Add minor changes to clean up authentication code

canonical · Oct 1, 2024 · 12c8e43 · 12c8e43
1 parent e27259c
commit 12c8e43
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 20 deletions.
diff --git a/server/README.rst b/server/README.rst
@@ -399,15 +399,12 @@ The job_status_webhook parameter is required for this endpoint. Other parameters
 
     $ curl http://localhost:8000/v1/queues/wait_times?queue=foo\&queue=bar
 
-**[GET] /v1/authenticate/token/<client_id>** - Authenticate client key and return JWT with permissions
-
-- Parameters:
-
-  - client_id (string): Client identifier
+**[POST] /v1/oauth2/token** - Authenticate client key and return JWT with permissions
 
 - Headers:
 
-  - client-key (string): unique secret key for client
+  - Basic Authorization: client_id:client_key (Base64 Encoded)
+
 
 - Status Codes:
 
@@ -422,5 +419,5 @@ The job_status_webhook parameter is required for this endpoint. Other parameters
 
   .. code-block:: console
 
-    $ curl http://localhost:8000/v1/authenticate/token/101 \
-           -X GET --header "client-key: ABCDEF12345"
+    $ curl http://localhost:8000/v1/oauth2/token \
+           -X GET --header "Authorization: Basic ABCDEF12345"
diff --git a/server/devel/docker-compose.override.yml b/server/devel/docker-compose.override.yml
@@ -12,6 +12,7 @@ services:
       - MONGODB_DATABASE=testflinger_db
       - MONGODB_HOST=mongo
       - MONGODB_AUTH_SOURCE=admin
+      - JWT_SIGNING_KEY=my_secret_key
     volumes:
       - .:/srv/testflinger
 

diff --git a/server/src/api/v1.py b/server/src/api/v1.py
@@ -692,11 +692,8 @@ def validate_client_key_pair(client_id: str, client_key: str):
     return max_priority
 
 
-SECRET_KEY = os.environ.get("JWT_SIGNING_KEY")
-
-
 @v1.post("/oauth2/token")
-def authenticate_client_post():
+def retrieve_token():
     """Get JWT with priority and queue permissions"""
     auth_header = request.authorization
     if auth_header is None:
@@ -712,5 +709,6 @@ def authenticate_client_post():
     allowed_resources = validate_client_key_pair(client_id, client_key)
     if allowed_resources is None:
         return "Invalid client id or client key", 401
-    token = generate_token(allowed_resources, SECRET_KEY)
+    secret_key = os.environ.get("JWT_SIGNING_KEY")
+    token = generate_token(allowed_resources, secret_key)
     return token
diff --git a/server/tests/conftest.py b/server/tests/conftest.py
@@ -16,6 +16,9 @@
 """
 Fixtures for testing
 """
+
+import os
+
 from dataclasses import dataclass
 import pytest
 import mongomock
@@ -66,6 +69,7 @@ def mongo_app_with_permissions(mongo_app):
     Pytest fixture that adds permissions
     to the mock db for priority
     """
+    os.environ["JWT_SIGNING_KEY"] = "my_secret_key"
     app, mongo = mongo_app
     client_id = "my_client_id"
     client_key = "my_client_key"

diff --git a/server/tests/test_v1.py b/server/tests/test_v1.py
@@ -742,10 +742,9 @@ def create_auth_header(client_id: str, client_key: str) -> dict:
     return {"Authorization": f"Basic {base64_encoded_pair}"}
 
 
-def test_authenticate_client_post(mongo_app_with_permissions):
+def test_retrieve_token(mongo_app_with_permissions):
     """Tests authentication endpoint which returns JWT with permissions"""
     app, _, client_id, client_key, max_priority = mongo_app_with_permissions
-    v1.SECRET_KEY = "my_secret_key"
     output = app.post(
         "/v1/oauth2/token",
         headers=create_auth_header(client_id, client_key),
@@ -754,20 +753,19 @@ def test_authenticate_client_post(mongo_app_with_permissions):
     token = output.data
     decoded_token = jwt.decode(
         token,
-        v1.SECRET_KEY,
+        os.environ.get("JWT_SIGNING_KEY"),
         algorithms="HS256",
         options={"require": ["exp", "iat", "sub", "max_priority"]},
     )
     assert decoded_token["max_priority"] == max_priority
 
 
-def test_authenticate_invalid_client_id(mongo_app_with_permissions):
+def test_retrieve_token_invalid_client_id(mongo_app_with_permissions):
     """
     Tests that authentication endpoint returns 401 error code
     when receiving invalid client key
     """
     app, _, _, client_key, _ = mongo_app_with_permissions
-    v1.SECRET_KEY = "my_secret_key"
     client_id = "my_wrong_id"
     output = app.post(
         "/v1/oauth2/token",
@@ -776,13 +774,12 @@ def test_authenticate_invalid_client_id(mongo_app_with_permissions):
     assert output.status_code == 401
 
 
-def test_authenticate_invalid_client_key(mongo_app_with_permissions):
+def test_retrieve_token_invalid_client_key(mongo_app_with_permissions):
     """
     Tests that authentication endpoint returns 401 error code
     when receiving invalid client key
     """
     app, _, client_id, _, _ = mongo_app_with_permissions
-    v1.SECRET_KEY = "my_secret_key"
     client_key = "my_wrong_key"
 
     output = app.post(