Merge pull request #532 from wri/bugfix/fix-domains

allow users to specify non-globalforestwatch domains in api key
wri · May 31, 2024 · 885fd15 · 885fd15
2 parents a10fa4b + 3f1dddb
commit 885fd15
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 39 deletions.
diff --git a/app/authentication/api_keys.py b/app/authentication/api_keys.py
@@ -93,32 +93,14 @@ def api_key_is_valid(
     return is_valid
 
 
-def api_key_is_internal(
-    domains: List[str],
-    user_id: Optional[str] = None,
-    origin: Optional[str] = None,
-    referrer: Optional[str] = None,
-) -> bool:
-
-    is_internal: bool = False
-    if origin and domains:
-        is_internal = any(
-            [
-                re.search(_to_regex(internal_domain.strip()), domain)
-                for domain in domains
-                for internal_domain in INTERNAL_DOMAINS.split(",")
-            ]
-        )
-    elif referrer and domains:
-        is_internal = any(
-            [
-                re.search(_to_regex(domain), internal_domain)
-                for domain in domains
-                for internal_domain in INTERNAL_DOMAINS.split(",")
-            ]
-        )
-
-    return is_internal
+def api_key_is_internal(domains: List[str]) -> bool:
+    return any(
+        [
+            re.search(_to_regex(internal_domain.strip()), domain)
+            for domain in domains
+            for internal_domain in INTERNAL_DOMAINS.split(",")
+        ]
+    )
 
 
 def _api_key_origin_auto_error(
@@ -139,7 +121,7 @@ def _api_key_origin_auto_error(
 
 def _to_regex(domain):
     result = domain.replace(".", r"\.").replace("*", ".*")
-    return fr"^{result}$"
+    return rf"^{result}$"
 
 
 def _extract_domain(url: str) -> str:

diff --git a/app/routes/authentication/authentication.py b/app/routes/authentication/authentication.py
@@ -74,16 +74,8 @@ async def create_api_key(
 
     input_data = api_key_data.dict(by_alias=True)
 
-    origin = request.headers.get("origin")
-    referrer = request.headers.get("referer")
-    if not api_key_is_valid(input_data["domains"], origin=origin, referrer=referrer):
-        raise HTTPException(
-            status_code=400,
-            detail="Domain name did not match the request origin or referrer.",
-        )
-
     # Give a good error code/message if user is specifying an alias that exists for
-    # another one of his API keys.
+    # another one of their API keys.
     prev_keys: List[ORMApiKey] = await api_keys.get_api_keys_from_user(user_id=user.id)
     for key in prev_keys:
         if key.alias == api_key_data.alias:
@@ -94,9 +86,7 @@ async def create_api_key(
 
     row: ORMApiKey = await api_keys.create_api_key(user_id=user.id, **input_data)
 
-    is_internal = api_key_is_internal(
-        api_key_data.domains, user_id=None, origin=origin, referrer=referrer
-    )
+    is_internal = api_key_is_internal(api_key_data.domains)
     usage_plan_id = (
         API_GATEWAY_INTERNAL_USAGE_PLAN
         if is_internal is True

diff --git a/app/settings/globals.py b/app/settings/globals.py
@@ -178,6 +178,7 @@
         "api.resourcewatch.org",
         "my.gfw-mapbuilder.org",
         "resourcewatch.org",
+        "*.wri.org",
     ]
 )