UserIsMH
ffc6aa744a
Changed version check endpoints to use X-API-Key authentication instead of Bearer token authentication. This makes them consistent with all other license server endpoints. Changes: - Updated /api/version/check to use validate_api_key dependency - Updated /api/version/latest to use validate_api_key dependency - Both endpoints now expect X-API-Key header instead of Authorization Bearer - Fixes HTTP 403 errors reported by client applications This resolves the issue where session heartbeat worked but version check failed with 403 Forbidden. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
115 Zeilen
3.2 KiB
Python
115 Zeilen
3.2 KiB
Python
#!/usr/bin/env python3
|
|
"""
|
|
Test the version check endpoint with X-API-Key authentication
|
|
"""
|
|
|
|
import requests
|
|
import json
|
|
from datetime import datetime
|
|
|
|
# API configuration
|
|
API_URL = "https://api-software-undso.intelsight.de"
|
|
API_KEY = "AF-2025-8E57CA6A97E257C5FA3E7778B8B44413" # System API key
|
|
|
|
def test_version_check():
|
|
"""Test the /api/version/check endpoint"""
|
|
|
|
print(f"\n[{datetime.now()}] Testing version check endpoint...")
|
|
|
|
# Test data
|
|
test_data = {
|
|
"license_key": "TEST-LICENSE-KEY",
|
|
"current_version": "1.0.0"
|
|
}
|
|
|
|
# Test with X-API-Key header (should work now)
|
|
headers = {
|
|
"X-API-Key": API_KEY,
|
|
"Content-Type": "application/json"
|
|
}
|
|
|
|
try:
|
|
response = requests.post(
|
|
f"{API_URL}/api/version/check",
|
|
headers=headers,
|
|
json=test_data,
|
|
timeout=10
|
|
)
|
|
|
|
print(f"Status Code: {response.status_code}")
|
|
print(f"Headers: {dict(response.headers)}")
|
|
|
|
if response.status_code == 200:
|
|
print("SUCCESS: Version check now works with X-API-Key!")
|
|
print(f"Response: {json.dumps(response.json(), indent=2)}")
|
|
else:
|
|
print(f"FAILED: Status {response.status_code}")
|
|
print(f"Response: {response.text}")
|
|
|
|
except Exception as e:
|
|
print(f"ERROR: {str(e)}")
|
|
|
|
# Also test with Authorization Bearer (should fail now)
|
|
print(f"\n[{datetime.now()}] Testing with old Authorization Bearer (should fail)...")
|
|
|
|
headers_bearer = {
|
|
"Authorization": f"Bearer {API_KEY}",
|
|
"Content-Type": "application/json"
|
|
}
|
|
|
|
try:
|
|
response = requests.post(
|
|
f"{API_URL}/api/version/check",
|
|
headers=headers_bearer,
|
|
json=test_data,
|
|
timeout=10
|
|
)
|
|
|
|
print(f"Status Code: {response.status_code}")
|
|
if response.status_code == 401:
|
|
print("EXPECTED: Bearer authentication correctly rejected")
|
|
else:
|
|
print(f"UNEXPECTED: Got status {response.status_code}")
|
|
|
|
except Exception as e:
|
|
print(f"ERROR: {str(e)}")
|
|
|
|
def test_latest_version():
|
|
"""Test the /api/version/latest endpoint"""
|
|
|
|
print(f"\n[{datetime.now()}] Testing latest version endpoint...")
|
|
|
|
headers = {
|
|
"X-API-Key": API_KEY
|
|
}
|
|
|
|
try:
|
|
response = requests.get(
|
|
f"{API_URL}/api/version/latest",
|
|
headers=headers,
|
|
timeout=10
|
|
)
|
|
|
|
print(f"Status Code: {response.status_code}")
|
|
|
|
if response.status_code == 200:
|
|
print("SUCCESS: Latest version endpoint works!")
|
|
print(f"Response: {json.dumps(response.json(), indent=2)}")
|
|
else:
|
|
print(f"FAILED: Status {response.status_code}")
|
|
print(f"Response: {response.text}")
|
|
|
|
except Exception as e:
|
|
print(f"ERROR: {str(e)}")
|
|
|
|
if __name__ == "__main__":
|
|
print("=" * 60)
|
|
print("Version Endpoint Authentication Test")
|
|
print("=" * 60)
|
|
|
|
test_version_check()
|
|
test_latest_version()
|
|
|
|
print("\n" + "=" * 60)
|
|
print("Test completed")
|
|
print("=" * 60) |