Change blacklisted -> denied for inclusivity

Aaron Suarez · Aaron Suarez · commit 8aab65c12173 · 2020-07-13T19:40:42.000-05:00
diff --git a/app/api/auth.py b/app/api/auth.py
@@ -26,8 +26,8 @@ def __init__(self, message, error_code):
 
 class ApiKeyErrorCode(Enum):
     NOT_FOUND = 1
-    ALREADY_BLACKLISTED = 2
-    NOT_BLACKLISTED = 3
+    ALREADY_DENIED = 2
+    NOT_DENIED = 3
 
 
 def find_key_by_apikey_or_email(apikey_or_email):
@@ -37,20 +37,20 @@ def find_key_by_apikey_or_email(apikey_or_email):
     return Key.query.filter_by(email=apikey_or_email).first()
 
 
-def blacklist_key(apikey_or_email, blacklisted, session):
+def deny_key(apikey_or_email, denied, session):
     key = find_key_by_apikey_or_email(apikey_or_email)
     if not key:
         raise ApiKeyError('Could not find that apikey or email.',
                           ApiKeyErrorCode.NOT_FOUND)
 
-    if key.blacklisted == blacklisted:
+    if key.denied == denied:
         raise ApiKeyError(
-            ('Already' if blacklisted else 'Not') + ' blacklisted',
-            ApiKeyErrorCode.ALREADY_BLACKLISTED if blacklisted
-            else ApiKeyErrorCode.NOT_BLACKLISTED
+            ('Already' if denied else 'Not') + ' denied',
+            ApiKeyErrorCode.ALREADY_DENIED if denied
+            else ApiKeyErrorCode.NOT_DENIED
         )
 
-    key.blacklisted = blacklisted
+    key.denied = denied
 
     session.commit()
 
@@ -117,7 +117,7 @@ def jwt_to_key():
 def get_api_key_from_authenticated_email(email):
     apikey = Key.query.filter_by(email=email).first()
 
-    if apikey and apikey.blacklisted:
+    if apikey and apikey.denied:
         return None
 
     if not apikey:
@@ -131,7 +131,7 @@ def authenticate(func):
     def wrapper(*args, **kwargs):
         apikey = request.headers.get('x-apikey')
         try:
-            filters = {'apikey': apikey, 'blacklisted': False}
+            filters = {'apikey': apikey, 'denied': False}
             key = Key.query.filter_by(**filters).first() if apikey else jwt_to_key()
         except Exception:
             return standardize_response(status_code=500)
diff --git a/app/api/routes/api_key.py b/app/api/routes/api_key.py
@@ -31,8 +31,8 @@ def apikey():
         # We need to check the database for an existing key
         apikey = Key.query.filter_by(email=email).first()
 
-        # Don't return success for blacklisted keys
-        if apikey and apikey.blacklisted:
+        # Don't return success for denied keys
+        if apikey and apikey.denied:
             return unauthorized_response()
 
         if not apikey:
diff --git a/app/cli.py b/app/cli.py
@@ -7,7 +7,7 @@
 
 import click
 from app import index, search_client
-from app.api.auth import (ApiKeyError, blacklist_key,
+from app.api.auth import (ApiKeyError, deny_key,
                           find_key_by_apikey_or_email, rotate_key)
 from sqlalchemy import exc
 
@@ -207,20 +207,20 @@ def reindex():
 
     @apikey.command()
     @click.argument('apikey_or_email')
-    def blacklist(apikey_or_email):
+    def deny(apikey_or_email):
         try:
-            key = blacklist_key(apikey_or_email, True, db.session)
+            key = deny_key(apikey_or_email, True, db.session)
         except ApiKeyError as error:
             print(error.message)
             return error.error_code
 
-        print(f'Blacklisted {key}')
+        print(f'Denied {key}')
 
