darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-02-05 02:41:14 -05:00
Code Issues Packages Projects Releases Wiki Activity

Added a test for the case when there is no secret for the api client.

Browse Source 
Fix codestyle
This commit is contained in:
Rebecca Law
2016-02-08 11:29:53 +00:00
parent 877a8a0411
commit 416dd00ac8
2 changed files with 20 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/authentication/auth.py
View File

@@ -29,7 +29,6 @@ def requires_auth():
if api_client is None: if api_client is None:
authentication_response("Invalid credentials", 403) authentication_response("Invalid credentials", 403)
errors_resp = None
for secret in api_client['secret']: for secret in api_client['secret']:
try: try:
decode_jwt_token( decode_jwt_token(
@@ -50,10 +49,6 @@ def requires_auth():
except TokenDecodeError: except TokenDecodeError:
errors_resp = authentication_response("Invalid token: signature", 403) errors_resp = authentication_response("Invalid token: signature", 403)
if errors_resp is None:
# If we got this far with out any errors then the api client has no secrets
errors_resp = authentication_response("Invalid token: api client has no secrets", 403)
return errors_resp return errors_resp

20
tests/app/authentication/test_authentication.py
View File

@@ -214,6 +214,26 @@ def test_authentication_returns_token_expired_when_service_uses_expired_key_and_
assert data['error'] == 'Invalid token: signature' assert data['error'] == 'Invalid token: signature'
def test_authentication_returns_error_when_api_client_has_no_secrets(notify_api,
notify_db,
notify_db_session):
with notify_api.test_request_context():
with notify_api.test_client() as client:
api_secret = notify_api.config.get('ADMIN_CLIENT_SECRET')
token = create_jwt_token(request_method="GET",
request_path=url_for('service.get_service'),
secret=api_secret,
client_id=notify_api.config.get('ADMIN_CLIENT_USER_NAME')
)
notify_api.config['ADMIN_CLIENT_SECRET'] = ''
response = client.get(url_for('service.get_service'),
headers={'Authorization': 'Bearer {}'.format(token)})
assert response.status_code == 403
error_message = json.loads(response.get_data())
assert error_message['error'] == 'Invalid token: signature'
notify_api.config['ADMIN_CLIENT_SECRET'] = api_secret
def __create_get_token(service_id): def __create_get_token(service_id):
if service_id: if service_id:
return create_jwt_token(request_method="GET", return create_jwt_token(request_method="GET",