From 9248e72c50375c60d6c8225abb8f132bca4ca504 Mon Sep 17 00:00:00 2001 From: Chris Hill-Scott Date: Mon, 7 Nov 2016 10:45:18 +0000 Subject: [PATCH 1/2] Make bearer prefix on auth header case insensitive MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From a support ticket: > the "Bearer" prefix on the auth header is case sensitive. Can this be > made case-insensitive? Sure can 🙃 --- app/authentication/auth.py | 2 +- tests/app/authentication/test_authentication.py | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/app/authentication/auth.py b/app/authentication/auth.py index 0ca700a62..841222279 100644 --- a/app/authentication/auth.py +++ b/app/authentication/auth.py @@ -27,7 +27,7 @@ def get_auth_token(req): if not auth_header: raise AuthError('Unauthorized, authentication token must be provided', 401) - auth_scheme = auth_header[:7] + auth_scheme = auth_header[:7].title() if auth_scheme != 'Bearer ': raise AuthError('Unauthorized, authentication bearer scheme must be used', 401) diff --git a/tests/app/authentication/test_authentication.py b/tests/app/authentication/test_authentication.py index 3b9ff1009..3a6d5b4d2 100644 --- a/tests/app/authentication/test_authentication.py +++ b/tests/app/authentication/test_authentication.py @@ -56,13 +56,14 @@ def test_should_not_allow_invalid_secret(notify_api, sample_api_key): assert data['message'] == {"token": ['Invalid token: signature, api token is not valid']} -def test_should_allow_valid_token(notify_api, sample_api_key): +@pytest.mark.parametrize('scheme', ['bearer', 'Bearer']) +def test_should_allow_valid_token(notify_api, sample_api_key, scheme): with notify_api.test_request_context(): with notify_api.test_client() as client: token = __create_get_token(sample_api_key.service_id) response = client.get( '/service/{}'.format(str(sample_api_key.service_id)), - headers={'Authorization': 'Bearer {}'.format(token)} + headers={'Authorization': '{} {}'.format(scheme, token)} ) assert response.status_code == 200 From 15ba0a3eb15a87e5113b7d37049b93b7d91d2e37 Mon Sep 17 00:00:00 2001 From: Martyn Inglis Date: Mon, 7 Nov 2016 11:59:46 +0000 Subject: [PATCH 2/2] Added job id to logger --- app/celery/tasks.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/celery/tasks.py b/app/celery/tasks.py index eca526ee8..9bf47c9d7 100644 --- a/app/celery/tasks.py +++ b/app/celery/tasks.py @@ -136,7 +136,7 @@ def send_sms(self, ) current_app.logger.info( - "SMS {} created at {}".format(notification_id, created_at) + "SMS {} created at {} for job {}".format(notification_id, created_at, notification.get('job', None)) ) except SQLAlchemyError as e: