def test_legacy_api_key(self):
offerer = offers_factories.OffererFactory()
value = random_token(64)
ApiKey(value=value, offerer=offerer)
found_api_key = offerers_api.find_api_key(value)
assert found_api_key.offerer == offerer
def test_generate_and_save_api_key(self):
offerer = offers_factories.OffererFactory()
generated_key = offerers_api.generate_and_save_api_key(offerer.id)
found_api_key = offerers_api.find_api_key(generated_key)
assert found_api_key.offerer == offerer
def _fill_current_api_key() -> None:
mandatory_authorization_type = "Bearer "
authorization_header = request.headers.get("Authorization")
g.current_api_key = None
if authorization_header and mandatory_authorization_type in authorization_header:
app_authorization_credentials = authorization_header.replace(
mandatory_authorization_type, "")
g.current_api_key = find_api_key(app_authorization_credentials)
def test_api_key_journey(client):
booking = booking_factories.IndividualBookingFactory()
user_offerer = UserOffererFactory(offerer=booking.offerer)
client.with_session_auth(user_offerer.user.email)
response = client.post(f"/offerers/{humanize(user_offerer.offerer.id)}/api_keys")
assert response.status_code == 200
saved_key = find_api_key(response.json["apiKey"])
assert saved_key.offererId == user_offerer.offerer.id
# test generated api key grants authentication on bookings API
response = client.get(
f"/v2/bookings/token/{booking.token.lower()}",
headers={"Authorization": f"""Bearer {response.json["apiKey"]}"""},
)
assert response.status_code == 200
# test user can delete the generated api key
response = client.delete(f"/offerers/api_keys/{saved_key.prefix}")
assert response.status_code == 204
assert ApiKey.query.count() == 0
def test_no_key_found(self):
assert not offerers_api.find_api_key("legacy-key")
assert not offerers_api.find_api_key("development_prefix_value")