Unit test api

* adds unit test for APIUserToken * enhances handling of token fetching for API
2023-08-17 10:44:58 +02:00
parent d9cf9669f0
commit 9476713911
4 changed files with 87 additions and 5 deletions
--- a/api/views/views.py
+++ b/api/views/views.py
@@ -53,7 +53,13 @@ class AbstractAPIView(View):
            # Fetch the proper user from the given request header token
            ksp_token = request.headers.get(KSP_TOKEN_HEADER_IDENTIFIER, None)
            ksp_user = request.headers.get(KSP_USER_HEADER_IDENTIFIER, None)
-            self.user = APIUserToken.get_user_from_token(ksp_token, ksp_user)
+            token_user = APIUserToken.get_user_from_token(ksp_token)
+
+            if ksp_user != token_user.username:
+                raise PermissionError(f"Invalid token for {ksp_user}")
+            else:
+                self.user = token_user
+
            request.user = self.user
            if not self.user.is_default_user():
                raise PermissionError("Default permissions required")