': sample_api_key.name,`
			`'created_by': sample_api_key.created_by})`
Add unique constraint for api_key on service_id and name 2016-01-21 16:53:53 +00:00			`try:`
			`save_model_api_key(api_key)`
			`fail("should throw IntegrityError")`
			`except:`
			`pass`
When using the versioned decorator I noticed that when adding or revoking an api key the service it associated with was of course added to db.session.dirty. That resulted in an updated version of service being added to the service history table that showed no visible difference from that record immediately precending it as the change was to another table, namely the api_key table. A new api key or revoked api key was correctly added to api_key and api_key_history tables. However I think an 'unchanged' service history record may be a bit confusing as you'd need to correlate with api_keys to work out what the change was. I think it's best to just record the new/revoked api_key and not create another version of the service. This pr wraps the exisiting versioned decorator with one that take a class which you are interested in versioning. Using the new decorator you only get a new version and history record for the class you pass to outer decorator. If the exising behaviour is acceptable to the powers that be then by all means ignore/close this pr. 2016-04-21 18:10:57 +01:00

			`def test_save_api_key_should_not_create_new_service_history(notify_api, notify_db, notify_db_session, sample_service):`

			`from app.models import Service`

			`assert Service.query.count() == 1`
			`assert Service.get_history_model().query.count() == 1`

			`api_key = ApiKey(**{'service': sample_service,`
			`'name': sample_service.name,`
			`'created_by': sample_service.created_by})`
			`save_model_api_key(api_key)`

			`assert Service.get_history_model().query.count() == 1`