darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-21 16:01:15 -05:00
Code Issues Packages Projects Releases Wiki Activity

Refactor the api_key_dao.

Browse Source 
The only update we should be doing to an api key is to expire/revoke the api key.
Removed the update_dict from the the save method.
Added an expire_api_key method that only updates the api key with an expiry date.
This commit is contained in:
Rebecca Law
2016-06-22 15:27:28 +01:00
parent 1659b64f9e
commit acee87fc63
5 changed files with 39 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
app/dao/api_key_dao.py
View File

@@ -1,4 +1,6 @@
import uuid import uuid
from datetime import datetime
from flask import current_app from flask import current_app
from itsdangerous import URLSafeSerializer from itsdangerous import URLSafeSerializer
@@ -13,19 +15,21 @@ from app.dao.dao_utils import (
@transactional @transactional
@version_class(ApiKey) @version_class(ApiKey)
def save_model_api_key(api_key, update_dict={}): def save_model_api_key(api_key):
if update_dict:
update_dict.pop('id', None)
for key, value in update_dict.items():
setattr(api_key, key, value)
db.session.add(api_key)
else:
if not api_key.id: if not api_key.id:
api_key.id = uuid.uuid4() # must be set now so version history model can use same id api_key.id = uuid.uuid4() # must be set now so version history model can use same id
api_key.secret = _generate_secret() api_key.secret = _generate_secret()
db.session.add(api_key) db.session.add(api_key)
@transactional
@version_class(ApiKey)
def expire_api_key(service_id, api_key_id):
api_key = ApiKey.query.filter_by(id=api_key_id, service_id=service_id).one()
api_key.expiry_date = datetime.utcnow()
db.session.add(api_key)
def get_model_api_keys(service_id, id=None): def get_model_api_keys(service_id, id=None):
if id: if id:
return ApiKey.query.filter_by(id=id, service_id=service_id, expiry_date=None).one() return ApiKey.query.filter_by(id=id, service_id=service_id, expiry_date=None).one()
@@ -49,8 +53,7 @@ def get_unsigned_secret(key_id):
return _get_secret(api_key.secret) return _get_secret(api_key.secret)
def _generate_secret(token=None): def _generate_secret():
if not token:
token = uuid.uuid4() token = uuid.uuid4()
serializer = URLSafeSerializer(current_app.config.get('SECRET_KEY')) serializer = URLSafeSerializer(current_app.config.get('SECRET_KEY'))
return serializer.dumps(str(token), current_app.config.get('DANGEROUS_SALT')) return serializer.dumps(str(token), current_app.config.get('DANGEROUS_SALT'))

8
app/service/rest.py
View File

@@ -14,8 +14,8 @@ from sqlalchemy.orm.exc import NoResultFound
from app.dao.api_key_dao import ( from app.dao.api_key_dao import (
save_model_api_key, save_model_api_key,
get_model_api_keys, get_model_api_keys,
get_unsigned_secret get_unsigned_secret,
) expire_api_key)
from app.dao.services_dao import ( from app.dao.services_dao import (
dao_fetch_service_by_id_and_user, dao_fetch_service_by_id_and_user,
dao_fetch_service_by_id, dao_fetch_service_by_id,
@@ -95,6 +95,7 @@ def update_service(service_id):
return jsonify(data=service_schema.dump(fetched_service).data), 200 return jsonify(data=service_schema.dump(fetched_service).data), 200
# is this used.
@service.route('/<uuid:service_id>/api-key', methods=['POST']) @service.route('/<uuid:service_id>/api-key', methods=['POST'])
def renew_api_key(service_id=None): def renew_api_key(service_id=None):
fetched_service = dao_fetch_service_by_id(service_id=service_id) fetched_service = dao_fetch_service_by_id(service_id=service_id)
@@ -107,8 +108,7 @@ def renew_api_key(service_id=None):
@service.route('/<uuid:service_id>/api-key/revoke/<uuid:api_key_id>', methods=['POST']) @service.route('/<uuid:service_id>/api-key/revoke/<uuid:api_key_id>', methods=['POST'])
def revoke_api_key(service_id, api_key_id): def revoke_api_key(service_id, api_key_id):
service_api_key = get_model_api_keys(service_id=service_id, id=api_key_id) expire_api_key(service_id=service_id, api_key_id=api_key_id)
save_model_api_key(service_api_key, update_dict={'expiry_date': datetime.utcnow()})
return jsonify(), 202 return jsonify(), 202

10
tests/app/authentication/test_authentication.py
View File

@@ -2,7 +2,7 @@ import uuid
from datetime import datetime, timedelta from datetime import datetime, timedelta
from notifications_python_client.authentication import create_jwt_token from notifications_python_client.authentication import create_jwt_token
from flask import json, current_app from flask import json, current_app
from app.dao.api_key_dao import get_unsigned_secrets, save_model_api_key, get_unsigned_secret from app.dao.api_key_dao import get_unsigned_secrets, save_model_api_key, get_unsigned_secret, expire_api_key
from app.models import ApiKey from app.models import ApiKey
@@ -161,13 +161,7 @@ def test_authentication_returns_token_expired_when_service_uses_expired_key_and_
token = create_jwt_token( token = create_jwt_token(
secret=get_unsigned_secret(expired_api_key.id), secret=get_unsigned_secret(expired_api_key.id),
client_id=str(sample_api_key.service_id)) client_id=str(sample_api_key.service_id))
# expire the key expire_api_key(service_id=sample_api_key.service_id, api_key_id=expired_api_key.id)
expire_the_key = {'id': expired_api_key.id,
'service': sample_api_key.service,
'name': 'expired_key',
'expiry_date': datetime.utcnow() + timedelta(hours=-2),
'created_by': sample_api_key.created_by}
save_model_api_key(expired_api_key, expire_the_key)
response = client.get( response = client.get(
'/service', '/service',
headers={'Authorization': 'Bearer {}'.format(token)}) headers={'Authorization': 'Bearer {}'.format(token)})

