Skip to content
Snippets Groups Projects
Commit aa28e8cd authored by Mohammad Torkashvand's avatar Mohammad Torkashvand
Browse files

Add standard Bearer token header instedad of access_token header

parent d3bf6bd0
No related branches found
No related tags found
1 merge request!152Add standard Bearer token header instedad of access_token header
Pipeline #85529 passed
Stage: tox
Stage: documentation
Stage: sonarqube
Stage: trigger_jenkins_build
Hide whitespace changes
Inline Side-by-side
gso/auth/api_key_auth.py
+ 6
4
View file @ aa28e8cd
"""Manage API key validation for FastAPI routes."""
from fastapi import Depends, HTTPException, status
from fastapi.security.api_key import APIKeyHeader
from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
from gso.settings import load_oss_params
API_KEY_NAME = "access_token"
api_key_header = APIKeyHeader(name=API_KEY_NAME, auto_error=True)
security = HTTPBearer()
async def get_api_key(api_key: str = Depends(api_key_header)) -> str:
async def get_api_key(
credentials: HTTPAuthorizationCredentials = Depends(security), # noqa: B008
) -> str:
"""Validate the provided API key against known third-party keys and returns it if valid, else raises HTTP 403."""
settings = load_oss_params()
api_key = credentials.credentials
# TODO: This is a simulated database of API keys which should be replace with a real one
if api_key in settings.THIRD_PARTY_API_KEYS.values():
......
test/api/test_subscriptions.py
+ 4
2
View file @ aa28e8cd
......@@ -10,14 +10,16 @@ def test_router_subscriptions_endpoint_with_valid_api_key(test_client, nokia_rou
nokia_router_subscription_factory(status=SubscriptionLifecycle.TERMINATED)
nokia_router_subscription_factory(status=SubscriptionLifecycle.INITIAL)
response = test_client.get(ROUTER_SUBSCRIPTION_ENDPOINT, headers={"access_token": "REALY_random_AND_3cure_T0keN"})
response = test_client.get(
ROUTER_SUBSCRIPTION_ENDPOINT, headers={"Authorization": "Bearer REALY_random_AND_3cure_T0keN"}
)
assert response.status_code == 200
assert len(response.json()) == 3
def test_router_subscriptions_endpoint_with_invalid_api_key(test_client, nokia_router_subscription_factory):
response = test_client.get(ROUTER_SUBSCRIPTION_ENDPOINT, headers={"access_token": "fake_invalid_api_key"})
response = test_client.get(ROUTER_SUBSCRIPTION_ENDPOINT, headers={"Authorization": "Bearer fake_invalid_api_key"})
assert response.status_code == 403
assert response.json() == {"detail": "Invalid API Key"}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment