Refactor API auth

AllenAnthes · AllenAnthes · commit 26224230779a · 2019-04-12T16:45:00.000-05:00
diff --git a/pybot/endpoints/slack/utils/__init__.py b/pybot/endpoints/slack/utils/__init__.py
@@ -19,7 +19,7 @@
 
 slack_configs = {
     "token": os.environ.get("BOT_OATH_TOKEN"),
-    "signing_secret": os.environ.get("SLACK_SIGNING_SECRET"),
+    "signing_secret": os.environ.get("SLACK_BOT_SIGNING_SECRET"),
     "verify": os.environ.get("VERIFICATION_TOKEN"),
     "bot_id": os.environ.get("SLACK_BOT_ID"),
     "bot_user_id": os.environ.get("SLACK_BOT_ID"),
diff --git a/pybot/plugins/api/endpoints.py b/pybot/plugins/api/endpoints.py
@@ -4,20 +4,18 @@
 
 from aiohttp.web_response import Response
 
-from pybot.plugins.api.request import SlackApiRequest
+from pybot.plugins.api.request import SlackApiRequest, FailedVerification
 
 logger = logging.getLogger(__name__)
 
 
 async def slack_api(request):
     api_plugin = request.app.plugins["api"]
-    slack_request = SlackApiRequest.from_request(request)
 
-    if not slack_request.authorized:
-        logger.info(
-            f"Received unauthorized request Request: {slack_request} Token: {slack_request.token}"
-        )
-        return Response(status=403)
+    try:
+        slack_request = SlackApiRequest.from_request(request)
+    except FailedVerification:
+        return Response(status=401)
 
     futures = list(_dispatch(api_plugin.routers["slack"], slack_request, request.app))
 
diff --git a/pybot/plugins/api/request.py b/pybot/plugins/api/request.py
@@ -1,5 +1,4 @@
 import copy
-import json
 import os
 from typing import MutableMapping
 
@@ -26,6 +25,9 @@ def __init__(self, raw_request, resource, query):
         self.query = query
         self.token = self.__get_token(raw_request)
 
+        if not self.authorized:
+            raise FailedVerification(self.token)
+
     @property
     def authorized(self):
         return self.token is not None and self.token in self.auth_tokens
@@ -75,3 +77,12 @@ def clone(self) -> "SlackApiRequest":
             copy.deepcopy(self.resource),
             copy.deepcopy(self.query),
         )
+
+
+class FailedVerification(Exception):
+    """
+    Raised when incoming API request fails verification
+    """
+
+    def __init__(self, token: str) -> None:
+        self.token = token
diff --git a/tests/endpoints/api/test_slack_api_endpoint.py b/tests/endpoints/api/test_slack_api_endpoint.py
@@ -17,8 +17,8 @@
     "headers, status",
     [
         ({"Authorization": "Bearer devBackendToken"}, 200),
-        ({"Authorization": "Bearer abc"}, 403),
-        (None, 403),
+        ({"Authorization": "Bearer abc"}, 401),
+        (None, 401),
     ],
 )
 async def test_detect_credentials(bot: SirBot, aiohttp_client, headers, status):

Original file line number	Diff line number	Diff line change
`@@ -17,8 +17,8 @@`
`17`	`17`	`"headers, status",`
`18`	`18`	`[`
`19`	`19`	`({"Authorization": "Bearer devBackendToken"}, 200),`
`20`		`- ({"Authorization": "Bearer abc"}, 403),`
`21`		`- (None, 403),`
	`20`	`+ ({"Authorization": "Bearer abc"}, 401),`
	`21`	`+ (None, 401),`
`22`	`22`	`],`
`23`	`23`	`)`
`24`	`24`	`async def test_detect_credentials(bot: SirBot, aiohttp_client, headers, status):`