def create_authorization_header(path,
                                method,
                                request_body=None,
                                service_id=None):
    if service_id:
        client_id = service_id
        secret = get_unsigned_secrets(service_id)[0]
    else:
        client_id = current_app.config.get('ADMIN_CLIENT_USER_NAME')
        secret = current_app.config.get('ADMIN_CLIENT_SECRET')

    if request_body:
        token = create_jwt_token(request_method=method,
                                 request_path=path,
                                 secret=secret,
                                 client_id=client_id,
                                 request_body=request_body)

    else:
        token = create_jwt_token(request_method=method,
                                 request_path=path,
                                 secret=secret,
                                 client_id=client_id)

    return 'Authorization', 'Bearer {}'.format(token)
def __create_get_token(service_id):
    if service_id:
        return create_jwt_token(request_method="GET",
                                request_path=url_for('service.get_service',
                                                     service_id=service_id),
                                secret=get_unsigned_secrets(service_id)[0],
                                client_id=service_id)
    else:
        return create_jwt_token(request_method="GET",
                                request_path=url_for('service.get_service'),
                                secret=get_unsigned_secrets(service_id)[0],
                                client_id=service_id)
def __create_get_token(service_id):
    if service_id:
        return create_jwt_token(
            request_method="GET",
            request_path=url_for("service.get_service", service_id=service_id),
            secret=get_unsigned_secrets(service_id)[0],
            client_id=service_id,
        )
    else:
        return create_jwt_token(
            request_method="GET",
            request_path=url_for("service.get_service"),
            secret=get_unsigned_secrets(service_id)[0],
            client_id=service_id,
        )
def test_authentication_passes_when_service_has_multiple_keys_some_expired(
        notify_api, notify_db, notify_db_session, sample_api_key):
    with notify_api.test_request_context():
        with notify_api.test_client() as client:
            exprired_key = {
                'service_id': sample_api_key.service_id,
                'name': 'expired_key',
                'expiry_date': datetime.now()
            }
            expired_api_key = ApiKey(**exprired_key)
            save_model_api_key(expired_api_key)
            another_key = {
                'service_id': sample_api_key.service_id,
                'name': 'another_key'
            }
            api_key = ApiKey(**another_key)
            save_model_api_key(api_key)
            token = create_jwt_token(
                request_method="GET",
                request_path=url_for('service.get_service'),
                secret=get_unsigned_secret(api_key.id),
                client_id=sample_api_key.service_id)
            response = client.get(
                url_for('service.get_service'),
                headers={'Authorization': 'Bearer {}'.format(token)})
            assert response.status_code == 200
def test_authentication_returns_token_expired_when_service_uses_expired_key_and_has_multiple_keys(
    notify_api, notify_db, notify_db_session, sample_api_key
):
    with notify_api.test_request_context():
        with notify_api.test_client() as client:
            expired_key = {"service_id": sample_api_key.service_id, "name": "expired_key"}
            expired_api_key = ApiKey(**expired_key)
            save_model_api_key(expired_api_key)
            another_key = {"service_id": sample_api_key.service_id, "name": "another_key"}
            api_key = ApiKey(**another_key)
            save_model_api_key(api_key)
            token = create_jwt_token(
                request_method="GET",
                request_path=url_for("service.get_service"),
                secret=get_unsigned_secret(expired_api_key.id),
                client_id=sample_api_key.service_id,
            )
            # expire the key
            expire_the_key = {
                "id": expired_api_key.id,
                "service_id": sample_api_key.service_id,
                "name": "expired_key",
                "expiry_date": datetime.now() + timedelta(hours=-2),
            }
            save_model_api_key(expired_api_key, expire_the_key)
            response = client.get(url_for("service.get_service"), headers={"Authorization": "Bearer {}".format(token)})
            assert response.status_code == 403
            data = json.loads(response.get_data())
            assert data["error"] == "Invalid token: signature"
def test_authentication_returns_token_expired_when_service_uses_expired_key_and_has_multiple_keys(
        notify_api, notify_db, notify_db_session, sample_api_key):
    with notify_api.test_request_context():
        with notify_api.test_client() as client:
            expired_key = {
                'service_id': sample_api_key.service_id,
                'name': 'expired_key'
            }
            expired_api_key = ApiKey(**expired_key)
            save_model_api_key(expired_api_key)
            another_key = {
                'service_id': sample_api_key.service_id,
                'name': 'another_key'
            }
            api_key = ApiKey(**another_key)
            save_model_api_key(api_key)
            token = create_jwt_token(
                request_method="GET",
                request_path=url_for('service.get_service'),
                secret=get_unsigned_secret(expired_api_key.id),
                client_id=sample_api_key.service_id)
            # expire the key
            expire_the_key = {
                'id': expired_api_key.id,
                'service_id': sample_api_key.service_id,
                'name': 'expired_key',
                'expiry_date': datetime.now() + timedelta(hours=-2)
            }
            save_model_api_key(expired_api_key, expire_the_key)
            response = client.get(
                url_for('service.get_service'),
                headers={'Authorization': 'Bearer {}'.format(token)})
            assert response.status_code == 403
            data = json.loads(response.get_data())
            assert data['error'] == 'Invalid token: signature'
def test_should_allow_valid_token_with_post_body(notify_api, notify_db,
                                                 notify_db_session,
                                                 sample_api_key):
    with notify_api.test_request_context():
        with notify_api.test_client() as client:
            service = Service.query.get(sample_api_key.service_id)
            data = {
                'name': 'new name',
                'users': [service.users[0].id],
                'limit': 1000,
                'restricted': False,
                'active': False
            }

