def test_authentication_returns_token_expired_when_service_uses_expired_key_and_has_multiple_keys( client, sample_api_key): expired_key = { 'service': sample_api_key.service, 'name': 'expired_key', 'created_by': sample_api_key.created_by, 'key_type': KEY_TYPE_NORMAL } expired_api_key = ApiKey(**expired_key) save_model_api_key(expired_api_key) another_key = { 'service': sample_api_key.service, 'name': 'another_key', 'created_by': sample_api_key.created_by, 'key_type': KEY_TYPE_NORMAL } api_key = ApiKey(**another_key) save_model_api_key(api_key) token = create_jwt_token(secret=get_unsigned_secret(expired_api_key.id), client_id=str(sample_api_key.service_id)) expire_api_key(service_id=sample_api_key.service_id, api_key_id=expired_api_key.id) request.headers = {'Authorization': 'Bearer {}'.format(token)} with pytest.raises(AuthError) as exc: validate_service_api_key_auth() assert exc.value.short_message == 'Invalid token: API key revoked' assert exc.value.service_id == expired_api_key.service_id assert exc.value.api_key_id == expired_api_key.id
def test_get_api_keys_should_return_all_keys_for_service( notify_api, sample_api_key): with notify_api.test_request_context(): with notify_api.test_client() as client: another_user = create_user(email='*****@*****.**') another_service = create_service(user=another_user, service_name='Another service') # key for another service create_api_key(another_service) # this service already has one key, add two more, one expired create_api_key(sample_api_key.service) one_to_expire = create_api_key(sample_api_key.service) expire_api_key(service_id=one_to_expire.service_id, api_key_id=one_to_expire.id) assert ApiKey.query.count() == 4 auth_header = create_authorization_header() response = client.get( url_for('service.get_api_keys', service_id=sample_api_key.service_id), headers=[('Content-Type', 'application/json'), auth_header]) assert response.status_code == 200 json_resp = json.loads(response.get_data(as_text=True)) assert len(json_resp['apiKeys']) == 3
def test_authentication_returns_token_expired_when_service_uses_expired_key_and_has_multiple_keys( client, sample_api_key): expired_key = { "service": sample_api_key.service, "name": "expired_key", "created_by": sample_api_key.created_by, "key_type": KEY_TYPE_NORMAL, } expired_api_key = ApiKey(**expired_key) save_model_api_key(expired_api_key) another_key = { "service": sample_api_key.service, "name": "another_key", "created_by": sample_api_key.created_by, "key_type": KEY_TYPE_NORMAL, } api_key = ApiKey(**another_key) save_model_api_key(api_key) token = create_jwt_token( secret=get_unsigned_secret(expired_api_key.id), client_id=str(sample_api_key.service_id), ) expire_api_key(service_id=sample_api_key.service_id, api_key_id=expired_api_key.id) request.headers = {"Authorization": "Bearer {}".format(token)} with pytest.raises(AuthError) as exc: requires_auth() assert exc.value.short_message == "Invalid token: API key revoked" assert exc.value.service_id == expired_api_key.service_id assert exc.value.api_key_id == expired_api_key.id
def test_get_api_keys_should_return_all_keys_for_service(notify_api, notify_db, notify_db_session, sample_api_key): with notify_api.test_request_context(): with notify_api.test_client() as client: another_user = create_user(notify_db, notify_db_session, email='*****@*****.**') another_service = create_sample_service( notify_db, notify_db_session, service_name='another', user=another_user, email_from='another' ) # key for another service create_sample_api_key(notify_db, notify_db_session, service=another_service) # this service already has one key, add two more, one expired create_sample_api_key(notify_db, notify_db_session, service=sample_api_key.service) one_to_expire = create_sample_api_key(notify_db, notify_db_session, service=sample_api_key.service) expire_api_key(service_id=one_to_expire.service_id, api_key_id=one_to_expire.id) assert ApiKey.query.count() == 4 auth_header = create_authorization_header() response = client.get(url_for('service.get_api_keys', service_id=sample_api_key.service_id), headers=[('Content-Type', 'application/json'), auth_header]) assert response.status_code == 200 json_resp = json.loads(response.get_data(as_text=True)) assert len(json_resp['apiKeys']) == 3
