Skip to content

Commit 44d1c90

Browse files
leplatremleplatrem
authored
Require Jira API key for information endpoints (#837)
1 parent 9687baf commit 44d1c90

File tree

2 files changed

+48
-19
lines changed

2 files changed

+48
-19
lines changed

jbi/router.py

Lines changed: 17 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -104,7 +104,10 @@ def bugzilla_webhook(
104104
return {"error": str(exception)}
105105

106106

107-
@router.get("/whiteboard_tags/")
107+
@router.get(
108+
"/whiteboard_tags/",
109+
dependencies=[Depends(api_key_auth)],
110+
)
108111
def get_whiteboard_tags(
109112
actions: ActionsDep,
110113
whiteboard_tag: Optional[str] = None,
@@ -115,13 +118,19 @@ def get_whiteboard_tags(
115118
return actions.by_tag
116119

117120

118-
@router.get("/bugzilla_webhooks/")
121+
@router.get(
122+
"/bugzilla_webhooks/",
123+
dependencies=[Depends(api_key_auth)],
124+
)
119125
def get_bugzilla_webhooks(bugzilla_service: BugzillaServiceDep):
120126
"""API for viewing webhooks details"""
121127
return bugzilla_service.list_webhooks()
122128

123129

124-
@router.get("/jira_projects/")
130+
@router.get(
131+
"/jira_projects/",
132+
dependencies=[Depends(api_key_auth)],
133+
)
125134
def get_jira_projects(jira_service: JiraServiceDep):
126135
"""API for viewing projects that are currently accessible by API"""
127136
return jira_service.fetch_visible_projects()
@@ -131,7 +140,11 @@ def get_jira_projects(jira_service: JiraServiceDep):
131140
templates = Jinja2Templates(directory=SRC_DIR / "templates")
132141

133142

134-
@router.get("/powered_by_jbi/", response_class=HTMLResponse)
143+
@router.get(
144+
"/powered_by_jbi/",
145+
dependencies=[Depends(api_key_auth)],
146+
response_class=HTMLResponse,
147+
)
135148
def powered_by_jbi(
136149
request: Request,
137150
actions: ActionsDep,

tests/unit/test_router.py

Lines changed: 31 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -16,52 +16,68 @@ def test_read_root(anon_client):
1616
assert get_settings().jira_base_url in infos["configuration"]["jira_base_url"]
1717

1818

19-
def test_whiteboard_tags(anon_client):
20-
resp = anon_client.get("/whiteboard_tags")
19+
@pytest.mark.parametrize(
20+
"endpoint",
21+
[
22+
"/whiteboard_tags",
23+
"/jira_projects/",
24+
"/powered_by_jbi/",
25+
"/bugzilla_webhooks/",
26+
],
27+
)
28+
def test_get_protected_endpoints(
29+
endpoint, webhook_request_factory, mocked_bugzilla, anon_client
30+
):
31+
resp = anon_client.get(endpoint)
32+
assert resp.status_code == 403
33+
34+
35+
def test_whiteboard_tags(authenticated_client):
36+
resp = authenticated_client.get("/whiteboard_tags")
2137
actions = resp.json()
2238

2339
assert actions["devtest"]["description"] == "DevTest whiteboard tag"
2440

2541

26-
def test_jira_projects(anon_client, mocked_jira):
42+
def test_jira_projects(authenticated_client, mocked_jira):
2743
mocked_jira.permitted_projects.return_value = [{"key": "Firefox"}, {"key": "Fenix"}]
2844

29-
resp = anon_client.get("/jira_projects/")
45+
resp = authenticated_client.get("/jira_projects/")
3046
infos = resp.json()
3147

3248
assert infos == ["Firefox", "Fenix"]
3349

3450

35-
def test_whiteboard_tags_filtered(anon_client):
36-
resp = anon_client.get("/whiteboard_tags/?whiteboard_tag=devtest")
51+
def test_whiteboard_tags_filtered(authenticated_client):
52+
resp = authenticated_client.get("/whiteboard_tags/?whiteboard_tag=devtest")
3753
infos = resp.json()
3854
assert sorted(infos.keys()) == ["devtest"]
3955

40-
resp = anon_client.get("/whiteboard_tags/?whiteboard_tag=foo")
56+
resp = authenticated_client.get("/whiteboard_tags/?whiteboard_tag=foo")
4157
infos = resp.json()
4258
assert sorted(infos.keys()) == ["devtest"]
4359

4460

45-
def test_powered_by_jbi(exclude_middleware, anon_client):
46-
resp = anon_client.get("/powered_by_jbi/")
61+
def test_powered_by_jbi(exclude_middleware, authenticated_client):
62+
resp = authenticated_client.get("/powered_by_jbi/")
4763
html = resp.text
4864
assert "<title>Powered by JBI</title>" in html
4965
assert 'href="/static/styles.css"' in html
5066
assert "DevTest" in html
5167

5268

53-
def test_powered_by_jbi_filtered(exclude_middleware, anon_client):
54-
resp = anon_client.get("/powered_by_jbi/?enabled=false")
69+
def test_powered_by_jbi_filtered(exclude_middleware, authenticated_client):
70+
resp = authenticated_client.get("/powered_by_jbi/?enabled=false")
5571
html = resp.text
5672
assert "DevTest" not in html
5773

5874

59-
def test_webhooks_details(anon_client, mocked_bugzilla, webhook_factory):
75+
def test_webhooks_details(authenticated_client, mocked_bugzilla, webhook_factory):
6076
mocked_bugzilla.list_webhooks.return_value = [
6177
webhook_factory(),
6278
webhook_factory(errors=42, enabled=False),
6379
]
64-
resp = anon_client.get("/bugzilla_webhooks/")
80+
resp = authenticated_client.get("/bugzilla_webhooks/")
6581

6682
wh1, wh2 = resp.json()
6783

@@ -72,8 +88,8 @@ def test_webhooks_details(anon_client, mocked_bugzilla, webhook_factory):
7288
assert wh2["errors"] == 42
7389

7490

75-
def test_statics_are_served(anon_client):
76-
resp = anon_client.get("/static/styles.css")
91+
def test_statics_are_served(authenticated_client):
92+
resp = authenticated_client.get("/static/styles.css")
7793
assert resp.status_code == 200
7894

7995

0 commit comments

Comments
 (0)