mirror of
https://github.com/GSA/notifications-api.git
synced 2026-02-03 18:01:08 -05:00
Allow services to have multiple api keys.
/service/<service_id>/api-key/renew has been renamed to /service/<service_id>/api-key /service/<service_id>/api-key now creates a token and no longer expires the existing api key. Moved test for this endpoint to it's own file.
This commit is contained in:
Rebecca Law
@@ -1,8 +1,9 @@
|
||||
from client.authentication import create_jwt_token
|
||||
from flask import json, url_for
|
||||
from datetime import datetime, timedelta
|
||||
|
||||
from app.dao.api_key_dao import get_unsigned_secrets, save_model_api_key
|
||||
from app.models import ApiKey
|
||||
from client.authentication import create_jwt_token
|
||||
from flask import json, url_for, current_app
|
||||
from app.dao.api_key_dao import get_unsigned_secrets, save_model_api_key, get_unsigned_secret
|
||||
from app.models import ApiKey, Service
|
||||
|
||||
|
||||
def test_should_not_allow_request_with_no_token(notify_api):
|
||||
@@ -92,28 +93,37 @@ def test_should_allow_valid_token_when_service_has_multiple_keys(notify_api, not
|
||||
headers={'Authorization': 'Bearer {}'.format(token)})
|
||||
assert response.status_code == 200
|
||||
|
||||
|
||||
JSON_BODY = json.dumps({
|
||||
'name': 'new name'
|
||||
"key1": "value1",
|
||||
"key2": "value2",
|
||||
"key3": "value3"
|
||||
})
|
||||
|
||||
|
||||
# def test_should_allow_valid_token_with_post_body(
|
||||
# notify_api, notify_db, notify_db_session, sample_api_key):
|
||||
# with notify_api.test_request_context():
|
||||
# with notify_api.test_client() as client:
|
||||
# token = create_jwt_token(
|
||||
# request_method="PUT",
|
||||
# request_path=url_for('service.update_service', service_id=sample_api_key.service_id),
|
||||
# secret=get_unsigned_secret(sample_api_key.service_id),
|
||||
# client_id=sample_api_key.service_id,
|
||||
# request_body=JSON_BODY
|
||||
# )
|
||||
# response = client.put(
|
||||
# url_for('service.update_service', service_id=sample_api_key.service_id),
|
||||
# data=JSON_BODY,
|
||||
# headers=[('Content-type', 'application-json'), ('Authorization', 'Bearer {}'.format(token))]
|
||||
# )
|
||||
# assert response.status_code == 200
|
||||
def test_should_allow_valid_token_with_post_body(notify_api, notify_db, notify_db_session, sample_api_key):
|
||||
with notify_api.test_request_context():
|
||||
with notify_api.test_client() as client:
|
||||
service = Service.query.get(sample_api_key.service_id)
|
||||
data = {'name': 'new name',
|
||||
'users': [service.users[0].id],
|
||||
'limit': 1000,
|
||||
'restricted': False,
|
||||
'active': False}
|
||||
|
||||
token = create_jwt_token(
|
||||
request_method="PUT",
|
||||
request_path=url_for('service.update_service', service_id=sample_api_key.service_id),
|
||||
secret=get_unsigned_secret(sample_api_key.id),
|
||||
client_id=sample_api_key.service_id,
|
||||
request_body=json.dumps(data)
|
||||
)
|
||||
headers = [('Content-Type', 'application/json'), ('Authorization', 'Bearer {}'.format(token))]
|
||||
response = client.put(
|
||||
url_for('service.update_service', service_id=service.id),
|
||||
data=json.dumps(data),
|
||||
headers=headers)
|
||||
assert response.status_code == 200
|
||||
|
||||
|
||||
def test_should_not_allow_valid_token_with_invalid_post_body(notify_api, notify_db, notify_db_session, sample_api_key):
|
||||
@@ -128,6 +138,72 @@ def test_should_not_allow_valid_token_with_invalid_post_body(notify_api, notify_
|
||||
assert data['error'] == 'Invalid token: payload'
|
||||
|
||||
|
||||
def test_authentication_passes_admin_client_token(notify_api,
|
||||
notify_db,
|
||||
notify_db_session,
|
||||
