diff --git a/GetIntoTeachingApi/Auth/SharedSecretHandler.cs b/GetIntoTeachingApi/Auth/SharedSecretHandler.cs index 4a0b4bf85..96ab8e2cd 100644 --- a/GetIntoTeachingApi/Auth/SharedSecretHandler.cs +++ b/GetIntoTeachingApi/Auth/SharedSecretHandler.cs @@ -1,4 +1,5 @@ -using System.Security.Claims; +using System.Linq; +using System.Security.Claims; using System.Text.Encodings.Web; using System.Threading.Tasks; using GetIntoTeachingApi.Utils; @@ -34,7 +35,9 @@ protected override Task HandleAuthenticateAsync() var token = Request.Headers["Authorization"].ToString().Replace("Bearer ", string.Empty); - if (token != _env.SharedSecret) + var secrets = new[] { _env.SharedSecret, _env.PenTestSharedSecret }; + + if (!secrets.Contains(token)) { _logger.LogWarning("SharedSecretHandler - Token is not valid"); return Task.FromResult(AuthenticateResult.Fail("Token is not valid")); diff --git a/GetIntoTeachingApi/Utils/Env.cs b/GetIntoTeachingApi/Utils/Env.cs index a52d2ea3e..3b99ed08f 100644 --- a/GetIntoTeachingApi/Utils/Env.cs +++ b/GetIntoTeachingApi/Utils/Env.cs @@ -21,6 +21,7 @@ public class Env : IEnv public string CrmClientSecret => Environment.GetEnvironmentVariable("CRM_CLIENT_SECRET"); public string NotifyApiKey => Environment.GetEnvironmentVariable("NOTIFY_API_KEY"); public string SharedSecret => Environment.GetEnvironmentVariable("SHARED_SECRET"); + public string PenTestSharedSecret => Environment.GetEnvironmentVariable("PEN_TEST_SHARED_SECRET"); public string GoogleApiKey => Environment.GetEnvironmentVariable("GOOGLE_API_KEY"); } } diff --git a/GetIntoTeachingApi/Utils/IEnv.cs b/GetIntoTeachingApi/Utils/IEnv.cs index e9c1cf45a..c275ee286 100644 --- a/GetIntoTeachingApi/Utils/IEnv.cs +++ b/GetIntoTeachingApi/Utils/IEnv.cs @@ -19,6 +19,7 @@ public interface IEnv string CrmClientSecret { get; } string NotifyApiKey { get; } string SharedSecret { get; } + string PenTestSharedSecret { get; } string GoogleApiKey { get; } } } diff --git a/GetIntoTeachingApiTests/Auth/SharedSecretHandlerTests.cs b/GetIntoTeachingApiTests/Auth/SharedSecretHandlerTests.cs index 5a59c6d8e..39c3f93e7 100644 --- a/GetIntoTeachingApiTests/Auth/SharedSecretHandlerTests.cs +++ b/GetIntoTeachingApiTests/Auth/SharedSecretHandlerTests.cs @@ -21,6 +21,7 @@ public SharedSecretHandlerTests() { var mockEnv = new Mock(); mockEnv.Setup(m => m.SharedSecret).Returns("shared_secret"); + mockEnv.Setup(m => m.PenTestSharedSecret).Returns("pen_test_shared_secret"); var mockOptionsMonitor = new Mock>(); mockOptionsMonitor.Setup(m => m.Get("SharedSecretHandler")).Returns(new SharedSecretSchemeOptions()); @@ -36,6 +37,8 @@ public SharedSecretHandlerTests() [Theory] [InlineData("Bearer shared_secret", true)] [InlineData("shared_secret", true)] + [InlineData("Bearer pen_test_shared_secret", true)] + [InlineData("pen_test_shared_secret", true)] [InlineData("Bearer incorrect_shared_secret", false)] [InlineData("Bearer ", false)] [InlineData("", false)] diff --git a/GetIntoTeachingApiTests/Utils/EnvTests.cs b/GetIntoTeachingApiTests/Utils/EnvTests.cs index fd1852aa2..0e2cce077 100644 --- a/GetIntoTeachingApiTests/Utils/EnvTests.cs +++ b/GetIntoTeachingApiTests/Utils/EnvTests.cs @@ -207,6 +207,17 @@ public void SharedSecret_ReturnsCorrectly() Environment.SetEnvironmentVariable("SHARED_SECRET", previous); } + [Fact] + public void PenTestSharedSecret_ReturnsCorrectly() + { + var previous = Environment.GetEnvironmentVariable("PEN_TEST_SHARED_SECRET"); + Environment.SetEnvironmentVariable("PEN_TEST_SHARED_SECRET", "pen-test-shared-secret"); + + _env.PenTestSharedSecret.Should().Be("pen-test-shared-secret"); + + Environment.SetEnvironmentVariable("PEN_TEST_SHARED_SECRET", previous); + } + [Fact] public void GoogleApiKey_ReturnsCorrectly() { diff --git a/terraform/paas/application.tf b/terraform/paas/application.tf index 351c46879..d1f81d589 100644 --- a/terraform/paas/application.tf +++ b/terraform/paas/application.tf @@ -22,15 +22,16 @@ resource "cloudfoundry_app" "api_application" { route = cloudfoundry_route.api_route.id } environment = { - CRM_CLIENT_ID = var.CRM_CLIENT_ID - CRM_CLIENT_SECRET = var.CRM_CLIENT_SECRET - CRM_SERVICE_URL = var.CRM_SERVICE_URL - CRM_TENANT_ID = var.CRM_TENANT_ID - NOTIFY_API_KEY = var.NOTIFY_API_KEY - TOTP_SECRET_KEY = var.TOTP_SECRET_KEY - SHARED_SECRET = var.SHARED_SECRET - SENTRY_URL = var.SENTRY_URL - GOOGLE_API_KEY = var.GOOGLE_API_KEY + CRM_CLIENT_ID = var.CRM_CLIENT_ID + CRM_CLIENT_SECRET = var.CRM_CLIENT_SECRET + CRM_SERVICE_URL = var.CRM_SERVICE_URL + CRM_TENANT_ID = var.CRM_TENANT_ID + NOTIFY_API_KEY = var.NOTIFY_API_KEY + TOTP_SECRET_KEY = var.TOTP_SECRET_KEY + SHARED_SECRET = var.SHARED_SECRET + PEN_TEST_SHARED_SECRET = var.PEN_TEST_SHARED_SECRET + SENTRY_URL = var.SENTRY_URL + GOOGLE_API_KEY = var.GOOGLE_API_KEY ASPNETCORE_ENVIRONMENT = var.ASPNETCORE_ENVIRONMENT DATABASE_INSTANCE_NAME = cloudfoundry_service_instance.postgres2.name HANGFIRE_INSTANCE_NAME = cloudfoundry_service_instance.hangfire.name diff --git a/terraform/paas/variables.tf b/terraform/paas/variables.tf index cfa5ce290..a1eec2fe5 100644 --- a/terraform/paas/variables.tf +++ b/terraform/paas/variables.tf @@ -71,6 +71,7 @@ variable "CRM_CLIENT_ID" {} variable "CRM_TENANT_ID" {} variable "CRM_CLIENT_SECRET" {} variable "SHARED_SECRET" {} +variable "PEN_TEST_SHARED_SECRET" {} variable "NOTIFY_API_KEY" {} variable "TOTP_SECRET_KEY" {} variable "SENTRY_URL" {}