Auth: Duplicate API Key Name Handle With Useful HTTP Code (#17905)

* API: Duplicate API Key Name Handle With Useful HTTP Code * 17447: make changes requested during review - use dialect.IsUniqueContraintViolation - change if statement to match others - return error properly * Revert "17447: make changes requested during review" This reverts commit a4a674ea83. * API: useful http code on duplicate api key error w/ tests * API: API Key Duplicate Handling fixed small typo associated with error
2025-02-25 18:55:37 -06:00 · 2019-07-11 04:20:34 -04:00 · 2019-07-11 04:20:34 -04:00 · 3680b95b44
commit 3680b95b44
parent 04e7970375
4 changed files with 31 additions and 1 deletions
--- a/pkg/api/apikey.go
+++ b/pkg/api/apikey.go
@ -68,7 +68,10 @@ func (hs *HTTPServer) AddAPIKey(c *models.ReqContext, cmd models.AddApiKeyComman
 		if err == models.ErrInvalidApiKeyExpiration {
 			return Error(400, err.Error(), nil)
 		}
-		return Error(500, "Failed to add API key", err)
+		if err == models.ErrDuplicateApiKey {
+			return Error(409, err.Error(), nil)
+		}
+		return Error(500, "Failed to add API Key", err)
 	}

 	result := &dtos.NewApiKeyResult{
--- a/pkg/models/apikey.go
+++ b/pkg/models/apikey.go
@ -7,6 +7,7 @@ import (

 var ErrInvalidApiKey = errors.New("Invalid API Key")
 var ErrInvalidApiKeyExpiration = errors.New("Negative value for SecondsToLive")
+var ErrDuplicateApiKey = errors.New("API Key Organization ID And Name Must Be Unique")

 type ApiKey struct {
 	Id      int64
--- a/pkg/services/sqlstore/apikey.go
+++ b/pkg/services/sqlstore/apikey.go
@ -37,6 +37,12 @@ func DeleteApiKeyCtx(ctx context.Context, cmd *models.DeleteApiKeyCommand) error

 func AddApiKey(cmd *models.AddApiKeyCommand) error {
 	return inTransaction(func(sess *DBSession) error {
+		key := models.ApiKey{OrgId: cmd.OrgId, Name: cmd.Name}
+		exists, _ := sess.Get(&key)
+		if exists {
+			return models.ErrDuplicateApiKey
+		}
+
 		updated := timeNow()
 		var expires *int64 = nil
 		if cmd.SecondsToLive > 0 {
--- a/pkg/services/sqlstore/apikey_test.go
+++ b/pkg/services/sqlstore/apikey_test.go
@ -115,3 +115,23 @@ func TestApiKeyDataAccess(t *testing.T) {
 		})
 	})
 }
+
+func TestApiKeyErrors(t *testing.T) {
+	mockTimeNow()
+	defer resetTimeNow()
+
+	t.Run("Testing API Duplicate Key Errors", func(t *testing.T) {
+		InitTestDB(t)
+		t.Run("Given saved api key", func(t *testing.T) {
+			cmd := models.AddApiKeyCommand{OrgId: 0, Name: "duplicate", Key: "asd"}
+			err := AddApiKey(&cmd)
+			assert.Nil(t, err)
+
+			t.Run("Add API Key with existing Org ID and Name", func(t *testing.T) {
+				cmd := models.AddApiKeyCommand{OrgId: 0, Name: "duplicate", Key: "asd"}
+				err = AddApiKey(&cmd)
+				assert.EqualError(t, err, models.ErrDuplicateApiKey.Error())
+			})
+		})
+	})
+}