Authentication for admin client api calls where a user and service is not required.

app/authentication/auth.py

@@ -47,7 +47,14 @@ def requires_auth():
 
 
 def fetch_client(client):
-    return {
+    from flask import current_app
-        "client": client,
+    if client == current_app.config.get('ADMIN_CLIENT_USER_NAME'):
-        "secret": get_unsigned_secret(client)
+        return {
-    }
+            "client": client,
+            "secret": current_app.config.get('ADMIN_CLIENT_SECRET')
+        }
+    else:
+        return {
+            "client": client,
+            "secret": get_unsigned_secret(client)
+        }

application.py

@@ -22,29 +22,5 @@ def list_routes():
         print("{:10} {}".format(", ".join(rule.methods - set(['OPTIONS', 'HEAD'])), rule.rule))
 
 
-@manager.command
-def create_admin_user_service():
-    """
-    Convience method to create a admin user and service
-    :return: API secret for admin service
-    """
-    from app.models import User, Service, ApiKey
-    from app.dao import api_key_dao, users_dao, services_dao
-    from flask import current_app
-
-    user = User(**{'email_address': current_app.config['ADMIN_USER_EMAIL_ADDRESS']})
-    users_dao.save_model_user(user)
-
-    service = Service(**{'name': 'Notify Service Admin',
-                         'users': [user],
-                         'limit': 1000,
-                         'active': True,
-                         'restricted': True})
-    services_dao.save_model_service(service)
-    api_key = ApiKey(**{'service_id': service.id, 'name': 'Admin API KEY (temporary)'})
-    api_key_dao.save_model_api_key(api_key)
-    print('ApiKey: {}'.format(api_key_dao.get_unsigned_secret(service.id)))
-
-
 if __name__ == '__main__':
     manager.run()

config.py

@@ -6,6 +6,8 @@ class Config(object):
     SQLALCHEMY_COMMIT_ON_TEARDOWN = False
     SQLALCHEMY_RECORD_QUERIES = True
     SQLALCHEMY_DATABASE_URI = 'postgresql://localhost/notification_api'
+    ADMIN_CLIENT_USER_NAME = None
+    ADMIN_CLIENT_SECRET = None
 
 
 class Development(Config):
@@ -13,6 +15,8 @@ class Development(Config):
     SECRET_KEY = 'secret-key'
     DANGEROUS_SALT = 'dangerous-salt'
     ADMIN_USER_EMAIL_ADDRESS = 'dev-notify-admin@digital.cabinet-office.gov.uk'
+    ADMIN_CLIENT_USER_NAME = 'dev-notify-admin'
+    ADMIN_CLIENT_SECRET = 'dev-notify-secret-key'
 
 
 class Test(Config):
@@ -20,6 +24,8 @@ class Test(Config):
     SQLALCHEMY_DATABASE_URI = 'postgresql://localhost/test_notification_api'
     SECRET_KEY = 'secret-key'
     DANGEROUS_SALT = 'dangerous-salt'
+    ADMIN_CLIENT_USER_NAME = 'dev-notify-admin'
+    ADMIN_CLIENT_SECRET = 'dev-notify-secret-key'
 
 
 class Live(Config):

tests/__init__.py

@@ -1,21 +1,29 @@
+from flask import current_app
 from client.authentication import create_jwt_token
 
 from app.dao.api_key_dao import get_unsigned_secret
 
 
-def create_authorization_header(service_id, path, method, request_body=None):
+def create_authorization_header(path, method, request_body=None, service_id=None):
+    if service_id:
+        client_id = service_id
+        secret = get_unsigned_secret(service_id)
+    else:
+        client_id = current_app.config.get('ADMIN_CLIENT_USER_NAME')
+        secret = current_app.config.get('ADMIN_CLIENT_SECRET')
+
     if request_body:
         token = create_jwt_token(
             request_method=method,
             request_path=path,
-            secret=get_unsigned_secret(service_id),
+            secret=secret,
-            client_id=service_id,
+            client_id=client_id,
             request_body=request_body)
 
     else:
         token = create_jwt_token(request_method=method,
                                  request_path=path,
-                                 secret=get_unsigned_secret(service_id),
+                                 secret=secret,
-                                 client_id=service_id)
+                                 client_id=client_id)
 
     return 'Authorization', 'Bearer {}'.format(token)