Do not overload x-user-token header. Create separate parameter for beaer token.

dzleidig · dzleidig · commit c638bb2805bc · 2020-08-04T21:00:50.000-07:00
diff --git a/test/config_test.py b/test/config_test.py
@@ -174,14 +174,28 @@ def test_signing(self):
     def test_bearer_token(self):
         """Verify that the authorization header is set when a bearer token is provided"""
 
-        bearer_token = "Bearer eyJraWQiOiJWcmVsOE9zZ0JXaUpHeEpMeFJ4bE1UaVwvbjgyc1hwWktUaTd2UExUNFQ0TT0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJoMTBlM2hwajliNjc4bXMwOG8zbGlibHQ2IiwidG9rZW5fdXNlIjoiYWNjZXNzIiwic2NvcGUiOiJ3ZWJcL2dldCB3ZWJcL3Bvc3QiLCJhdXRoX3RpbWUiOjE1OTM3MjM1NDgsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC51cy1lYXN0LTEuYW1hem9uYXdzLmNvbVwvdXMtZWFzdC0xX1d6aEZzTGlPRyIsImV4cCI6MTU5MzcyNzE0OCwiaWF0IjoxNTkzNzIzNTQ4LCJ2ZXJzaW9uIjoyLCJqdGkiOiI4Njk5ZDEwYy05Mjg4LTQ0YmEtODIxNi01OTJjZGU3MDBhY2MiLCJjbGllbnRfaWQiOiJoMTBlM2hwajliNjc4bXMwOG8zbGlibHQ2In0.YA_yiD-x6UuBMShprUbUKuB_DO6ogCtd5srfgpJA6Ve_qsf8n19nVMmFsZBy3GxzN92P1ZXiFY99FfNPohhQtaRRhpeUkir08hgJN2bEHCJ5Ym8r9mr9mlwSG6FoiedgLaUVGwJujD9c2rcA83NEo8ayTyfCynF2AZ2pMxLHvqOYtvscGMiMzIwlZfJV301iKUVgPODJM5lpJ4iKCpOy2ByCl2_KL1uxIxgMkglpB-i7kgJc-WmYoJFoN88D89ugnEoAxNfK14N4_RyEkrLNGape9kew79nUeR6fWbVFLiGDDu25_9z-7VB-GGGk7L_Hb7YgVJ5W2FwESnkDvV1T4Q"
+        bearer_token = (
+            "Bearer eyJraWQiOiJWcmVsOE9zZ0JXaUpHeEpMeFJ4bE1UaVwvbjgyc1hwWktUaTd2UExUNFQ0T"
+            "T0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJoMTBlM2hwajliNjc4bXMwOG8zbGlibHQ2IiwidG9r"
+            "ZW5fdXNlIjoiYWNjZXNzIiwic2NvcGUiOiJ3ZWJcL2dldCB3ZWJcL3Bvc3QiLCJhdXRoX3RpbWUi"
+            "OjE1OTM3MjM1NDgsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC51cy1lYXN0LTEuYW1hem9u"
+            "YXdzLmNvbVwvdXMtZWFzdC0xX1d6aEZzTGlPRyIsImV4cCI6MTU5MzcyNzE0OCwiaWF0IjoxNTkz"
+            "NzIzNTQ4LCJ2ZXJzaW9uIjoyLCJqdGkiOiI4Njk5ZDEwYy05Mjg4LTQ0YmEtODIxNi01OTJjZGU3"
+            "MDBhY2MiLCJjbGllbnRfaWQiOiJoMTBlM2hwajliNjc4bXMwOG8zbGlibHQ2In0.YA_yiD-x6UuB"
+            "MShprUbUKuB_DO6ogCtd5srfgpJA6Ve_qsf8n19nVMmFsZBy3GxzN92P1ZXiFY99FfNPohhQtaRR"
+            "hpeUkir08hgJN2bEHCJ5Ym8r9mr9mlwSG6FoiedgLaUVGwJujD9c2rcA83NEo8ayTyfCynF2AZ2p"
+            "MxLHvqOYtvscGMiMzIwlZfJV301iKUVgPODJM5lpJ4iKCpOy2ByCl2_KL1uxIxgMkglpB-i7kgJc"
+            "-WmYoJFoN88D89ugnEoAxNfK14N4_RyEkrLNGape9kew79nUeR6fWbVFLiGDDu25_9z-7VB-GGGk"
+            "7L_Hb7YgVJ5W2FwESnkDvV1T4Q"
+        )
 
