From 5916c816ddaf3719b04e9e5fe8eea8088e571fdb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emiliano=20Su=C3=B1=C3=A9?= Date: Wed, 20 Nov 2024 19:19:25 -0800 Subject: [PATCH] Restore --base-wallet-extra-routes argument functionality MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Emiliano Suñé --- acapy_agent/admin/decorators/auth.py | 11 +++++------ acapy_agent/admin/tests/test_auth.py | 4 ++-- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/acapy_agent/admin/decorators/auth.py b/acapy_agent/admin/decorators/auth.py index 6d673a19f9..6e9f1597a8 100644 --- a/acapy_agent/admin/decorators/auth.py +++ b/acapy_agent/admin/decorators/auth.py @@ -2,7 +2,7 @@ import functools import re -from typing import Optional, Pattern, Sequence, cast +from typing import Optional, Pattern from aiohttp import web @@ -95,11 +95,10 @@ def _base_wallet_route_access(additional_routes: str, request_path: str) -> bool def _build_additional_routes_pattern(pattern_string: str) -> Optional[Pattern]: - """Build pattern from string.""" - base_wallet_routes = cast(Sequence[str], pattern_string) - if base_wallet_routes: - return re.compile("^(?:" + "|".join(base_wallet_routes) + ")") - return None + """Build pattern from space delimited list of paths.""" + # create array and add word boundary to avoid false positives + paths = pattern_string.split(" ") + return re.compile("^((?:)" + "|".join(paths) + ")$") def _matches_additional_routes(pattern: Pattern, path: str) -> bool: diff --git a/acapy_agent/admin/tests/test_auth.py b/acapy_agent/admin/tests/test_auth.py index 7be0549866..73680a1b00 100644 --- a/acapy_agent/admin/tests/test_auth.py +++ b/acapy_agent/admin/tests/test_auth.py @@ -147,12 +147,12 @@ async def test_base_wallet_additional_route_allowed(self): self.decorated_handler.assert_called_once_with(self.request) async def test_base_wallet_additional_route_denied(self): - self.profile.settings["multitenant.base_wallet_routes"] = "/wrong-extra-route" + self.profile.settings["multitenant.base_wallet_routes"] = "/extra-route" self.request = mock.MagicMock( __getitem__=lambda _, k: self.request_dict[k], headers={"x-api-key": "admin_api_key"}, method="POST", - path="/extra-route", + path="/extra-route-wrong", ) decor_func = tenant_authentication(self.decorated_handler) with self.assertRaises(web.HTTPUnauthorized):