Rename ADMIN_CLIENT_USER_NAME to say CLIENT_ID

"user name" implies we're doing basic auth, which we're not. We should use the standard terminology for bearer tokens.
2026-02-03 01:41:05 -05:00 · 2021-07-29 12:18:10 +01:00
parent 323feedb1f
commit 3e32fc99b8
4 changed files with 8 additions and 8 deletions
--- a/app/authentication/auth.py
+++ b/app/authentication/auth.py
@@ -61,7 +61,7 @@ def requires_no_auth():


 def requires_admin_auth():
-    requires_internal_auth(current_app.config.get('ADMIN_CLIENT_USER_NAME'))
+    requires_internal_auth(current_app.config.get('ADMIN_CLIENT_ID'))


 def requires_internal_auth(expected_client_id):
--- a/app/config.py
+++ b/app/config.py
@@ -88,10 +88,10 @@ class Config(object):
    API_INTERNAL_SECRETS = json.loads(os.environ.get('API_INTERNAL_SECRETS', '[]'))

    # secrets that internal apps, such as the admin app or document download, must use to authenticate with the API
-    ADMIN_CLIENT_USER_NAME = 'notify-admin'
+    ADMIN_CLIENT_ID = 'notify-admin'

    INTERNAL_CLIENT_API_KEYS = {
-        ADMIN_CLIENT_USER_NAME: API_INTERNAL_SECRETS
+        ADMIN_CLIENT_ID: API_INTERNAL_SECRETS
    }

    # encyption secret/salt
@@ -406,7 +406,7 @@ class Development(Config):
    LETTER_SANITISE_BUCKET_NAME = 'development-letters-sanitise'

    INTERNAL_CLIENT_API_KEYS = {
-        Config.ADMIN_CLIENT_USER_NAME: ['dev-notify-secret-key']
+        Config.ADMIN_CLIENT_ID: ['dev-notify-secret-key']
    }

    SECRET_KEY = 'dev-notify-secret-key'
--- a/tests/init.py
+++ b/tests/init.py
@@ -27,7 +27,7 @@ def create_authorization_header(service_id=None, key_type=KEY_TYPE_NORMAL):
            secret = api_key.secret

    else:
-        client_id = current_app.config['ADMIN_CLIENT_USER_NAME']
+        client_id = current_app.config['ADMIN_CLIENT_ID']
        secret = current_app.config['INTERNAL_CLIENT_API_KEYS'][client_id][0]

    token = create_jwt_token(secret=secret, client_id=client_id)
--- a/tests/app/authentication/test_authentication.py
+++ b/tests/app/authentication/test_authentication.py
@@ -61,7 +61,7 @@ def service_jwt_token(sample_api_key, service_jwt_secret):
    )


-def test_requires_auth_should_allow_valid_token_for_request_with_path_params_for_public_url(
+def test_requires_auth_should_allow_valid_token_for_request(
    client,
    service_jwt_token,
 ):
@@ -69,8 +69,8 @@ def test_requires_auth_should_allow_valid_token_for_request_with_path_params_for
    assert response.status_code == 200


-def test_requires_admin_auth_should_allow_valid_token_for_request_with_path_params(client):
-    admin_jwt_client_id = current_app.config['ADMIN_CLIENT_USER_NAME']
+def test_requires_admin_auth_should_allow_valid_token_for_request(client):
+    admin_jwt_client_id = current_app.config['ADMIN_CLIENT_ID']
    admin_jwt_secret = current_app.config['INTERNAL_CLIENT_API_KEYS'][admin_jwt_client_id][0]
    admin_jwt_token = create_jwt_token(admin_jwt_secret, admin_jwt_client_id)