From aa28e8cd6efa511765a736bfc8de3e08c5842579 Mon Sep 17 00:00:00 2001
From: Mohammad Torkashvand <mohammad.torkashvand@geant.org>
Date: Thu, 25 Jan 2024 11:22:41 +0100
Subject: [PATCH] Add standard Bearer token header instedad of access_token
 header

---
 gso/auth/api_key_auth.py       | 10 ++++++----
 test/api/test_subscriptions.py |  6 ++++--
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/gso/auth/api_key_auth.py b/gso/auth/api_key_auth.py
index 1dc6bf9e..f66e7b85 100644
--- a/gso/auth/api_key_auth.py
+++ b/gso/auth/api_key_auth.py
@@ -1,17 +1,19 @@
 """Manage API key validation for FastAPI routes."""
 
 from fastapi import Depends, HTTPException, status
-from fastapi.security.api_key import APIKeyHeader
+from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
 
 from gso.settings import load_oss_params
 
-API_KEY_NAME = "access_token"
-api_key_header = APIKeyHeader(name=API_KEY_NAME, auto_error=True)
+security = HTTPBearer()
 
 
-async def get_api_key(api_key: str = Depends(api_key_header)) -> str:
+async def get_api_key(
+    credentials: HTTPAuthorizationCredentials = Depends(security),  # noqa: B008
+) -> str:
     """Validate the provided API key against known third-party keys and returns it if valid, else raises HTTP 403."""
     settings = load_oss_params()
+    api_key = credentials.credentials
 
     # TODO: This is a simulated database of API keys which should be replace with a real one
     if api_key in settings.THIRD_PARTY_API_KEYS.values():
diff --git a/test/api/test_subscriptions.py b/test/api/test_subscriptions.py
index ebdeefef..b4bad4e0 100644
--- a/test/api/test_subscriptions.py
+++ b/test/api/test_subscriptions.py
@@ -10,14 +10,16 @@ def test_router_subscriptions_endpoint_with_valid_api_key(test_client, nokia_rou
     nokia_router_subscription_factory(status=SubscriptionLifecycle.TERMINATED)
     nokia_router_subscription_factory(status=SubscriptionLifecycle.INITIAL)
 
-    response = test_client.get(ROUTER_SUBSCRIPTION_ENDPOINT, headers={"access_token": "REALY_random_AND_3cure_T0keN"})
+    response = test_client.get(
+        ROUTER_SUBSCRIPTION_ENDPOINT, headers={"Authorization": "Bearer REALY_random_AND_3cure_T0keN"}
+    )
 
     assert response.status_code == 200
     assert len(response.json()) == 3
 
 
 def test_router_subscriptions_endpoint_with_invalid_api_key(test_client, nokia_router_subscription_factory):
-    response = test_client.get(ROUTER_SUBSCRIPTION_ENDPOINT, headers={"access_token": "fake_invalid_api_key"})
+    response = test_client.get(ROUTER_SUBSCRIPTION_ENDPOINT, headers={"Authorization": "Bearer fake_invalid_api_key"})
 
     assert response.status_code == 403
     assert response.json() == {"detail": "Invalid API Key"}
-- 
GitLab