highperfocused/lnbits
1
0
Fork 0
mirror of https://github.com/lnbits/lnbits.git synced 2025-07-12 22:12:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

another testcase the fails similar to #847 (#892)

Browse Source 
* another testcase the fails similar to #847

* proper fix

* revert to statuscode 401 and code improvements @calle

Co-authored-by: dni <dni.khr@gmail.com>
This commit is contained in:
dni ⚡
2022-08-16 17:01:05 +02:00
committed by GitHub
parent 8956bdc954
commit 88ec440ea1
2 changed files with 26 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
lnbits/decorators.py
View File

@ -130,10 +130,13 @@ async def get_key_type(
# 2: invalid # 2: invalid
pathname = r["path"].split("/")[1] pathname = r["path"].split("/")[1]
if not api_key_header and not api_key_query: token = api_key_header or api_key_query
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST)
token = api_key_header if api_key_header else api_key_query if not token:
raise HTTPException(
status_code=HTTPStatus.UNAUTHORIZED,
detail="Invoice (or Admin) key required.",
)
try: try:
admin_checker = WalletAdminKeyChecker(api_key=token) admin_checker = WalletAdminKeyChecker(api_key=token)
@ -180,7 +183,14 @@ async def require_admin_key(
api_key_header: str = Security(api_key_header), # type: ignore api_key_header: str = Security(api_key_header), # type: ignore
api_key_query: str = Security(api_key_query), # type: ignore api_key_query: str = Security(api_key_query), # type: ignore
): ):
token = api_key_header if api_key_header else api_key_query
token = api_key_header or api_key_query
if not token:
raise HTTPException(
status_code=HTTPStatus.UNAUTHORIZED,
detail="Admin key required.",
)
wallet = await get_key_type(r, token) wallet = await get_key_type(r, token)
@ -199,11 +209,12 @@ async def require_invoice_key(
api_key_header: str = Security(api_key_header), # type: ignore api_key_header: str = Security(api_key_header), # type: ignore
api_key_query: str = Security(api_key_query), # type: ignore api_key_query: str = Security(api_key_query), # type: ignore
): ):
token = api_key_header or api_key_query token = api_key_header or api_key_query
if token is None: if not token:
raise HTTPException( raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED, status_code=HTTPStatus.UNAUTHORIZED,
detail="Invoice (or Admin) key required.", detail="Invoice (or Admin) key required.",
) )

11
tests/core/views/test_api.py
View File

@ -45,9 +45,16 @@ async def test_get_wallet_adminkey(client, adminkey_headers_to):
assert "id" in result assert "id" in result
# check POST /api/v1/payments: empty request # check PUT /api/v1/wallet/newwallet: empty request where admin key is needed
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_post_empty_request(client): async def test_put_empty_request_expected_admin_keys(client):
response = await client.put("/api/v1/wallet/newwallet")
assert response.status_code == 401
# check POST /api/v1/payments: empty request where invoice key is needed
@pytest.mark.asyncio
async def test_post_empty_request_expected_invoice_keys(client):
response = await client.post("/api/v1/payments") response = await client.post("/api/v1/payments")
assert response.status_code == 401 assert response.status_code == 401