sample_api_key):
|
||||
with notify_api.test_request_context():
|
||||
with notify_api.test_client() as client:
|
||||
token = create_jwt_token(request_method="GET",
|
||||
request_path=url_for('service.get_service'),
|
||||
secret=current_app.config.get('ADMIN_CLIENT_SECRET'),
|
||||
client_id=current_app.config.get('ADMIN_CLIENT_USER_NAME'))
|
||||
response = client.get(url_for('service.get_service'),
|
||||
headers={'Authorization': 'Bearer {}'.format(token)})
|
||||
assert response.status_code == 200
|
||||
|
||||
|
||||
def test_authentication_passes_when_service_has_multiple_keys_some_expired(notify_api,
|
||||
notify_db,
|
||||
notify_db_session,
|
||||
sample_api_key):
|
||||
with notify_api.test_request_context():
|
||||
with notify_api.test_client() as client:
|
||||
exprired_key = {'service_id': sample_api_key.service_id, 'name': 'expired_key',
|
||||
'expiry_date': datetime.now()}
|
||||
expired_api_key = ApiKey(**exprired_key)
|
||||
save_model_api_key(expired_api_key)
|
||||
another_key = {'service_id': sample_api_key.service_id, 'name': 'another_key'}
|
||||
api_key = ApiKey(**another_key)
|
||||
save_model_api_key(api_key)
|
||||
token = create_jwt_token(request_method="GET",
|
||||
request_path=url_for('service.get_service'),
|
||||
secret=get_unsigned_secret(api_key.id),
|
||||
client_id=sample_api_key.service_id)
|
||||
response = client.get(url_for('service.get_service'),
|
||||
headers={'Authorization': 'Bearer {}'.format(token)})
|
||||
assert response.status_code == 200
|
||||
|
||||
|
||||
def test_authentication_returns_token_expired_when_service_uses_expired_key_and_has_multiple_keys(notify_api,
|
||||
notify_db,
|
||||
notify_db_session,
|
||||
sample_api_key):
|
||||
with notify_api.test_request_context():
|
||||
with notify_api.test_client() as client:
|
||||
expired_key = {'service_id': sample_api_key.service_id, 'name': 'expired_key'}
|
||||
expired_api_key = ApiKey(**expired_key)
|
||||
save_model_api_key(expired_api_key)
|
||||
another_key = {'service_id': sample_api_key.service_id, 'name': 'another_key'}
|
||||
api_key = ApiKey(**another_key)
|
||||
save_model_api_key(api_key)
|
||||
token = create_jwt_token(request_method="GET",
|
||||
request_path=url_for('service.get_service'),
|
||||
secret=get_unsigned_secret(expired_api_key.id),
|
||||
client_id=sample_api_key.service_id)
|
||||
# expire the key
|
||||
expire_the_key = {'id': expired_api_key.id,
|
||||
'service_id': sample_api_key.service_id,
|
||||
'name': 'expired_key',
|
||||
'expiry_date': datetime.now() + timedelta(hours=-2)}
|
||||
save_model_api_key(expired_api_key, expire_the_key)
|
||||
response = client.get(url_for('service.get_service'),
|
||||
headers={'Authorization': 'Bearer {}'.format(token)})
|
||||
assert response.status_code == 403
|
||||
data = json.loads(response.get_data())
|
||||
assert data['error'] == 'Invalid token: signature'
|
||||
|
||||
|
||||
def __create_get_token(service_id):
|
||||
return create_jwt_token(request_method="GET",
|
||||
request_path=url_for('service.get_service'),
|
||||
|
||||
81
tests/app/service/test_api_key_endpoints.py
Normal file
81
tests/app/service/test_api_key_endpoints.py
Normal file
@@ -0,0 +1,81 @@
|
||||
import json
|
||||
|
||||
from flask import url_for
|
||||
|
||||
from app.models import ApiKey
|
||||
from tests import create_authorization_header
|
||||
|
||||
|
||||
def test_api_key_should_create_new_api_key_for_service(notify_api, notify_db,
|
||||
notify_db_session,
|
||||
sample_service):
|
||||
with notify_api.test_request_context():
|
||||
with notify_api.test_client() as client:
|
||||
data = {'name': 'some secret name'}
|
||||
auth_header = create_authorization_header(path=url_for('service.renew_api_key',
|
||||
service_id=sample_service.id),
|
||||
method='POST',
|
||||
request_body=json.dumps(data))
|
||||
response = client.post(url_for('service.renew_api_key', service_id=sample_service.id),
|
||||
data=json.dumps(data),
|
||||
headers=[('Content-Type', 'application/json'), auth_header])
|
||||
assert response.status_code == 201
|
||||
assert response.get_data is not None
|
||||
saved_api_key = ApiKey.query.filter_by(service_id=sample_service.id).first()
|
||||
assert saved_api_key.service_id == sample_service.id
|
||||
assert saved_api_key.name == 'some secret name'
|
||||
|
||||
|
||||
def test_api_key_should_return_error_when_service_does_not_exist(notify_api, notify_db, notify_db_session,
|
||||
sample_service):
|
||||
with notify_api.test_request_context():
|
||||
with notify_api.test_client() as client:
|
||||
auth_header = create_authorization_header(path=url_for('service.renew_api_key', service_id="123"),
|
||||
method='POST')
|
||||
response = client.post(url_for('service.renew_api_key', service_id=123),
|
||||
headers=[('Content-Type', 'application/json'), auth_header])
|
||||
assert response.status_code == 404
|
||||
|
||||
|
||||
def test_revoke_should_expire_api_key_for_service(notify_api, notify_db, notify_db_session,
|
||||
sample_api_key):
|
||||
with notify_api.test_request_context():
|
||||
with notify_api.test_client() as client:
|
||||
assert ApiKey.query.count() == 1
|
||||
auth_header = create_authorization_header(path=url_for('service.revoke_api_key',
|
||||
service_id=sample_api_key.service_id),
|
||||
method='POST')
|
||||
response = client.post(url_for('service.revoke_api_key', service_id=sample_api_key.service_id),
|
||||
headers=[auth_header])
|
||||
assert response.status_code == 202
|
||||
api_keys_for_service = ApiKey.query.filter_by(service_id=sample_api_key.service_id).first()
|
||||
assert api_keys_for_service.expiry_date is not None
|
||||
|
||||
|
||||
def test_api_key_should_create_multiple_new_api_key_for_service(notify_api, notify_db,
|
||||
notify_db_session,
|
||||
sample_service):
|
||||
with notify_api.test_request_context():
|
||||
with notify_api.test_client() as client:
|
||||
assert ApiKey.query.count() == 0
|
||||
data = {'name': 'some secret name'}
|
||||
auth_header = create_authorization_header(path=url_for('service.renew_api_key',
|
||||
service_id=sample_service.id),
|
||||
method='POST',
|
||||
request_body=json.dumps(data))
|
||||
response = client.post(url_for('service.renew_api_key', service_id=sample_service.id),
|
||||
data=json.dumps(data),
|
||||
headers=[('Content-Type', 'application/json'), auth_header])
|
||||
assert response.status_code == 201
|
||||
assert ApiKey.query.count() == 1
|
||||
data = {'name': 'another secret name'}
|
||||
auth_header = create_authorization_header(path=url_for('service.renew_api_key',
|
||||
service_id=sample_service.id),
|
||||
method='POST',
|
||||
request_body=json.dumps(data))
|
||||
response2 = client.post(url_for('service.renew_api_key', service_id=sample_service.id),
|
||||
data=json.dumps(data),
|
||||
headers=[('Content-Type', 'application/json'), auth_header])
|
||||
assert response2.status_code == 201
|
||||
assert response2.get_data != response.get_data
|
||||
assert ApiKey.query.count() == 2
|
||||
@@ -310,82 +310,6 @@ def test_delete_service_not_exists(notify_api, notify_db, notify_db_session, sam
|
||||
assert Service.query.count() == 2
|
||||
|
||||
|
||||
def test_renew_api_key_should_create_new_api_key_for_service(notify_api, notify_db,
|
||||
notify_db_session,
|
||||
sample_service,
|
||||
sample_admin_service_id):
|
||||
with notify_api.test_request_context():
|
||||
