GH-4: Register API when API key configured

README.md

@@ -26,7 +26,7 @@ The application can also be configured with the following environment variables:
 | FLASK_SECRET_KEY                 | Flask session [secret key](https://flask.palletsprojects.com/en/2.3.x/quickstart/#sessions) |
 | FLASK_BASIC_AUTH_USERNAME        | HTTP Basic Auth username                                                                    |
 | FLASK_BASIC_AUTH_PASSWORD        | HTTP Basic Auth password                                                                    |
-| FLASK_API_KEY                    | API key                                                                                     |
+| FLASK_API_KEY                    | API key (unset to disable)                                                                  |
 | FLASK_GOVUK_CLIENT_ID            | OIDC client id                                                                              |
 | FLASK_GOVUK_CLIENT_SECRET        | OIDC client secret                                                                          |
 | FLASK_GOVUK_SERVER_METADATA_URL  | OIDC discovery endpoint                                                                     |

schemes/__init__.py

@@ -37,8 +37,7 @@ def bindings(binder: Binder) -> None:
     app.register_blueprint(start.bp)
     app.register_blueprint(auth.bp, url_prefix="/auth")
     app.register_blueprint(home.bp, url_prefix="/home")
-    if app.testing:
-        app.register_blueprint(users.bp, url_prefix="/users")
+    app.register_blueprint(users.bp, url_prefix="/users")
 
     _create_database()
     if not app.testing:

tests/integration/test_users.py

@@ -7,76 +7,68 @@
 from schemes.users import User, UserRepository
 
 
-@pytest.fixture(name="config")
-def config_fixture(config: Mapping[str, Any]) -> Mapping[str, Any]:
-    return config | {"API_KEY": "boardman"}
-
-
-@pytest.fixture(name="users")
-def users_fixture() -> UserRepository:
-    return inject.instance(UserRepository)
-
-
-def test_add_users(users: UserRepository, client: FlaskClient) -> None:
-    response = client.post(
-        "/users",
-        headers={"Authorization": "API-Key boardman"},
-        json=[{"email": "[email protected]"}, {"email": "[email protected]"}],
-    )
-
-    assert response.status_code == 201
-    assert users.get_all() == [User("[email protected]"), User("[email protected]")]
-
-
-def test_cannot_add_users_when_no_credentials(users: UserRepository, client: FlaskClient) -> None:
-    response = client.post("/users", json=[{"email": "[email protected]"}])
-
-    assert response.status_code == 401
-    assert not users.get_all()
+class TestApiEnabled:
+    @pytest.fixture(name="config")
+    def config_fixture(self, config: Mapping[str, Any]) -> Mapping[str, Any]:
+        return config | {"API_KEY": "boardman"}
 
+    @pytest.fixture(name="users")
+    def users_fixture(self) -> UserRepository:
+        return inject.instance(UserRepository)
 
-def test_cannot_add_users_when_incorrect_credentials(users: UserRepository, client: FlaskClient) -> None:
-    response = client.post(
-        "/users", headers={"Authorization": "API-Key obree"}, json=[{"email": "[email protected]"}]
-    )
+    def test_add_users(self, users: UserRepository, client: FlaskClient) -> None:
+        response = client.post(
+            "/users",
+            headers={"Authorization": "API-Key boardman"},
+            json=[{"email": "[email protected]"}, {"email": "[email protected]"}],
+        )
 
-    assert response.status_code == 401
-    assert not users.get_all()
+        assert response.status_code == 201
+        assert users.get_all() == [User("[email protected]"), User("[email protected]")]
 
+    def test_cannot_add_users_when_no_credentials(self, users: UserRepository, client: FlaskClient) -> None:
+        response = client.post("/users", json=[{"email": "[email protected]"}])
 
-def test_clear_users(users: UserRepository, client: FlaskClient) -> None:
-    users.add(User("[email protected]"))
+        assert response.status_code == 401
+        assert not users.get_all()
 
-    response = client.delete("/users", headers={"Authorization": "API-Key boardman"})
+    def test_cannot_add_users_when_incorrect_credentials(self, users: UserRepository, client: FlaskClient) -> None:
+        response = client.post(
+            "/users", headers={"Authorization": "API-Key obree"}, json=[{"email": "[email protected]"}]
+        )
 
-    assert response.status_code == 204
-    assert not users.get_all()
+        assert response.status_code == 401
+        assert not users.get_all()
 
+    def test_clear_users(self, users: UserRepository, client: FlaskClient) -> None:
+        users.add(User("[email protected]"))
 
-def test_cannot_clear_users_when_no_credentials(users: UserRepository, client: FlaskClient) -> None:
-    users.add(User("[email protected]"))
+        response = client.delete("/users", headers={"Authorization": "API-Key boardman"})
 
-    response = client.delete("/users")
+        assert response.status_code == 204
+        assert not users.get_all()
 
-    assert response.status_code == 401
-    assert users.get_all() == [User("[email protected]")]
+    def test_cannot_clear_users_when_no_credentials(self, users: UserRepository, client: FlaskClient) -> None:
+        users.add(User("[email protected]"))
 
+        response = client.delete("/users")
 
-def test_cannot_clear_users_when_incorrect_credentials(users: UserRepository, client: FlaskClient) -> None:
-    users.add(User("[email protected]"))
+        assert response.status_code == 401
+        assert users.get_all() == [User("[email protected]")]
 
-    response = client.delete("/users", headers={"Authorization": "API-Key obree"})
+    def test_cannot_clear_users_when_incorrect_credentials(self, users: UserRepository, client: FlaskClient) -> None:
+        users.add(User("[email protected]"))
 
-    assert response.status_code == 401
-    assert users.get_all() == [User("[email protected]")]
+        response = client.delete("/users", headers={"Authorization": "API-Key obree"})
 
+        assert response.status_code == 401
+        assert users.get_all() == [User("[email protected]")]
 
-class TestProduction:
-    @pytest.fixture(name="config")
-    def config_fixture(self, config: Mapping[str, Any]) -> Mapping[str, Any]:
-        return config | {"TESTING": False}
 
+class TestApiDisabled:
     def test_cannot_add_user(self, client: FlaskClient) -> None:
-        response = client.post("/users", json={"email": "[email protected]"})
+        response = client.post(
+            "/users", headers={"Authorization": "API-Key boardman"}, json={"email": "[email protected]"}
+        )
 
-        assert response.status_code == 404
+        assert response.status_code == 401