def test_update_api_key(self) -> None: user = self.example_user("hamlet") email = user.email self.login_user(user) old_api_keys = get_all_api_keys(user) # Ensure the old API keys are in the authentication cache, so # that the below logic can test whether we have a cache-flushing bug. for api_key in old_api_keys: self.assertEqual(get_user_profile_by_api_key(api_key).email, email) result = self.client_post("/json/users/me/api_key/regenerate") self.assert_json_success(result) new_api_key = result.json()["api_key"] self.assertNotIn(new_api_key, old_api_keys) user = self.example_user("hamlet") current_api_keys = get_all_api_keys(user) self.assertIn(new_api_key, current_api_keys) for api_key in old_api_keys: with self.assertRaises(UserProfile.DoesNotExist): get_user_profile_by_api_key(api_key) for api_key in current_api_keys: self.assertEqual(get_user_profile_by_api_key(api_key).email, email)
def test_update_api_key(self) -> None: user = self.example_user('hamlet') email = user.email self.login(email) old_api_keys = get_all_api_keys(user) # Ensure the old API keys are in the authentication cache, so # that the below logic can test whether we have a cache-flushing bug. for api_key in old_api_keys: self.assertEqual(get_user_profile_by_api_key(api_key).email, email) result = self.client_post('/json/users/me/api_key/regenerate') self.assert_json_success(result) new_api_key = result.json()['api_key'] self.assertNotIn(new_api_key, old_api_keys) user = self.example_user('hamlet') current_api_keys = get_all_api_keys(user) self.assertIn(new_api_key, current_api_keys) for api_key in old_api_keys: with self.assertRaises(UserProfile.DoesNotExist): get_user_profile_by_api_key(api_key) for api_key in current_api_keys: self.assertEqual(get_user_profile_by_api_key(api_key).email, email)
def test_update_api_key(self) -> None: user = self.example_user("hamlet") email = user.email self.login_user(user) old_api_keys = get_all_api_keys(user) # Ensure the old API keys are in the authentication cache, so # that the below logic can test whether we have a cache-flushing bug. for api_key in old_api_keys: self.assertEqual(get_user_profile_by_api_key(api_key).email, email) # First verify this endpoint is not registered in the /json/... path # to prevent access with only a session. result = self.client_post("/json/users/me/api_key/regenerate") self.assertEqual(result.status_code, 404) # A logged-in session doesn't allow access to an /api/v1/ endpoint # of course. result = self.client_post("/api/v1/users/me/api_key/regenerate") self.assertEqual(result.status_code, 401) result = self.api_post(user, "/api/v1/users/me/api_key/regenerate") new_api_key = self.assert_json_success(result)["api_key"] self.assertNotIn(new_api_key, old_api_keys) user = self.example_user("hamlet") current_api_keys = get_all_api_keys(user) self.assertIn(new_api_key, current_api_keys) for api_key in old_api_keys: with self.assertRaises(UserProfile.DoesNotExist): get_user_profile_by_api_key(api_key) for api_key in current_api_keys: self.assertEqual(get_user_profile_by_api_key(api_key).email, email)
def handle(self, *args, **options): # type: (*Any, **Any) -> None if (not options['api_key'] and not options['email']) or \ (options['api_key'] and options['email']): print("Please enter either an email or API key to manage") exit(1) realm = self.get_realm(options) if options['email']: user_profile = self.get_user(options['email'], realm) else: try: user_profile = get_user_profile_by_api_key(options['api_key']) except UserProfile.DoesNotExist: print("Unable to get user profile for api key %s" % (options['api_key'], )) exit(1) users = [user_profile] if options['bots']: users.extend(bot for bot in UserProfile.objects.filter( is_bot=True, bot_owner=user_profile)) operation = options['operation'] for user in users: print("Applying operation to User ID: %s: %s" % (user.id, operation)) if operation == 'block': block_access(RateLimitedUser(user, domain=options['domain']), options['seconds']) elif operation == 'unblock': unblock_access(RateLimitedUser(user, domain=options['domain']))
def handle(self, *args: Any, **options: Any) -> None: if (not options['api_key'] and not options['email']) or \ (options['api_key'] and options['email']): raise CommandError("Please enter either an email or API key to manage") realm = self.get_realm(options) if options['email']: user_profile = self.get_user(options['email'], realm) else: try: user_profile = get_user_profile_by_api_key(options['api_key']) except UserProfile.DoesNotExist: raise CommandError("Unable to get user profile for api key {}".format(options['api_key'])) users = [user_profile] if options['bots']: users.extend(bot for bot in UserProfile.objects.filter(is_bot=True, bot_owner=user_profile)) operation = options['operation'] for user in users: print(f"Applying operation to User ID: {user.id}: {operation}") if operation == 'block': RateLimitedUser(user, domain=options['domain']).block_access(options['seconds']) elif operation == 'unblock': RateLimitedUser(user, domain=options['domain']).unblock_access()
def handle(self, *args: Any, **options: Any) -> None: if (not options['api_key'] and not options['email']) or \ (options['api_key'] and options['email']): print("Please enter either an email or API key to manage") exit(1) realm = self.get_realm(options) if options['email']: user_profile = self.get_user(options['email'], realm) else: try: user_profile = get_user_profile_by_api_key(options['api_key']) except UserProfile.DoesNotExist: print("Unable to get user profile for api key %s" % (options['api_key'],)) exit(1) users = [user_profile] if options['bots']: users.extend(bot for bot in UserProfile.objects.filter(is_bot=True, bot_owner=user_profile)) operation = options['operation'] for user in users: print("Applying operation to User ID: %s: %s" % (user.id, operation)) if operation == 'block': block_access(RateLimitedUser(user, domain=options['domain']), options['seconds']) elif operation == 'unblock': unblock_access(RateLimitedUser(user, domain=options['domain']))
def access_user_by_api_key(request: HttpRequest, api_key: str, email: Optional[str]=None) -> UserProfile: try: user_profile = get_user_profile_by_api_key(api_key) except UserProfile.DoesNotExist: raise JsonableError(_("Invalid API key")) if email is not None and email.lower() != user_profile.email.lower(): # This covers the case that the API key is correct, but for a # different user. We may end up wanting to relaxing this # constraint or give a different error message in the future. raise JsonableError(_("Invalid API key")) validate_account_and_subdomain(request, user_profile) return user_profile