def test_api_key_already_regenerated_by_developer(self):
self.key.update(is_active=None)
current_key = APIKey.new_jwt_credentials(user=self.user)
tasks.revoke_api_key(self.key.id)
key_from_db = APIKey.get_jwt_key(user_id=self.user.id)
assert current_key.key == key_from_db.key
assert current_key.secret == key_from_db.secret
def test_api_key_already_regenerated_by_developer(self):
self.key.update(is_active=None)
current_key = APIKey.new_jwt_credentials(user=self.user)
tasks.revoke_api_key(self.key.id)
key_from_db = APIKey.get_jwt_key(user_id=self.user.id)
assert current_key.key == key_from_db.key
assert current_key.secret == key_from_db.secret
def handle(self, *args, **options):
revoked_count = 0
with open(options['csv_file']) as csvfile:
for idx, (key, secret) in enumerate(csv.reader(csvfile), start=1):
try:
apikey = APIKey.objects.get(key=key, is_active=True)
except APIKey.DoesNotExist:
self.stdout.write(
f'Ignoring APIKey {key}, it does not exist.\n')
continue
if apikey.secret != secret:
self.stdout.write(
f'Ignoring APIKey {key}, secret differs.\n')
continue
else:
with transaction.atomic():
apikey.update(is_active=None)
APIKey.new_jwt_credentials(user=apikey.user)
revoked_count += 1
self.stdout.write(f'Revoked APIKey {key}.\n')
self.stdout.write(
f'Done. Revoked {revoked_count} keys out of {idx} entries.')
def handle(self, *args, **options):
user_data = {}
# Do quick and dirty validation if --noinput
if not options.get('interactive', True):
# Stolen from django's `createsuperuser` implementation.
try:
for field_name in self.required_fields:
if options.get(field_name, None):
field = self.UserModel._meta.get_field(field_name)
user_data[field_name] = field.clean(options[field_name], None)
else:
raise CommandError(
'You must use --%s with --noinput.' % field_name
)
except exceptions.ValidationError as exc:
raise CommandError('; '.join(exc.messages))
else:
user_data = {
field_name: self.get_value(field_name)
for field_name in self.required_fields
}
if options.get('fxa_id', None):
field = self.UserModel._meta.get_field('fxa_id')
user_data['fxa_id'] = field.clean(options['fxa_id'], None)
user = get_user_model()._default_manager.create_superuser(**user_data)
if options.get('add_to_supercreate_group', False):
user.read_dev_agreement = datetime.utcnow()
user.save(update_fields=('read_dev_agreement',))
group, _ = Group.objects.get_or_create(
rules='Accounts:SuperCreate',
defaults={'name': 'Account Super Creators'},
)
GroupUser.objects.create(user=user, group=group)
apikey = APIKey.new_jwt_credentials(user=user)
self.stdout.write(
json.dumps(
{
'username': user.username,
'email': user.email,
'api-key': apikey.key,
'api-secret': apikey.secret,
'fxa-id': user.fxa_id,
}
)
)
def handle(self, *args, **options):
revoked_count = 0
with open(options['csv_file'], 'rb') as csvfile:
for idx, (key, secret) in enumerate(csv.reader(csvfile), start=1):
try:
apikey = APIKey.objects.get(key=key, is_active=True)
except APIKey.DoesNotExist:
self.stdout.write(
'Ignoring APIKey {}, it does not exist.\n'.format(key))
continue
if apikey.secret != secret:
self.stdout.write(
'Ignoring APIKey {}, secret differs.\n'.format(key))
continue
else:
with transaction.atomic():
apikey.update(is_active=None)
APIKey.new_jwt_credentials(user=apikey.user)
revoked_count += 1
self.stdout.write(
'Revoked APIKey {}.\n'.format(key))
self.stdout.write(
'Done. Revoked {} keys out of {} entries.'.format(
revoked_count, idx))
def handle(self, *args, **options):
user_data = {}
# Do quick and dirty validation if --noinput
if not options.get('interactive', True):
# Stolen from django's `createsuperuser` implementation.
try:
for field_name in self.required_fields:
if options.get(field_name, None):
field = self.UserModel._meta.get_field(field_name)
user_data[field_name] = field.clean(
options[field_name], None)
else:
raise CommandError(
'You must use --%s with --noinput.' % field_name)
except exceptions.ValidationError as exc:
raise CommandError('; '.join(exc.messages))
else:
user_data = {
field_name: self.get_value(field_name)
for field_name in self.required_fields
}
if options.get('fxa_id', None):
field = self.UserModel._meta.get_field('fxa_id')
user_data['fxa_id'] = field.clean(
options['fxa_id'], None)
user = get_user_model()._default_manager.create_superuser(**user_data)
if options.get('add_to_supercreate_group', False):
user.read_dev_agreement = datetime.utcnow()
user.save(update_fields=('read_dev_agreement',))
group, _ = Group.objects.get_or_create(
rules='Accounts:SuperCreate',
defaults={'name': 'Account Super Creators'})
GroupUser.objects.create(user=user, group=group)
apikey = APIKey.new_jwt_credentials(user=user)
self.stdout.write(json.dumps({
'username': user.username,
'email': user.email,
'api-key': apikey.key,
'api-secret': apikey.secret,
'fxa-id': user.fxa_id,
}))
def test_api_key_does_not_exist(self):
user = user_factory()
