diff --git a/app/controllers/api/v1/base_controller.rb b/app/controllers/api/v1/base_controller.rb index 045e4395e5..6ee986a486 100644 --- a/app/controllers/api/v1/base_controller.rb +++ b/app/controllers/api/v1/base_controller.rb @@ -11,7 +11,7 @@ def authenticate end def authenticate_shared_key - api_key = "Basic #{ENV['internal_api_key']}" + api_key = "Basic #{ENV['rwhois_internal_api_shared_key']}" head(:unauthorized) unless api_key == request.authorization end diff --git a/app/controllers/api/v1/bounces_controller.rb b/app/controllers/api/v1/bounces_controller.rb index fd10a33980..de2814250f 100644 --- a/app/controllers/api/v1/bounces_controller.rb +++ b/app/controllers/api/v1/bounces_controller.rb @@ -1,7 +1,7 @@ module Api module V1 class BouncesController < BaseController - before_action :authenticate_shared_key + before_action :validate_shared_key_integrity # POST api/v1/bounces/ def create @@ -20,6 +20,13 @@ def bounce_params params.require(:data) end + + private + + def validate_shared_key_integrity + api_key = "Basic #{ENV['rwhois_bounces_api_shared_key']}" + head(:unauthorized) unless api_key == request.authorization + end end end end diff --git a/config/application.yml.sample b/config/application.yml.sample index 21f1df8e02..dd38e206ca 100644 --- a/config/application.yml.sample +++ b/config/application.yml.sample @@ -87,11 +87,11 @@ sk_digi_doc_service_name: 'Testimine' registrant_api_base_url: registrant_api_auth_allowed_ips: '127.0.0.1, 0.0.0.0' #ips, separated with commas -# Bounces API -api_shared_key: testkey +# Shared key for REST-WHOIS Bounces API incl. CERT +rwhois_bounces_api_shared_key: testkey # Link to REST-WHOIS API -internal_api_key: testkey +rwhois_internal_api_shared_key: testkey # Base URL (inc. https://) of REST registrant portal # Leave blank to use internal registrant portal diff --git a/test/integration/api/v1/bounces/create_test.rb b/test/integration/api/v1/bounces/create_test.rb index 899b6c5c70..0d3dc65d7b 100644 --- a/test/integration/api/v1/bounces/create_test.rb +++ b/test/integration/api/v1/bounces/create_test.rb @@ -2,7 +2,7 @@ class BouncesApiV1CreateTest < ActionDispatch::IntegrationTest def setup - @api_key = "Basic #{ENV['api_shared_key']}" + @api_key = "Basic #{ENV['rwhois_bounces_api_shared_key']}" @headers = { "Authorization": "#{@api_key}" } @json_body = { "data": valid_bounce_request }.as_json end diff --git a/test/integration/api/v1/contact_requests_test.rb b/test/integration/api/v1/contact_requests_test.rb index f0621b6863..c9e2ac9bd2 100644 --- a/test/integration/api/v1/contact_requests_test.rb +++ b/test/integration/api/v1/contact_requests_test.rb @@ -2,7 +2,7 @@ class ApiV1ContactRequestTest < ActionDispatch::IntegrationTest def setup - @api_key = "Basic #{ENV['api_shared_key']}" + @api_key = "Basic #{ENV['rwhois_internal_api_shared_key']}" @headers = { "Authorization": "#{@api_key}" } @json_create = { "contact_request": valid_contact_request_create }.as_json @json_update = { "contact_request": valid_contact_request_update }.as_json