darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-20 23:41:17 -05:00
Code Issues Packages Projects Releases Wiki Activity

update tests to use new response messages

Browse Source 
while it doesn't strictly make sense for the error situations, these
are not typical end user errors - they're about malformed requests.
The typical use case is "api key was revoked" or similar - so that
should be the default error message
This commit is contained in:
Leo Hemsted
2017-12-14 17:03:46 +00:00
parent 687cf8526b
commit 32a6f44d3a
2 changed files with 37 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/__init__.py
View File

@@ -27,8 +27,8 @@ def create_authorization_header(service_id=None, key_type=KEY_TYPE_NORMAL):
secret = api_key.secret secret = api_key.secret
else: else:
client_id = current_app.config.get('ADMIN_CLIENT_USER_NAME') client_id = current_app.config['ADMIN_CLIENT_USER_NAME']
secret = current_app.config.get('ADMIN_CLIENT_SECRET') secret = current_app.config['ADMIN_CLIENT_SECRET']
token = create_jwt_token(secret=secret, client_id=client_id) token = create_jwt_token(secret=secret, client_id=client_id)
return 'Authorization', 'Bearer {}'.format(token) return 'Authorization', 'Bearer {}'.format(token)

50
tests/app/authentication/test_authentication.py
View File

@@ -14,6 +14,8 @@ from app.dao.api_key_dao import get_unsigned_secrets, save_model_api_key, get_un
from app.models import ApiKey, KEY_TYPE_NORMAL from app.models import ApiKey, KEY_TYPE_NORMAL
from app.authentication.auth import AuthError, requires_admin_auth, requires_auth from app.authentication.auth import AuthError, requires_admin_auth, requires_auth
from tests.conftest import set_config
@pytest.mark.parametrize('auth_fn', [requires_auth, requires_admin_auth]) @pytest.mark.parametrize('auth_fn', [requires_auth, requires_admin_auth])
def test_should_not_allow_request_with_no_token(client, auth_fn): def test_should_not_allow_request_with_no_token(client, auth_fn):
@@ -60,12 +62,8 @@ def test_should_not_allow_request_with_no_iss(client, auth_fn):
assert exc.value.short_message == 'Invalid token: iss field not provided' assert exc.value.short_message == 'Invalid token: iss field not provided'
@pytest.mark.parametrize('auth_method', [requires_auth, requires_admin_auth]) def test_auth_should_not_allow_request_with_no_iat(client, sample_api_key):
def test_should_not_allow_request_with_no_iat(client, sample_api_key, auth_method): iss = str(sample_api_key.service_id)
if auth_method == requires_admin_auth:
iss = current_app.config['ADMIN_CLIENT_USER_NAME']
if auth_method == requires_auth:
iss = str(sample_api_key.service_id)
# code copied from notifications_python_client.authentication.py::create_jwt_token # code copied from notifications_python_client.authentication.py::create_jwt_token
headers = { headers = {
"typ": 'JWT', "typ": 'JWT',
@@ -81,7 +79,29 @@ def test_should_not_allow_request_with_no_iat(client, sample_api_key, auth_metho
request.headers = {'Authorization': 'Bearer {}'.format(token)} request.headers = {'Authorization': 'Bearer {}'.format(token)}
with pytest.raises(AuthError) as exc: with pytest.raises(AuthError) as exc:
auth_method() requires_auth()
assert exc.value.short_message == 'Invalid token: signature, api token not found'
def test_admin_auth_should_not_allow_request_with_no_iat(client, sample_api_key):
iss = current_app.config['ADMIN_CLIENT_USER_NAME']
# code copied from notifications_python_client.authentication.py::create_jwt_token
headers = {
"typ": 'JWT',
"alg": 'HS256'
}
claims = {
'iss': iss
# 'iat': not provided
}
token = jwt.encode(payload=claims, key=str(uuid.uuid4()), headers=headers).decode()
request.headers = {'Authorization': 'Bearer {}'.format(token)}
with pytest.raises(AuthError) as exc:
requires_admin_auth()
assert exc.value.short_message == 'Invalid token: signature, api token is not valid' assert exc.value.short_message == 'Invalid token: signature, api token is not valid'
@@ -95,7 +115,7 @@ def test_should_not_allow_invalid_secret(client, sample_api_key):
) )
assert response.status_code == 403 assert response.status_code == 403
data = json.loads(response.get_data()) data = json.loads(response.get_data())
assert data['message'] == {"token": ['Invalid token: signature, api token is not valid']} assert data['message'] == {"token": ['Invalid token: signature, api token not found']}
@pytest.mark.parametrize('scheme', ['bearer', 'Bearer']) @pytest.mark.parametrize('scheme', ['bearer', 'Bearer'])
@@ -201,18 +221,18 @@ def test_authentication_returns_token_expired_when_service_uses_expired_key_and_
def test_authentication_returns_error_when_admin_client_has_no_secrets(client): def test_authentication_returns_error_when_admin_client_has_no_secrets(client):
api_secret = current_app.config.get('ADMIN_CLIENT_SECRET') api_secret = current_app.config.get('ADMIN_CLIENT_SECRET')
api_service_id = current_app.config.get('ADMIN_CLIENT_USER_NAME')
token = create_jwt_token( token = create_jwt_token(
secret=api_secret, secret=api_secret,
client_id=current_app.config.get('ADMIN_CLIENT_USER_NAME') client_id=api_service_id
) )
current_app.config['ADMIN_CLIENT_SECRET'] = '' with set_config(client.application, 'ADMIN_CLIENT_SECRET', ''):
response = client.get( response = client.get(
'/service', '/service',
headers={'Authorization': 'Bearer {}'.format(token)}) headers={'Authorization': 'Bearer {}'.format(token)})
assert response.status_code == 403 assert response.status_code == 403
error_message = json.loads(response.get_data()) error_message = json.loads(response.get_data())
assert error_message['message'] == {"token": ["Invalid token: signature, api token not found"]} assert error_message['message'] == {"token": ["Invalid token: signature, api token is not valid"]}
current_app.config['ADMIN_CLIENT_SECRET'] = api_secret
def test_authentication_returns_error_when_admin_client_secret_is_invalid(client): def test_authentication_returns_error_when_admin_client_secret_is_invalid(client):