with notify_api.test_client() as client:
|
||||
data = {'name': 'some secret name'}
|
||||
auth_header = create_authorization_header(service_id=sample_admin_service_id,
|
||||
path=url_for('service.renew_api_key',
|
||||
service_id=sample_service.id),
|
||||
method='POST',
|
||||
request_body=json.dumps(data))
|
||||
response = client.post(url_for('service.renew_api_key', service_id=sample_service.id),
|
||||
data=json.dumps(data),
|
||||
headers=[('Content-Type', 'application/json'), auth_header])
|
||||
assert response.status_code == 201
|
||||
assert response.get_data is not None
|
||||
saved_api_key = ApiKey.query.filter_by(service_id=sample_service.id).first()
|
||||
assert saved_api_key.service_id == sample_service.id
|
||||
assert saved_api_key.name == 'some secret name'
|
||||
|
||||
|
||||
def test_renew_api_key_should_expire_the_old_api_key_and_create_a_new_api_key(notify_api, notify_db, notify_db_session,
|
||||
sample_api_key, sample_admin_service_id):
|
||||
with notify_api.test_request_context():
|
||||
with notify_api.test_client() as client:
|
||||
assert ApiKey.query.count() == 2
|
||||
data = {'name': 'some secret name'}
|
||||
auth_header = create_authorization_header(service_id=sample_admin_service_id,
|
||||
path=url_for('service.renew_api_key',
|
||||
service_id=sample_api_key.service_id),
|
||||
method='POST',
|
||||
request_body=json.dumps(data))
|
||||
|
||||
response = client.post(url_for('service.renew_api_key', service_id=sample_api_key.service_id),
|
||||
data=json.dumps(data),
|
||||
headers=[('Content-Type', 'application/json'), auth_header])
|
||||
assert response.status_code == 201
|
||||
assert ApiKey.query.count() == 3
|
||||
all_api_keys = ApiKey.query.filter_by(service_id=sample_api_key.service_id).all()
|
||||
for x in all_api_keys:
|
||||
if x.id == sample_api_key.id:
|
||||
assert x.expiry_date is not None
|
||||
else:
|
||||
assert x.expiry_date is None
|
||||
assert x.secret is not sample_api_key.secret
|
||||
|
||||
|
||||
def test_renew_api_key_should_return_error_when_service_does_not_exist(notify_api, notify_db, notify_db_session,
|
||||
sample_service, sample_admin_service_id):
|
||||
with notify_api.test_request_context():
|
||||
with notify_api.test_client() as client:
|
||||
auth_header = create_authorization_header(service_id=sample_admin_service_id,
|
||||
path=url_for('service.renew_api_key', service_id="123"),
|
||||
method='POST')
|
||||
response = client.post(url_for('service.renew_api_key', service_id=123),
|
||||
headers=[('Content-Type', 'application/json'), auth_header])
|
||||
assert response.status_code == 404
|
||||
|
||||
|
||||
def test_revoke_api_key_should_expire_api_key_for_service(notify_api, notify_db, notify_db_session,
|
||||
sample_api_key, sample_admin_service_id):
|
||||
with notify_api.test_request_context():
|
||||
with notify_api.test_client() as client:
|
||||
assert ApiKey.query.count() == 2
|
||||
auth_header = create_authorization_header(service_id=sample_admin_service_id,
|
||||
path=url_for('service.revoke_api_key',
|
||||
service_id=sample_api_key.service_id),
|
||||
method='POST')
|
||||
response = client.post(url_for('service.revoke_api_key', service_id=sample_api_key.service_id),
|
||||
headers=[auth_header])
|
||||
assert response.status_code == 202
|
||||
api_keys_for_service = ApiKey.query.filter_by(service_id=sample_api_key.service_id).first()
|
||||
assert api_keys_for_service.expiry_date is not None
|
||||
|
||||
|
||||
def test_create_service_should_create_new_service_for_user(notify_api, notify_db, notify_db_session, sample_user,
|
||||
sample_admin_service_id):
|
||||
with notify_api.test_request_context():
|
||||
|
||||
Reference in New Issue
Block a user