From d15e68238da50f01367377a49df14daec5d88296 Mon Sep 17 00:00:00 2001 From: Rebecca Law Date: Tue, 19 Jan 2016 14:01:26 +0000 Subject: [PATCH] Authentication for admin client api calls where a user and service is not required. --- app/authentication/auth.py | 15 +++++++++++---- application.py | 24 ------------------------ config.py | 6 ++++++ tests/__init__.py | 18 +++++++++++++----- 4 files changed, 30 insertions(+), 33 deletions(-) diff --git a/app/authentication/auth.py b/app/authentication/auth.py index 62de0ac59..ffb602e65 100644 --- a/app/authentication/auth.py +++ b/app/authentication/auth.py @@ -47,7 +47,14 @@ def requires_auth(): def fetch_client(client): - return { - "client": client, - "secret": get_unsigned_secret(client) - } + from flask import current_app + if client == current_app.config.get('ADMIN_CLIENT_USER_NAME'): + return { + "client": client, + "secret": current_app.config.get('ADMIN_CLIENT_SECRET') + } + else: + return { + "client": client, + "secret": get_unsigned_secret(client) + } diff --git a/application.py b/application.py index a9395c573..741edd91e 100644 --- a/application.py +++ b/application.py @@ -22,29 +22,5 @@ def list_routes(): print("{:10} {}".format(", ".join(rule.methods - set(['OPTIONS', 'HEAD'])), rule.rule)) -@manager.command -def create_admin_user_service(): - """ - Convience method to create a admin user and service - :return: API secret for admin service - """ - from app.models import User, Service, ApiKey - from app.dao import api_key_dao, users_dao, services_dao - from flask import current_app - - user = User(**{'email_address': current_app.config['ADMIN_USER_EMAIL_ADDRESS']}) - users_dao.save_model_user(user) - - service = Service(**{'name': 'Notify Service Admin', - 'users': [user], - 'limit': 1000, - 'active': True, - 'restricted': True}) - services_dao.save_model_service(service) - api_key = ApiKey(**{'service_id': service.id, 'name': 'Admin API KEY (temporary)'}) - api_key_dao.save_model_api_key(api_key) - print('ApiKey: {}'.format(api_key_dao.get_unsigned_secret(service.id))) - - if __name__ == '__main__': manager.run() diff --git a/config.py b/config.py index 256f55c8f..4a6ae552a 100644 --- a/config.py +++ b/config.py @@ -6,6 +6,8 @@ class Config(object): SQLALCHEMY_COMMIT_ON_TEARDOWN = False SQLALCHEMY_RECORD_QUERIES = True SQLALCHEMY_DATABASE_URI = 'postgresql://localhost/notification_api' + ADMIN_CLIENT_USER_NAME = None + ADMIN_CLIENT_SECRET = None class Development(Config): @@ -13,6 +15,8 @@ class Development(Config): SECRET_KEY = 'secret-key' DANGEROUS_SALT = 'dangerous-salt' ADMIN_USER_EMAIL_ADDRESS = 'dev-notify-admin@digital.cabinet-office.gov.uk' + ADMIN_CLIENT_USER_NAME = 'dev-notify-admin' + ADMIN_CLIENT_SECRET = 'dev-notify-secret-key' class Test(Config): @@ -20,6 +24,8 @@ class Test(Config): SQLALCHEMY_DATABASE_URI = 'postgresql://localhost/test_notification_api' SECRET_KEY = 'secret-key' DANGEROUS_SALT = 'dangerous-salt' + ADMIN_CLIENT_USER_NAME = 'dev-notify-admin' + ADMIN_CLIENT_SECRET = 'dev-notify-secret-key' class Live(Config): diff --git a/tests/__init__.py b/tests/__init__.py index cb11a2f6a..b35e397d3 100644 --- a/tests/__init__.py +++ b/tests/__init__.py @@ -1,21 +1,29 @@ +from flask import current_app from client.authentication import create_jwt_token from app.dao.api_key_dao import get_unsigned_secret -def create_authorization_header(service_id, path, method, request_body=None): +def create_authorization_header(path, method, request_body=None, service_id=None): + if service_id: + client_id = service_id + secret = get_unsigned_secret(service_id) + else: + client_id = current_app.config.get('ADMIN_CLIENT_USER_NAME') + secret = current_app.config.get('ADMIN_CLIENT_SECRET') + if request_body: token = create_jwt_token( request_method=method, request_path=path, - secret=get_unsigned_secret(service_id), - client_id=service_id, + secret=secret, + client_id=client_id, request_body=request_body) else: token = create_jwt_token(request_method=method, request_path=path, - secret=get_unsigned_secret(service_id), - client_id=service_id) + secret=secret, + client_id=client_id) return 'Authorization', 'Bearer {}'.format(token)