# The test csv does not contain an entry for this user.
apikey = APIKey.new_jwt_credentials(user=user)
old_secret = apikey.secret
stdout = io.StringIO()
call_command('revoke_api_keys', self.csv_path, stdout=stdout)
stdout.seek(0)
output = stdout.readlines()
assert output[0] == ('Ignoring APIKey user:12345:666, it does not exist.\n')
assert output[1] == ('Ignoring APIKey user:67890:333, it does not exist.\n')
# APIKey is still active, secret hasn't changed, there are no
# additional APIKeys.
apikey.reload()
assert apikey.secret == old_secret
assert apikey.is_active
assert APIKey.objects.filter(user=user).count() == 1
def test_api_key_does_not_exist(self):
user = user_factory()
# The test csv does not contain an entry for this user.
apikey = APIKey.new_jwt_credentials(user=user)
old_secret = apikey.secret
stdout = StringIO()
call_command('revoke_api_keys', self.csv_path, stdout=stdout)
stdout.seek(0)
output = stdout.readlines()
assert output[0] == (
'Ignoring APIKey user:12345:666, it does not exist.\n')
assert output[1] == (
'Ignoring APIKey user:67890:333, it does not exist.\n')
# APIKey is still active, secret hasn't changed, there are no
# additional APIKeys.
apikey.reload()
assert apikey.secret == old_secret
assert apikey.is_active
assert APIKey.objects.filter(user=user).count() == 1
def handle(self, *args, **options):
user_data = {}
# Do quick and dirty validation if --noinput
if not options.get('interactive', True):
# Stolen from django's `createsuperuser` implementation.
try:
for field_name in self.required_fields:
if options.get(field_name, None):
field = self.UserModel._meta.get_field(field_name)
user_data[field_name] = field.clean(
options[field_name], None)
else:
raise CommandError(
'You must use --%s with --noinput.' % field_name)
except exceptions.ValidationError as exc:
raise CommandError('; '.join(exc.messages))
else:
user_data = {
field_name: self.get_value(field_name)
for field_name in self.required_fields
}
user = get_user_model()._default_manager.create_superuser(**user_data)
if options.get('add_to_supercreate_group', False):
user.read_dev_agreement = datetime.utcnow()
user.save(update_fields=('read_dev_agreement',))
group, _ = Group.objects.get_or_create(
rules='Accounts:SuperCreate',
defaults={'name': 'Account Super Creators'})
GroupUser.objects.create(user=user, group=group)
apikey = APIKey.new_jwt_credentials(user=user)
self.stdout.write(json.dumps({
'username': user.username,
'email': user.email,
'api-key': apikey.key,
'api-secret': apikey.secret
}))
if options.get('save_api_credentials', False):
hostname = options.get('hostname', os.environ.get(
'PYTEST_BASE_URL', False))
# json object for variables file
# set hostname to stdin or env variable
if hostname:
credentials = {
'api': {
hostname: {
'username': user.username,
'jwt_issuer': apikey.key,
'jwt_secret': apikey.secret,
}
}
}
# write to json file
with open(options.get('save_api_credentials'), 'w') as outfile:
json.dump(credentials, outfile, indent=2)
def handle(self, *args, **options):
user_data = {}
# Do quick and dirty validation if --noinput
if not options.get('interactive', True):
# Stolen from django's `createsuperuser` implementation.
try:
for field_name in self.required_fields:
if options.get(field_name, None):
field = self.UserModel._meta.get_field(field_name)
user_data[field_name] = field.clean(
options[field_name], None)
else:
raise CommandError(
'You must use --%s with --noinput.' % field_name)
except exceptions.ValidationError as exc:
raise CommandError('; '.join(exc.messages))
else:
user_data = {
field_name: self.get_value(field_name)
for field_name in self.required_fields
}
user = get_user_model()._default_manager.create_superuser(**user_data)
if options.get('add_to_supercreate_group', False):
user.read_dev_agreement = datetime.utcnow()
user.save(update_fields=('read_dev_agreement', ))
group, _ = Group.objects.get_or_create(
rules='Accounts:SuperCreate',
defaults={'name': 'Account Super Creators'})
GroupUser.objects.create(user=user, group=group)
apikey = APIKey.new_jwt_credentials(user=user)
self.stdout.write(
json.dumps({
'username': user.username,
'email': user.email,
'api-key': apikey.key,
'api-secret': apikey.secret
}))
if options.get('save_api_credentials', False):
hostname = options.get('hostname',
os.environ.get('PYTEST_BASE_URL', False))
# json object for variables file
# set hostname to stdin or env variable
if hostname:
credentials = {
'api': {
hostname: {
'username': user.username,
'jwt_issuer': apikey.key,
'jwt_secret': apikey.secret,
}
}
}
# write to json file
with open(options.get('save_api_credentials'), 'w') as outfile:
json.dump(credentials, outfile, indent=2)