            token = create_jwt_token(
                request_method="PUT",
                request_path=url_for('service.update_service',
                                     service_id=sample_api_key.service_id),
                secret=get_unsigned_secret(sample_api_key.id),
                client_id=sample_api_key.service_id,
                request_body=json.dumps(data))
            headers = [('Content-Type', 'application/json'),
                       ('Authorization', 'Bearer {}'.format(token))]
            response = client.put(url_for('service.update_service',
                                          service_id=service.id),
                                  data=json.dumps(data),
                                  headers=headers)
            assert response.status_code == 200
def __create_post_token(service_id, request_body):
    return create_jwt_token(
        request_method="POST",
        request_path=url_for("service.create_service"),
        secret=get_unsigned_secrets(service_id)[0],
        client_id=service_id,
        request_body=request_body,
    )
def test_should_allow_valid_token(notify_api):
    token = create_jwt_token(request_method="GET", request_path="/", secret="secret", client_id="client_id")
    response = notify_api.test_client().get(
        "/",
        headers={
            'Authorization': 'Bearer {}'.format(token)
        }
    )
    assert response.status_code == 200
def test_should_not_allow_invalid_secret(notify_api, notify_db, notify_db_session, sample_api_key):
    with notify_api.test_request_context():
        with notify_api.test_client() as client:
            token = create_jwt_token(
                request_method="POST", request_path="/", secret="not-so-secret", client_id=sample_api_key.service_id
            )
            response = client.get(url_for("service.get_service"), headers={"Authorization": "Bearer {}".format(token)})
            assert response.status_code == 403
            data = json.loads(response.get_data())
            assert data["error"] == "Invalid token: signature"
def test_authentication_passes_admin_client_token(notify_api, notify_db, notify_db_session, sample_api_key):
    with notify_api.test_request_context():
        with notify_api.test_client() as client:
            token = create_jwt_token(
                request_method="GET",
                request_path=url_for("service.get_service"),
                secret=current_app.config.get("ADMIN_CLIENT_SECRET"),
                client_id=current_app.config.get("ADMIN_CLIENT_USER_NAME"),
            )
            response = client.get(url_for("service.get_service"), headers={"Authorization": "Bearer {}".format(token)})
            assert response.status_code == 200
def test_should_not_allow_invalid_secret(notify_api):
    token = create_jwt_token(request_method="POST", request_path="/", secret="not-so-secret", client_id="client_id")
    response = notify_api.test_client().get(
        "/",
        headers={
            'Authorization': "Bearer {}".format(token)
        }
    )
    assert response.status_code == 403
    data = json.loads(response.get_data())
    assert data['error'] == 'Invalid token: signature'
Example #13
0
def create_authorization_header(path, method, request_body=None, service_id=None):
    if service_id:
        client_id = service_id
        secret = get_unsigned_secrets(service_id)[0]
    else:
        client_id = current_app.config.get('ADMIN_CLIENT_USER_NAME')
        secret = current_app.config.get('ADMIN_CLIENT_SECRET')

    if request_body:
        token = create_jwt_token(
            request_method=method,
            request_path=path,
            secret=secret,
            client_id=client_id,
            request_body=request_body)

    else:
        token = create_jwt_token(request_method=method,
                                 request_path=path,
                                 secret=secret,
                                 client_id=client_id)

