From 6b3c89912714e23260e74fa35e2eef0478910333 Mon Sep 17 00:00:00 2001 From: Chris Hill-Scott Date: Fri, 16 Sep 2016 08:36:44 +0100 Subject: [PATCH] Add a test for auth-ing with non-existant service MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If you create a token signed with a service ID that doesn’t exist, you will get an error (as you should). However we didn’t have a test that explicitly checks for this. This commit adds one. --- .../app/authentication/test_authentication.py | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/tests/app/authentication/test_authentication.py b/tests/app/authentication/test_authentication.py index bae0b1e03..0fb409dd2 100644 --- a/tests/app/authentication/test_authentication.py +++ b/tests/app/authentication/test_authentication.py @@ -192,6 +192,28 @@ def test_authentication_returns_error_when_admin_client_has_no_secrets(notify_ap notify_api.config['ADMIN_CLIENT_SECRET'] = api_secret +def test_authentication_returns_error_when_service_doesnt_exit( + notify_api, + notify_db, + notify_db_session, + sample_service, + fake_uuid +): + with notify_api.test_request_context(), notify_api.test_client() as client: + # get service ID and secret the wrong way around + token = create_jwt_token( + secret=str(sample_service.id), + client_id=fake_uuid + ) + response = client.get( + '/service', + headers={'Authorization': 'Bearer {}'.format(token)} + ) + assert response.status_code == 403 + error_message = json.loads(response.get_data()) + assert error_message['message'] == {'token': ['Invalid token: no api keys for service']} + + def test_authentication_returns_error_when_service_has_no_secrets(notify_api, notify_db, notify_db_session,