darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-22 00:11:16 -05:00
Code Issues Packages Projects Releases Wiki Activity

make sure all non-uuid service ids 403 in api keys

Browse Source 
previously 'invalid-strings' would be handled, but integers would just
return 500.
This commit is contained in:
Leo Hemsted
2021-04-29 18:48:59 +01:00
committed by Rebecca Law
parent 3702d4eae8
commit c1b08e4cbc
2 changed files with 12 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
tests/app/authentication/test_authentication.py
View File

@@ -204,9 +204,10 @@ def test_should_allow_valid_token(client, sample_api_key, scheme):
assert response.status_code == 200
def test_should_not_allow_service_id_that_is_not_the_wrong_data_type(client, sample_api_key):
@pytest.mark.parametrize('service_id', ['not-a-valid-id', 1234])
def test_should_not_allow_service_id_that_is_not_the_wrong_data_type(client, sample_api_key, service_id):
token = create_jwt_token(secret=get_unsigned_secrets(sample_api_key.service_id)[0],
client_id=str('not-a-valid-id'))
client_id=service_id)
response = client.get(
'/notifications',
headers={'Authorization': "Bearer {}".format(token)}
@@ -491,5 +492,5 @@ def test_should_cache_service_and_api_key_lookups(mocker, client, sample_api_key
call(str(sample_api_key.service_id))
]
assert mock_get_service.call_args_list == [
call(str(sample_api_key.service_id))
call(sample_api_key.service_id)
]