From 90297bc2abc4e31b21ded473665261b82ab695e1 Mon Sep 17 00:00:00 2001
From: Kesara Rathnayake <krathnayake@ietf.org>
Date: Fri, 1 Oct 2021 04:43:54 +0000
Subject: [PATCH] Fixes API authentication issue. Commit ready for merge.  -
 Legacy-Id: 19393

---
 ietf/ietfauth/tests.py | 2 +-
 ietf/person/models.py  | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/ietf/ietfauth/tests.py b/ietf/ietfauth/tests.py
index 647384fa0..ec23b69a6 100644
--- a/ietf/ietfauth/tests.py
+++ b/ietf/ietfauth/tests.py
@@ -656,7 +656,7 @@ class IetfAuthTests(TestCase):
             unauthorized_url = urlreverse('ietf.api.views.author_tools')
             invalidated_apikey = PersonalApiKey.objects.create(
                         endpoint=unauthorized_url, person=person, valid=False)
-            r = self.client.post(unauthorized_url, {'apikey': invalidated_apikey})
+            r = self.client.post(unauthorized_url, {'apikey': invalidated_apikey.hash()})
             self.assertContains(r, 'Invalid apikey', status_code=403)
 
             # too long since regular login
diff --git a/ietf/person/models.py b/ietf/person/models.py
index 81ac423fc..47eaeb659 100644
--- a/ietf/person/models.py
+++ b/ietf/person/models.py
@@ -394,6 +394,8 @@ class PersonalApiKey(models.Model):
         if not k.exists():
             return None
         k = k.first()
+        if not k.valid:
+            return None
         check = hashlib.sha256()
         for v in (str(id), str(k.person.id), k.created.isoformat(), k.endpoint, str(k.valid), salt, settings.SECRET_KEY):
             v = smart_bytes(v)