Merge pull request #1312 from GSA/notify-admin-1157

add more debug to get e2e tests working

app/authentication/auth.py

@@ -15,6 +15,7 @@
 from sqlalchemy.orm.exc import NoResultFound
 
 from app.serialised_models import SerialisedService
+from app.utils import debug_not_production, hilite
 from notifications_utils import request_helper
 
 # stvnrlly - this is silly, but bandit has a multiline string bug (https://github.com/PyCQA/bandit/issues/658)
@@ -62,13 +63,19 @@ def requires_admin_auth():
 
 
 def requires_internal_auth(expected_client_id):
+    debug_not_production(
+        hilite(
+            f"Enter requires_internal_auth with expected client id {expected_client_id}"
+        )
+    )
     if expected_client_id not in current_app.config.get("INTERNAL_CLIENT_API_KEYS"):
         raise TypeError("Unknown client_id for internal auth")
 
     request_helper.check_proxy_header_before_request()
     auth_token = _get_auth_token(request)
+    debug_not_production(f"auth token {auth_token}")
     client_id = _get_token_issuer(auth_token)
-
+    debug_not_production(f"client id {client_id}")
     if client_id != expected_client_id:
         current_app.logger.info("client_id: %s", client_id)
         current_app.logger.info("expected_client_id: %s", expected_client_id)
@@ -78,6 +85,9 @@ def requires_internal_auth(expected_client_id):
         InternalApiKey(client_id, secret)
         for secret in current_app.config.get("INTERNAL_CLIENT_API_KEYS")[client_id]
     ]
+    debug_not_production(
+        f"got the api keys ... note client_id {client_id} should be the service_id {api_keys}"
+    )
 
     _decode_jwt_token(auth_token, api_keys, client_id)
     g.service_id = client_id
@@ -165,6 +175,11 @@ def _decode_jwt_token(auth_token, api_keys, service_id=None):
 
         return api_key
     else:
+        # We are hitting this in the e2e tests, debug why
+        debug_not_production(
+            f"auth token {auth_token} keys {api_keys} service_id={service_id}"
+        )
+
         # service has API keys, but none matching the one the user provided
         raise AuthError("Invalid token: API key not found", 403, service_id=service_id)
 

app/user/rest.py

@@ -1,5 +1,4 @@
 import json
-import os
 import uuid
 from urllib.parse import urlencode
 
@@ -54,7 +53,7 @@
     post_verify_code_schema,
     post_verify_webauthn_schema,
 )
-from app.utils import hilite, url_with_token, utc_now
+from app.utils import debug_not_production, hilite, url_with_token, utc_now
 from notifications_utils.recipients import is_us_phone_number, use_numeric_sender
 
 user_blueprint = Blueprint("user", __name__)
@@ -589,11 +588,6 @@ def get_user_login_gov_user():
     return jsonify(data=result)
 
 
-def debug_not_production(msg):
-    if os.getenv("NOTIFY_ENVIRONMENT") not in ["production"]:
-        current_app.logger.info(msg)
-
-
 @user_blueprint.route("/email", methods=["POST"])
 def fetch_user_by_email():
     try:

app/utils.py

@@ -1,6 +1,7 @@
+import os
 from datetime import datetime, timedelta, timezone
 
-from flask import url_for
+from flask import current_app, url_for
 from sqlalchemy import func
 
 from notifications_utils.template import HTMLEmailTemplate, SMSMessageTemplate
@@ -125,3 +126,8 @@ def naive_utcnow():
 
 def utc_now():
     return naive_utcnow()
+
+
+def debug_not_production(msg):
+    if os.getenv("NOTIFY_ENVIRONMENT") not in ["production"]:
+        current_app.logger.info(msg)

pyproject.toml

@@ -62,7 +62,7 @@ shapely = "^2.0.5"
 smartypants = "^2.0.1"
 mistune = "0.8.4"
 blinker = "^1.8.2"
-cryptography = "^43.0.0"
+cryptography = "^43.0.1"
 idna = "^3.7"
 jmespath = "^1.0.1"
 markupsafe = "^2.1.5"