diff --git a/backend/api.py b/backend/api.py index e085b9a..88162d9 100644 --- a/backend/api.py +++ b/backend/api.py @@ -425,11 +425,12 @@ def gmail_auth_url(): return jsonify({"auth_url": url}) @app.route("/gmail/callback", methods=["GET"]) -@jwt_or_secret_required() def gmail_callback(): code = request.args.get("code") redirect_uri = request.args.get("redirect_uri") or "http://localhost:3000/gmail/callback" - username = get_current_user_identity() + username = _require_username() + if not username: + return jsonify({"error": "Missing X-User-Username header"}), 401 if not code: return jsonify({"error": "Authorization code is missing"}), 400 @@ -444,9 +445,10 @@ def gmail_callback(): return jsonify({"error": f"Failed to exchange Google code: {str(e)}"}), 500 @app.route("/gmail/emails", methods=["GET"]) -@jwt_or_secret_required() def gmail_emails(): - username = get_current_user_identity() + username = _require_username() + if not username: + return jsonify({"error": "Missing X-User-Username header"}), 401 user_tokens = TOKEN_STORE.get(username, {}).get("gmail") if not user_tokens: @@ -475,11 +477,12 @@ def outlook_auth_url(): return jsonify({"auth_url": url}) @app.route("/outlook/callback", methods=["GET"]) -@jwt_or_secret_required() def outlook_callback(): code = request.args.get("code") redirect_uri = request.args.get("redirect_uri") or "http://localhost:3000/outlook/callback" - username = get_current_user_identity() + username = _require_username() + if not username: + return jsonify({"error": "Missing X-User-Username header"}), 401 if not code: return jsonify({"error": "Authorization code is missing"}), 400 @@ -494,9 +497,10 @@ def outlook_callback(): return jsonify({"error": f"Failed to exchange Outlook code: {str(e)}"}), 500 @app.route("/outlook/emails", methods=["GET"]) -@jwt_or_secret_required() def outlook_emails(): - username = get_current_user_identity() + username = _require_username() + if not username: + return jsonify({"error": "Missing X-User-Username header"}), 401 user_tokens = TOKEN_STORE.get(username, {}).get("outlook") if not user_tokens: @@ -519,11 +523,12 @@ def outlook_emails(): return jsonify({"error": f"Failed to fetch Outlook emails: {str(e)}"}), 500 @app.route("/scan-emails", methods=["POST"]) -@jwt_or_secret_required() def scan_emails_route(): data = request.get_json(silent=True) or {} provider = data.get("provider", "").lower() - username = get_current_user_identity() + username = _require_username() + if not username: + return jsonify({"error": "Missing X-User-Username header"}), 401 if provider not in ("gmail", "outlook"): return jsonify({"error": "Invalid provider. Must be 'gmail' or 'outlook'."}), 400 diff --git a/backend/tests/test_internal_secret.py b/backend/tests/test_internal_secret.py index 825d80f..cd3dc89 100644 --- a/backend/tests/test_internal_secret.py +++ b/backend/tests/test_internal_secret.py @@ -25,7 +25,7 @@ def client(): with api_module.app.test_client() as c: yield c -def test_jwt_or_secret_required_with_valid_secret(client): +def test_gmail_emails_with_valid_secret(client): headers = { "X-Internal-Secret": "super-secret-internal-key", "X-User-Username": "test_user" @@ -41,30 +41,11 @@ def test_jwt_or_secret_required_with_valid_secret(client): res = client.get("/gmail/emails", headers=headers) assert res.status_code == 200 -def test_jwt_or_secret_required_with_valid_jwt(client): - with api_module.app.app_context(): - token = create_access_token(identity="test_user") - - headers = { - "Authorization": f"Bearer {token}" - } - - api_module.TOKEN_STORE["test_user"] = { - "gmail": { - "access_token": "mock_gmail_access_token" - } - } - - with patch("api.fetch_gmail_emails") as mock_fetch: - mock_fetch.return_value = [] - res = client.get("/gmail/emails", headers=headers) - assert res.status_code == 200 - -def test_jwt_or_secret_required_missing_auth(client): +def test_gmail_emails_missing_auth(client): res = client.get("/gmail/emails") assert res.status_code == 401 -def test_jwt_or_secret_required_invalid_secret(client): +def test_gmail_emails_invalid_secret(client): headers = { "X-Internal-Secret": "wrong-secret", "X-User-Username": "test_user"