Support authorization header (#395)

* Add test for authorization header with upvote/downvote

* Use API key from globals instead of request

Author: Aaron Suarez

app/api/routes/resource_modification.py

@@ -1,7 +1,7 @@
 from os import environ
 
 from algoliasearch.exceptions import AlgoliaException, AlgoliaUnreachableHostException
-from flask import redirect, request
+from flask import redirect, request, g
 from sqlalchemy.exc import IntegrityError
 
 from app import db, index, utils as utils
@@ -119,7 +119,7 @@ def update_votes(id, vote_direction):
     opposite_direction = 'downvotes' if vote_direction == 'upvotes' else 'upvotes'
     opposite_count = getattr(resource, opposite_direction)
 
-    api_key = request.headers.get('x-apikey')
+    api_key = g.auth_key.apikey
     vote_info = VoteInformation.query.get(
                 {'voter_apikey': api_key, 'resource_id': id}
             )

tests/unit/test_routes/test_resource_update.py

@@ -3,6 +3,8 @@
     assert_correct_response
 )
 
+from ..test_auth_jwt import GOOD_AUTH
+
 
 def test_update_votes(module_client, module_db, fake_auth_from_oc, fake_algolia_save):
     client = module_client
@@ -252,3 +254,31 @@ def test_update_resource(
                           follow_redirects=True
                           )
     assert_correct_response(response, 404)
+
+
+def test_update_votes_authorization_header(
+        module_client, module_db, fake_auth_from_oc, fake_algolia_save):
+    client = module_client
+    id = 1
+    UPVOTE = 'upvote'
+    DOWNVOTE = 'downvote'
+
+    data = client.get(f"api/v1/resources/{id}").json['resource']
+    response = client.put(
+                        f"/api/v1/resources/{id}/upvote",
+                        follow_redirects=True,
+                        headers={'authorization': GOOD_AUTH})
+    initial_upvotes = data.get(f"{UPVOTE}s")
+    initial_downvotes = data.get(f"{DOWNVOTE}s")
+
+    assert (response.status_code == 200)
+    assert (response.json['resource'].get(f"{UPVOTE}s") == initial_upvotes + 1)
+
+    response = client.put(
+                        f"/api/v1/resources/{id}/downvote",
+                        follow_redirects=True,
+                        headers={'authorization': GOOD_AUTH})
+
+    assert (response.status_code == 200)
+    assert (response.json['resource'].get(f"{UPVOTE}s") == initial_upvotes)
+    assert (response.json['resource'].get(f"{DOWNVOTE}s") == initial_downvotes + 1)