Use origin as custom app configuration audience on decode (#351)

* Bump to 1.17.1 * Use origin for audience * Check 400 thrown when None origin passed to decode * Add test for origin header not being present
climatepolicyradar · Sep 24, 2024 · 66da6ca · 66da6ca
1 parent 4072d70
commit 66da6ca
Show file tree

Hide file tree

Showing 5 changed files with 45 additions and 7 deletions.
diff --git a/app/api/api_v1/routers/search.py b/app/api/api_v1/routers/search.py
@@ -15,6 +15,7 @@
 from fastapi import APIRouter, Body, Depends, Header, HTTPException, Request, status
 from fastapi.responses import StreamingResponse
 from jwt import PyJWTError
+from pydantic_core import Url
 from sqlalchemy.orm import Session
 from starlette.responses import RedirectResponse
 
@@ -116,7 +117,6 @@ def search_documents(
             }
         ),
     ],
-    host: Annotated[str, Header()],
     app_token: Annotated[str, Header()],
     db=Depends(get_db),
 ) -> SearchResponse:
@@ -140,19 +140,23 @@ def search_documents(
     the search database. The continuation token can be used to get the next set of
     results from the search database. See the request schema for more details.
     """
+    origin = request.headers.get("origin")
+    if origin is not None:
+        origin = Url(origin).host
+
     _LOGGER.info(
         "Search request",
         extra={
             "props": {
                 "search_request": search_body.model_dump(),
-                "host": str(host),
+                "origin": origin,
                 "app_token": str(app_token),
             }
         },
     )
 
     try:
-        allowed_corpora_ids = decode_config_token(app_token, host)
+        allowed_corpora_ids = decode_config_token(app_token, origin)
     except PyJWTError as e:
         _LOGGER.error(e)
         raise HTTPException(

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "navigator_backend"
-version = "1.17.0"
+version = "1.17.1"
 description = ""
 authors = ["CPR-dev-team <[email protected]>"]
 packages = [{ include = "app" }, { include = "tests" }]

diff --git a/tests/conftest.py b/tests/conftest.py
@@ -115,7 +115,7 @@ def valid_token():
     """
     corpora_ids = "CCLW.corpus.1.0,CCLW.corpus.2.0"
     subject = "CCLW"
-    audience = "localhost:8888"
+    audience = "localhost"
     input_str = f"{corpora_ids};{subject};{audience}"
     return create_configuration_token(input_str)
 

diff --git a/tests/search/vespa/setup_search_tests.py b/tests/search/vespa/setup_search_tests.py
@@ -29,19 +29,26 @@
 from sqlalchemy.orm import Session
 
 SEARCH_ENDPOINT = "/api/v1/searches"
-TEST_HOST = "localhost:8888"
+TEST_HOST = "http://localhost:3000/"
 
 
 def _make_search_request(
     client,
     token,
     params: Mapping[str, Any],
     expected_status_code: int = status.HTTP_200_OK,
+    origin: Optional[str] = TEST_HOST,
 ):
+    headers = (
+        {"app-token": token}
+        if origin is None
+        else {"app-token": token, "origin": origin}
+    )
+
     response = client.post(
         SEARCH_ENDPOINT,
         json=params,
-        headers={"app-token": token, "host": TEST_HOST},
+        headers=headers,
     )
     assert response.status_code == expected_status_code, response.text
     return response.json()

diff --git a/tests/search/vespa/test_vespa_corpus_filtering.py b/tests/search/vespa/test_vespa_corpus_filtering.py
@@ -126,6 +126,33 @@ def test_search_decoding_token_raises_PyJWTError(
         assert response["detail"] == "Could not decode configuration token"
 
 
+@pytest.mark.search
+def test_search_decoding_token_with_none_origin_passed_to_audience(
+    data_client,
+    data_db,
+    valid_token,
+    monkeypatch,
+    test_vespa,
+):
+    """
+    GIVEN a request to the search endpoint
+    WHEN the decode_config_token() function is passed a None origin
+    THEN raise a 400 HTTP error
+    """
+    monkeypatch.setattr(search, "_VESPA_CONNECTION", test_vespa)
+    _populate_db_families(data_db)
+
+    response = _make_search_request(
+        data_client,
+        valid_token,
+        params={"query_string": ""},
+        origin=None,
+        expected_status_code=status.HTTP_400_BAD_REQUEST,
+    )
+
+    assert response["detail"] == "Could not decode configuration token"
+
+
 @pytest.mark.search
 def test_search_with_invalid_corpus_id_in_search_request_params(
     data_client, data_db, valid_token, monkeypatch, test_vespa