darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-05-15 05:28:39 -04:00
Code Issues Packages Projects Releases Wiki Activity

wip

Browse Source
This commit is contained in:
David McDonald
2020-01-24 17:23:15 +00:00
parent 8df5cf1bd2
commit 8ef3c498fe
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/authentication/auth.py
View File

@@ -1,7 +1,7 @@
from flask import request, _request_ctx_stack, current_app, g
from notifications_python_client.authentication import decode_jwt_token, get_token_issuer
from notifications_python_client.errors import (
TokenDecodeError, TokenExpiredError, TokenIssuerError, TokenAlgorithmError
TokenDecodeError, TokenExpiredError, TokenIssuerError, TokenAlgorithmError, TokenError
)
from notifications_utils import request_helper
from sqlalchemy.exc import DataError
@@ -100,6 +100,10 @@ def requires_auth():
# API key matches for this service but there was an error with the expiry of the token
err_msg = "Error: Your system clock must be accurate to within 30 seconds"
raise AuthError(err_msg, 403, service_id=service.id, api_key_id=api_key.id)
except TokenError:
err_msg = "Invalid token: API token is not valid. " + TOKEN_ERROR_GUIDANCE
raise AuthError(err_msg, 403, service_id=service.id, api_key_id=api_key.id)
if api_key.expiry_date:
raise AuthError("Invalid token: API key revoked", 403, service_id=service.id, api_key_id=api_key.id)

3
tests/app/authentication/test_authentication.py
View File

@@ -129,6 +129,7 @@ def test_auth_should_not_allow_request_with_non_hs256_algorithm(client, sample_a
def test_auth_should_not_allow_request_with_extra_claims(client, sample_api_key):
iss = str(sample_api_key.service_id)
key = get_unsigned_secrets(sample_api_key.service_id)[0]
# code copied from notifications_python_client.authentication.py::create_jwt_token
headers = {
"typ": 'JWT',
@@ -141,7 +142,7 @@ def test_auth_should_not_allow_request_with_extra_claims(client, sample_api_key)
'aud': 'notifications.service.gov.uk' # extra claim that we don't support
}
token = jwt.encode(payload=claims, key=str(uuid.uuid4()), headers=headers).decode()
token = jwt.encode(payload=claims, key=key, headers=headers).decode()
request.headers = {'Authorization': 'Bearer {}'.format(token)}
with pytest.raises(AuthError) as exc: