From d8b4970515038c5d55153c006597c632c21e22e8 Mon Sep 17 00:00:00 2001 From: tjacovich Date: Thu, 23 May 2024 12:39:34 -0400 Subject: [PATCH 1/2] Update vault to use X-api-uid header. --- README.md | 10 +-- vault_service/tests/test_user.py | 112 +++++++++++++++--------------- vault_service/tests/test_utils.py | 2 +- vault_service/views/user.py | 10 +-- vault_service/views/utils.py | 2 +- 5 files changed, 68 insertions(+), 68 deletions(-) diff --git a/README.md b/README.md index a6e736b..4865ef9 100644 --- a/README.md +++ b/README.md @@ -85,16 +85,16 @@ curl -H "Content-Type: application/json" -H "Authorization: Bearer " "htt * To save user-data (i.e. preferences) ```$bash -curl -H "Content-Type: application/json" -H "Authorization: Bearer " -H "X-Adsws-Uid: 1" "http://localhost:5000/user-data" -X POST -d $'{"foo": "bar"}' +curl -H "Content-Type: application/json" -H "Authorization: Bearer " -H "X-api-uid: 1" "http://localhost:5000/user-data" -X POST -d $'{"foo": "bar"}' ``` - note: The X-Adsws-Uid header *must* be present (normally, it is set by the API gateway) + note: The X-api-uid header *must* be present (normally, it is set by the API gateway) * To get the user-data: ```$bash -curl -H "Content-Type: application/json" -H "Authorization: Bearer " -H "X-Adsws-Uid: 1" "http://localhost:5000/user-data" -X GET +curl -H "Content-Type: application/json" -H "Authorization: Bearer " -H "X-api-uid: 1" "http://localhost:5000/user-data" -X GET ``` ### /configuration @@ -102,11 +102,11 @@ curl -H "Content-Type: application/json" -H "Authorization: Bearer " -H " * Retrieve Bumblebee configuration (values that can be used to customize user experience) ```$bash -curl -H "Content-Type: application/json" -H "Authorization: Bearer " -H "X-Adsws-Uid: 1" "http://localhost:5000/configuration" -X GET +curl -H "Content-Type: application/json" -H "Authorization: Bearer " -H "X-api-uid: 1" "http://localhost:5000/configuration" -X GET {"foo": "bar"} -curl -H "Content-Type: application/json" -H "Authorization: Bearer " -H "X-Adsws-Uid: 1" "http://localhost:5000/configuration/foo" -X GET +curl -H "Content-Type: application/json" -H "Authorization: Bearer " -H "X-api-uid: 1" "http://localhost:5000/configuration/foo" -X GET "bar" ``` diff --git a/vault_service/tests/test_user.py b/vault_service/tests/test_user.py index 3926999..952bf0d 100644 --- a/vault_service/tests/test_user.py +++ b/vault_service/tests/test_user.py @@ -137,7 +137,7 @@ def test_store_data(self): # no data r = self.client.get(url_for('user.store_data'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '2'}, + headers={'Authorization': 'secret', 'X-api-uid': '2'}, data=json.dumps({'foo': 'bar'}), content_type='application/json') @@ -146,7 +146,7 @@ def test_store_data(self): # try to save something broken (it has to be json) r = self.client.post(url_for('user.store_data'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '2'}, + headers={'Authorization': 'secret', 'X-api-uid': '2'}, data=json.dumps({'foo': 'bar'})[0:-2], content_type='application/json') @@ -155,7 +155,7 @@ def test_store_data(self): # save something r = self.client.post(url_for('user.store_data'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '2'}, + headers={'Authorization': 'secret', 'X-api-uid': '2'}, data=json.dumps({'foo': 'bar'}), content_type='application/json') @@ -164,7 +164,7 @@ def test_store_data(self): # get it back r = self.client.get(url_for('user.store_data'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '2'}, + headers={'Authorization': 'secret', 'X-api-uid': '2'}, content_type='application/json') self.assertStatus(r, 200) @@ -172,7 +172,7 @@ def test_store_data(self): # save something else r = self.client.post(url_for('user.store_data'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '2'}, + headers={'Authorization': 'secret', 'X-api-uid': '2'}, data=json.dumps({'db': 'testdb'}), content_type='application/json') @@ -181,7 +181,7 @@ def test_store_data(self): # get it back r = self.client.get(url_for('user.store_data'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '2'}, + headers={'Authorization': 'secret', 'X-api-uid': '2'}, content_type='application/json') self.assertStatus(r, 200) @@ -189,7 +189,7 @@ def test_store_data(self): # modify it r = self.client.post(url_for('user.store_data'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '2'}, + headers={'Authorization': 'secret', 'X-api-uid': '2'}, data=json.dumps({'db': 'testdb2'}), content_type='application/json') @@ -198,7 +198,7 @@ def test_store_data(self): # get everything back r = self.client.get(url_for('user.store_data'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '2'}, + headers={'Authorization': 'secret', 'X-api-uid': '2'}, content_type='application/json') self.assertStatus(r, 200) @@ -216,13 +216,13 @@ def test_myads_retrieval(self): # make sure no setups exist r = self.client.get(url_for('user.myads_notifications'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '3'}) + headers={'Authorization': 'secret', 'X-api-uid': '3'}) self.assertStatus(r, 204) # try saving a query with bad data r = self.client.post(url_for('user.myads_notifications'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '3'}, + headers={'Authorization': 'secret', 'X-api-uid': '3'}, data=json.dumps({'name': 'Query 1', 'qid': qid, 'stateful': True, 'frequency': 'bad data', 'type': 'query'}), content_type='application/json') @@ -231,7 +231,7 @@ def test_myads_retrieval(self): # save the query correctly r = self.client.post(url_for('user.myads_notifications'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '3'}, + headers={'Authorization': 'secret', 'X-api-uid': '3'}, data=json.dumps({'name': 'Query 1', 'qid': qid, 'stateful': True, 'frequency': 'daily', 'type': 'query'}), content_type='application/json') @@ -242,7 +242,7 @@ def test_myads_retrieval(self): # edit the query with bad data r = self.client.put(url_for('user.myads_notifications', myads_id=myads_id), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '3'}, + headers={'Authorization': 'secret', 'X-api-uid': '3'}, data=json.dumps({'name': 'Query 1 - edited', 'stateful': 'bad data'}), content_type='application/json') @@ -250,7 +250,7 @@ def test_myads_retrieval(self): # edit the query correctly r = self.client.put(url_for('user.myads_notifications', myads_id=myads_id), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '3'}, + headers={'Authorization': 'secret', 'X-api-uid': '3'}, data=json.dumps({'name': 'Query 1 - edited'}), content_type='application/json') @@ -271,7 +271,7 @@ def test_myads_retrieval(self): # get all myADS setups via the BBB endpoint r = self.client.get(url_for('user.myads_notifications'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '3'}) + headers={'Authorization': 'secret', 'X-api-uid': '3'}) self.assertStatus(r, 200) self.assertEqual(r.json[0]['name'], 'Query 1 - edited') @@ -310,7 +310,7 @@ def test_template_query(self): # try to store a query with insufficient metadata r = self.client.post(url_for('user.myads_notifications'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}, + headers={'Authorization': 'secret', 'X-api-uid': '4'}, data=json.dumps({'data': 'keyword1 OR keyword2'}), content_type='application/json') @@ -318,7 +318,7 @@ def test_template_query(self): # try to store a query with data keyword of the wrong type (also insufficient metadata) r = self.client.post(url_for('user.myads_notifications'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}, + headers={'Authorization': 'secret', 'X-api-uid': '4'}, data=json.dumps({'data': 123}), content_type='application/json') @@ -326,7 +326,7 @@ def test_template_query(self): # try to store a query with the classes keyword of the wrong type r = self.client.post(url_for('user.myads_notifications'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}, + headers={'Authorization': 'secret', 'X-api-uid': '4'}, data=json.dumps({'type': 'template', 'template': 'arxiv', 'classes': 'astro-ph', 'data': 'keyword1 OR keyword2'}), content_type='application/json') @@ -334,7 +334,7 @@ def test_template_query(self): # store a query correctly r = self.client.post(url_for('user.myads_notifications'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}, + headers={'Authorization': 'secret', 'X-api-uid': '4'}, data=json.dumps({'type': 'template', 'template': 'keyword', 'data': 'keyword1 OR keyword2'}), content_type='application/json') @@ -363,7 +363,7 @@ def test_template_query(self): # successfully retrieve a query setup r = self.client.get(url_for('user.myads_notifications', myads_id=query_id), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}) + headers={'Authorization': 'secret', 'X-api-uid': '4'}) self.assertStatus(r, 200) self.assertEqual(r.json[0]['id'], query_id) @@ -375,7 +375,7 @@ def test_template_query(self): # successfully delete the query setup r = self.client.delete(url_for('user.myads_notifications', myads_id=query_id), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}) + headers={'Authorization': 'secret', 'X-api-uid': '4'}) self.assertStatus(r, 204) @@ -386,13 +386,13 @@ def test_template_query(self): # ensure the get returns the right status for a missing query r = self.client.get(url_for('user.myads_notifications', myads_id=query_id), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}) + headers={'Authorization': 'secret', 'X-api-uid': '4'}) self.assertStatus(r, 404) # save an arxiv template query successfully r = self.client.post(url_for('user.myads_notifications'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}, + headers={'Authorization': 'secret', 'X-api-uid': '4'}, data=json.dumps({'type': 'template', 'template': 'arxiv', 'data': 'keyword1 OR keyword2', @@ -444,7 +444,7 @@ def test_template_query(self): # edit the stored query r = self.client.put(url_for('user.myads_notifications', myads_id=query_id), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}, + headers={'Authorization': 'secret', 'X-api-uid': '4'}, data=json.dumps({'type': 'template', 'template': 'arxiv', 'data': 'keyword1 OR keyword2 OR keyword3', @@ -455,7 +455,7 @@ def test_template_query(self): # check editing the query name r = self.client.put(url_for('user.myads_notifications', myads_id=query_id), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}, + headers={'Authorization': 'secret', 'X-api-uid': '4'}, data=json.dumps({'type': 'template', 'template': 'arxiv', 'name': 'keyword1, etc. - Recent Papers', @@ -468,7 +468,7 @@ def test_template_query(self): self.assertEqual(r.json['name'], 'keyword2, etc. - Recent Papers') r = self.client.put(url_for('user.myads_notifications', myads_id=query_id), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}, + headers={'Authorization': 'secret', 'X-api-uid': '4'}, data=json.dumps({'type': 'template', 'template': 'arxiv', 'name': 'test query', @@ -481,7 +481,7 @@ def test_template_query(self): self.assertEqual(r.json['name'], 'test query') r = self.client.put(url_for('user.myads_notifications', myads_id=query_id), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}, + headers={'Authorization': 'secret', 'X-api-uid': '4'}, data=json.dumps({'type': 'template', 'template': 'arxiv', 'data': 'keyword1 OR keyword2 OR keyword3', @@ -509,7 +509,7 @@ def test_template_query(self): # deactivate the notification and make sure everything else is kept r = self.client.put(url_for('user.myads_notifications', myads_id=query_id), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}, + headers={'Authorization': 'secret', 'X-api-uid': '4'}, data=json.dumps({'active': False}), content_type='application/json') @@ -523,7 +523,7 @@ def test_template_query(self): self.assertEqual(r.json['classes'], ['astro-ph']) r = self.client.put(url_for('user.myads_notifications', myads_id=query_id), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}, + headers={'Authorization': 'secret', 'X-api-uid': '4'}, data=json.dumps({'active': True}), content_type='application/json') @@ -532,7 +532,7 @@ def test_template_query(self): # add a second query r = self.client.post(url_for('user.myads_notifications'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}, + headers={'Authorization': 'secret', 'X-api-uid': '4'}, data=json.dumps({'type': 'template', 'template': 'authors', 'data': 'author:"Kurtz, M."'}), @@ -543,7 +543,7 @@ def test_template_query(self): # get all queries back r = self.client.get(url_for('user.myads_notifications'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}) + headers={'Authorization': 'secret', 'X-api-uid': '4'}) self.assertStatus(r, 200) self.assertEqual(r.json[0]['name'], 'test query') @@ -551,7 +551,7 @@ def test_template_query(self): # save an arXiv query without keywords r = self.client.post(url_for('user.myads_notifications'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}, + headers={'Authorization': 'secret', 'X-api-uid': '4'}, data=json.dumps({'type': 'template', 'template': 'arxiv', 'classes': ['cs']}), @@ -561,7 +561,7 @@ def test_template_query(self): self.assertEqual(r.json['data'], None) r = self.client.post(url_for('user.myads_notifications'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}, + headers={'Authorization': 'secret', 'X-api-uid': '4'}, data=json.dumps({'type': 'template', 'data': '', 'template': 'arxiv', @@ -573,7 +573,7 @@ def test_template_query(self): # test a blank arXiv query r = self.client.post(url_for('user.myads_notifications'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}, + headers={'Authorization': 'secret', 'X-api-uid': '4'}, data=json.dumps({'type': 'template', 'template': 'arxiv', 'classes': ['astro-ph']}), @@ -584,7 +584,7 @@ def test_template_query(self): # make sure it's editable r = self.client.put(url_for('user.myads_notifications', myads_id=query_id), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}, + headers={'Authorization': 'secret', 'X-api-uid': '4'}, data=json.dumps({'type': 'template', 'template': 'arxiv', 'active': False}), @@ -593,7 +593,7 @@ def test_template_query(self): self.assertStatus(r, 200) r = self.client.put(url_for('user.myads_notifications', myads_id=query_id), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}, + headers={'Authorization': 'secret', 'X-api-uid': '4'}, data=json.dumps({'type': 'template', 'template': 'arxiv', 'data': 'keyword1', @@ -604,7 +604,7 @@ def test_template_query(self): # test the citation query construction r = self.client.post(url_for('user.myads_notifications'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}, + headers={'Authorization': 'secret', 'X-api-uid': '4'}, data=json.dumps({'type': 'template', 'template': 'citations', 'data': 'author:"Kurtz, Michael"'}), @@ -614,7 +614,7 @@ def test_template_query(self): query_id = r.json['id'] r = self.client.get(url_for('user.myads_notifications', myads_id=query_id), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}) + headers={'Authorization': 'secret', 'X-api-uid': '4'}) self.assertStatus(r, 200) self.assertEqual(r.json[0]['id'], query_id) @@ -625,19 +625,19 @@ def test_template_query(self): self.assertEqual(r.json[0]['type'], 'template') r = self.client.get(url_for('user.get_myads', user_id=4), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}) + headers={'Authorization': 'secret', 'X-api-uid': '4'}) self.assertTrue(r.json[4]['query'][0]['q'] == 'citations(author:"Kurtz, Michael")') # a passed start date shouldn't matter to citations queries r2 = self.client.get(url_for('user.get_myads', user_id=4, start_isodate=start_iso_date), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}) + headers={'Authorization': 'secret', 'X-api-uid': '4'}) self.assertTrue(r2.json[4]['query'][0]['q'] == r.json[4]['query'][0]['q']) # test the author query construction r = self.client.post(url_for('user.myads_notifications'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}, + headers={'Authorization': 'secret', 'X-api-uid': '4'}, data=json.dumps({'type': 'template', 'template': 'authors', 'data': 'author:"Kurtz, Michael"'}), @@ -647,7 +647,7 @@ def test_template_query(self): query_id = r.json['id'] r = self.client.get(url_for('user.myads_notifications', myads_id=query_id), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}) + headers={'Authorization': 'secret', 'X-api-uid': '4'}) self.assertStatus(r, 200) self.assertEqual(r.json[0]['id'], query_id) @@ -659,7 +659,7 @@ def test_template_query(self): # check start dates in constructed query - no start date should default to now - the weekly time range r = self.client.get(url_for('user.get_myads', user_id=4), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}) + headers={'Authorization': 'secret', 'X-api-uid': '4'}) start_date = (adsmutils.get_date() - datetime.timedelta(days=self.app.config.get('MYADS_WEEKLY_TIME_RANGE'))).date() self.assertTrue('author:"Kurtz, Michael" entdate:["{0}Z00:00" TO "{1}Z23:59"]'.format(start_date, end_date) @@ -668,7 +668,7 @@ def test_template_query(self): # passing an earlier start date should respect that date start_iso = (adsmutils.get_date() - datetime.timedelta(days=40)).isoformat() r = self.client.get(url_for('user.get_myads', user_id=4, start_isodate=start_iso), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '4'}) + headers={'Authorization': 'secret', 'X-api-uid': '4'}) start_iso_date = parser.parse(start_iso).date() self.assertTrue('author:"Kurtz, Michael" entdate:["{0}Z00:00" TO "{1}Z23:59"]'.format(start_iso_date, end_date) @@ -712,14 +712,14 @@ def test_non_ascii_myads(self): for t in test_data: q = self.client.post(url_for('user.myads_notifications'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '101'}, + headers={'Authorization': 'secret', 'X-api-uid': '101'}, data=json.dumps(t), content_type='application/json') self.assertStatus(q, 200) s = self.client.get(url_for('user.execute_myads_query', myads_id=q.json['id']), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '101'}) + headers={'Authorization': 'secret', 'X-api-uid': '101'}) self.assertStatus(s, 200) self.assertIn(b'Galindo-Guil, Francisco Jos\xc3\xa9'.decode('utf8'), s.json[0]['q']) @@ -746,14 +746,14 @@ def test_myads_execute_notification(self): # can't use as anonymous user user_id = self.app.config.get('BOOTSTRAP_USER_ID') r = self.client.get(url_for('user.execute_myads_query', myads_id=123), - headers={'Authorization': 'secret', 'X-Adsws-Uid': user_id}) + headers={'Authorization': 'secret', 'X-api-uid': user_id}) self.assertStatus(r, 400) user_id = 6 r = self.client.post(url_for('user.myads_notifications'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': user_id}, + headers={'Authorization': 'secret', 'X-api-uid': user_id}, data=json.dumps({'type': 'template', 'template': 'authors', 'data': 'author:"Kurtz, Michael"'}), @@ -763,7 +763,7 @@ def test_myads_execute_notification(self): query_id = r.json['id'] r = self.client.get(url_for('user.execute_myads_query', myads_id=query_id), - headers={'Authorization': 'secret', 'X-Adsws-Uid': user_id}) + headers={'Authorization': 'secret', 'X-api-uid': user_id}) start_date = (adsmutils.get_date() - datetime.timedelta(days=self.app.config.get('MYADS_WEEKLY_TIME_RANGE'))).date() @@ -777,7 +777,7 @@ def test_myads_import(self): # can't use as anonymous user user_id = self.app.config.get('BOOTSTRAP_USER_ID') r = self.client.get(url_for('user.import_myads'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': user_id}) + headers={'Authorization': 'secret', 'X-api-uid': user_id}) self.assertStatus(r, 400) @@ -792,7 +792,7 @@ def test_myads_import(self): ) r = self.client.get(url_for('user.import_myads'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': user_id}) + headers={'Authorization': 'secret', 'X-api-uid': user_id}) self.assertStatus(r, 200) self.assertEqual(len(r.json['new']), 1) @@ -807,7 +807,7 @@ def test_myads_status_update(self): # make sure no setups exist r = self.client.get(url_for('user.myads_notifications'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '33'}) + headers={'Authorization': 'secret', 'X-api-uid': '33'}) self.assertStatus(r, 204) @@ -821,7 +821,7 @@ def test_myads_status_update(self): # save some queries r = self.client.post(url_for('user.myads_notifications'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '33'}, + headers={'Authorization': 'secret', 'X-api-uid': '33'}, data=json.dumps({'name': 'Query 1', 'qid': qid, 'stateful': True, 'frequency': 'daily', 'type': 'query'}), content_type='application/json') @@ -830,7 +830,7 @@ def test_myads_status_update(self): self.assertTrue(r.json['active']) r = self.client.post(url_for('user.myads_notifications'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '33'}, + headers={'Authorization': 'secret', 'X-api-uid': '33'}, data=json.dumps({'name': 'Query 2', 'qid': qid, 'stateful': True, 'frequency': 'daily', 'type': 'query'}), content_type='application/json') @@ -855,7 +855,7 @@ def test_myads_status_update(self): self.assertStatus(r, 200) r = self.client.get(url_for('user.myads_notifications'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '33'}) + headers={'Authorization': 'secret', 'X-api-uid': '33'}) self.assertStatus(r, 200) for setup in r.json: @@ -873,7 +873,7 @@ def test_myads_status_update(self): self.assertStatus(r, 200) r = self.client.get(url_for('user.myads_notifications'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '33'}) + headers={'Authorization': 'secret', 'X-api-uid': '33'}) for setup in r.json: self.assertFalse(setup['active']) @@ -887,7 +887,7 @@ def test_myads_status_update(self): self.assertStatus(r, 200) r = self.client.get(url_for('user.myads_notifications'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': '33'}) + headers={'Authorization': 'secret', 'X-api-uid': '33'}) for setup in r.json: self.assertTrue(setup['active']) diff --git a/vault_service/tests/test_utils.py b/vault_service/tests/test_utils.py index b5cc6a5..131061f 100644 --- a/vault_service/tests/test_utils.py +++ b/vault_service/tests/test_utils.py @@ -128,7 +128,7 @@ def test_upsert_myads(self): { "bibcode":"2005JGRC..110.4004Y" }]}}""") r = self.client.post(url_for('user.myads_notifications'), - headers={'Authorization': 'secret', 'X-Adsws-Uid': user_id}, + headers={'Authorization': 'secret', 'X-api-uid': user_id}, data=json.dumps({'type': 'template', 'template': 'citations', 'data': 'author:"Koliopanos, Filippos"'}), diff --git a/vault_service/views/user.py b/vault_service/views/user.py index 6cc04f8..a6636db 100644 --- a/vault_service/views/user.py +++ b/vault_service/views/user.py @@ -56,7 +56,7 @@ def query(queryid=None): # values previously stored in the database (infinite cache like behavior) query = json.dumps(payload).encode('utf8') # digest is made of a bytestream - qid = md5((headers['X-Adsws-Uid'].encode('utf8') + query)).hexdigest() + qid = md5((headers['X-api-uid'].encode('utf8') + query)).hexdigest() with current_app.session_scope() as session: q = session.query(Query).filter_by(qid=qid).first() if q: @@ -151,7 +151,7 @@ def store_data(): except Exception as e: return json.dumps({'msg': hasattr(e, 'message') and e.message or e.description}), 400 - user_id = int(headers['X-Adsws-Uid']) + user_id = int(headers['X-api-uid']) if user_id == current_app.config['BOOTSTRAP_USER_ID']: return json.dumps({'msg': 'Sorry, you can\'t use this service as an anonymous user'}), 400 @@ -219,7 +219,7 @@ def myads_notifications(myads_id=None): except Exception as e: return json.dumps({'msg': e.message or e.description}), 400 - user_id = int(headers['X-Adsws-Uid']) + user_id = int(headers['X-api-uid']) if user_id == current_app.config['BOOTSTRAP_USER_ID']: return json.dumps({'msg': 'Sorry, you can\'t use this service as an anonymous user'}), 400 @@ -578,7 +578,7 @@ def execute_myads_query(myads_id): except Exception as e: return json.dumps({'msg': e.message or e.description}), 400 - user_id = int(headers['X-Adsws-Uid']) + user_id = int(headers['X-api-uid']) if user_id == current_app.config['BOOTSTRAP_USER_ID']: return json.dumps({'msg': 'Sorry, you can\'t use this service as an anonymous user'}), 