add check for inactive services to auth handler

cleaned up some auth code to marginally improve efficiency of error checking and hopefully make it easier to read fixed some incorrect auth headers in the deactivate tests
2026-01-31 23:26:23 -05:00 · 2016-11-10 11:07:12 +00:00
parent b2149bf02a
commit e8c3a5cdde
4 changed files with 29 additions and 16 deletions
--- a/tests/app/authentication/test_authentication.py
+++ b/tests/app/authentication/test_authentication.py
@@ -223,6 +223,17 @@ def test_authentication_returns_error_when_service_doesnt_exit(
        assert error_message['message'] == {'token': ['Invalid token: service not found']}


+def test_authentication_returns_error_when_service_inactive(client, sample_api_key):
+    sample_api_key.service.active = False
+    token = create_jwt_token(secret=str(sample_api_key.id), client_id=str(sample_api_key.service_id))
+
+    response = client.get('/service', headers={'Authorization': 'Bearer {}'.format(token)})
+
+    assert response.status_code == 403
+    error_message = json.loads(response.get_data())
+    assert error_message['message'] == {'token': ['Invalid token: service is archived']}
+
+
 def test_authentication_returns_error_when_service_has_no_secrets(notify_api,
                                                                  sample_service,
                                                                  fake_uuid):
--- a/tests/app/service/test_deactivate.py
+++ b/tests/app/service/test_deactivate.py
@@ -11,19 +11,19 @@ from tests.app.conftest import (


 def test_deactivate_only_allows_post(client, sample_service):
-    auth_header = create_authorization_header(service_id=str(sample_service.id))
+    auth_header = create_authorization_header()
    response = client.get('/service/{}/deactivate'.format(uuid.uuid4()), headers=[auth_header])
    assert response.status_code == 405


 def test_deactivate_service_errors_with_bad_service_id(client, sample_service):
-    auth_header = create_authorization_header(service_id=str(sample_service.id))
+    auth_header = create_authorization_header()
    response = client.post('/service/{}/deactivate'.format(uuid.uuid4()), headers=[auth_header])
    assert response.status_code == 404


 def test_deactivating_inactive_service_does_nothing(client, sample_service):
-    auth_header = create_authorization_header(service_id=str(sample_service.id))
+    auth_header = create_authorization_header()
    sample_service.active = False
    response = client.post('/service/{}/deactivate'.format(sample_service.id), headers=[auth_header])
    assert response.status_code == 204
@@ -37,7 +37,7 @@ def deactivated_service(client, notify_db, notify_db_session, sample_service):
    create_api_key(notify_db, notify_db_session)
    create_api_key(notify_db, notify_db_session)

-    auth_header = create_authorization_header(service_id=str(sample_service.id))
+    auth_header = create_authorization_header()
    response = client.post('/service/{}/deactivate'.format(sample_service.id), headers=[auth_header])
    assert response.status_code == 204
    assert response.data == b''
@@ -50,7 +50,7 @@ def test_deactivating_service_changes_name_and_email(deactivated_service):


 def test_deactivating_service_revokes_api_keys(deactivated_service):
-    assert deactivated_service.api_keys.count() == 2
+    assert len(deactivated_service.api_keys) == 2
    for key in deactivated_service.api_keys:
        assert key.expiry_date is not None
        assert key.version == 2