darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-02-04 18:31:13 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #59 from alphagov/add-logging-for-auth-errors

Browse Source 
Update the error response from the authentication method
This commit is contained in:
Adam Shimali
2016-02-08 13:36:46 +00:00
parent db1c6749a6 416dd00ac8
commit d99776d6cc
2 changed files with 23 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/authentication/auth.py
View File

@@ -1,10 +1,11 @@
from flask import request, jsonify, _request_ctx_stack from flask import request, jsonify, _request_ctx_stack, current_app
from client.authentication import decode_jwt_token, get_token_issuer from client.authentication import decode_jwt_token, get_token_issuer
from client.errors import TokenDecodeError, TokenRequestError, TokenExpiredError, TokenPayloadError from client.errors import TokenDecodeError, TokenRequestError, TokenExpiredError, TokenPayloadError
from app.dao.api_key_dao import get_unsigned_secrets from app.dao.api_key_dao import get_unsigned_secrets
def authentication_response(message, code): def authentication_response(message, code):
current_app.logger.info(message)
return jsonify( return jsonify(
error=message error=message
), code ), code
@@ -27,8 +28,7 @@ def requires_auth():
return authentication_response("Invalid token: signature", 403) return authentication_response("Invalid token: signature", 403)
if api_client is None: if api_client is None:
authentication_response("Invalid credentials", 403) authentication_response("Invalid credentials", 403)
# If the api_client does not have any secrets return response saying that
errors_resp = authentication_response("Invalid token: api client has no secrets", 403)
for secret in api_client['secret']: for secret in api_client['secret']:
try: try:
decode_jwt_token( decode_jwt_token(
@@ -53,7 +53,6 @@ def requires_auth():
def fetch_client(client): def fetch_client(client):
from flask import current_app
if client == current_app.config.get('ADMIN_CLIENT_USER_NAME'): if client == current_app.config.get('ADMIN_CLIENT_USER_NAME'):
return { return {
"client": client, "client": client,

20
tests/app/authentication/test_authentication.py
View File

@@ -214,6 +214,26 @@ def test_authentication_returns_token_expired_when_service_uses_expired_key_and_
assert data['error'] == 'Invalid token: signature' assert data['error'] == 'Invalid token: signature'
def test_authentication_returns_error_when_api_client_has_no_secrets(notify_api,
notify_db,
notify_db_session):
with notify_api.test_request_context():
with notify_api.test_client() as client:
api_secret = notify_api.config.get('ADMIN_CLIENT_SECRET')
token = create_jwt_token(request_method="GET",
request_path=url_for('service.get_service'),
secret=api_secret,
client_id=notify_api.config.get('ADMIN_CLIENT_USER_NAME')
)
notify_api.config['ADMIN_CLIENT_SECRET'] = ''
response = client.get(url_for('service.get_service'),
headers={'Authorization': 'Bearer {}'.format(token)})
assert response.status_code == 403
error_message = json.loads(response.get_data())
assert error_message['error'] == 'Invalid token: signature'
notify_api.config['ADMIN_CLIENT_SECRET'] = api_secret
def __create_get_token(service_id): def __create_get_token(service_id):
if service_id: if service_id:
return create_jwt_token(request_method="GET", return create_jwt_token(request_method="GET",