darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-02-03 09:51:11 -05:00
Code Issues Packages Projects Releases Wiki Activity

Update auth module to return consistently formed error messages.

Browse Source 
We are trying to get all the error messages to return in the following format:
{result: error,
 message: ['what caused error': 'reason for error']
}
This commit is contained in:
Rebecca Law
2016-06-17 14:22:58 +01:00
parent 5378e6ebc1
commit 40fa394226
2 changed files with 11 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/authentication/auth.py
View File

@@ -9,7 +9,7 @@ from functools import wraps
def authentication_response(message, code): def authentication_response(message, code):
return jsonify(result='error', return jsonify(result='error',
message=message message={"token": [message]}
), code ), code
@@ -28,8 +28,6 @@ def requires_auth():
api_client = fetch_client(get_token_issuer(auth_token)) api_client = fetch_client(get_token_issuer(auth_token))
except TokenDecodeError: except TokenDecodeError:
return authentication_response("Invalid token: signature", 403) return authentication_response("Invalid token: signature", 403)
if api_client is None:
authentication_response("Invalid credentials", 403)
for secret in api_client['secret']: for secret in api_client['secret']:
try: try:
@@ -45,7 +43,7 @@ def requires_auth():
errors_resp = authentication_response("Invalid token: signature", 403) errors_resp = authentication_response("Invalid token: signature", 403)
if not api_client['secret']: if not api_client['secret']:
errors_resp = authentication_response("Invalid token: signature", 403) errors_resp = authentication_response("Invalid token: no api keys for service", 403)
current_app.logger.info(errors_resp) current_app.logger.info(errors_resp)
return errors_resp return errors_resp

19
tests/app/authentication/test_authentication.py
View File

@@ -1,10 +1,9 @@
import uuid
from datetime import datetime, timedelta from datetime import datetime, timedelta
import pytest
from notifications_python_client.authentication import create_jwt_token from notifications_python_client.authentication import create_jwt_token
from flask import json, current_app from flask import json, current_app
from app.dao.api_key_dao import get_unsigned_secrets, save_model_api_key, get_unsigned_secret from app.dao.api_key_dao import get_unsigned_secrets, save_model_api_key, get_unsigned_secret
from app.models import ApiKey, Service from app.models import ApiKey
def test_should_not_allow_request_with_no_token(notify_api): def test_should_not_allow_request_with_no_token(notify_api):
@@ -13,7 +12,7 @@ def test_should_not_allow_request_with_no_token(notify_api):
response = client.get('/service') response = client.get('/service')
assert response.status_code == 401 assert response.status_code == 401
data = json.loads(response.get_data()) data = json.loads(response.get_data())
assert data['message'] == 'Unauthorized, authentication token must be provided' assert data['message'] == {"token": ['Unauthorized, authentication token must be provided']}
def test_should_not_allow_request_with_incorrect_header(notify_api): def test_should_not_allow_request_with_incorrect_header(notify_api):
@@ -24,7 +23,7 @@ def test_should_not_allow_request_with_incorrect_header(notify_api):
headers={'Authorization': 'Basic 1234'}) headers={'Authorization': 'Basic 1234'})
assert response.status_code == 401 assert response.status_code == 401
data = json.loads(response.get_data()) data = json.loads(response.get_data())
assert data['message'] == 'Unauthorized, authentication bearer scheme must be used' assert data['message'] == {"token": ['Unauthorized, authentication bearer scheme must be used']}
def test_should_not_allow_request_with_incorrect_token(notify_api, sample_user): def test_should_not_allow_request_with_incorrect_token(notify_api, sample_user):
@@ -35,7 +34,7 @@ def test_should_not_allow_request_with_incorrect_token(notify_api, sample_user):
headers={'Authorization': 'Bearer 1234'}) headers={'Authorization': 'Bearer 1234'})
assert response.status_code == 403 assert response.status_code == 403
data = json.loads(response.get_data()) data = json.loads(response.get_data())
assert data['message'] == 'Invalid token: signature' assert data['message'] == {"token": ['Invalid token: signature']}
def test_should_not_allow_invalid_secret(notify_api, sample_api_key): def test_should_not_allow_invalid_secret(notify_api, sample_api_key):
@@ -50,7 +49,7 @@ def test_should_not_allow_invalid_secret(notify_api, sample_api_key):
) )
assert response.status_code == 403 assert response.status_code == 403
data = json.loads(response.get_data()) data = json.loads(response.get_data())
assert data['message'] == 'Invalid token: signature' assert data['message'] == {"token": ['Invalid token: signature']}
def test_should_allow_valid_token(notify_api, sample_api_key): def test_should_allow_valid_token(notify_api, sample_api_key):
@@ -174,7 +173,7 @@ def test_authentication_returns_token_expired_when_service_uses_expired_key_and_
headers={'Authorization': 'Bearer {}'.format(token)}) headers={'Authorization': 'Bearer {}'.format(token)})
assert response.status_code == 403 assert response.status_code == 403
data = json.loads(response.get_data()) data = json.loads(response.get_data())
assert data['message'] == 'Invalid token: signature' assert data['message'] == {"token": ['Invalid token: signature']}
def test_authentication_returns_error_when_api_client_has_no_secrets(notify_api, def test_authentication_returns_error_when_api_client_has_no_secrets(notify_api,
@@ -193,7 +192,7 @@ def test_authentication_returns_error_when_api_client_has_no_secrets(notify_api,
headers={'Authorization': 'Bearer {}'.format(token)}) headers={'Authorization': 'Bearer {}'.format(token)})
assert response.status_code == 403 assert response.status_code == 403
error_message = json.loads(response.get_data()) error_message = json.loads(response.get_data())
assert error_message['message'] == 'Invalid token: signature' assert error_message['message'] == {"token": ['Invalid token: signature']}
notify_api.config['ADMIN_CLIENT_SECRET'] = api_secret notify_api.config['ADMIN_CLIENT_SECRET'] = api_secret
@@ -213,7 +212,7 @@ def test_authentication_returns_error_when_service_has_no_secrets(notify_api,
headers={'Authorization': 'Bearer {}'.format(token)}) headers={'Authorization': 'Bearer {}'.format(token)})
assert response.status_code == 403 assert response.status_code == 403
error_message = json.loads(response.get_data()) error_message = json.loads(response.get_data())
assert error_message['message'] == 'Invalid token: signature' assert error_message['message'] == {'token': ['Invalid token: no api keys for service']}
def __create_get_token(service_id): def __create_get_token(service_id):