paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-04 22:13:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

validate_api_key: Accept the request as an argument.

Browse Source 
This is a prerequisite for checking the subdomain of the request.
This commit is contained in:
Tim Abbott
2016-09-27 21:13:43 -07:00
parent bbab3cdc30
commit 15f6cc7c84
2 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
zerver/decorator.py
View File

@@ -160,8 +160,8 @@ def process_client(request, user_profile, is_json_view=False, client_name=None):
request.client = get_client(client_name) request.client = get_client(client_name)
update_user_activity(request, user_profile) update_user_activity(request, user_profile)
def validate_api_key(role, api_key, is_webhook=False): def validate_api_key(request, role, api_key, is_webhook=False):
# type: (text_type, text_type, bool) -> Union[UserProfile, Deployment] # type: (HttpRequest, text_type, text_type, bool) -> Union[UserProfile, Deployment]
# Remove whitespace to protect users from trivial errors. # Remove whitespace to protect users from trivial errors.
role, api_key = role.strip(), api_key.strip() role, api_key = role.strip(), api_key.strip()
@@ -330,7 +330,7 @@ def authenticated_api_view(is_webhook=False):
raise RequestVariableMissingError("api_key") raise RequestVariableMissingError("api_key")
elif not api_key: elif not api_key:
api_key = api_key_legacy api_key = api_key_legacy
user_profile = validate_api_key(email, api_key, is_webhook) user_profile = validate_api_key(request, email, api_key, is_webhook)
request.user = user_profile request.user = user_profile
request._email = user_profile.email request._email = user_profile.email
process_client(request, user_profile) process_client(request, user_profile)
@@ -367,7 +367,7 @@ def authenticated_rest_api_view(is_webhook=False):
# Now we try to do authentication or die # Now we try to do authentication or die
try: try:
# Could be a UserProfile or a Deployment # Could be a UserProfile or a Deployment
profile = validate_api_key(role, api_key, is_webhook) profile = validate_api_key(request, role, api_key, is_webhook)
except JsonableError as e: except JsonableError as e:
return json_unauthorized(e.error) return json_unauthorized(e.error)
request.user = profile request.user = profile

16
zerver/tests/test_decorators.py
View File

@@ -9,7 +9,7 @@ from zerver.lib.actions import do_deactivate_realm, do_deactivate_user, \
do_reactivate_user, do_reactivate_realm do_reactivate_user, do_reactivate_realm
from zerver.lib.initial_password import initial_password from zerver.lib.initial_password import initial_password
from zerver.lib.test_helpers import ( from zerver.lib.test_helpers import (
ZulipTestCase, WebhookTestCase HostRequestMock, ZulipTestCase, WebhookTestCase
) )
from zerver.lib.request import \ from zerver.lib.request import \
REQ, has_request_variables, RequestVariableMissingError, \ REQ, has_request_variables, RequestVariableMissingError, \
@@ -165,7 +165,7 @@ class DecoratorTestCase(TestCase):
def my_webhook(request, user_profile, client): def my_webhook(request, user_profile, client):
return user_profile.email return user_profile.email
class Request(object): class Request(HostRequestMock):
REQUEST = {} # type: Dict[str, str] REQUEST = {} # type: Dict[str, str]
COOKIES = {} COOKIES = {}
META = {'PATH_INFO': ''} META = {'PATH_INFO': ''}
@@ -614,27 +614,27 @@ class TestValidateApiKey(ZulipTestCase):
def test_validate_api_key_if_profile_does_not_exist(self): def test_validate_api_key_if_profile_does_not_exist(self):
with self.assertRaises(JsonableError): with self.assertRaises(JsonableError):
validate_api_key('email@doesnotexist.com', 'api_key') validate_api_key(HostRequestMock(), 'email@doesnotexist.com', 'api_key')
def test_validate_api_key_if_api_key_does_not_match_profile_api_key(self): def test_validate_api_key_if_api_key_does_not_match_profile_api_key(self):
with self.assertRaises(JsonableError): with self.assertRaises(JsonableError):
validate_api_key(self.webhook_bot.email, 'not_32_length') validate_api_key(HostRequestMock(), self.webhook_bot.email, 'not_32_length')
with self.assertRaises(JsonableError): with self.assertRaises(JsonableError):
validate_api_key(self.webhook_bot.email, self.default_bot.api_key) validate_api_key(HostRequestMock(), self.webhook_bot.email, self.default_bot.api_key)
def test_validate_api_key_if_profile_is_not_active(self): def test_validate_api_key_if_profile_is_not_active(self):
self._change_is_active_field(self.default_bot, False) self._change_is_active_field(self.default_bot, False)
with self.assertRaises(JsonableError): with self.assertRaises(JsonableError):
validate_api_key(self.default_bot.email, self.default_bot.api_key) validate_api_key(HostRequestMock(), self.default_bot.email, self.default_bot.api_key)
self._change_is_active_field(self.default_bot, True) self._change_is_active_field(self.default_bot, True)
def test_validate_api_key_if_profile_is_incoming_webhook_and_is_webhook_is_unset(self): def test_validate_api_key_if_profile_is_incoming_webhook_and_is_webhook_is_unset(self):
with self.assertRaises(JsonableError): with self.assertRaises(JsonableError):
validate_api_key(self.webhook_bot.email, self.webhook_bot.api_key) validate_api_key(HostRequestMock(), self.webhook_bot.email, self.webhook_bot.api_key)
def test_validate_api_key_if_profile_is_incoming_webhook_and_is_webhook_is_set(self): def test_validate_api_key_if_profile_is_incoming_webhook_and_is_webhook_is_set(self):
profile = validate_api_key(self.webhook_bot.email, self.webhook_bot.api_key, is_webhook=True) profile = validate_api_key(HostRequestMock(), self.webhook_bot.email, self.webhook_bot.api_key, is_webhook=True)
self.assertEqual(profile.pk, self.webhook_bot.pk) self.assertEqual(profile.pk, self.webhook_bot.pk)
def _change_is_active_field(self, profile, value): def _change_is_active_field(self, profile, value):