Merge pull request #426 from wri/gtc-2388-ports-in-domains

GTC-2388: Cannot specify domains when creating GFW Data API key
wri · Sep 19, 2023 · 7b5d558 · 7b5d558
2 parents 69023d3 + f7e2bb4
commit 7b5d558
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 10 deletions.
diff --git a/app/models/pydantic/authentication.py b/app/models/pydantic/authentication.py
@@ -29,21 +29,30 @@ class SignUpResponse(Response):
 
 class APIKeyRequestIn(StrictBaseModel):
 
-    alias: str = Query(..., description="Nick name for API Key")
-    organization: str = Query(..., description="Name of organization or Website")
+    alias: str = Query(..., description="Nickname for API Key")
+    organization: str = Query(..., description="Name of organization or website")
     email: EmailStr = Query(..., description="Email address of POC")
     domains: List[str] = Query(
         [],
-        description="List of domains which can be used this API key. If no domain is listed, the key will be set by default to the lowest rate limiting tier. "
-        "When making request using the API key, make sure you add the correct `origin` header matching a whitelisted domain. "
-        "You can use wildcards for subdomains such as *.yourdomain.com. "
-        "Our validation methord for wildcard will allow only subdomains. So make sure you also add yourdomain.com if you use root without any subdomains. "
-        "www.yourdomain.com and yourdomain.com are two different domains in terms of security. Include www. if required. ",
-        regex=r"^(\*\.)?([\w-]+\.)+[\w-]+$|(localhost)",
+        description="""List of domains which can be used this API key.
+        If no domain is listed, the key will be set by default to the lowest rate
+        limiting tier. <br/>
+        When making request using the API key, make sure you add the correct `origin`
+        header matching a domain in this allowlist.<br/><br/>
+        You can use wildcards for subdomains such as `*.yourdomain.com`.<br/>
+        **Our validation method for wildcards will allow only subdomains.**<br/><br/>
+        Make sure you also add `yourdomain.com` if you use root without any subdomains.<br/>
+        `www.yourdomain.com` and `yourdomain.com` are two different domains in terms
+        of security.<br/>
+        Include `www.` if required.<br/><br/>
+        **Do not** include port numbers in the domain names. `localhost`~:3000~<br/><br/>
+        A `domains` example for local development might look like this:<br/>
+        `["www.yourdomain.com", "*.yourdomain.com", "yourdomain.com", "localhost"]`""",
+        regex=r"^(\*\.)?([\w-]+\.)+[\w-]+$|^(localhost)$",
     )
     never_expires: bool = Query(
         False,
-        description="Set API Key to never expire, only admin uses can set this to True",
+        description="Set API Key to never expire, only `admin` users can set this to `true`",
     )
 
 

diff --git a/tests_v2/fixtures/authentication/api_keys.py b/tests_v2/fixtures/authentication/api_keys.py
@@ -12,4 +12,12 @@
 ]
 
 BAD_EMAILS = ["not an email", "also_not@n-email", "nope", None]
-BAD_DOMAINS = ["www.*.com", "*", "www.test*.org", "www.test.*", "*.com"]
+BAD_DOMAINS = [
+    "www.*.com",
+    "*",
+    "www.test*.org",
+    "www.test.*",
+    "*.com",
+    "globalforestwatch.org:443",
+    "localhost:3000",
+]