Skip to content

Allow API Keys to be passed through the Authorization header#775

Merged
rapidray12 merged 1 commit intodevelopfrom
AL-allow-authorization
Jan 28, 2025
Merged

Allow API Keys to be passed through the Authorization header#775
rapidray12 merged 1 commit intodevelopfrom
AL-allow-authorization

Conversation

@aloftus23
Copy link
Contributor

@aloftus23 aloftus23 commented Jan 28, 2025
edited
Loading

🗣 Description

The auth function will now check if the token is an API key using regex. If so, will check the database for the hash.

💭 Motivation and context

Allow API keys to be passed in the same header as the JWT token. Inline with the old typescript backend

🧪 Testing

Passes pre-commits and pytests. Tested in postman as well.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All future TODOs are captured in issues, which are referenced
    in code comments.
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All relevant repo and/or project documentation has been updated
    to reflect the changes in this PR.
  • Tests have been added and/or modified to cover the changes in this PR.
  • All new and existing tests pass.

✅ Pre-merge checklist

  • Revert dependencies to default branches.
  • Finalize version.

✅ Post-merge checklist

  • Create a release.

@aloftus23 aloftus23 self-assigned this Jan 28, 2025
@aloftus23 aloftus23 requested a review from DJensen94 January 28, 2025 19:59
DJensen94
DJensen94 approved these changes Jan 28, 2025
View reviewed changes
Copy link
Contributor

@DJensen94 DJensen94 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

rapidray12
rapidray12 approved these changes Jan 28, 2025
View reviewed changes
Copy link
Collaborator

@rapidray12 rapidray12 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the future we need to revise the use of regex

@rapidray12 rapidray12 merged commit 5de44fe into develop Jan 28, 2025
14 of 15 checks passed
@rapidray12 rapidray12 deleted the AL-allow-authorization branch January 28, 2025 20:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DJensen94 DJensen94 DJensen94 approved these changes

@rapidray12 rapidray12 rapidray12 approved these changes

@cduhn17 cduhn17 Awaiting requested review from cduhn17 cduhn17 is a code owner

@Matthew-Grayson Matthew-Grayson Awaiting requested review from Matthew-Grayson

@nickviola nickviola Awaiting requested review from nickviola nickviola is a code owner

@schmelz21 schmelz21 Awaiting requested review from schmelz21 schmelz21 is a code owner

Assignees

@aloftus23 aloftus23

Labels

backend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aloftus23 @DJensen94 @rapidray12