Implement Authorization

[kirkkwang]

Story

Currently, WillowSword is unprotected and allows anyone to deposit. We must implement authorization before rolling this feature out.

https://github.com/CottageLabs/willow_sword/wiki/Enabling-Authorization-In-Willow-Sword

Acceptance Criteria

• [x] Users need to be authorized to utilize WillowSword

Testing Instructions

In your terminal send this request:

curl --request GET \
  --url <insert-appropriate-url-here>/sword/service_document \
  --header 'Content-Type: application/xml'

You should see and error because no API key was sent with the request.

See Kirk for API-key, and retest with the API-key, it should now succeed.

[ShanaLMoore]

@kirkkwang Does this need to be QA'd? If so, could you please include testing instructions? Thanks!

[kirkkwang]

@ShanaLMoore Got it, added some instructions.

[ShanaLMoore]

QA Results: Pass ✅

Tested by sending the curl request from my terminal to pals knapsack staging.

With NO API Key ✅

The request did not have an API key, so I was denied:

With API Key: ✅

Request was successful:

[kirkkwang]

To whoever is QA'ing this, please contact me on slack so I can set up your user with an API key

[ctgraham]

QA Results: Pass ✅

Confirmed Not Authorized without the key at https://demo.palni-palci-staging.notch8.cloud/sword/service_document .

Confirmed successful service document with an authorized key. The Content-type header does not seem to affect anything, but that is non-critical.

[jillpe]

This gets deployed with the knapsack cutover