         with tempfile.NamedTemporaryFile() as config_file, tempfile.NamedTemporaryFile() as key_file:
             with open(config_file.name, "w") as f:
                 json.dump(
                     {
                         "email": "somebody@transcriptic.com",
-                        "token": bearer_token,
+                        "token": "foobarinvalid",
+                        "bearer_token": bearer_token,
                         "organization_id": "transcriptic",
                         "api_root": "http://foo:5555",
                         "analytics": True,
@@ -201,7 +215,6 @@ def test_bearer_token(self):
 
         authorization_header_value = prepared_get.headers["authorization"]
         self.assertEqual(authorization_header_value, bearer_token)
-        self.assertNotIn("x-user-token", prepared_get.headers)
 
     def test_malformed_bearer_token(self):
         """Verify that an exception is thrown when a malformed JWT bearer token is provided"""
@@ -213,7 +226,8 @@ def test_malformed_bearer_token(self):
                 json.dump(
                     {
                         "email": "somebody@transcriptic.com",
-                        "token": bearer_token,
+                        "token": "foobarinvalid",
+                        "bearer_token": bearer_token,
                         "organization_id": "transcriptic",
                         "api_root": "http://foo:5555",
                         "analytics": True,
diff --git a/transcriptic/config.py b/transcriptic/config.py
@@ -112,6 +112,7 @@ def __init__(
         feature_groups=[],
         rsa_key=None,
         session=None,
+        bearer_token=None,
     ):
         # Initialize environment args used for computing routes
         self.env_args = dict()
@@ -132,7 +133,7 @@ def __init__(
 
         # NB: These many setattr calls update self.session.headers
         # cookie authentication is mutually exclusive from token authentication
-        if cookie is not None:
+        if cookie:
             if email is not None or token is not None:
                 warnings.warn(
                     "Cookie and token authentication is mutually "
@@ -143,9 +144,17 @@ def __init__(
             self.cookie = cookie
             self.update_session_auth(use_signature=False)
         else:
+            if cookie is not None:
+                warnings.warn(
+                    "Cookie and token authentication is mutually "
+                    "exclusive. Ignoring cookie"
+                )
             self.session.headers["Cookie"] = None
             self.email = email
-            self.token = token
+            if token is not None:
+                self.token = token
+            if bearer_token is not None:
+                self.bearer_token = bearer_token
             self.update_session_auth()
 
         # Initialize feature groups
@@ -236,6 +245,20 @@ def email(self, value):
         self.update_headers(**{"X-User-Email": value})
         self.update_session_auth()
 
+    @property
+    def bearer_token(self):
+        try:
+            return self.session.headers["Authorization"]
+        except (NameError, KeyError):
+            raise ValueError("Bearer token is not set.")
+
+    @bearer_token.setter
+    def bearer_token(self, value):
+        if is_valid_jwt_token(value):
+            self.update_headers(**{"Authorization": value})
+        else:
+            raise ValueError("Malformed JWT Bearer Token")
+
     @property
     def token(self):
         try:
@@ -244,23 +267,14 @@ def token(self):
             raise ValueError("token is not set.")
 
     @token.setter
-    def token(self, value: str):
+    def token(self, value):
         if self.cookie is not None:
             warnings.warn(
                 "Cookie and token authentication is mutually "
                 "exclusive. Clearing cookie from headers"
             )
             self.update_headers(**{"Cookie": None})
-
-        if value is not None:
-            is_bearer_auth = value.startswith("Bearer")
-            if is_bearer_auth:
-                if is_valid_jwt_token(value):
-                    self.update_headers(**{"Authorization": value})
-                else:
-                    raise ValueError("Malformed JWT Bearer Token")
-            else:
-                self.update_headers(**{"X-User-Token": value})
+        self.update_headers(**{"X-User-Token": value})
 
     @property
     def cookie(self):
@@ -1088,9 +1102,7 @@ def get_route(self, method, **kwargs):
                 raise Exception(
                     f"For route: {method}, argument {arg} needs " f"to be provided."
                 )
-        return route_method(  # pylint: disable=no-value-for-parameter
-            *tuple(input_args)
-        )
+        return route_method(*tuple(input_args))
 
     def get(self, route, **kwargs):
         return self._call("get", route, **kwargs)
