validate_api_key: Accept the request as an argument.

This is a prerequisite for checking the subdomain of the request.
2025-11-05 06:23:38 +00:00 · 2016-09-27 21:13:43 -07:00
parent bbab3cdc30
commit 15f6cc7c84
2 changed files with 12 additions and 12 deletions
--- a/zerver/decorator.py
+++ b/zerver/decorator.py
@@ -160,8 +160,8 @@ def process_client(request, user_profile, is_json_view=False, client_name=None):
    request.client = get_client(client_name)
    update_user_activity(request, user_profile)

-def validate_api_key(role, api_key, is_webhook=False):
-    # type: (text_type, text_type, bool) -> Union[UserProfile, Deployment]
+def validate_api_key(request, role, api_key, is_webhook=False):
+    # type: (HttpRequest, text_type, text_type, bool) -> Union[UserProfile, Deployment]
    # Remove whitespace to protect users from trivial errors.
    role, api_key = role.strip(), api_key.strip()

@@ -330,7 +330,7 @@ def authenticated_api_view(is_webhook=False):
                raise RequestVariableMissingError("api_key")
            elif not api_key:
                api_key = api_key_legacy
-            user_profile = validate_api_key(email, api_key, is_webhook)
+            user_profile = validate_api_key(request, email, api_key, is_webhook)
            request.user = user_profile
            request._email = user_profile.email
            process_client(request, user_profile)
@@ -367,7 +367,7 @@ def authenticated_rest_api_view(is_webhook=False):
            # Now we try to do authentication or die
            try:
                # Could be a UserProfile or a Deployment
-                profile = validate_api_key(role, api_key, is_webhook)
+                profile = validate_api_key(request, role, api_key, is_webhook)
            except JsonableError as e:
                return json_unauthorized(e.error)
            request.user = profile
--- a/zerver/tests/test_decorators.py
+++ b/zerver/tests/test_decorators.py
@@ -9,7 +9,7 @@ from zerver.lib.actions import do_deactivate_realm, do_deactivate_user, \
    do_reactivate_user, do_reactivate_realm
 from zerver.lib.initial_password import initial_password
 from zerver.lib.test_helpers import (
-    ZulipTestCase, WebhookTestCase
+    HostRequestMock, ZulipTestCase, WebhookTestCase
 )
 from zerver.lib.request import \
    REQ, has_request_variables, RequestVariableMissingError, \
@@ -165,7 +165,7 @@ class DecoratorTestCase(TestCase):
        def my_webhook(request, user_profile, client):
            return user_profile.email

-        class Request(object):
+        class Request(HostRequestMock):
            REQUEST = {} # type: Dict[str, str]
            COOKIES = {}
            META = {'PATH_INFO': ''}
@@ -614,27 +614,27 @@ class TestValidateApiKey(ZulipTestCase):

    def test_validate_api_key_if_profile_does_not_exist(self):
        with self.assertRaises(JsonableError):
-            validate_api_key('email@doesnotexist.com', 'api_key')
+            validate_api_key(HostRequestMock(), 'email@doesnotexist.com', 'api_key')

    def test_validate_api_key_if_api_key_does_not_match_profile_api_key(self):
        with self.assertRaises(JsonableError):
-            validate_api_key(self.webhook_bot.email, 'not_32_length')
+            validate_api_key(HostRequestMock(), self.webhook_bot.email, 'not_32_length')

        with self.assertRaises(JsonableError):
-            validate_api_key(self.webhook_bot.email, self.default_bot.api_key)
+            validate_api_key(HostRequestMock(), self.webhook_bot.email, self.default_bot.api_key)

    def test_validate_api_key_if_profile_is_not_active(self):
        self._change_is_active_field(self.default_bot, False)
        with self.assertRaises(JsonableError):
-            validate_api_key(self.default_bot.email, self.default_bot.api_key)
+            validate_api_key(HostRequestMock(), self.default_bot.email, self.default_bot.api_key)
        self._change_is_active_field(self.default_bot, True)

    def test_validate_api_key_if_profile_is_incoming_webhook_and_is_webhook_is_unset(self):
        with self.assertRaises(JsonableError):
-            validate_api_key(self.webhook_bot.email, self.webhook_bot.api_key)
+            validate_api_key(HostRequestMock(), self.webhook_bot.email, self.webhook_bot.api_key)

    def test_validate_api_key_if_profile_is_incoming_webhook_and_is_webhook_is_set(self):
-        profile = validate_api_key(self.webhook_bot.email, self.webhook_bot.api_key, is_webhook=True)
+        profile = validate_api_key(HostRequestMock(), self.webhook_bot.email, self.webhook_bot.api_key, is_webhook=True)
        self.assertEqual(profile.pk, self.webhook_bot.pk)

    def _change_is_active_field(self, profile, value):