Skip to content

CDA-105: Updated authentication error message for expired API keys #1667

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
MikeNeilson merged 3 commits into from
Apr 6, 2026
+7 −4
Merged

CDA-105: Updated authentication error message for expired API keys #1667

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ea1d0ea
Updated authentication error message to include expired keys
zack-rma Apr 1, 2026
49126d4
Added tests to verify error message on expired and invalid API keys a…
zack-rma Apr 3, 2026
006d590
Moved error message into public constant
zack-rma Apr 3, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions cwms-data-api/src/main/java/cwms/cda/data/dao/AuthDao.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,6 @@
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;

import javax.servlet.http.HttpServletResponse;
import javax.sql.DataSource;
import org.jetbrains.annotations.NotNull;
import org.jooq.DSLContext;
Expand All @@ -56,6 +55,7 @@ public class AuthDao extends Dao<DataApiPrincipal> {
public static final String SCHEMA_TOO_OLD = "The CWMS-Data-API requires schema version "
+ "23.03.16 or later to handle authorization operations.";
public static final String DATA_API_PRINCIPAL = "DataApiPrincipal";
public static final String AUTH_ERROR_MSG = "Authentication failed. The API Key may be invalid or no longer active.";
// At this level we just care that the user has permissions in *any* office
private static final String RETRIEVE_GROUPS_OF_USER =
ResourceHelper.getResourceAsString("/cwms/data/sql/user_groups.sql", AuthDao.class);
Expand Down Expand Up @@ -204,7 +204,7 @@ private String checkKey(String key) throws CwmsAuthException {
if (rs.next()) {
return rs.getString(1);
} else {
throw new CwmsAuthException("No user for key");
throw new CwmsAuthException(AUTH_ERROR_MSG);
}
}
} catch (SQLException ex) {
Expand Down
7 changes: 5 additions & 2 deletions cwms-data-api/src/test/java/cwms/cda/api/auth/ApiKeyControllerTestIT.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
import io.restassured.filter.log.LogDetail;
import io.restassured.specification.RequestSpecification;

import static cwms.cda.data.dao.AuthDao.AUTH_ERROR_MSG;
import static cwms.cda.data.dao.JsonRatingUtilsTest.loadResourceAsString;
import static io.restassured.RestAssured.given;
import static org.hamcrest.Matchers.*;
Expand Down Expand Up @@ -269,7 +270,8 @@ public void test_key_usage() throws Exception {
.then()
.log().ifValidationFails(LogDetail.ALL,true)
.assertThat()
.statusCode(is(HttpCode.UNAUTHORIZED.getStatus()));
.statusCode(is(HttpCode.UNAUTHORIZED.getStatus()))
.body("message", is(AUTH_ERROR_MSG));
// fail to use no existent key
given()
.log().ifValidationFails(LogDetail.ALL,true)
Expand All @@ -284,7 +286,8 @@ public void test_key_usage() throws Exception {
.then()
.log().ifValidationFails(LogDetail.ALL,true)
.assertThat()
.statusCode(is(HttpCode.UNAUTHORIZED.getStatus()));
.statusCode(is(HttpCode.UNAUTHORIZED.getStatus()))
.body("message", is(AUTH_ERROR_MSG));
}

@Order(6)
Expand Down
Loading