Improves API authentication tests. Relates to #3412. Commit ready for merge.

- Legacy-Id: 19392
2021-09-24 10:01:03 +00:00 · 2021-09-24 10:01:03 +00:00 · 6292e528fd
parent 02b8559512
commit 6292e528fd
1 changed files with 17 additions and 1 deletions
--- a/ietf/ietfauth/tests.py
+++ b/ietf/ietfauth/tests.py
@ -633,7 +633,7 @@ class IetfAuthTests(TestCase):

            # bad method
            r = self.client.put(key.endpoint, {'apikey':key.hash()})
-            self.assertEqual(r.status_code, 405)
+            self.assertContains(r, 'Method not allowed', status_code=405)

            # missing apikey
            r = self.client.post(key.endpoint, {'dummy':'dummy',})
@ -643,6 +643,22 @@ class IetfAuthTests(TestCase):
            r = self.client.post(key.endpoint, {'apikey':BAD_KEY, 'dummy':'dummy',})
            self.assertContains(r, 'Invalid apikey', status_code=403)

+            # invalid garbage apikey (decode error)
+            r = self.client.post(key.endpoint, {'apikey':'foobar', 'dummy':'dummy',})
+            self.assertContains(r, 'Invalid apikey', status_code=403)
+
+            # invalid garbage apikey (struct unpack error)
+            # number of characters in apikey must be divisible by 4
+            r = self.client.post(key.endpoint, {'apikey':'foob', 'dummy':'dummy',})
+            self.assertContains(r, 'Invalid apikey', status_code=403)
+
+            # invalid apikey (invalidated api key)
+            unauthorized_url = urlreverse('ietf.api.views.author_tools')
+            invalidated_apikey = PersonalApiKey.objects.create(
+                        endpoint=unauthorized_url, person=person, valid=False)
+            r = self.client.post(unauthorized_url, {'apikey': invalidated_apikey})
+            self.assertContains(r, 'Invalid apikey', status_code=403)
+
            # too long since regular login
            person.user.last_login = datetime.datetime.now() - datetime.timedelta(days=settings.UTILS_APIKEY_GUI_LOGIN_LIMIT_DAYS+1)
            person.user.save()