Fixes API authentication issue. Commit ready for merge.

- Legacy-Id: 19393
2021-10-01 04:43:54 +00:00 · 2021-10-01 04:43:54 +00:00 · 90297bc2ab
parent 6292e528fd
commit 90297bc2ab
2 changed files with 3 additions and 1 deletions
--- a/ietf/ietfauth/tests.py
+++ b/ietf/ietfauth/tests.py
@ -656,7 +656,7 @@ class IetfAuthTests(TestCase):
            unauthorized_url = urlreverse('ietf.api.views.author_tools')
            invalidated_apikey = PersonalApiKey.objects.create(
                        endpoint=unauthorized_url, person=person, valid=False)
-            r = self.client.post(unauthorized_url, {'apikey': invalidated_apikey})
+            r = self.client.post(unauthorized_url, {'apikey': invalidated_apikey.hash()})
            self.assertContains(r, 'Invalid apikey', status_code=403)

            # too long since regular login
--- a/ietf/person/models.py
+++ b/ietf/person/models.py
@ -394,6 +394,8 @@ class PersonalApiKey(models.Model):
        if not k.exists():
            return None
        k = k.first()
+        if not k.valid:
+            return None
        check = hashlib.sha256()
        for v in (str(id), str(k.person.id), k.created.isoformat(), k.endpoint, str(k.valid), salt, settings.SECRET_KEY):
            v = smart_bytes(v)