    return 'Authorization', 'Bearer {}'.format(token)
def test_should_not_allow_invalid_secret(notify_api, notify_db,
                                         notify_db_session, sample_api_key):
    with notify_api.test_request_context():
        with notify_api.test_client() as client:
            token = create_jwt_token(request_method="POST",
                                     request_path="/",
                                     secret="not-so-secret",
                                     client_id=sample_api_key.service_id)
            response = client.get(
                url_for('service.get_service'),
                headers={'Authorization': "Bearer {}".format(token)})
            assert response.status_code == 403
            data = json.loads(response.get_data())
            assert data['error'] == 'Invalid token: signature'
def test_authentication_passes_admin_client_token(notify_api, notify_db,
                                                  notify_db_session,
                                                  sample_api_key):
    with notify_api.test_request_context():
        with notify_api.test_client() as client:
            token = create_jwt_token(
                request_method="GET",
                request_path=url_for('service.get_service'),
                secret=current_app.config.get('ADMIN_CLIENT_SECRET'),
                client_id=current_app.config.get('ADMIN_CLIENT_USER_NAME'))
            response = client.get(
                url_for('service.get_service'),
                headers={'Authorization': 'Bearer {}'.format(token)})
            assert response.status_code == 200
def test_should_allow_valid_token_with_post_body(notify_api):
    json_body = json.dumps({
        "key1": "value1",
        "key2": "value2",
        "key3": "value3"
    })
    token = create_jwt_token(
        request_method="POST",
        request_path="/",
        secret="secret",
        client_id="client_id",
        request_body=json_body
    )
    response = notify_api.test_client().post(
        "/",
        data=json_body,
        headers={
            'Authorization': 'Bearer {}'.format(token)
        }
    )
    assert response.status_code == 200
def test_authentication_passes_when_service_has_multiple_keys_some_expired(
    notify_api, notify_db, notify_db_session, sample_api_key
):
    with notify_api.test_request_context():
        with notify_api.test_client() as client:
            exprired_key = {
                "service_id": sample_api_key.service_id,
                "name": "expired_key",
                "expiry_date": datetime.now(),
            }
            expired_api_key = ApiKey(**exprired_key)
            save_model_api_key(expired_api_key)
            another_key = {"service_id": sample_api_key.service_id, "name": "another_key"}
            api_key = ApiKey(**another_key)
            save_model_api_key(api_key)
            token = create_jwt_token(
                request_method="GET",
                request_path=url_for("service.get_service"),
                secret=get_unsigned_secret(api_key.id),
                client_id=sample_api_key.service_id,
            )
            response = client.get(url_for("service.get_service"), headers={"Authorization": "Bearer {}".format(token)})
            assert response.status_code == 200
def test_should_not_allow_valid_token_with_invalid_post_body(notify_api):
    json_body = json.dumps({
        "key1": "value1",
        "key2": "value2",
        "key3": "value3"
    })
    token = create_jwt_token(
        request_method="POST",
        request_path="/",
        secret="secret",
        client_id="client_id",
        request_body=json_body
    )
    response = notify_api.test_client().post(
        "/",
        data="spurious",
        headers={
            'Authorization': 'Bearer {}'.format(token)
        }
    )
    assert response.status_code == 403
    data = json.loads(response.get_data())
    assert data['error'] == 'Invalid token: payload'
def test_should_allow_valid_token_with_post_body(notify_api, notify_db, notify_db_session, sample_api_key):
    with notify_api.test_request_context():
        with notify_api.test_client() as client:
            service = Service.query.get(sample_api_key.service_id)
            data = {
                "name": "new name",
                "users": [service.users[0].id],
                "limit": 1000,
                "restricted": False,
                "active": False,
            }

            token = create_jwt_token(
                request_method="PUT",
                request_path=url_for("service.update_service", service_id=sample_api_key.service_id),
                secret=get_unsigned_secret(sample_api_key.id),
                client_id=sample_api_key.service_id,
                request_body=json.dumps(data),
            )
            headers = [("Content-Type", "application/json"), ("Authorization", "Bearer {}".format(token))]
            response = client.put(
                url_for("service.update_service", service_id=service.id), data=json.dumps(data), headers=headers
            )
            assert response.status_code == 200
def __create_post_token(service_id, request_body):
    return create_jwt_token(request_method="POST",
                            request_path=url_for('service.create_service'),
                            secret=get_unsigned_secrets(service_id)[0],
                            client_id=service_id,
                            request_body=request_body)