400 @@ -853,7 +853,7 @@ def import_myads(): return json.dumps({'msg': e.message or e.description}), 400 # this header is always set by adsws, so we trust it - user_id = int(headers['X-Adsws-Uid']) + user_id = int(headers['X-api-uid']) # use service token here; elevated operation if current_app.config.get('SERVICE_TOKEN', None): diff --git a/vault_service/views/utils.py b/vault_service/views/utils.py index c207c78..cfd75ae 100644 --- a/vault_service/views/utils.py +++ b/vault_service/views/utils.py @@ -97,7 +97,7 @@ def check_request(request): if access_token in (None, '-'): # Make sure it is not just '-' (default value for other microservices) access_token = request.headers.get('Authorization', '-') new_headers['Authorization'] = access_token - new_headers['X-Adsws-Uid'] = headers.get('X-Adsws-Uid', str(current_app.config['BOOTSTRAP_USER_ID'])) # User ID + new_headers['X-api-uid'] = headers.get('X-api-uid', str(current_app.config['BOOTSTRAP_USER_ID'])) # User ID return (payload, new_headers) From a0746c6ccbb2957de138d8736229b72e833d537d Mon Sep 17 00:00:00 2001 From: tjacovich Date: Thu, 18 Jul 2024 14:17:23 -0400 Subject: [PATCH 2/2] Fix typo in X-Api-Uid --- vault_service/views/user.py | 10 +++++----- vault_service/views/utils.py | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/vault_service/views/user.py b/vault_service/views/user.py index a6636db..da970fc 100644 --- a/vault_service/views/user.py +++ b/vault_service/views/user.py @@ -56,7 +56,7 @@ def query(queryid=None): # values previously stored in the database (infinite cache like behavior) query = json.dumps(payload).encode('utf8') # digest is made of a bytestream - qid = md5((headers['X-api-uid'].encode('utf8') + query)).hexdigest() + qid = md5((headers['X-Api-Uid'].encode('utf8') + query)).hexdigest() with current_app.session_scope() as session: q = session.query(Query).filter_by(qid=qid).first() if q: @@ -151,7 +151,7 @@ def store_data(): except Exception as e: return json.dumps({'msg': hasattr(e, 'message') and e.message or e.description}), 400 - user_id = int(headers['X-api-uid']) + user_id = int(headers['X-Api-Uid']) if user_id == current_app.config['BOOTSTRAP_USER_ID']: return json.dumps({'msg': 'Sorry, you can\'t use this service as an anonymous user'}), 400 @@ -219,7 +219,7 @@ def myads_notifications(myads_id=None): except Exception as e: return json.dumps({'msg': e.message or e.description}), 400 - user_id = int(headers['X-api-uid']) + user_id = int(headers['X-Api-Uid']) if user_id == current_app.config['BOOTSTRAP_USER_ID']: return json.dumps({'msg': 'Sorry, you can\'t use this service as an anonymous user'}), 400 @@ -578,7 +578,7 @@ def execute_myads_query(myads_id): except Exception as e: return json.dumps({'msg': e.message or e.description}), 400 - user_id = int(headers['X-api-uid']) + user_id = int(headers['X-Api-Uid']) if user_id == current_app.config['BOOTSTRAP_USER_ID']: return json.dumps({'msg': 'Sorry, you can\'t use this service as an anonymous user'}), 400 @@ -853,7 +853,7 @@ def import_myads(): return json.dumps({'msg': e.message or e.description}), 400 # this header is always set by adsws, so we trust it - user_id = int(headers['X-api-uid']) + user_id = int(headers['X-Api-Uid']) # use service token here; elevated operation if current_app.config.get('SERVICE_TOKEN', None): diff --git a/vault_service/views/utils.py b/vault_service/views/utils.py index cfd75ae..c545da0 100644 --- a/vault_service/views/utils.py +++ b/vault_service/views/utils.py @@ -97,7 +97,7 @@ def check_request(request): if access_token in (None, '-'): # Make sure it is not just '-' (default value for other microservices) access_token = request.headers.get('Authorization', '-') new_headers['Authorization'] = access_token - new_headers['X-api-uid'] = headers.get('X-api-uid', str(current_app.config['BOOTSTRAP_USER_ID'])) # User ID + new_headers['X-Api-Uid'] = headers.get('X-Api-Uid', str(current_app.config['BOOTSTRAP_USER_ID'])) # User ID return (payload, new_headers)