Skip to content

Commit

Permalink
Change endpoint to post and use basic authorization scheme
Browse files Browse the repository at this point in the history
  • Loading branch information
val500 committed Sep 30, 2024
1 parent 04bcbb7 commit 39addbe
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 28 deletions.
21 changes: 15 additions & 6 deletions server/src/api/v1.py
Original file line number Diff line number Diff line change
Expand Up @@ -675,8 +675,6 @@ def validate_client_key_pair(client_id: str, client_key: str):
"""
Checks client_id and key pair for validity and returns their permissions
"""
if client_key is None:
return None
client_key_bytes = client_key.encode("utf-8")
client_permissions_entry = database.mongo.db.client_permissions.find_one(
{
Expand All @@ -685,7 +683,8 @@ def validate_client_key_pair(client_id: str, client_key: str):
)

if client_permissions_entry is None or not bcrypt.checkpw(
client_key_bytes, client_permissions_entry["client_secret_hash"]
client_key_bytes,
client_permissions_entry["client_secret_hash"].encode("utf8"),
):
return None
permissions = client_permissions_entry["permissions"]
Expand All @@ -695,10 +694,20 @@ def validate_client_key_pair(client_id: str, client_key: str):
SECRET_KEY = os.environ.get("JWT_SIGNING_KEY")


@v1.get("/authenticate/token/<client_id>")
def authenticate_client_get(client_id: str):
@v1.post("/oauth2/token")
def authenticate_client_post():
"""Get JWT with priority and queue permissions"""
client_key = request.headers.get("client-key")
auth_header = request.authorization
if auth_header is None:
return "No authorization header specified", 401
client_id = auth_header["username"]
client_key = auth_header["password"]
if client_id is None or client_key is None:
return (
"Client id and key must be specified in authorization header",
401,
)

allowed_resources = validate_client_key_pair(client_id, client_key)
if allowed_resources is None:
return "Invalid client id or client key", 401
Expand Down
22 changes: 10 additions & 12 deletions server/tests/conftest.py
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@
"""
Fixtures for testing
"""

from dataclasses import dataclass
import pytest
import mongomock
Expand Down Expand Up @@ -71,17 +70,16 @@ def mongo_app_with_permissions(mongo_app):
client_id = "my_client_id"
client_key = "my_client_key"
client_salt = bcrypt.gensalt()
client_key_hash = bcrypt.hashpw(client_key.encode("utf-8"), client_salt)
permissions = [
{
"max_priority": 100,
"queue_name": "myqueue",
},
{
"max_priority": 200,
"queue_name": "myqueue2",
},
]
client_key_hash = bcrypt.hashpw(
client_key.encode("utf-8"), client_salt
).decode("utf-8")

permissions = {
"max_priority": {
"myqueue": 100,
"myqueue2": 200,
}
}
mongo.client_permissions.insert_one(
{
"client_id": client_id,
Expand Down
33 changes: 23 additions & 10 deletions server/tests/test_v1.py
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
from io import BytesIO
import json
import os
import base64

import jwt

Expand Down Expand Up @@ -729,13 +730,25 @@ def test_get_queue_wait_times(mongo_app):
assert output.json["queue2"]["50"] == 30.0


def test_authenticate_client_get(mongo_app_with_permissions):
def create_auth_header(client_id: str, client_key: str) -> dict:
"""
Creates authorization header with base64 encoded client_id
and client key using the Basic scheme
"""
id_key_pair = f"{client_id}:{client_key}"
base64_encoded_pair = base64.b64encode(id_key_pair.encode("utf-8")).decode(
"utf-8"
)
return {"Authorization": f"Basic {base64_encoded_pair}"}


def test_authenticate_client_post(mongo_app_with_permissions):
"""Tests authentication endpoint which returns JWT with permissions"""
app, _, client_id, client_key, permissions = mongo_app_with_permissions
v1.SECRET_KEY = "my_secret_key"
output = app.get(
f"/v1/authenticate/token/{client_id}",
headers={"client-key": client_key},
output = app.post(
"/v1/oauth2/token",
headers=create_auth_header(client_id, client_key),
)
assert output.status_code == 200
token = output.data
Expand All @@ -756,9 +769,9 @@ def test_authenticate_invalid_client_id(mongo_app_with_permissions):
app, _, _, client_key, _ = mongo_app_with_permissions
v1.SECRET_KEY = "my_secret_key"
client_id = "my_wrong_id"
output = app.get(
f"/v1/authenticate/token/{client_id}",
headers={"client-key": client_key},
output = app.post(
"/v1/oauth2/token",
headers=create_auth_header(client_id, client_key),
)
assert output.status_code == 401

Expand All @@ -772,8 +785,8 @@ def test_authenticate_invalid_client_key(mongo_app_with_permissions):
v1.SECRET_KEY = "my_secret_key"
client_key = "my_wrong_key"

output = app.get(
f"/v1/authenticate/token/{client_id}",
headers={"client-key": client_key},
output = app.post(
"/v1/oauth2/token",
headers=create_auth_header(client_id, client_key),
)
assert output.status_code == 401

0 comments on commit 39addbe

Please sign in to comment.