fix: api token expired error (#7251)

chanzuckerberg · Jul 2, 2024 · f039d56 · f039d56
1 parent 36d3904
commit f039d56
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 5 deletions.
diff --git a/backend/curation/api/v1/curation/auth/token.py b/backend/curation/api/v1/curation/auth/token.py
@@ -1,3 +1,4 @@
+import requests
 from flask import make_response, request
 from jose import JWTError
 
@@ -14,9 +15,15 @@ def post():
         token_info = api_key.verify(user_api_key, config.api_key_secret)
     except JWTError:
         raise UnauthorizedError(detail="The API key is invalid") from None
-    else:
-        identity = auth0_management_session.get_user_api_key_identity(token_info["sub"])
-        if not identity:
-            raise NotFoundHTTPException(detail="The API key is no longer valid.")
+    identity = auth0_management_session.get_user_api_key_identity(token_info["sub"])
+    if not identity:
+        raise NotFoundHTTPException(detail="The API key is no longer valid.")
+    try:
         token = auth0_management_session.generate_access_token(identity["profileData"]["email"], user_api_key)
-        return make_response(token, 201)
+    except requests.exceptions.HTTPError as error:
+        if error.response.status_code == 403:
+            raise UnauthorizedError(
+                detail="This API key is old. use the latest API key or generate a new one."
+            ) from error
+        raise error
+    return make_response(token, 201)
diff --git a/tests/unit/backend/layers/api/test_curation_api.py b/tests/unit/backend/layers/api/test_curation_api.py
@@ -6,6 +6,8 @@
 from dataclasses import asdict
 from unittest.mock import Mock, patch
 
+from requests import HTTPError, Response
+
 from backend.common.providers.crossref_provider import CrossrefDOINotFoundException
 from backend.common.utils.api_key import generate
 from backend.curation.api.v1.curation.collections.common import EntityColumns
@@ -2814,3 +2816,20 @@ def test__post_token__404(self, auth0_management_session, CorporaAuthConfig):
         user_api_key = generate(test_user_id, test_secret)
         response = self.app.post("/curation/v1/auth/token", headers={"x-api-key": user_api_key})
         self.assertEqual(404, response.status_code)
+
+    @patch("backend.curation.api.v1.curation.auth.token.CorporaAuthConfig")
+    @patch("backend.curation.api.v1.curation.auth.token.auth0_management_session")
+    def test__post_token__401_old_token(self, auth0_management_session, CorporaAuthConfig):
+        """The old token fails to authenticate"""
+        test_secret = "password1234"
+        test_email = "user@email.com"
+        test_user_id = "test_user_id"
+        test_response = Response()
+        test_response.status_code = 403
+        test_error = HTTPError(response=test_response)
+        CorporaAuthConfig().api_key_secret = test_secret
+        auth0_management_session.get_user_api_key_identity = Mock(return_value={"profileData": {"email": test_email}})
+        auth0_management_session.generate_access_token = Mock(side_effect=test_error)
+        user_api_key = generate(test_user_id, test_secret)
+        response = self.app.post("/curation/v1/auth/token", headers={"x-api-key": user_api_key})
+        self.assertEqual(401, response.status_code)