add hooks for metadata endpoints

wmo-im · Sep 10, 2023 · 5c8e71c · 5c8e71c
1 parent df9a186
commit 5c8e71c
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 9 deletions.
diff --git a/tests/integration/test_auth.py b/tests/integration/test_auth.py
@@ -29,9 +29,11 @@
 TOPIC = 'admin'
 TOPIC1 = 'oapi'
 TOPIC2 = 'ui'
+TOPIC3 = 'collections/stations'
 TOKEN = 'test_token'
 TOKEN1 = 'token_1'
 TOKEN2 = '2_test_token'
+TOKEN3 = '3_test_token'
 
 
 def test_no_auth():
@@ -54,18 +56,11 @@ def test_no_auth():
 
     headers = {
         'X-Original-URI': f'/oapi/collections/stations/items?token={TOKEN}',
-        'X-api-http-method': 'GET'
+        'X-Api-Http-Method': 'GET'
     }
     r = requests.get(URL + '/authorize', headers=headers)
     assert r.status_code == 200
 
-    headers = {
-        'X-Original-URI': f'/oapi/collections/stations/items?token={TOKEN}',
-        'X-api-http-method': 'POST'
-    }
-    r = requests.get(URL + '/authorize', headers=headers)
-    assert r.status_code == 401
-
 
 def test_add_auth():
     '''Test adding wis2box authentication'''
@@ -82,6 +77,10 @@ def test_add_auth():
     r = requests.post(URL + '/add_token', data=data)
     assert r.status_code == 200
 
+    data = {'topic': TOPIC3, 'token': TOKEN3}
+    r = requests.post(URL + '/add_token', data=data)
+    assert r.status_code == 200
+
 
 def test_header_auth():
     '''Test wis2box header authentication'''
@@ -116,6 +115,28 @@ def test_header_auth():
     r = requests.get(URL + '/authorize', headers=headers)
     assert r.status_code == 200
 
+    headers = {
+        'X-Original-URI': f'/{TOPIC3}',
+    }
+    r = requests.get(URL + '/authorize', headers=headers)
+    assert r.status_code == 200
+
+    headers = {
+        'X-Original-URI': f'/{TOPIC3}',
+        'Authorization': f'Bearer {TOKEN3}',
+        'X-Api-Http-Method': 'POST'
+    }
+    r = requests.get(URL + '/authorize', headers=headers)
+    assert r.status_code == 200
+
+    headers = {
+        'X-Original-URI': f'/{TOPIC3}',
+        'Authorization': f'Bearer {TOKEN1}',
+        'X-Api-Http-Method': 'POST'
+    }
+    r = requests.get(URL + '/authorize', headers=headers)
+    assert r.status_code == 401
+
 
 def test_token_auth():
     '''Test wis2box token authentication'''

diff --git a/wis2box_auth/__init__.py b/wis2box_auth/__init__.py
@@ -116,6 +116,9 @@ def extract_topic(topic: str = None) -> bool:
     if any([x in topic for x in ['processes', 'execution']]):
         LOGGER.debug('topic is an API process execution')
         sanitized_topic = topic
+    elif any([x in topic for x in ['collections/stations', 'collections/discovery-metadata']]):  # noqa
+        LOGGER.debug('topic is an API metadata transaction')
+        sanitized_topic = topic
     else:
         sanitized_topic = topic.replace('/', '.')
 

diff --git a/wis2box_auth/app.py b/wis2box_auth/app.py
@@ -66,7 +66,7 @@ def authorize():
         'stations'
     ]
 
-    if (request.headers.get('X-api-http-method', 'GET') == 'GET' and
+    if (request.headers.get('X-Api-Http-Method', 'GET') == 'GET' and
             any([x in request_uri for x in metadata_collections])):
         LOGGER.debug('API metadata request')
         msg = 'Resource is open'