refactor authentication code

moved api_key secret manipulation (generating and getting) into
authentiation/utils, and added a property on the model, to facilitate
easier matching of authenticated requests and the api keys they used

tests/app/authentication/test_authentication.py

@@ -1,9 +1,8 @@
-import uuid
-from datetime import datetime, timedelta
+from datetime import datetime
 from notifications_python_client.authentication import create_jwt_token
 from flask import json, current_app
 from app.dao.api_key_dao import get_unsigned_secrets, save_model_api_key, get_unsigned_secret, expire_api_key
-from app.models import ApiKey, KEY_TYPE_NORMAL
+from app.models import ApiKey, KEY_TYPE_NORMAL, KEY_TYPE_TEAM
 
 
 def test_should_not_allow_request_with_no_token(notify_api):
@@ -90,13 +89,6 @@ def test_should_allow_valid_token_when_service_has_multiple_keys(notify_api, sam
             assert response.status_code == 200
 
 
-JSON_BODY = json.dumps({
-    "key1": "value1",
-    "key2": "value2",
-    "key3": "value3"
-})
-
-
 def test_authentication_passes_admin_client_token(notify_api,
                                                   notify_db,
                                                   notify_db_session,

tests/app/authentication/test_utils.py

@@ -0,0 +1,8 @@
+from app.authentication.utils import generate_secret, get_secret
+
+
+def test_secret_is_signed_and_can_be_read_again(notify_api):
+    with notify_api.test_request_context():
+        signed_secret = generate_secret('some_uuid')
+        assert signed_secret != 'some_uuid'
+        assert 'some_uuid' == get_secret(signed_secret)

tests/app/dao/test_api_key_dao.py

@@ -4,23 +4,15 @@ import pytest
 from sqlalchemy.exc import IntegrityError
 from sqlalchemy.orm.exc import NoResultFound
 
+from app.authentication.utils import get_secret
 from app.dao.api_key_dao import (save_model_api_key,
                                  get_model_api_keys,
                                  get_unsigned_secrets,
                                  get_unsigned_secret,
-                                 _generate_secret,
-                                 _get_secret, expire_api_key)
+                                 expire_api_key)
 from app.models import ApiKey, KEY_TYPE_NORMAL
 
 
-def test_secret_is_signed_and_can_be_read_again(notify_api, mocker):
-    with notify_api.test_request_context():
-        mocker.patch("uuid.uuid4", return_value='some_uuid')
-        signed_secret = _generate_secret()
-        assert 'some_uuid' == _get_secret(signed_secret)
-        assert signed_secret != 'some_uuid'
-
-
 def test_save_api_key_should_create_new_api_key_and_history(sample_service):
     api_key = ApiKey(**{'service': sample_service,
                         'name': sample_service.name,
@@ -72,13 +64,13 @@ def test_should_return_unsigned_api_keys_for_service_id(sample_api_key):
     unsigned_api_key = get_unsigned_secrets(sample_api_key.service_id)
     assert len(unsigned_api_key) == 1
     assert sample_api_key.secret != unsigned_api_key[0]
-    assert unsigned_api_key[0] == _get_secret(sample_api_key.secret)
+    assert unsigned_api_key[0] == get_secret(sample_api_key.secret)
 
 
 def test_get_unsigned_secret_returns_key(sample_api_key):
     unsigned_api_key = get_unsigned_secret(sample_api_key.id)
     assert sample_api_key.secret != unsigned_api_key
-    assert unsigned_api_key == _get_secret(sample_api_key.secret)
+    assert unsigned_api_key == get_secret(sample_api_key.secret)
 
 
 def test_should_not_allow_duplicate_key_names_per_service(sample_api_key, fake_uuid):