Change multi-org implementation:

To avoid complications with how Google Auth works, when enabling organization multi-tenancy on a single instance, each organization becomes a "sub folder" instead of a sub-domain.
2025-12-25 01:03:20 -05:00 · 2016-01-03 16:05:29 +02:00
parent f7b57fa580
commit 7c6b95e71d
63 changed files with 403 additions and 244 deletions
--- a/tests/test_authentication.py
+++ b/tests/test_authentication.py
@@ -18,43 +18,52 @@ class TestApiKeyAuthentication(BaseTestCase):
        super(TestApiKeyAuthentication, self).setUp()
        self.api_key = 10
        self.query = self.factory.create_query(api_key=self.api_key)
+        self.query_url = '/{}/api/queries/{}'.format(self.factory.org.slug, self.query.id)
+        self.queries_url = '/{}/api/queries'.format(self.factory.org.slug)

    def test_no_api_key(self):
        with app.test_client() as c:
-            rv = c.get('/api/queries/{0}'.format(self.query.id))
+            rv = c.get(self.query_url)
            self.assertIsNone(api_key_load_user_from_request(request))

    def test_wrong_api_key(self):
        with app.test_client() as c:
-            rv = c.get('/api/queries/{0}'.format(self.query.id), query_string={'api_key': 'whatever'})
+            rv = c.get(self.query_url, query_string={'api_key': 'whatever'})
            self.assertIsNone(api_key_load_user_from_request(request))

    def test_correct_api_key(self):
        with app.test_client() as c:
-            rv = c.get('/api/queries/{0}'.format(self.query.id), query_string={'api_key': self.api_key})
+            rv = c.get(self.query_url, query_string={'api_key': self.api_key})
            self.assertIsNotNone(api_key_load_user_from_request(request))

    def test_no_query_id(self):
        with app.test_client() as c:
-            rv = c.get('/api/queries', query_string={'api_key': self.api_key})
+            rv = c.get(self.queries_url, query_string={'api_key': self.api_key})
            self.assertIsNone(api_key_load_user_from_request(request))

    def test_user_api_key(self):
        user = self.factory.create_user(api_key="user_key")
        with app.test_client() as c:
-            rv = c.get('/api/queries/', query_string={'api_key': user.api_key})
+            rv = c.get(self.queries_url, query_string={'api_key': user.api_key})
            self.assertEqual(user.id, api_key_load_user_from_request(request).id)

    def test_api_key_header(self):
        with app.test_client() as c:
-            rv = c.get('/api/queries/{}'.format(self.query.id), headers={'Authorization': "Key {}".format(self.api_key)})
+            rv = c.get(self.query_url, headers={'Authorization': "Key {}".format(self.api_key)})
            self.assertIsNotNone(api_key_load_user_from_request(request))

    def test_api_key_header_with_wrong_key(self):
        with app.test_client() as c:
-            rv = c.get('/api/queries/{}'.format(self.query.id), headers={'Authorization': "Key oops"})
+            rv = c.get(self.query_url, headers={'Authorization': "Key oops"})
            self.assertIsNone(api_key_load_user_from_request(request))

+    def test_api_key_for_wrong_org(self):
+        other_user = self.factory.create_admin(org=self.factory.create_org())
+
+        with app.test_client() as c:
+            rv = c.get(self.query_url, headers={'Authorization': "Key {}".format(other_user.api_key)})
+            self.assertEqual(404, rv.status_code)
+

 class TestHMACAuthentication(BaseTestCase):
    #