From d363b1bb15ba02a3f35fee6031b3c356b58cf12e Mon Sep 17 00:00:00 2001
From: Matthieu Petiteau <mpetiteau.pro@gmail.com>
Date: Fri, 8 Sep 2023 16:20:14 +0100
Subject: [PATCH] Ensure the API uses the right status codes

---
 shhh/__init__.py  |  2 +-
 shhh/api/api.py   |  2 +-
 tests/test_api.py | 13 +++++++++++--
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/shhh/__init__.py b/shhh/__init__.py
index 131942e7..8d1c8625 100644
--- a/shhh/__init__.py
+++ b/shhh/__init__.py
@@ -1 +1 @@
-__version__ = "3.0.2"
+__version__ = "3.0.3"
diff --git a/shhh/api/api.py b/shhh/api/api.py
index eaefc2d4..860c0901 100644
--- a/shhh/api/api.py
+++ b/shhh/api/api.py
@@ -62,7 +62,7 @@ def secret_sanitise_newline(self, data: dict, **kwargs) -> dict[str, str]:
 def handle_parsing_error(err, req, schema, *, error_status_code,
                          error_headers):
     response, code = handlers.parse_error(err)
-    return abort(response.make(), code)
+    return abort(make_response(response.make(), code))
 
 
 class Api(MethodView):
diff --git a/tests/test_api.py b/tests/test_api.py
index 7d1bf70c..087d7d42 100644
--- a/tests/test_api.py
+++ b/tests/test_api.py
@@ -1,12 +1,13 @@
 from datetime import datetime, timedelta
+from http import HTTPStatus
 from urllib.parse import urlparse
 
 import pytest
 from flask import url_for
 
-from shhh.extensions import db
-from shhh.domain import model
 from shhh.api.responses import Message, Status
+from shhh.domain import model
+from shhh.extensions import db
 
 
 @pytest.fixture
@@ -28,6 +29,7 @@ def test_api_post_create_secret(app, post_payload):
     with app.test_request_context(), app.test_client() as test_client:
         response = test_client.post(url_for("api.secret"), json=post_payload)
     data = response.get_json()
+    assert response.status_code == HTTPStatus.CREATED
 
     # ensure all the keys are present in the response
     for field in ("status", "details", "external_id", "link", "expires_on"):
@@ -55,6 +57,7 @@ def test_api_post_wrong_expire_value(app, post_payload):
     post_payload["expire"] = "12m"
     with app.test_request_context(), app.test_client() as test_client:
         response = test_client.post(url_for("api.secret"), json=post_payload)
+    assert response.status_code == HTTPStatus.UNPROCESSABLE_ENTITY
     data = response.get_json()
     assert data["response"]["status"] == Status.ERROR
     assert data["response"]["details"] == ("Must be one of: 10m, 30m, 1h, "
@@ -66,6 +69,7 @@ def test_api_post_missing_required_field(app, post_payload, field):
     post_payload.pop(field)
     with app.test_request_context(), app.test_client() as test_client:
         response = test_client.post(url_for("api.secret"), json=post_payload)
+    assert response.status_code == HTTPStatus.UNPROCESSABLE_ENTITY
     data = response.get_json()
     assert data["response"]["status"] == Status.ERROR
     assert data["response"]["details"] == "Missing data for required field."
@@ -77,6 +81,7 @@ def test_api_post_weak_passphrase(app, post_payload, passphrase):
     post_payload["passphrase"] = passphrase
     with app.test_request_context(), app.test_client() as test_client:
         response = test_client.post(url_for("api.secret"), json=post_payload)
+    assert response.status_code == HTTPStatus.UNPROCESSABLE_ENTITY
     data = response.get_json()
     assert data["response"]["status"] == Status.ERROR
     assert data["response"]["details"] == (
@@ -90,6 +95,7 @@ def test_api_get_wrong_passphrase(app, secret):
             url_for("api.secret",
                     external_id=secret.external_id,
                     passphrase="wrong!"))
+    assert response.status_code == HTTPStatus.UNAUTHORIZED
     data = response.get_json()
     assert data["response"]["status"] == Status.INVALID
     assert data["response"]["msg"] == Message.INVALID.format(
@@ -108,6 +114,7 @@ def test_api_get_exceeded_tries(app, secret):
             url_for("api.secret",
                     external_id=secret.external_id,
                     passphrase="wrong!"))
+    assert response.status_code == HTTPStatus.UNAUTHORIZED
     data = response.get_json()
     assert data["response"]["status"] == Status.INVALID
     assert data["response"]["msg"] == Message.EXCEEDED
@@ -125,6 +132,7 @@ def test_api_message_expired(app):
             url_for("api.secret",
                     external_id="123456",
                     passphrase="Hello123"))
+    assert response.status_code == HTTPStatus.NOT_FOUND
     data = response.get_json()
     assert data["response"]["status"] == Status.EXPIRED
     assert data["response"]["msg"] == Message.NOT_FOUND
@@ -137,6 +145,7 @@ def test_api_read_secret(app, secret, post_payload):
             url_for("api.secret",
                     external_id=external_id,
                     passphrase=post_payload["passphrase"]))
+    assert response.status_code == HTTPStatus.OK
     data = response.get_json()
     assert data["response"]["status"] == Status.SUCCESS
     assert data["response"]["msg"] == post_payload["secret"]