darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-02-03 01:41:05 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #441 from alphagov/consistent-json-responses

Browse Source 
Update auth module to return consistently formed error messages.
This commit is contained in:
Rebecca Law
2016-06-20 10:19:46 +01:00
committed by GitHub
parent 9a79f0fbbb 40fa394226
commit 6ee26bb109
2 changed files with 11 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/authentication/auth.py
View File

@@ -9,7 +9,7 @@ from functools import wraps
def authentication_response(message, code): def authentication_response(message, code):
return jsonify(result='error', return jsonify(result='error',
message=message message={"token": [message]}
), code ), code
@@ -28,8 +28,6 @@ def requires_auth():
api_client = fetch_client(get_token_issuer(auth_token)) api_client = fetch_client(get_token_issuer(auth_token))
except TokenDecodeError: except TokenDecodeError:
return authentication_response("Invalid token: signature", 403) return authentication_response("Invalid token: signature", 403)
if api_client is None:
authentication_response("Invalid credentials", 403)
for secret in api_client['secret']: for secret in api_client['secret']:
try: try:
@@ -45,7 +43,7 @@ def requires_auth():
errors_resp = authentication_response("Invalid token: signature", 403) errors_resp = authentication_response("Invalid token: signature", 403)
if not api_client['secret']: if not api_client['secret']:
errors_resp = authentication_response("Invalid token: signature", 403) errors_resp = authentication_response("Invalid token: no api keys for service", 403)
current_app.logger.info(errors_resp) current_app.logger.info(errors_resp)
return errors_resp return errors_resp

19
tests/app/authentication/test_authentication.py
View File

@@ -1,10 +1,9 @@
import uuid
from datetime import datetime, timedelta from datetime import datetime, timedelta
import pytest
from notifications_python_client.authentication import create_jwt_token from notifications_python_client.authentication import create_jwt_token
from flask import json, current_app from flask import json, current_app
from app.dao.api_key_dao import get_unsigned_secrets, save_model_api_key, get_unsigned_secret from app.dao.api_key_dao import get_unsigned_secrets, save_model_api_key, get_unsigned_secret
from app.models import ApiKey, Service from app.models import ApiKey
def test_should_not_allow_request_with_no_token(notify_api): def test_should_not_allow_request_with_no_token(notify_api):
@@ -13,7 +12,7 @@ def test_should_not_allow_request_with_no_token(notify_api):
response = client.get('/service') response = client.get('/service')
assert response.status_code == 401 assert response.status_code == 401
data = json.loads(response.get_data()) data = json.loads(response.get_data())
assert data['message'] == 'Unauthorized, authentication token must be provided' assert data['message'] == {"token": ['Unauthorized, authentication token must be provided']}
def test_should_not_allow_request_with_incorrect_header(notify_api): def test_should_not_allow_request_with_incorrect_header(notify_api):
@@ -24,7 +23,7 @@ def test_should_not_allow_request_with_incorrect_header(notify_api):
headers={'Authorization': 'Basic 1234'}) headers={'Authorization': 'Basic 1234'})
assert response.status_code == 401 assert response.status_code == 401
data = json.loads(response.get_data()) data = json.loads(response.get_data())
assert data['message'] == 'Unauthorized, authentication bearer scheme must be used' assert data['message'] == {"token": ['Unauthorized, authentication bearer scheme must be used']}
def test_should_not_allow_request_with_incorrect_token(notify_api, sample_user): def test_should_not_allow_request_with_incorrect_token(notify_api, sample_user):
@@ -35,7 +34,7 @@ def test_should_not_allow_request_with_incorrect_token(notify_api, sample_user):
headers={'Authorization': 'Bearer 1234'}) headers={'Authorization': 'Bearer 1234'})
assert response.status_code == 403 assert response.status_code == 403
data = json.loads(response.get_data()) data = json.loads(response.get_data())
assert data['message'] == 'Invalid token: signature' assert data['message'] == {"token": ['Invalid token: signature']}
def test_should_not_allow_invalid_secret(notify_api, sample_api_key): def test_should_not_allow_invalid_secret(notify_api, sample_api_key):
@@ -50,7 +49,7 @@ def test_should_not_allow_invalid_secret(notify_api, sample_api_key):
) )
assert response.status_code == 403 assert response.status_code == 403
data = json.loads(response.get_data()) data = json.loads(response.get_data())
assert data['message'] == 'Invalid token: signature' assert data['message'] == {"token": ['Invalid token: signature']}
def test_should_allow_valid_token(notify_api, sample_api_key): def test_should_allow_valid_token(notify_api, sample_api_key):
@@ -174,7 +173,7 @@ def test_authentication_returns_token_expired_when_service_uses_expired_key_and_
headers={'Authorization': 'Bearer {}'.format(token)}) headers={'Authorization': 'Bearer {}'.format(token)})
assert response.status_code == 403 assert response.status_code == 403
data = json.loads(response.get_data()) data = json.loads(response.get_data())
assert data['message'] == 'Invalid token: signature' assert data['message'] == {"token": ['Invalid token: signature']}
def test_authentication_returns_error_when_api_client_has_no_secrets(notify_api, def test_authentication_returns_error_when_api_client_has_no_secrets(notify_api,
@@ -193,7 +192,7 @@ def test_authentication_returns_error_when_api_client_has_no_secrets(notify_api,
headers={'Authorization': 'Bearer {}'.format(token)}) headers={'Authorization': 'Bearer {}'.format(token)})
assert response.status_code == 403 assert response.status_code == 403
error_message = json.loads(response.get_data()) error_message = json.loads(response.get_data())
assert error_message['message'] == 'Invalid token: signature' assert error_message['message'] == {"token": ['Invalid token: signature']}
notify_api.config['ADMIN_CLIENT_SECRET'] = api_secret notify_api.config['ADMIN_CLIENT_SECRET'] = api_secret
@@ -213,7 +212,7 @@ def test_authentication_returns_error_when_service_has_no_secrets(notify_api,
headers={'Authorization': 'Bearer {}'.format(token)}) headers={'Authorization': 'Bearer {}'.format(token)})
assert response.status_code == 403 assert response.status_code == 403
error_message = json.loads(response.get_data()) error_message = json.loads(response.get_data())
assert error_message['message'] == 'Invalid token: signature' assert error_message['message'] == {'token': ['Invalid token: no api keys for service']}
def __create_get_token(service_id): def __create_get_token(service_id):