Improves API authentication tests. Relates to #3412. Commit ready for…

… merge. - Legacy-Id: 19392
ietf-tools · Sep 24, 2021 · 6292e52 · 6292e52
1 parent 02b8559
commit 6292e52
Showing 1 changed file with 17 additions and 1 deletion.
diff --git a/ietf/ietfauth/tests.py b/ietf/ietfauth/tests.py
@@ -633,7 +633,7 @@ def test_apikey_errors(self):
 
             # bad method
             r = self.client.put(key.endpoint, {'apikey':key.hash()})
-            self.assertEqual(r.status_code, 405)
+            self.assertContains(r, 'Method not allowed', status_code=405)
 
             # missing apikey
             r = self.client.post(key.endpoint, {'dummy':'dummy',})
@@ -643,6 +643,22 @@ def test_apikey_errors(self):
             r = self.client.post(key.endpoint, {'apikey':BAD_KEY, 'dummy':'dummy',})
             self.assertContains(r, 'Invalid apikey', status_code=403)
 
+            # invalid garbage apikey (decode error)
+            r = self.client.post(key.endpoint, {'apikey':'foobar', 'dummy':'dummy',})
+            self.assertContains(r, 'Invalid apikey', status_code=403)
+
+            # invalid garbage apikey (struct unpack error)
+            # number of characters in apikey must be divisible by 4
+            r = self.client.post(key.endpoint, {'apikey':'foob', 'dummy':'dummy',})
+            self.assertContains(r, 'Invalid apikey', status_code=403)
+
+            # invalid apikey (invalidated api key)
+            unauthorized_url = urlreverse('ietf.api.views.author_tools')
+            invalidated_apikey = PersonalApiKey.objects.create(
+                        endpoint=unauthorized_url, person=person, valid=False)
+            r = self.client.post(unauthorized_url, {'apikey': invalidated_apikey})
+            self.assertContains(r, 'Invalid apikey', status_code=403)
+
             # too long since regular login
             person.user.last_login = datetime.datetime.now() - datetime.timedelta(days=settings.UTILS_APIKEY_GUI_LOGIN_LIMIT_DAYS+1)
             person.user.save()