def test_user_not_active(self): self.user.is_active = False self.user.save() key = PersonalAPIKey(label="Test", team=self.team, user=self.user) key.save() response = self.client.get("/api/user/", HTTP_AUTHORIZATION=f"Bearer {key.value}") self.assertEqual(response.status_code, 401)
def test_query_string(self): key = PersonalAPIKey(label="Test", user=self.user) key.save() response = self.client.get( f"/api/projects/{self.team.id}/dashboards/?personal_api_key={key.value}" ) self.assertEqual(response.status_code, 200)
def test_user_endpoint(self): # special case as /api/user/ is (or used to be) uniquely not DRF (vanilla Django instead) key = PersonalAPIKey(label="Test", team=self.team, user=self.user) key.save() response = self.client.get("/api/user", HTTP_AUTHORIZATION=f"Bearer {key.value}") self.assertEqual(response.status_code, 200)
def test_delete_personal_api_key(self): key = PersonalAPIKey(label="Test", team=self.team, user=self.user) key.save() self.assertEqual(len(PersonalAPIKey.objects.all()), 1) response = self.client.delete(f"/api/personal_api_keys/{key.id}/") self.assertEqual(response.status_code, 204) self.assertEqual(len(PersonalAPIKey.objects.all()), 0)
def test_personal_api_key(self, patch_process_event_with_plugins): key = PersonalAPIKey(label="X", user=self.user) key.save() data = { "event": "$autocapture", "api_key": key.value, "project_id": self.team.id, "properties": { "distinct_id": 2, "$elements": [ {"tag_name": "a", "nth_child": 1, "nth_of_type": 2, "attr__class": "btn btn-sm",}, {"tag_name": "div", "nth_child": 1, "nth_of_type": 2, "$el_text": "💻",}, ], }, } now = timezone.now() with freeze_time(now): with self.assertNumQueries(5): response = self.client.get("/e/?data=%s" % quote(self._to_json(data)), HTTP_ORIGIN="https://localhost",) self.assertEqual(response.get("access-control-allow-origin"), "https://localhost") arguments = self._to_arguments(patch_process_event_with_plugins) arguments.pop("now") # can't compare fakedate arguments.pop("sent_at") # can't compare fakedate self.assertDictEqual( arguments, { "distinct_id": "2", "ip": "127.0.0.1", "site_url": "http://testserver", "data": data, "team_id": self.team.pk, }, )
def test_get_someone_elses_personal_api_key(self): other_user = self._create_user("*****@*****.**") other_key = PersonalAPIKey(label="Other test", team=self.team, user=other_user) other_key.save() response = self.client.get(f"/api/personal_api_keys/{other_key.id}/") self.assertEqual(response.status_code, 404) response_data = response.json() self.assertDictEqual(response_data, self.ERROR_RESPONSE_NOT_FOUND)
def test_feature_flags_with_personal_api_key(self): key = PersonalAPIKey(label="X", user=self.user, team=self.team) key.save() Person.objects.create(team=self.team, distinct_ids=["example_id"]) FeatureFlag.objects.create( team=self.team, rollout_percentage=100, name="Test", key="test", created_by=self.user, ) response = self._post_decide({"distinct_id": "example_id", "personal_api_key": key.value}) self.assertEqual(len(response["featureFlags"]), 1)
def test_personal_api_key_without_project_id(self): key = PersonalAPIKey(label="X", user=self.user) key.save() Person.objects.create(team=self.team, distinct_ids=["example_id"]) response = self._post_decide({ "distinct_id": "example_id", "api_key": key.value }) self.assertEqual(response.status_code, 401) self.assertEqual( response.json()["message"], "Project API key invalid. You can find your project API key in PostHog project settings.", )
def test_list_only_user_personal_api_keys(self): my_label = "Test" my_key = PersonalAPIKey(label=my_label, team=self.team, user=self.user) my_key.save() other_user = self._create_user("*****@*****.**") other_key = PersonalAPIKey(label="Other test", team=self.team, user=other_user) other_key.save() self.assertEqual(len(PersonalAPIKey.objects.all()), 2) response = self.client.get("/api/personal_api_keys") self.assertEqual(response.status_code, 200) response_data = response.json() self.assertEqual(len(response_data), 1) response_data[0].pop("created_at") self.assertDictEqual( response_data[0], { "id": my_key.id, "label": my_label, "last_used_at": None, "user_id": self.user.id, "team_id": self.team.id, }, )
