consolidate TEST_KEY into Authorization

CanDIG · May 2, 2023 · 587c498 · 587c498
1 parent adaf5fa
commit 587c498
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 6 deletions.
diff --git a/htsget_server/authz.py b/htsget_server/authz.py
@@ -11,7 +11,7 @@
 def is_authed(id_, request):
     if request is None:
         return 401
-    if request.headers.get("Test_Key") == TEST_KEY:
+    if request.headers.get("Authorization") == f"Bearer {TEST_KEY}":
         print("WARNING: TEST MODE, AUTHORIZATION IS DISABLED")
         app.logger.warning("WARNING: TEST MODE, AUTHORIZATION IS DISABLED")
         return 200 # no auth
@@ -30,7 +30,7 @@ def is_authed(id_, request):
 
 
 def is_testing(request):
-    if request.headers.get("Test_Key") == TEST_KEY:
+    if request.headers.get("Authorization") == f"Bearer {TEST_KEY}":
         print("WARNING: TEST MODE, AUTHORIZATION IS DISABLED")
         app.logger.warning("WARNING: TEST MODE, AUTHORIZATION IS DISABLED")
         return True
@@ -49,7 +49,7 @@ def is_site_admin(request):
     """
     Is the user associated with the token a site admin?
     """
-    if request.headers.get("Test_Key") == TEST_KEY:
+    if request.headers.get("Authorization") == f"Bearer {TEST_KEY}":
         print("WARNING: TEST MODE, AUTHORIZATION IS DISABLED")
         app.logger.warning("WARNING: TEST MODE, AUTHORIZATION IS DISABLED")
         return True # no auth

diff --git a/tests/test_htsget_server.py b/tests/test_htsget_server.py
@@ -24,12 +24,11 @@
 
 
 def get_headers(username=USERNAME, password=PASSWORD):
-    headers={"Test_Key": TEST_KEY}
     try:
         token = get_access_token(username=username, password=password)
         headers["Authorization"] = f"Bearer {token}"
     except Exception as e:
-        headers["Authorization"] = "Bearer testtest"
+        headers["Authorization"] = f"Bearer {TEST_KEY}"
     return headers
 
 
@@ -354,7 +353,7 @@ def test_beacon_get_search():
 
     # for an unauthorized user, the request should not contain a full response, just a count
     headers = get_headers(username="test", password="test")
-    headers.pop("Test_Key")
+    headers["Authorization"] = "Bearer unauthorized"
     response = requests.get(url, headers=headers)
     print(response.text)
     assert 'response' not in response.json()