Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(api): upgrade django code (pre-commit)

This commit is contained in:
jo 2023-04-24 16:49:12 +02:00 committed by Kyle Robbertze
parent 14357102e5
commit a8e2ce7732
2 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
api/libretime_api/permissions.py
View File

@ -2,6 +2,7 @@ from secrets import compare_digest
from django.conf import settings
from rest_framework.permissions import BasePermission
from rest_framework.request import Request
from .core.models import Role
@ -48,11 +49,8 @@ def get_permission_for_view(request, view):
return None
def check_authorization_header(request):
auth_header = request.META.get("Authorization")
if not auth_header:
auth_header = request.META.get("HTTP_AUTHORIZATION", "")
def check_authorization_header(request: Request):
auth_header = request.headers.get("authorization", "")
if auth_header.startswith("Api-Key"):
token = auth_header.split()[1]
return compare_digest(token, settings.CONFIG.general.api_key)

12
api/libretime_api/tests/test_permissions.py
View File

@ -19,17 +19,21 @@ class TestIsSystemTokenOrUser(APITestCase):
def test_token_incorrect(self):
token = "doesnotexist"
request = APIRequestFactory().get(self.path)
request = APIRequestFactory().get(
self.path,
headers={"Authorization": f"Api-Key {token}"},
)
request.user = AnonymousUser()
request.META["Authorization"] = f"Api-Key {token}"
allowed = IsSystemTokenOrUser().has_permission(request, None)
self.assertFalse(allowed)
def test_token_correct(self):
token = settings.CONFIG.general.api_key
request = APIRequestFactory().get(self.path)
request = APIRequestFactory().get(
self.path,
headers={"Authorization": f"Api-Key {token}"},
)
request.user = AnonymousUser()
request.META["Authorization"] = f"Api-Key {token}"
allowed = IsSystemTokenOrUser().has_permission(request, None)
self.assertTrue(allowed)