def test_authentication_returns_token_expired_when_service_uses_expired_key_and_has_multiple_keys(
client, sample_api_key):
expired_key = {
'service': sample_api_key.service,
'name': 'expired_key',
'created_by': sample_api_key.created_by,
'key_type': KEY_TYPE_NORMAL
}
expired_api_key = ApiKey(**expired_key)
save_model_api_key(expired_api_key)
another_key = {
'service': sample_api_key.service,
'name': 'another_key',
'created_by': sample_api_key.created_by,
'key_type': KEY_TYPE_NORMAL
}
api_key = ApiKey(**another_key)
save_model_api_key(api_key)
token = create_jwt_token(secret=get_unsigned_secret(expired_api_key.id),
client_id=str(sample_api_key.service_id))
expire_api_key(service_id=sample_api_key.service_id,
api_key_id=expired_api_key.id)
request.headers = {'Authorization': 'Bearer {}'.format(token)}
with pytest.raises(AuthError) as exc:
validate_service_api_key_auth()
assert exc.value.short_message == 'Invalid token: API key revoked'
assert exc.value.service_id == expired_api_key.service_id
assert exc.value.api_key_id == expired_api_key.id
def test_get_api_keys_should_return_all_keys_for_service(
notify_api, sample_api_key):
with notify_api.test_request_context():
with notify_api.test_client() as client:
another_user = create_user(email='*****@*****.**')
another_service = create_service(user=another_user,
service_name='Another service')
# key for another service
create_api_key(another_service)
# this service already has one key, add two more, one expired
create_api_key(sample_api_key.service)
one_to_expire = create_api_key(sample_api_key.service)
expire_api_key(service_id=one_to_expire.service_id,
api_key_id=one_to_expire.id)
assert ApiKey.query.count() == 4
auth_header = create_authorization_header()
response = client.get(
url_for('service.get_api_keys',
service_id=sample_api_key.service_id),
headers=[('Content-Type', 'application/json'), auth_header])
assert response.status_code == 200
json_resp = json.loads(response.get_data(as_text=True))
assert len(json_resp['apiKeys']) == 3
def test_authentication_returns_token_expired_when_service_uses_expired_key_and_has_multiple_keys(
client, sample_api_key):
expired_key = {
"service": sample_api_key.service,
"name": "expired_key",
"created_by": sample_api_key.created_by,
"key_type": KEY_TYPE_NORMAL,
}
expired_api_key = ApiKey(**expired_key)
save_model_api_key(expired_api_key)
another_key = {
"service": sample_api_key.service,
"name": "another_key",
"created_by": sample_api_key.created_by,
"key_type": KEY_TYPE_NORMAL,
}
api_key = ApiKey(**another_key)
save_model_api_key(api_key)
token = create_jwt_token(
secret=get_unsigned_secret(expired_api_key.id),
client_id=str(sample_api_key.service_id),
)
expire_api_key(service_id=sample_api_key.service_id,
api_key_id=expired_api_key.id)
request.headers = {"Authorization": "Bearer {}".format(token)}
with pytest.raises(AuthError) as exc:
requires_auth()
assert exc.value.short_message == "Invalid token: API key revoked"
assert exc.value.service_id == expired_api_key.service_id
assert exc.value.api_key_id == expired_api_key.id
def test_get_api_keys_should_return_all_keys_for_service(notify_api, notify_db,
notify_db_session,
sample_api_key):
with notify_api.test_request_context():
with notify_api.test_client() as client:
another_user = create_user(notify_db, notify_db_session, email='*****@*****.**')
another_service = create_sample_service(
notify_db,
notify_db_session,
service_name='another',
user=another_user,
email_from='another'
)
# key for another service
create_sample_api_key(notify_db, notify_db_session, service=another_service)
# this service already has one key, add two more, one expired
create_sample_api_key(notify_db, notify_db_session, service=sample_api_key.service)
one_to_expire = create_sample_api_key(notify_db, notify_db_session, service=sample_api_key.service)
expire_api_key(service_id=one_to_expire.service_id, api_key_id=one_to_expire.id)
assert ApiKey.query.count() == 4
auth_header = create_authorization_header()
response = client.get(url_for('service.get_api_keys',
service_id=sample_api_key.service_id),
headers=[('Content-Type', 'application/json'), auth_header])
assert response.status_code == 200
json_resp = json.loads(response.get_data(as_text=True))
assert len(json_resp['apiKeys']) == 3
def test_should_not_allow_expired_api_key(client, sample_api_key):
api_key_secret = get_unsigned_secret(sample_api_key.id)
expire_api_key(service_id=sample_api_key.service_id,
