Merged in [19393] from krathnayake@ietf.org:

Fixes API authentication issue. - Legacy-Id: 19395 Note: SVN reference [19393] has been migrated to Git commit 90297bc2ab
2021-10-01 18:39:20 +00:00 · 2021-10-01 18:39:20 +00:00 · d904c028b7
parent cb5c94868f 90297bc2ab
commit d904c028b7
2 changed files with 3 additions and 1 deletions
--- a/ietf/ietfauth/tests.py
+++ b/ietf/ietfauth/tests.py
@ -656,7 +656,7 @@ class IetfAuthTests(TestCase):
            unauthorized_url = urlreverse('ietf.api.views.author_tools')
            invalidated_apikey = PersonalApiKey.objects.create(
                        endpoint=unauthorized_url, person=person, valid=False)
-            r = self.client.post(unauthorized_url, {'apikey': invalidated_apikey})
+            r = self.client.post(unauthorized_url, {'apikey': invalidated_apikey.hash()})
            self.assertContains(r, 'Invalid apikey', status_code=403)

            # too long since regular login
--- a/ietf/person/models.py
+++ b/ietf/person/models.py
@ -394,6 +394,8 @@ class PersonalApiKey(models.Model):
        if not k.exists():
            return None
        k = k.first()
+        if not k.valid:
+            return None
        check = hashlib.sha256()
        for v in (str(id), str(k.person.id), k.created.isoformat(), k.endpoint, str(k.valid), salt, settings.SECRET_KEY):
            v = smart_bytes(v)