[PATCH 5 of 5] auth: fix tests after changing API key handling

Thomas De Schampheleire patrickdepinguin at gmail.com
Wed Mar 25 07:01:33 EDT 2015 

# HG changeset patch
# User Thomas De Schampheleire <thomas.de.schampheleire at gmail.com>
# Date 1427279629 -3600
#      Wed Mar 25 11:33:49 2015 +0100
# Node ID eaeea9ea95b036e8d5eaac16aea1e6c8c62868c9
# Parent  e1a755428e3abd3d011c7c033233272dadb34572
auth: fix tests after changing API key handling

Return codes when using API keys have changed, and so should the tests.
Additionally, improve the auth logic to make a distinction between having no
API key (and thus no checking of it, falling back to regular auth), and
having a potentially empty one (401 if it is invalid).

diff --git a/kallithea/lib/auth.py b/kallithea/lib/auth.py
--- a/kallithea/lib/auth.py
+++ b/kallithea/lib/auth.py
@@ -754,9 +754,9 @@
                      % (loc, user))
             return redirect_to_login()
 
-        # check if we used an APIKEY and it's a valid one
-        _api_key = request.GET.get('api_key', '')
-        if _api_key:
+        # check if we used an API key and it's a valid one
+        _api_key = request.GET.get('api_key')
+        if _api_key is not None:
             # explicit controller is enabled or API is in our whitelist
             if self.api_access or allowed_api_access(loc, api_key=_api_key):
                 if _api_key in user.api_keys:
diff --git a/kallithea/tests/functional/test_login.py b/kallithea/tests/functional/test_login.py
--- a/kallithea/tests/functional/test_login.py
+++ b/kallithea/tests/functional/test_login.py
@@ -319,12 +319,12 @@
                 self.app.get(url(controller='changeset',
                                  action='changeset_raw',
                                  repo_name=HG_REPO, revision='tip', api_key=api_key),
-                             status=302)
+                                 status=403)
 
     @parameterized.expand([
-        ('none', None, 302),
-        ('empty_string', '', 302),
-        ('fake_number', '123456', 302),
+        ('none', None, 401),
+        ('empty_string', '', 401),
+        ('fake_number', '123456', 401),
         ('proper_api_key', None, 200)
     ])
     def test_access_whitelisted_page_via_api_key(self, test_name, api_key, code):
@@ -339,7 +339,7 @@
                 self.app.get(url(controller='changeset',
                                  action='changeset_raw',
                                  repo_name=HG_REPO, revision='tip', api_key=api_key),
-                             status=code)
+                                 status=code)
 
     def test_access_page_via_extra_api_key(self):
         whitelist = self._get_api_whitelist(['ChangesetController:changeset_raw'])
@@ -372,4 +372,4 @@
                                  action='changeset_raw',
                                  repo_name=HG_REPO, revision='tip',
                                  api_key=new_api_key.api_key),
-                             status=302)
+                             status=401)

More information about the kallithea-general mailing list