Change variable name to make more descriptive

Also remove unnecessary if statement Also add manifest change to make sure relevant environment variables makes it into the app
2026-02-02 17:31:14 -05:00 · 2020-02-20 15:16:37 +00:00
parent 2967fdce08
commit 2dc5550159
5 changed files with 28 additions and 29 deletions
--- a/app/authentication/auth.py
+++ b/app/authentication/auth.py
@@ -62,18 +62,17 @@ def requires_admin_auth():
    if client == current_app.config.get('ADMIN_CLIENT_USER_NAME'):
        g.service_id = current_app.config.get('ADMIN_CLIENT_USER_NAME')

-        if len(current_app.config.get('ADMIN_CLIENT_SECRETS')):
-            for secret in current_app.config.get('ADMIN_CLIENT_SECRETS'):
-                try:
-                    decode_jwt_token(auth_token, secret)
-                    return
-                except TokenExpiredError:
-                    raise AuthError("Invalid token: expired, check that your system clock is accurate", 403)
-                except TokenDecodeError:
-                    # TODO: Change this so it doesn't also catch `TokenIssuerError` or `TokenIssuedAtError` exceptions
-                    # (which are children of `TokenDecodeError`) as these should cause an auth error immediately rather
-                    # than continue on to check the next API key
-                    continue
+        for secret in current_app.config.get('API_INTERNAL_SECRETS'):
+            try:
+                decode_jwt_token(auth_token, secret)
+                return
+            except TokenExpiredError:
+                raise AuthError("Invalid token: expired, check that your system clock is accurate", 403)
+            except TokenDecodeError:
+                # TODO: Change this so it doesn't also catch `TokenIssuerError` or `TokenIssuedAtError` exceptions
+                # (which are children of `TokenDecodeError`) as these should cause an auth error immediately rather
+                # than continue on to check the next admin client secret
+                continue

        # Either there are no admin client secrets or their token didn't match one of them so error
        raise AuthError("Unauthorized: admin authentication token not found", 401)
--- a/app/config.py
+++ b/app/config.py
@@ -64,8 +64,8 @@ class Config(object):
    # URL of api app (on AWS this is the internal api endpoint)
    API_HOST_NAME = os.getenv('API_HOST_NAME')

-    # admin app api keys
-    ADMIN_CLIENT_SECRETS = json.loads(os.environ.get('ADMIN_CLIENT_SECRETS', '[]'))
+    # secrets that internal apps, such as the admin app or document download, must use to authenticate with the API
+    API_INTERNAL_SECRETS = json.loads(os.environ.get('API_INTERNAL_SECRETS', '[]'))

    # encyption secret/salt
    SECRET_KEY = os.getenv('SECRET_KEY')
@@ -369,7 +369,7 @@ class Development(Config):
    TRANSIENT_UPLOADED_LETTERS = 'development-transient-uploaded-letters'
    LETTER_SANITISE_BUCKET_NAME = 'development-letters-sanitise'

-    ADMIN_CLIENT_SECRETS = ['dev-notify-secret-key']
+    API_INTERNAL_SECRETS = ['dev-notify-secret-key']
    SECRET_KEY = 'dev-notify-secret-key'
    DANGEROUS_SALT = 'dev-notify-salt'