another testcase the fails similar to #847 (#892)

* another testcase the fails similar to #847 * proper fix * revert to statuscode 401 and code improvements @calle Co-authored-by: dni <dni.khr@gmail.com>
2024-11-19 18:11:30 +01:00 · 2022-08-16 17:01:05 +02:00 · 2022-08-16 17:01:05 +02:00 · 88ec440ea1
commit 88ec440ea1
parent 8956bdc954
2 changed files with 26 additions and 8 deletions
--- a/lnbits/decorators.py
+++ b/lnbits/decorators.py
@ -130,10 +130,13 @@ async def get_key_type(
    # 2: invalid
    pathname = r["path"].split("/")[1]

-    if not api_key_header and not api_key_query:
-        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST)
+    token = api_key_header or api_key_query

-    token = api_key_header if api_key_header else api_key_query
+    if not token:
+        raise HTTPException(
+            status_code=HTTPStatus.UNAUTHORIZED,
+            detail="Invoice (or Admin) key required.",
+        )

    try:
        admin_checker = WalletAdminKeyChecker(api_key=token)
@ -180,7 +183,14 @@ async def require_admin_key(
    api_key_header: str = Security(api_key_header),  # type: ignore
    api_key_query: str = Security(api_key_query),  # type: ignore
 ):
-    token = api_key_header if api_key_header else api_key_query
+
+    token = api_key_header or api_key_query
+
+    if not token:
+        raise HTTPException(
+            status_code=HTTPStatus.UNAUTHORIZED,
+            detail="Admin key required.",
+        )

    wallet = await get_key_type(r, token)

@ -199,11 +209,12 @@ async def require_invoice_key(
    api_key_header: str = Security(api_key_header),  # type: ignore
    api_key_query: str = Security(api_key_query),  # type: ignore
 ):
+
    token = api_key_header or api_key_query

-    if token is None:
+    if not token:
        raise HTTPException(
-            status_code=status.HTTP_401_UNAUTHORIZED,
+            status_code=HTTPStatus.UNAUTHORIZED,
            detail="Invoice (or Admin) key required.",
        )

--- a/tests/core/views/test_api.py
+++ b/tests/core/views/test_api.py
@ -45,9 +45,16 @@ async def test_get_wallet_adminkey(client, adminkey_headers_to):
    assert "id" in result


-# check POST /api/v1/payments: empty request
+# check PUT /api/v1/wallet/newwallet: empty request where admin key is needed
@pytest.mark.asyncio
-async def test_post_empty_request(client):
+async def test_put_empty_request_expected_admin_keys(client):
+    response = await client.put("/api/v1/wallet/newwallet")
+    assert response.status_code == 401
+
+
+# check POST /api/v1/payments: empty request where invoice key is needed
+@pytest.mark.asyncio
+async def test_post_empty_request_expected_invoice_keys(client):
    response = await client.post("/api/v1/payments")
    assert response.status_code == 401