mirror of
https://github.com/peeringdb/peeringdb.git
synced 2024-05-11 05:55:09 +00:00
Support 202203 fixes (#1148)
* remove survey notifications * fixing old reference of IXF_IMPORTER_DAYS_UNTIL_TICKET through EnvironmentSettings, this setting is no longer controlled through that and should come straight from settings * fix session auth not setting x-auth-id header (#1120) fix basic auth not setting x-auth-id header on success (#1120) fix api key auth only setting prefix in x-auth-id header (#1120) fix x-auth-id header not being cleared between requests (#1120) * fix issue with rest throttling breaking api-cache generation (#1146) * add caching for get_permission_holder_from_request - fixes perfomance issues in #1147 * fix intermediate issue with api_cache rest throttle tests * sanitize cache key names for state normalization (#1079) each state normalization lookup moved into its own transaction so errors dont cause us to lose already obtained data (#1079) write cache regardess of --commit on or off (#1079) add a sanity check for running non-committal mode without --limit (#1079) * fix issue with ip block rate limiting if x-forwarded-for is set (#1126) * better handling of melissa timeouts through retrying (#1079) fix state normalization cache timeout to have no expiry (#1079) normalization command will display validation errors at the end and exit with a return code if there are any (#1079) * automatically apply address field normalization for `state` (#1079) * additional tests * only do a sanity check for --limit if no specific object is targeted * linting Co-authored-by: Stefan Pratter <stefan@20c.com>
This commit is contained in:
Matt Griswold
GitHub
@@ -1,3 +1,5 @@
|
||||
import base64
|
||||
|
||||
from django.http import HttpResponse
|
||||
from django.test import (
|
||||
RequestFactory,
|
||||
@@ -34,26 +36,25 @@ class PDBCommonMiddlewareTest(SimpleTestCase):
|
||||
}
|
||||
)
|
||||
class PDBPermissionMiddlewareTest(APITestCase):
|
||||
|
||||
client = APIClient()
|
||||
def setUp(self):
|
||||
self.client = APIClient()
|
||||
self.factory = RequestFactory()
|
||||
|
||||
def test_bogus_apikey_auth_id_response(self):
|
||||
|
||||
self.client.credentials(HTTP_AUTHORIZATION="Api-Key bogus")
|
||||
response = self.client.get("/api/fac")
|
||||
self.assertEqual(response.status_code, 401)
|
||||
self.assertEqual(response.headers.get("X-Auth-ID"), "apikey_bogus")
|
||||
|
||||
def test_bogus_credentials_auth_id_response(self):
|
||||
|
||||
self.client.credentials(HTTP_AUTHORIZATION="Basic Ym9ndXM6Ym9ndXM=")
|
||||
response = self.client.get("/api/fac")
|
||||
self.assertEqual(response.status_code, 401)
|
||||
self.assertEqual(response.headers.get("X-Auth-ID"), "bogus")
|
||||
|
||||
def test_auth_id_response(self):
|
||||
user = User.objects.create(username="bogus")
|
||||
user.set_password("bogus")
|
||||
def test_auth_id_api_key(self):
|
||||
user = User.objects.create(username="test_user")
|
||||
user.set_password("test_user")
|
||||
user.save()
|
||||
|
||||
# Create an API key for the user
|
||||
@@ -63,7 +64,47 @@ class PDBPermissionMiddlewareTest(APITestCase):
|
||||
readonly=False,
|
||||
)
|
||||
|
||||
self.client.credentials(HTTP_AUTHORIZATION="Api-Key %s" % key)
|
||||
self.client.credentials(HTTP_AUTHORIZATION=f"Api-Key {key}")
|
||||
response = self.client.get("/api/fac")
|
||||
self.assertEqual(response.status_code, 200)
|
||||
assert response.headers.get("X-Auth-ID").startswith("apikey_")
|
||||
|
||||
# test that header gets cleared between requests
|
||||
other_client = APIClient()
|
||||
response = other_client.get("/api/fac")
|
||||
self.assertEqual(response.status_code, 200)
|
||||
assert response.headers.get("X-Auth-ID") is None
|
||||
|
||||
def test_auth_id_session_auth(self):
|
||||
user = User.objects.create(username="test_user")
|
||||
user.set_password("test_user")
|
||||
user.save()
|
||||
|
||||
self.client.force_login(user)
|
||||
response = self.client.get("/api/fac")
|
||||
self.assertEqual(response.status_code, 200)
|
||||
assert response.headers.get("X-Auth-ID") == user.username
|
||||
|
||||
# test that header gets cleared between requests
|
||||
other_client = APIClient()
|
||||
response = other_client.get("/api/fac")
|
||||
self.assertEqual(response.status_code, 200)
|
||||
assert response.headers.get("X-Auth-ID") is None
|
||||
|
||||
def test_auth_id_basic_auth(self):
|
||||
user = User.objects.create(username="test_user")
|
||||
user.set_password("test_user")
|
||||
user.save()
|
||||
|
||||
auth = base64.b64encode(b"test_user:test_user").decode("utf-8")
|
||||
self.client.credentials(HTTP_AUTHORIZATION=f"Basic {auth}")
|
||||
|
||||
response = self.client.get("/api/fac")
|
||||
self.assertEqual(response.status_code, 200)
|
||||
assert response.headers.get("X-Auth-ID") == user.username
|
||||
|
||||
# test that header gets cleared between requests
|
||||
other_client = APIClient()
|
||||
response = other_client.get("/api/fac")
|
||||
self.assertEqual(response.status_code, 200)
|
||||
assert response.headers.get("X-Auth-ID") is None
|
||||
|
||||
Reference in New Issue
Block a user