diff --git a/app/api/api_v1/routers/search.py b/app/api/api_v1/routers/search.py index b1aff031..c518772a 100644 --- a/app/api/api_v1/routers/search.py +++ b/app/api/api_v1/routers/search.py @@ -15,6 +15,7 @@ from fastapi import APIRouter, Body, Depends, Header, HTTPException, Request, status from fastapi.responses import StreamingResponse from jwt import PyJWTError +from pydantic_core import Url from sqlalchemy.orm import Session from starlette.responses import RedirectResponse @@ -116,7 +117,6 @@ def search_documents( } ), ], - host: Annotated[str, Header()], app_token: Annotated[str, Header()], db=Depends(get_db), ) -> SearchResponse: @@ -140,19 +140,23 @@ def search_documents( the search database. The continuation token can be used to get the next set of results from the search database. See the request schema for more details. """ + origin = request.headers.get("origin") + if origin is not None: + origin = Url(origin).host + _LOGGER.info( "Search request", extra={ "props": { "search_request": search_body.model_dump(), - "host": str(host), + "origin": origin, "app_token": str(app_token), } }, ) try: - allowed_corpora_ids = decode_config_token(app_token, host) + allowed_corpora_ids = decode_config_token(app_token, origin) except PyJWTError as e: _LOGGER.error(e) raise HTTPException( diff --git a/pyproject.toml b/pyproject.toml index 7fad6227..30dcfd02 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "navigator_backend" -version = "1.17.0" +version = "1.17.1" description = "" authors = ["CPR-dev-team "] packages = [{ include = "app" }, { include = "tests" }] diff --git a/tests/conftest.py b/tests/conftest.py index a7a99215..4844a1a8 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -115,7 +115,7 @@ def valid_token(): """ corpora_ids = "CCLW.corpus.1.0,CCLW.corpus.2.0" subject = "CCLW" - audience = "localhost:8888" + audience = "localhost" input_str = f"{corpora_ids};{subject};{audience}" return create_configuration_token(input_str) diff --git a/tests/search/vespa/setup_search_tests.py b/tests/search/vespa/setup_search_tests.py index 4b55a2aa..2056e5aa 100644 --- a/tests/search/vespa/setup_search_tests.py +++ b/tests/search/vespa/setup_search_tests.py @@ -29,7 +29,7 @@ from sqlalchemy.orm import Session SEARCH_ENDPOINT = "/api/v1/searches" -TEST_HOST = "localhost:8888" +TEST_HOST = "http://localhost:3000/" def _make_search_request( @@ -37,11 +37,18 @@ def _make_search_request( token, params: Mapping[str, Any], expected_status_code: int = status.HTTP_200_OK, + origin: Optional[str] = TEST_HOST, ): + headers = ( + {"app-token": token} + if origin is None + else {"app-token": token, "origin": origin} + ) + response = client.post( SEARCH_ENDPOINT, json=params, - headers={"app-token": token, "host": TEST_HOST}, + headers=headers, ) assert response.status_code == expected_status_code, response.text return response.json() diff --git a/tests/search/vespa/test_vespa_corpus_filtering.py b/tests/search/vespa/test_vespa_corpus_filtering.py index 62d2b581..a26bd409 100644 --- a/tests/search/vespa/test_vespa_corpus_filtering.py +++ b/tests/search/vespa/test_vespa_corpus_filtering.py @@ -126,6 +126,33 @@ def test_search_decoding_token_raises_PyJWTError( assert response["detail"] == "Could not decode configuration token" +@pytest.mark.search +def test_search_decoding_token_with_none_origin_passed_to_audience( + data_client, + data_db, + valid_token, + monkeypatch, + test_vespa, +): + """ + GIVEN a request to the search endpoint + WHEN the decode_config_token() function is passed a None origin + THEN raise a 400 HTTP error + """ + monkeypatch.setattr(search, "_VESPA_CONNECTION", test_vespa) + _populate_db_families(data_db) + + response = _make_search_request( + data_client, + valid_token, + params={"query_string": ""}, + origin=None, + expected_status_code=status.HTTP_400_BAD_REQUEST, + ) + + assert response["detail"] == "Could not decode configuration token" + + @pytest.mark.search def test_search_with_invalid_corpus_id_in_search_request_params( data_client, data_db, valid_token, monkeypatch, test_vespa