test: Add test for api.ietf_utils (#8965)

kesara · web-flow · commit 01170dfea1f4 · 2025-06-11T11:41:50.000-05:00
* test: Add test for api.ietf_utils

* test: Use ietf.utils.test_utils instead of django.test

* test: Add test case for request without a token

* test: Test for misconfigured endpoint

* test: Improve tests

* test: Add test for a API call without X_API_KEY header
diff --git a/ietf/api/tests_ietf_utils.py b/ietf/api/tests_ietf_utils.py
@@ -0,0 +1,86 @@
+# Copyright The IETF Trust 2025, All Rights Reserved
+
+from django.test import RequestFactory
+from django.test.utils import override_settings
+
+from ietf.api.ietf_utils import is_valid_token, requires_api_token
+from ietf.utils.test_utils import TestCase
+
+
+class IetfUtilsTests(TestCase):
+    @override_settings(
+        APP_API_TOKENS={
+            "ietf.api.foobar": ["valid-token"],
+            "ietf.api.misconfigured": "valid-token",  # misconfigured
+        }
+    )
+    def test_is_valid_token(self):
+        self.assertFalse(is_valid_token("ietf.fake.endpoint", "valid-token"))
+        self.assertFalse(is_valid_token("ietf.api.foobar", "invalid-token"))
+        self.assertFalse(is_valid_token("ietf.api.foobar", None))
+        self.assertTrue(is_valid_token("ietf.api.foobar", "valid-token"))
+
+        # misconfiguration
+        self.assertFalse(is_valid_token("ietf.api.misconfigured", "v"))
+        self.assertFalse(is_valid_token("ietf.api.misconfigured", None))
+        self.assertTrue(is_valid_token("ietf.api.misconfigured", "valid-token"))
+
+    @override_settings(
+        APP_API_TOKENS={
+            "ietf.api.foo": ["valid-token"],
+            "ietf.api.bar": ["another-token"],
+            "ietf.api.misconfigured": "valid-token",  # misconfigured
+        }
+    )
+    def test_requires_api_token(self):
+        @requires_api_token("ietf.api.foo")
+        def protected_function(request):
+            return f"Access granted: {request.method}"
+
+        # request with a valid token
+        request = RequestFactory().get(
+            "/some/url", headers={"X_API_KEY": "valid-token"}
+        )
+        result = protected_function(request)
+        self.assertEqual(result, "Access granted: GET")
+
+        # request with an invalid token
+        request = RequestFactory().get(
+            "/some/url", headers={"X_API_KEY": "invalid-token"}
+        )
+        result = protected_function(request)
+        self.assertEqual(result.status_code, 403)
+
+        # request without a token
+        request = RequestFactory().get("/some/url", headers={"X_API_KEY": ""})
+        result = protected_function(request)
+        self.assertEqual(result.status_code, 403)
+
+        # request without a X_API_KEY token
+        request = RequestFactory().get("/some/url")
+        result = protected_function(request)
+        self.assertEqual(result.status_code, 403)
+
+        # request with a valid token for another API endpoint
+        request = RequestFactory().get(
+            "/some/url", headers={"X_API_KEY": "another-token"}
+        )
+        result = protected_function(request)
+        self.assertEqual(result.status_code, 403)
+
+        # requests for a misconfigured endpoint
+        @requires_api_token("ietf.api.misconfigured")
+        def another_protected_function(request):
+            return f"Access granted: {request.method}"
+
+        # request with valid token
+        request = RequestFactory().get(
+            "/some/url", headers={"X_API_KEY": "valid-token"}
+        )
+        result = another_protected_function(request)
+        self.assertEqual(result, "Access granted: GET")
+
+        # request with invalid token with the correct initial character
+        request = RequestFactory().get("/some/url", headers={"X_API_KEY": "v"})
+        result = another_protected_function(request)
+        self.assertEqual(result.status_code, 403)
