Added a test for the case when there is no secret for the api client.

Fix codestyle
2026-02-03 18:01:08 -05:00 · 2016-02-08 11:29:53 +00:00
parent 877a8a0411
commit 416dd00ac8
2 changed files with 20 additions and 5 deletions
--- a/app/authentication/auth.py
+++ b/app/authentication/auth.py
@@ -29,7 +29,6 @@ def requires_auth():
    if api_client is None:
        authentication_response("Invalid credentials", 403)

-    errors_resp = None
    for secret in api_client['secret']:
        try:
            decode_jwt_token(
@@ -50,10 +49,6 @@ def requires_auth():
        except TokenDecodeError:
            errors_resp = authentication_response("Invalid token: signature", 403)

-    if errors_resp is None:
-        # If we got this far with out any errors then the api client has no secrets
-        errors_resp = authentication_response("Invalid token: api client has no secrets", 403)
-
    return errors_resp


--- a/tests/app/authentication/test_authentication.py
+++ b/tests/app/authentication/test_authentication.py
@@ -214,6 +214,26 @@ def test_authentication_returns_token_expired_when_service_uses_expired_key_and_
            assert data['error'] == 'Invalid token: signature'


+def test_authentication_returns_error_when_api_client_has_no_secrets(notify_api,
+                                                                     notify_db,
+                                                                     notify_db_session):
+    with notify_api.test_request_context():
+        with notify_api.test_client() as client:
+            api_secret = notify_api.config.get('ADMIN_CLIENT_SECRET')
+            token = create_jwt_token(request_method="GET",
+                                     request_path=url_for('service.get_service'),
+                                     secret=api_secret,
+                                     client_id=notify_api.config.get('ADMIN_CLIENT_USER_NAME')
+                                     )
+            notify_api.config['ADMIN_CLIENT_SECRET'] = ''
+            response = client.get(url_for('service.get_service'),
+                                  headers={'Authorization': 'Bearer {}'.format(token)})
+            assert response.status_code == 403
+            error_message = json.loads(response.get_data())
+            assert error_message['error'] == 'Invalid token: signature'
+            notify_api.config['ADMIN_CLIENT_SECRET'] = api_secret
+
+
 def __create_get_token(service_id):
    if service_id:
        return create_jwt_token(request_method="GET",