[PATCH 5 of 5] auth: fix tests after changing API key handling

Mads Kiilerich mads at kiilerich.com
Wed Mar 25 15:12:05 EDT 2015


On 03/25/2015 12:01 PM, Thomas De Schampheleire wrote:
> # HG changeset patch
> # User Thomas De Schampheleire <thomas.de.schampheleire at gmail.com>
> # Date 1427279629 -3600
> #      Wed Mar 25 11:33:49 2015 +0100
> # Node ID eaeea9ea95b036e8d5eaac16aea1e6c8c62868c9
> # Parent  e1a755428e3abd3d011c7c033233272dadb34572
> auth: fix tests after changing API key handling

It seems like this changeset is fixing some failures that previous 
changes introduced?

All tests should pass for all revisions. Please make the necessary test 
changes in the changesets where functionality is changed.

>
> Return codes when using API keys have changed, and so should the tests.
> Additionally, improve the auth logic to make a distinction between having no
> API key (and thus no checking of it, falling back to regular auth), and
> having a potentially empty one (401 if it is invalid).
>
> diff --git a/kallithea/lib/auth.py b/kallithea/lib/auth.py
> --- a/kallithea/lib/auth.py
> +++ b/kallithea/lib/auth.py
> @@ -754,9 +754,9 @@
>                        % (loc, user))
>               return redirect_to_login()
>   
> -        # check if we used an APIKEY and it's a valid one
> -        _api_key = request.GET.get('api_key', '')
> -        if _api_key:
> +        # check if we used an API key and it's a valid one
> +        _api_key = request.GET.get('api_key')
> +        if _api_key is not None:

oh - nice one ;-)

It would be nice to have this chunk in one of the previos patches.


Thanks for attacking this. It is essential functionality so it is nice 
to see it refactored to be more trust-worthy.

/Mads




More information about the kallithea-general mailing list