     @apikey.command()
     @click.argument('apikey_or_email')
     def reactivate(apikey_or_email):
         try:
-            key = blacklist_key(apikey_or_email, False, db.session)
+            key = deny_key(apikey_or_email, False, db.session)
         except ApiKeyError as error:
             print(error.message)
             return error.error_code
diff --git a/app/models.py b/app/models.py
@@ -161,7 +161,7 @@ class Key(TimestampMixin, db.Model):
     id = db.Column(db.Integer, primary_key=True)
     apikey = db.Column(db.String, unique=True, nullable=False, index=True)
     email = db.Column(db.String, unique=True, nullable=False)
-    blacklisted = db.Column(db.Boolean, default=False)
+    denied = db.Column(db.Boolean, default=False)
     voted_resources = db.relationship('VoteInformation', back_populates='voter')
 
     @property
@@ -192,8 +192,8 @@ def __hash__(self):
 
     def __repr__(self):
         tags = ''
-        if self.blacklisted:
-            tags = ' BLACKLISTED'
+        if self.denied:
+            tags = ' DENIED'
         return f"<Key email={self.email} apikey={self.apikey}{tags}>"
 
 
diff --git a/migrations/versions/205742d3b3f5_change_blacklist_to_deny.py b/migrations/versions/205742d3b3f5_change_blacklist_to_deny.py
@@ -0,0 +1,29 @@
+"""Change blacklist to deny
+
+Revision ID: 205742d3b3f5
+Revises: 4b6587b98b26
+Create Date: 2020-07-04 19:29:40.607069
+
+"""
+from alembic import op
+import sqlalchemy as sa
+import sqlalchemy_utils
+
+
+# revision identifiers, used by Alembic.
+revision = '205742d3b3f5'
+down_revision = '4b6587b98b26'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.alter_column('key', 'blacklisted', new_column_name='denied')
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.alter_column('key', 'denied', new_column_name='blacklisted')
+    # ### end Alembic commands ###
diff --git a/tests/unit/test_auth.py b/tests/unit/test_auth.py
@@ -1,7 +1,7 @@
 from unittest.mock import patch
 
 from app.api.auth import (ApiKeyError, ApiKeyErrorCode, authenticate,
-                          blacklist_key, find_key_by_apikey_or_email,
+                          deny_key, find_key_by_apikey_or_email,
                           rotate_key)
 from app.models import Key
 from flask import g
@@ -56,9 +56,9 @@ def callback(*args, **kwargs):
     assert g.auth_key == key
 
 
-def test_authenticate_blacklisted(module_client, function_empty_db):
+def test_authenticate_denied(module_client, function_empty_db):
     # Arrange
-    create_fake_key(function_empty_db.session, blacklisted=True)
+    create_fake_key(function_empty_db.session, denied=True)
 
     def callback(*args, **kwargs):
         return 1
@@ -88,75 +88,75 @@ def test_find_key_by_apikey_or_email(module_client, function_empty_db):
     assert key == key2
 
 
-def test_blacklist_key_not_found(module_client, function_empty_db):
+def test_denied_key_not_found(module_client, function_empty_db):
     # Arrange
     error = None
 
     # Act
     try:
-        blacklist_key(FAKE_APIKEY + 'b', True, function_empty_db.session)
+        deny_key(FAKE_APIKEY + 'b', True, function_empty_db.session)
     except ApiKeyError as e:
         error = e
 
     # Assert
     assert error.error_code == ApiKeyErrorCode.NOT_FOUND
 
 
-def test_blacklist_key_already_blacklisted(module_client, function_empty_db):
+def test_deny_key_already_denied(module_client, function_empty_db):
     # Arrange
     error = None
     key1 = None
-    create_fake_key(function_empty_db.session, blacklisted=True)
+    create_fake_key(function_empty_db.session, denied=True)
 
     # Act
     try:
-        key1 = blacklist_key(FAKE_APIKEY, True, function_empty_db.session)
+        key1 = deny_key(FAKE_APIKEY, True, function_empty_db.session)
     except ApiKeyError as e:
         error = e
 
     # Assert
-    assert error.error_code == ApiKeyErrorCode.ALREADY_BLACKLISTED
+    assert error.error_code == ApiKeyErrorCode.ALREADY_DENIED
     assert key1 is None
 
 
-def test_blacklist_key_not_blacklisted(module_client, function_empty_db):
+def test_deny_key_not_denied(module_client, function_empty_db):
     # Arrange
     error = None
     key1 = None
     create_fake_key(function_empty_db.session)
 
