Add a test for auth-ing with non-existant service

If you create a token signed with a service ID that doesn’t exist, you will get an error (as you should). However we didn’t have a test that explicitly checks for this. This commit adds one.
2026-01-31 15:15:38 -05:00 · 2016-09-16 08:36:44 +01:00
parent b07bbbbe16
commit 6b3c899127
1 changed files with 22 additions and 0 deletions
--- a/tests/app/authentication/test_authentication.py
+++ b/tests/app/authentication/test_authentication.py
@@ -192,6 +192,28 @@ def test_authentication_returns_error_when_admin_client_has_no_secrets(notify_ap
            notify_api.config['ADMIN_CLIENT_SECRET'] = api_secret


+def test_authentication_returns_error_when_service_doesnt_exit(
+    notify_api,
+    notify_db,
+    notify_db_session,
+    sample_service,
+    fake_uuid
+):
+    with notify_api.test_request_context(), notify_api.test_client() as client:
+        # get service ID and secret the wrong way around
+        token = create_jwt_token(
+            secret=str(sample_service.id),
+            client_id=fake_uuid
+        )
+        response = client.get(
+            '/service',
+            headers={'Authorization': 'Bearer {}'.format(token)}
+        )
+        assert response.status_code == 403
+        error_message = json.loads(response.get_data())
+        assert error_message['message'] == {'token': ['Invalid token: no api keys for service']}
+
+
 def test_authentication_returns_error_when_service_has_no_secrets(notify_api,
                                                                  notify_db,
                                                                  notify_db_session,