def test_should_not_allow_expired_api_key(client, sample_api_key): api_key_secret = get_unsigned_secret(sample_api_key.id) expire_api_key(service_id=sample_api_key.service_id, api_key_id=sample_api_key.id) response = client.get( "/notifications", headers={"Authorization": f"ApiKey-v1 {api_key_secret}"}) assert response.status_code == 403 error_message = json.loads(response.get_data()) assert error_message["message"] == { "token": ["Invalid token: API key revoked"] }
def archived_service_with_deleted_stuff(client, sample_service): with freeze_time('2001-01-01'): template = create_template(sample_service, template_name='a') api_key = create_api_key(sample_service) expire_api_key(sample_service.id, api_key.id) template.archived = True dao_update_template(template) with freeze_time('2002-02-02'): auth_header = create_authorization_header() response = client.post('/service/{}/archive'.format(sample_service.id), headers=[auth_header]) assert response.status_code == 204 assert response.data == b'' return sample_service
def deactivated_service_with_deleted_stuff(client, notify_db, notify_db_session, sample_service): with freeze_time('2001-01-01'): template = create_template(notify_db, notify_db_session, template_name='a') api_key = create_api_key(notify_db, notify_db_session) expire_api_key(sample_service.id, api_key.id) template.archived = True dao_update_template(template) with freeze_time('2002-02-02'): auth_header = create_authorization_header() response = client.post('/service/{}/deactivate'.format(sample_service.id), headers=[auth_header]) assert response.status_code == 204 assert response.data == b'' return sample_service
def test_expire_api_key_should_update_the_api_key_and_create_history_record(notify_api, sample_api_key): expire_api_key(service_id=sample_api_key.service_id, api_key_id=sample_api_key.id) all_api_keys = get_model_api_keys(service_id=sample_api_key.service_id) assert len(all_api_keys) == 1 assert all_api_keys[0].expiry_date <= datetime.utcnow() assert all_api_keys[0].secret == sample_api_key.secret assert all_api_keys[0].id == sample_api_key.id assert all_api_keys[0].service_id == sample_api_key.service_id all_history = sample_api_key.get_history_model().query.all() assert len(all_history) == 2 assert all_history[0].id == sample_api_key.id assert all_history[1].id == sample_api_key.id sorted_all_history = sorted(all_history, key=lambda hist: hist.version) sorted_all_history[0].version = 1 sorted_all_history[1].version = 2
def test_expire_api_key_should_update_the_api_key_and_create_history_record( notify_api, sample_api_key): expire_api_key(service_id=sample_api_key.service_id, api_key_id=sample_api_key.id) all_api_keys = get_model_api_keys(service_id=sample_api_key.service_id) assert len(all_api_keys) == 1 assert all_api_keys[0].expiry_date <= datetime.utcnow() assert all_api_keys[0].secret == sample_api_key.secret assert all_api_keys[0].id == sample_api_key.id assert all_api_keys[0].service_id == sample_api_key.service_id all_history = sample_api_key.get_history_model().query.all() assert len(all_history) == 2 assert all_history[0].id == sample_api_key.id assert all_history[1].id == sample_api_key.id sorted_all_history = sorted(all_history, key=lambda hist: hist.version) sorted_all_history[0].version = 1 sorted_all_history[1].version = 2
def test_get_api_keys_should_return_all_keys_for_service( notify_api, notify_db, notify_db_session, sample_api_key): with notify_api.test_request_context(): with notify_api.test_client() as client: another_user = create_user(email="*****@*****.**") another_service = create_sample_service( notify_db, notify_db_session, service_name="another", user=another_user, email_from="another", ) # key for another service create_sample_api_key(notify_db, notify_db_session, service=another_service) # this service already has one key, add two more, one expired create_sample_api_key(notify_db, notify_db_session, service=sample_api_key.service) one_to_expire = create_sample_api_key( notify_db, notify_db_session, service=sample_api_key.service) expire_api_key(service_id=one_to_expire.service_id, api_key_id=one_to_expire.id) assert ApiKey.query.count() == 4 auth_header = create_authorization_header() response = client.get( url_for("service.get_api_keys", service_id=sample_api_key.service_id), headers=[("Content-Type", "application/json"), auth_header], ) assert response.status_code == 200 json_resp = json.loads(response.get_data(as_text=True)) assert len(json_resp["apiKeys"]) == 3
def revoke_api_key(service_id, api_key_id): expire_api_key(service_id=service_id, api_key_id=api_key_id) return jsonify(), 202