def test_personal_api_key_from_batch_request( self, patch_process_event_with_plugins): # Originally issue POSTHOG-2P8 key = PersonalAPIKey(label="X", user=self.user) key.save() data = [{ "event": "$pageleave", "api_key": key.value, "project_id": self.team.id, "properties": { "$os": "Linux", "$browser": "Chrome", "$device_type": "Desktop", "distinct_id": "94b03e599131fd5026b", "token": "fake token", # as this is invalid, will do API key authentication }, "timestamp": "2021-04-20T19:11:33.841Z", }] response = self.client.get("/e/?data=%s" % quote(self._to_json(data))) self.assertEqual(response.status_code, status.HTTP_200_OK) arguments = self._to_arguments(patch_process_event_with_plugins) arguments.pop("now") # can't compare fakedate arguments.pop("sent_at") # can't compare fakedate self.assertDictEqual( arguments, { "distinct_id": "94b03e599131fd5026b", "ip": "127.0.0.1", "site_url": "http://testserver", "data": { "event": "$pageleave", "api_key": key.value, "project_id": self.team.id, "properties": { "$os": "Linux", "$browser": "Chrome", "$device_type": "Desktop", "distinct_id": "94b03e599131fd5026b", "token": "fake token", }, "timestamp": "2021-04-20T19:11:33.841Z", }, "team_id": self.team.id, }, )
def test_get_own_personal_api_key(self): my_label = "Test" my_key = PersonalAPIKey(label=my_label, user=self.user) my_key.save() response = self.client.get(f"/api/personal_api_keys/{my_key.id}/") self.assertEqual(response.status_code, 200) response_data = response.json() response_data.pop("created_at") self.assertDictEqual( response_data, { "id": my_key.id, "label": my_label, "last_used_at": None, "user_id": self.user.id, }, )
def test_personal_api_key_without_project_id(self): key = PersonalAPIKey(label="X", user=self.user) key.save() Person.objects.create(team=self.team, distinct_ids=["example_id"]) response = self._post_decide({ "distinct_id": "example_id", "api_key": key.value }) self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) self.assertEqual( response.json(), { "type": "authentication_error", "code": "invalid_api_key", "detail": "Project API key invalid. You can find your project API key in PostHog project settings.", "attr": None, }, )
def test_missing_token(self): key = PersonalAPIKey(label="X", user=self.user) key.save() Person.objects.create(team=self.team, distinct_ids=["example_id"]) FeatureFlag.objects.create( team=self.team, rollout_percentage=100, name="Test", key="test", created_by=self.user, ) response = self._post_decide({ "distinct_id": "example_id", "api_key": None, "project_id": self.team.id }) self.assertEqual(response.status_code, status.HTTP_200_OK) response_json = response.json() self.assertEqual(response_json["featureFlags"], []) self.assertFalse(response_json["sessionRecording"])
def test_feature_flags_with_personal_api_key(self): key = PersonalAPIKey(label="X", user=self.user, team=self.team) key.save() Person.objects.create(team=self.team, distinct_ids=["example_id"]) FeatureFlag.objects.create( team=self.team, rollout_percentage=100, name="Test", key="test", created_by=self.user, ) response = self.client.post( "/decide/", { "data": json.dumps({ "distinct_id": "example_id", "personal_api_key": key.value }) }, HTTP_ORIGIN="http://127.0.0.1:8000", ).json() self.assertEqual(len(response["featureFlags"]), 1)
def test_feature_flags_with_personal_api_key(self): key = PersonalAPIKey(label="X", user=self.user) key.save() Person.objects.create(team=self.team, distinct_ids=["example_id"]) FeatureFlag.objects.create( team=self.team, rollout_percentage=100, name="Test", key="test", created_by=self.user, ) FeatureFlag.objects.create( team=self.team, rollout_percentage=100, name="Disabled", key="disabled", created_by=self.user, active=False, ) # disabled flag FeatureFlag.objects.create( team=self.team, filters={ "groups": [{ "properties": [], "rollout_percentage": None }] }, key="default-flag", created_by=self.user, ) # enabled for everyone response = self._post_decide({ "distinct_id": "example_id", "api_key": key.value, "project_id": self.team.id }).json() self.assertEqual(response["featureFlags"], ["test", "default-flag"])
def test_body(self): key = PersonalAPIKey(label="Test", team=self.team, user=self.user) key.save() response = self.client.get("/api/dashboard/", {"personal_api_key": key.value}) self.assertEqual(response.status_code, 200)
def test_header_resilient(self): key = PersonalAPIKey(label="Test", team=self.team, user=self.user) key.save() response = self.client.get("/api/dashboard/", HTTP_AUTHORIZATION=f"Bearer {key.value} ") self.assertEqual(response.status_code, 200)
def test_user_endpoint(self): key = PersonalAPIKey(label="Test", user=self.user) key.save() response = self.client.get("/api/users/@me/", HTTP_AUTHORIZATION=f"Bearer {key.value}") self.assertEqual(response.status_code, status.HTTP_200_OK)