def test_update_api_key(self) -> None:
user = self.example_user("hamlet")
email = user.email
self.login_user(user)
old_api_keys = get_all_api_keys(user)
# Ensure the old API keys are in the authentication cache, so
# that the below logic can test whether we have a cache-flushing bug.
for api_key in old_api_keys:
self.assertEqual(get_user_profile_by_api_key(api_key).email, email)
result = self.client_post("/json/users/me/api_key/regenerate")
self.assert_json_success(result)
new_api_key = result.json()["api_key"]
self.assertNotIn(new_api_key, old_api_keys)
user = self.example_user("hamlet")
current_api_keys = get_all_api_keys(user)
self.assertIn(new_api_key, current_api_keys)
for api_key in old_api_keys:
with self.assertRaises(UserProfile.DoesNotExist):
get_user_profile_by_api_key(api_key)
for api_key in current_api_keys:
self.assertEqual(get_user_profile_by_api_key(api_key).email, email)
def test_update_api_key(self) -> None:
user = self.example_user('hamlet')
email = user.email
self.login(email)
old_api_keys = get_all_api_keys(user)
# Ensure the old API keys are in the authentication cache, so
# that the below logic can test whether we have a cache-flushing bug.
for api_key in old_api_keys:
self.assertEqual(get_user_profile_by_api_key(api_key).email, email)
result = self.client_post('/json/users/me/api_key/regenerate')
self.assert_json_success(result)
new_api_key = result.json()['api_key']
self.assertNotIn(new_api_key, old_api_keys)
user = self.example_user('hamlet')
current_api_keys = get_all_api_keys(user)
self.assertIn(new_api_key, current_api_keys)
for api_key in old_api_keys:
with self.assertRaises(UserProfile.DoesNotExist):
get_user_profile_by_api_key(api_key)
for api_key in current_api_keys:
self.assertEqual(get_user_profile_by_api_key(api_key).email, email)
def test_update_api_key(self) -> None:
user = self.example_user("hamlet")
email = user.email
self.login_user(user)
old_api_keys = get_all_api_keys(user)
# Ensure the old API keys are in the authentication cache, so
# that the below logic can test whether we have a cache-flushing bug.
for api_key in old_api_keys:
self.assertEqual(get_user_profile_by_api_key(api_key).email, email)
# First verify this endpoint is not registered in the /json/... path
# to prevent access with only a session.
result = self.client_post("/json/users/me/api_key/regenerate")
self.assertEqual(result.status_code, 404)
# A logged-in session doesn't allow access to an /api/v1/ endpoint
# of course.
result = self.client_post("/api/v1/users/me/api_key/regenerate")
self.assertEqual(result.status_code, 401)
result = self.api_post(user, "/api/v1/users/me/api_key/regenerate")
new_api_key = self.assert_json_success(result)["api_key"]
self.assertNotIn(new_api_key, old_api_keys)
user = self.example_user("hamlet")
current_api_keys = get_all_api_keys(user)
self.assertIn(new_api_key, current_api_keys)
for api_key in old_api_keys:
with self.assertRaises(UserProfile.DoesNotExist):
get_user_profile_by_api_key(api_key)
for api_key in current_api_keys:
self.assertEqual(get_user_profile_by_api_key(api_key).email, email)
def test_update_api_key(self) -> None:
user = self.example_user('hamlet')
email = user.email
self.login(email)
old_api_keys = get_all_api_keys(user)
result = self.client_post('/json/users/me/api_key/regenerate')
self.assert_json_success(result)
new_api_key = result.json()['api_key']
self.assertNotIn(new_api_key, old_api_keys)
user = self.example_user('hamlet')
current_api_keys = get_all_api_keys(user)
self.assertIn(new_api_key, current_api_keys)
def test_update_api_key(self) -> None:
user = self.example_user('hamlet')
email = user.email
self.login(email)
old_api_keys = get_all_api_keys(user)
result = self.client_post('/json/users/me/api_key/regenerate')
self.assert_json_success(result)
new_api_key = result.json()['api_key']
self.assertNotIn(new_api_key, old_api_keys)
user = self.example_user('hamlet')
current_api_keys = get_all_api_keys(user)
self.assertIn(new_api_key, current_api_keys)
def user_cache_items(items_for_remote_cache: Dict[str, Tuple[UserProfile]],
user_profile: UserProfile) -> None:
for api_key in get_all_api_keys(user_profile):
items_for_remote_cache[user_profile_by_api_key_cache_key(api_key)] = (
user_profile, )
items_for_remote_cache[user_profile_cache_key(
user_profile.email, user_profile.realm)] = (user_profile, )
def delete_user_profile_caches(user_profiles: Iterable['UserProfile']) -> None:
# Imported here to avoid cyclic dependency.
from zerver.lib.users import get_all_api_keys
keys = []
for user_profile in user_profiles:
keys.append(user_profile_by_email_cache_key(user_profile.email))
keys.append(user_profile_by_id_cache_key(user_profile.id))
for api_key in get_all_api_keys(user_profile):
keys.append(user_profile_by_api_key_cache_key(api_key))
keys.append(user_profile_cache_key(user_profile.email, user_profile.realm))
cache_delete_many(keys)
def delete_user_profile_caches(user_profiles: Iterable['UserProfile']) -> None:
# Imported here to avoid cyclic dependency.
from zerver.lib.users import get_all_api_keys
from zerver.models import is_cross_realm_bot_email
keys = []
for user_profile in user_profiles:
keys.append(user_profile_by_email_cache_key(user_profile.delivery_email))
keys.append(user_profile_by_id_cache_key(user_profile.id))
for api_key in get_all_api_keys(user_profile):
keys.append(user_profile_by_api_key_cache_key(api_key))
keys.append(user_profile_cache_key(user_profile.email, user_profile.realm))
if user_profile.is_bot and is_cross_realm_bot_email(user_profile.email):
# Handle clearing system bots from their special cache.
keys.append(bot_profile_cache_key(user_profile.email))
cache_delete_many(keys)
def user_cache_items(items_for_remote_cache: Dict[str, Tuple[UserProfile]],
user_profile: UserProfile) -> None:
for api_key in get_all_api_keys(user_profile):
items_for_remote_cache[user_profile_by_api_key_cache_key(api_key)] = (user_profile,)
items_for_remote_cache[user_profile_cache_key(user_profile.email,
user_profile.realm)] = (user_profile,)
