From 4d4842176775e8c7abaf6b395fc6af2ecf8375c1 Mon Sep 17 00:00:00 2001 From: Alexey Bezhan Date: Thu, 23 Nov 2017 17:17:37 +0000 Subject: [PATCH] Abort unauthenticated requests for Firetext inbound SMS Switches on authentication checks for Firetext inbound SMS callbacks. This should only be released once Firetext callback URLs have been updated with authentication details. --- app/notifications/receive_notifications.py | 4 ++-- tests/app/notifications/test_receive_notification.py | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/app/notifications/receive_notifications.py b/app/notifications/receive_notifications.py index 3167134e3..e55c02647 100644 --- a/app/notifications/receive_notifications.py +++ b/app/notifications/receive_notifications.py @@ -60,10 +60,10 @@ def receive_firetext_sms(): auth = request.authorization if not auth: current_app.logger.warning("Inbound sms no auth header") - # abort(401) + abort(401) elif auth.username != 'notify' or auth.password not in current_app.config['FIRETEXT_INBOUND_SMS_AUTH']: current_app.logger.warning("Inbound sms incorrect username ({}) or password".format(auth.username)) - # abort(403) + abort(403) inbound_number = strip_leading_forty_four(post_data['destination']) diff --git a/tests/app/notifications/test_receive_notification.py b/tests/app/notifications/test_receive_notification.py index 7f784135c..7d6dca486 100644 --- a/tests/app/notifications/test_receive_notification.py +++ b/tests/app/notifications/test_receive_notification.py @@ -400,7 +400,6 @@ def test_strip_leading_country_code(number, expected): ["", [], 401], ["testkey", [], 403], ]) -@pytest.mark.skip(reason="aborts are disabled at the moment") def test_firetext_inbound_sms_auth(notify_db_session, notify_api, client, mocker, auth, keys, status_code): mocker.patch("app.notifications.receive_notifications.tasks.send_inbound_sms_to_service.apply_async")