     # Act
     try:
-        key1 = blacklist_key(FAKE_APIKEY, False, function_empty_db.session)
+        key1 = deny_key(FAKE_APIKEY, False, function_empty_db.session)
     except ApiKeyError as e:
         error = e
 
     # Assert
-    assert error.error_code == ApiKeyErrorCode.NOT_BLACKLISTED
+    assert error.error_code == ApiKeyErrorCode.NOT_DENIED
     assert key1 is None
 
 
-def test_blacklist_key_set_blacklisted_on(module_client, function_empty_db):
+def test_deny_key_set_denied_on(module_client, function_empty_db):
     # Arrange
     key = create_fake_key(function_empty_db.session)
 
     # Act
-    key1 = blacklist_key(FAKE_APIKEY, True, function_empty_db.session)
+    key1 = deny_key(FAKE_APIKEY, True, function_empty_db.session)
 
     # Assert
-    assert key.blacklisted
+    assert key.denied
     assert key == key1
 
 
-def test_blacklist_key_set_blacklisted_off(module_client, function_empty_db):
+def test_deny_key_set_denied_off(module_client, function_empty_db):
     # Arrange
-    key = create_fake_key(function_empty_db.session, blacklisted=True)
+    key = create_fake_key(function_empty_db.session, denied=True)
 
     # Act
-    key1 = blacklist_key(FAKE_APIKEY, False, function_empty_db.session)
+    key1 = deny_key(FAKE_APIKEY, False, function_empty_db.session)
 
     # Assert
-    assert not key.blacklisted
+    assert not key.denied
     assert key == key1
 
 
diff --git a/tests/unit/test_auth_jwt.py b/tests/unit/test_auth_jwt.py
@@ -175,11 +175,11 @@ def callback(*args, **kwargs):
     assert result == 1
 
 
-def test_blacklisted_apikey(module_client, function_empty_db):
+def test_denied_apikey(module_client, function_empty_db):
     # Arrange
     def callback(*args, **kwargs):
         return 1
-    create_fake_key(function_empty_db.session, blacklisted=True)
+    create_fake_key(function_empty_db.session, denied=True)
 
     # Act
     wrapper = authenticate(callback)
diff --git a/tests/unit/test_models.py b/tests/unit/test_models.py
@@ -94,10 +94,10 @@ def test_key():
                               })
 
 
-def test_key_blacklisted():
-    key = Key(email="test@example.org", apikey="1234abcd", blacklisted=True)
+def test_key_denied():
+    key = Key(email="test@example.org", apikey="1234abcd", denied=True)
     assert (
-        key.__repr__() == "<Key email=test@example.org apikey=1234abcd BLACKLISTED>"
+        key.__repr__() == "<Key email=test@example.org apikey=1234abcd DENIED>"
     )
     assert (key != 1)
     assert (key == key)
diff --git a/tests/unit/test_routes/test_api_key.py b/tests/unit/test_routes/test_api_key.py
@@ -1,4 +1,4 @@
-from app.api.auth import blacklist_key
+from app.api.auth import deny_key
 from .helpers import get_api_key, assert_correct_response
 
 
@@ -52,11 +52,11 @@ def test_get_api_key_bad_password(module_client, module_db, fake_invalid_auth_fr
     assert_correct_response(response, 401)
 
 
-def test_get_api_key_blacklisted(module_client, module_db, fake_auth_from_oc):
+def test_get_api_key_denied(module_client, module_db, fake_auth_from_oc):
     client = module_client
 
     apikey = get_api_key(client)
-    blacklist_key(apikey, True, module_db.session)
+    deny_key(apikey, True, module_db.session)
 
     try:
         response = client.post(
@@ -69,7 +69,7 @@ def test_get_api_key_blacklisted(module_client, module_db, fake_auth_from_oc):
         )
         assert_correct_response(response, 401)
     finally:
-        blacklist_key(apikey, False, module_db.session)
+        deny_key(apikey, False, module_db.session)
 
 
 def test_rotate_api_key_unauthorized(module_client, module_db):