api_key_id=sample_api_key.id)
response = client.get(
"/notifications",
headers={"Authorization": f"ApiKey-v1 {api_key_secret}"})
assert response.status_code == 403
error_message = json.loads(response.get_data())
assert error_message["message"] == {
"token": ["Invalid token: API key revoked"]
}
def archived_service_with_deleted_stuff(client, sample_service):
with freeze_time('2001-01-01'):
template = create_template(sample_service, template_name='a')
api_key = create_api_key(sample_service)
expire_api_key(sample_service.id, api_key.id)
template.archived = True
dao_update_template(template)
with freeze_time('2002-02-02'):
auth_header = create_authorization_header()
response = client.post('/service/{}/archive'.format(sample_service.id), headers=[auth_header])
assert response.status_code == 204
assert response.data == b''
return sample_service
def deactivated_service_with_deleted_stuff(client, notify_db, notify_db_session, sample_service):
with freeze_time('2001-01-01'):
template = create_template(notify_db, notify_db_session, template_name='a')
api_key = create_api_key(notify_db, notify_db_session)
expire_api_key(sample_service.id, api_key.id)
template.archived = True
dao_update_template(template)
with freeze_time('2002-02-02'):
auth_header = create_authorization_header()
response = client.post('/service/{}/deactivate'.format(sample_service.id), headers=[auth_header])
assert response.status_code == 204
assert response.data == b''
return sample_service
def test_expire_api_key_should_update_the_api_key_and_create_history_record(notify_api,
sample_api_key):
expire_api_key(service_id=sample_api_key.service_id, api_key_id=sample_api_key.id)
all_api_keys = get_model_api_keys(service_id=sample_api_key.service_id)
assert len(all_api_keys) == 1
assert all_api_keys[0].expiry_date <= datetime.utcnow()
assert all_api_keys[0].secret == sample_api_key.secret
assert all_api_keys[0].id == sample_api_key.id
assert all_api_keys[0].service_id == sample_api_key.service_id
all_history = sample_api_key.get_history_model().query.all()
assert len(all_history) == 2
assert all_history[0].id == sample_api_key.id
assert all_history[1].id == sample_api_key.id
sorted_all_history = sorted(all_history, key=lambda hist: hist.version)
sorted_all_history[0].version = 1
sorted_all_history[1].version = 2
def test_expire_api_key_should_update_the_api_key_and_create_history_record(
notify_api, sample_api_key):
expire_api_key(service_id=sample_api_key.service_id,
api_key_id=sample_api_key.id)
all_api_keys = get_model_api_keys(service_id=sample_api_key.service_id)
assert len(all_api_keys) == 1
assert all_api_keys[0].expiry_date <= datetime.utcnow()
assert all_api_keys[0].secret == sample_api_key.secret
assert all_api_keys[0].id == sample_api_key.id
assert all_api_keys[0].service_id == sample_api_key.service_id
all_history = sample_api_key.get_history_model().query.all()
assert len(all_history) == 2
assert all_history[0].id == sample_api_key.id
assert all_history[1].id == sample_api_key.id
sorted_all_history = sorted(all_history, key=lambda hist: hist.version)
sorted_all_history[0].version = 1
sorted_all_history[1].version = 2
def test_get_api_keys_should_return_all_keys_for_service(
notify_api, notify_db, notify_db_session, sample_api_key):
with notify_api.test_request_context():
with notify_api.test_client() as client:
another_user = create_user(email="*****@*****.**")
another_service = create_sample_service(
notify_db,
notify_db_session,
service_name="another",
user=another_user,
email_from="another",
)
# key for another service
create_sample_api_key(notify_db,
notify_db_session,
service=another_service)
# this service already has one key, add two more, one expired
create_sample_api_key(notify_db,
notify_db_session,
service=sample_api_key.service)
one_to_expire = create_sample_api_key(
notify_db, notify_db_session, service=sample_api_key.service)
expire_api_key(service_id=one_to_expire.service_id,
api_key_id=one_to_expire.id)
assert ApiKey.query.count() == 4
auth_header = create_authorization_header()
response = client.get(
url_for("service.get_api_keys",
service_id=sample_api_key.service_id),
headers=[("Content-Type", "application/json"), auth_header],
)
assert response.status_code == 200
json_resp = json.loads(response.get_data(as_text=True))
assert len(json_resp["apiKeys"]) == 3
def revoke_api_key(service_id, api_key_id):
expire_api_key(service_id=service_id, api_key_id=api_key_id)
return jsonify(), 202
