diff --git a/CHANGELOG.md b/CHANGELOG.md index d9331c73e..7a95ac3b6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## v2024.58 - 2024-07-10 +* Fix API token authentication in community edition + + ## v2024.57 - 2024-07-10 * Fix set assignee in notes, findings and sections * Fix error when setting note checkboxes diff --git a/api/src/reportcreator_api/tests/test_license.py b/api/src/reportcreator_api/tests/test_license.py index 11c7545b5..701d5d195 100644 --- a/api/src/reportcreator_api/tests/test_license.py +++ b/api/src/reportcreator_api/tests/test_license.py @@ -41,7 +41,11 @@ def setUp(self): self.user = create_user(is_superuser=True, password=self.password) self.user_regular = create_user(password=self.password) self.user_system = create_user(is_system_user=True, password=self.password) + self.client = api_client(self.user) + session = self.client.session + session.setdefault('authentication_info', {})['reauth_time'] = timezone.now().isoformat() + session.save() with mock.patch('reportcreator_api.utils.license.check_license', return_value={'type': license.LicenseType.COMMUNITY, 'users': 2, 'error': None}): yield @@ -178,15 +182,15 @@ def test_user_count_limit(self): self.user_regular.save() def test_apitoken_limit(self): - APIToken.objects.create(user=self.user_regular) + res1 = self.client.post(reverse('apitoken-list', kwargs={'pentestuser_pk': 'self'}), data={'name': 'test'}) + assert res1.status_code == 201 + res_token = api_client().get(reverse('pentestuser-detail', kwargs={'pk': 'self'}), HTTP_AUTHORIZATION='Bearer ' + res1.data['token']) + assert res_token.status_code == 200 with pytest.raises(license.LicenseLimitExceededError): - APIToken.objects.create(user=self.user_regular) + APIToken.objects.create(user=self.user) def test_apitoken_no_expiry(self): - session = self.client.session - session.setdefault('authentication_info', {})['reauth_time'] = timezone.now().isoformat() - session.save() assert_api_license_error(self.client.post(reverse('apitoken-list', kwargs={'pentestuser_pk': 'self'}), data={'name': 'test', 'expire_date': timezone.now().date().isoformat()})) diff --git a/api/src/reportcreator_api/users/signals.py b/api/src/reportcreator_api/users/signals.py index 6d26dcb31..535f15368 100644 --- a/api/src/reportcreator_api/users/signals.py +++ b/api/src/reportcreator_api/users/signals.py @@ -46,7 +46,7 @@ def user_count_license_check(sender, instance, *args, **kwargs): @receiver(signals.pre_save, sender=APIToken) def api_token_license_limit(sender, instance, *args, **kwargs): - if license.is_professional(): + if license.is_professional() or not instance._state.adding: return current_apitoken_count = APIToken.objects \