From 6292e528fd9b633cc7f8a8b6b6cde774b5f0e784 Mon Sep 17 00:00:00 2001 From: Kesara Rathnayake Date: Fri, 24 Sep 2021 10:01:03 +0000 Subject: [PATCH] Improves API authentication tests. Relates to #3412. Commit ready for merge. - Legacy-Id: 19392 --- ietf/ietfauth/tests.py | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/ietf/ietfauth/tests.py b/ietf/ietfauth/tests.py index dba379c73..647384fa0 100644 --- a/ietf/ietfauth/tests.py +++ b/ietf/ietfauth/tests.py @@ -633,7 +633,7 @@ class IetfAuthTests(TestCase): # bad method r = self.client.put(key.endpoint, {'apikey':key.hash()}) - self.assertEqual(r.status_code, 405) + self.assertContains(r, 'Method not allowed', status_code=405) # missing apikey r = self.client.post(key.endpoint, {'dummy':'dummy',}) @@ -643,6 +643,22 @@ class IetfAuthTests(TestCase): r = self.client.post(key.endpoint, {'apikey':BAD_KEY, 'dummy':'dummy',}) self.assertContains(r, 'Invalid apikey', status_code=403) + # invalid garbage apikey (decode error) + r = self.client.post(key.endpoint, {'apikey':'foobar', 'dummy':'dummy',}) + self.assertContains(r, 'Invalid apikey', status_code=403) + + # invalid garbage apikey (struct unpack error) + # number of characters in apikey must be divisible by 4 + r = self.client.post(key.endpoint, {'apikey':'foob', 'dummy':'dummy',}) + self.assertContains(r, 'Invalid apikey', status_code=403) + + # invalid apikey (invalidated api key) + unauthorized_url = urlreverse('ietf.api.views.author_tools') + invalidated_apikey = PersonalApiKey.objects.create( + endpoint=unauthorized_url, person=person, valid=False) + r = self.client.post(unauthorized_url, {'apikey': invalidated_apikey}) + self.assertContains(r, 'Invalid apikey', status_code=403) + # too long since regular login person.user.last_login = datetime.datetime.now() - datetime.timedelta(days=settings.UTILS_APIKEY_GUI_LOGIN_LIMIT_DAYS+1) person.user.save()