Add bypass for token validation

steventux · steventux · commit 60a3b29ef357 · 2026-04-27T12:26:15.000+01:00
diff --git a/manage_breast_screening/dicom/tests/test_token_validator.py b/manage_breast_screening/dicom/tests/test_token_validator.py
@@ -119,3 +119,10 @@ def test_with_valid_token(
         assert validator(Mock(headers={"Authorization": "Bearer abc123"})) == {
             "sub": "1234567890"
         }
+
+    def test_authentication_bypass_enabled(self, mock_logger):
+        with patch.dict("os.environ", {"BYPASS_API_TOKEN_AUTH": "true"}):
+            validator = TokenValidator()
+            assert validator(Mock(headers={"Authorization": "Bearer anytoken"})) == {
+                "sub": "bypass_user"
+            }
diff --git a/manage_breast_screening/dicom/token_validator.py b/manage_breast_screening/dicom/token_validator.py
@@ -13,6 +13,7 @@
 
 class TokenValidator(HttpBearer):
     def __init__(self):
+        self.bypass_auth = os.getenv("BYPASS_API_TOKEN_AUTH", "false").lower() == "true"
         self.api_audience = os.getenv("API_AUDIENCE", "")
         self.tenant_id = os.getenv("TENANT_ID", "")
         self.discovery_keys_url = (
@@ -23,6 +24,10 @@ def __init__(self):
         self.issuer_url = "https://sts.windows.net/" + self.tenant_id + "/"
 
     def authenticate(self, request, token) -> dict | None:
+        if self.bypass_auth:
+            logger.warning("Authentication bypass is enabled.")
+            return {"sub": "bypass_user"}
+
         rsa_key = self._rsa_key(token)
         if rsa_key:
             return self._decode(token, rsa_key)
