paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-03 05:23:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

api: Handle unregistered users in dev_fetch_api_key.

Browse Source 
Fixes #4851.
This commit is contained in:
Yago González
2017-05-21 16:34:21 -07:00
committed by Tim Abbott
parent d5d6d47287
commit c0f2036435
2 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
zerver/tests/test_auth_backends.py
View File

@@ -1295,6 +1295,13 @@ class DevFetchAPIKeyTest(ZulipTestCase):
dict(username=email))
self.assert_json_error_contains(result, "Enter a valid email address.", 400)
def test_unregistered_user(self):
# type: () -> None
email = 'foo@zulip.com'
result = self.client_post("/api/v1/dev_fetch_api_key",
dict(username=email))
self.assert_json_error_contains(result, "This user is not registered.", 403)
def test_inactive_user(self):
# type: () -> None
do_deactivate_user(self.user_profile)

3
zerver/views/auth.py
View File

@@ -501,6 +501,9 @@ def api_dev_fetch_api_key(request, username=REQ()):
if return_data.get("inactive_user"):
return json_error(_("Your account has been disabled."),
data={"reason": "user disable"}, status=403)
if user_profile is None:
return json_error(_("This user is not registered."),
data={"reason": "unregistered"}, status=403)
login(request, user_profile)
return json_success({"api_key": user_profile.api_key, "email": user_profile.email})