31
tests/app/dao/test_api_key_dao.py
View File

@@ -8,17 +8,16 @@ from app.dao.api_key_dao import (save_model_api_key,
get_unsigned_secrets, get_unsigned_secrets,
get_unsigned_secret, get_unsigned_secret,
_generate_secret, _generate_secret,
_get_secret) _get_secret, expire_api_key)
from app.models import ApiKey from app.models import ApiKey
def test_secret_is_signed_and_can_be_read_again(notify_api): def test_secret_is_signed_and_can_be_read_again(notify_api, mocker):
import uuid
with notify_api.test_request_context(): with notify_api.test_request_context():
token = str(uuid.uuid4()) mocker.patch("uuid.uuid4", return_value='some_uuid')
signed_secret = _generate_secret(token=token) signed_secret = _generate_secret()
assert token == _get_secret(signed_secret) assert 'some_uuid' == _get_secret(signed_secret)
assert signed_secret != token assert signed_secret != 'some_uuid'
def test_save_api_key_should_create_new_api_key_and_history(notify_api, def test_save_api_key_should_create_new_api_key_and_history(notify_api,
@@ -45,20 +44,18 @@ def test_expire_api_key_should_update_the_api_key_and_create_history_record(noti
notify_db, notify_db,
notify_db_session, notify_db_session,
sample_api_key): sample_api_key):
now = datetime.utcnow() expire_api_key(service_id=sample_api_key.service_id, api_key_id=sample_api_key.id)
saved_api_key = get_model_api_keys(service_id=sample_api_key.service_id, id=sample_api_key.id)
save_model_api_key(saved_api_key, update_dict={'id': saved_api_key.id, 'expiry_date': now})
all_api_keys = get_model_api_keys(service_id=sample_api_key.service_id) all_api_keys = get_model_api_keys(service_id=sample_api_key.service_id)
assert len(all_api_keys) == 1 assert len(all_api_keys) == 1
assert all_api_keys[0].expiry_date == now assert all_api_keys[0].expiry_date <= datetime.utcnow()
assert all_api_keys[0].secret == saved_api_key.secret assert all_api_keys[0].secret == sample_api_key.secret
assert all_api_keys[0].id == saved_api_key.id assert all_api_keys[0].id == sample_api_key.id
assert all_api_keys[0].service_id == saved_api_key.service_id assert all_api_keys[0].service_id == sample_api_key.service_id
all_history = saved_api_key.get_history_model().query.all() all_history = sample_api_key.get_history_model().query.all()
assert len(all_history) == 2 assert len(all_history) == 2
assert all_history[0].id == saved_api_key.id assert all_history[0].id == sample_api_key.id
assert all_history[1].id == saved_api_key.id assert all_history[1].id == sample_api_key.id
sorted_all_history = sorted(all_history, key=lambda hist: hist.version) sorted_all_history = sorted(all_history, key=lambda hist: hist.version)
sorted_all_history[0].version = 1 sorted_all_history[0].version = 1
sorted_all_history[1].version = 2 sorted_all_history[1].version = 2

4
tests/app/service/test_api_key_endpoints.py
View File

@@ -3,7 +3,7 @@ from datetime import timedelta, datetime
from flask import url_for from flask import url_for
from app.models import ApiKey from app.models import ApiKey
from app.dao.api_key_dao import save_model_api_key from app.dao.api_key_dao import save_model_api_key, expire_api_key
from tests import create_authorization_header from tests import create_authorization_header
from tests.app.conftest import sample_api_key as create_sample_api_key from tests.app.conftest import sample_api_key as create_sample_api_key
from tests.app.conftest import sample_service as create_sample_service from tests.app.conftest import sample_service as create_sample_service
@@ -97,7 +97,7 @@ def test_get_api_keys_should_return_all_keys_for_service(notify_api, notify_db,
# this service already has one key, add two more, one expired # this service already has one key, add two more, one expired
create_sample_api_key(notify_db, notify_db_session, service=sample_api_key.service) create_sample_api_key(notify_db, notify_db_session, service=sample_api_key.service)
one_to_expire = create_sample_api_key(notify_db, notify_db_session, service=sample_api_key.service) one_to_expire = create_sample_api_key(notify_db, notify_db_session, service=sample_api_key.service)
save_model_api_key(one_to_expire, update_dict={'expiry_date': datetime.utcnow()}) expire_api_key(service_id=one_to_expire.service_id, api_key_id=one_to_expire.id)
assert ApiKey.query.count() == 4 assert ApiKey.query.count() == 4