Remove ability to send key via query string

neutrons · Jul 8, 2024 · d74a0d1 · d74a0d1
1 parent 7b2b256
commit d74a0d1
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 16 deletions.
diff --git a/src/live_data_server/plots/view_util.py b/src/live_data_server/plots/view_util.py
@@ -47,11 +47,6 @@ def request_processor(request, instrument, run_id):
 
             client_key = request.META.get("HTTP_AUTHORIZATION")
 
-            # getting the client_key from request.GET.get("key") should be
-            # removed after WebMon/WebRef supports Authorization request header
-            if client_key is None:
-                client_key = request.GET.get("key")
-
             if client_key == server_key:
                 return fn(request, instrument, run_id)
             return HttpResponse(status=401)

diff --git a/tests/test_post_get.py b/tests/test_post_get.py
@@ -88,34 +88,31 @@ def test_get_request(self, data_server):
         )
         assert http_request.status_code == HTTP_OK
 
-        base_url = f"{TEST_URL}/plots/{instrument}/{run_number}/update/html/"
+        url = f"{TEST_URL}/plots/{instrument}/{run_number}/update/html/"
 
         # test GET request - authenticate with secret key
-        url = f"{base_url}?key={_generate_key(instrument, run_number)}"
-        http_request = requests.get(url)
+        http_request = requests.get(
+            url,
+            headers={"Authorization": _generate_key(instrument, run_number)},
+        )
         assert http_request.status_code == HTTP_OK
         assert http_request.text == files["file"]
 
         # test that getting the json should return not found
         http_request = requests.get(
-            f"{TEST_URL}/plots/{instrument}/{run_number}/update/json/?key={_generate_key(instrument, run_number)}"
+            f"{TEST_URL}/plots/{instrument}/{run_number}/update/json/",
+            headers={"Authorization": _generate_key(instrument, run_number)},
         )
         assert http_request.status_code == HTTP_NOT_FOUND
         assert http_request.text == "No data available for REF_M 12346"
 
         # test GET request - no key
-        url = base_url
-        http_request = requests.get(url)
-        assert http_request.status_code == HTTP_UNAUTHORIZED
-
-        # test GET request - wrong key
-        url = f"{base_url}?key=WRONG-KEY"
         http_request = requests.get(url)
         assert http_request.status_code == HTTP_UNAUTHORIZED
 
         # test GET request - wrong key
         http_request = requests.get(
-            base_url,
+            url,
             headers={"Authorization": "WRONG-KEY"},
         )
         assert http_request.status_code == HTTP_UNAUTHORIZED