From 46c00e31a61d4434573c2977312c174a3b3193a7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C4=93teris=20Caune?= <cuu508@gmail.com>
Date: Sat, 12 Jan 2019 22:28:23 +0200
Subject: [PATCH] Use Project.badge_key in api.views.badge

---
 hc/api/tests/test_badge.py | 14 +++++---------
 hc/api/urls.py             |  8 ++++----
 hc/api/views.py            |  6 +++---
 3 files changed, 12 insertions(+), 16 deletions(-)

diff --git a/hc/api/tests/test_badge.py b/hc/api/tests/test_badge.py
index 25a75910..a98174c5 100644
--- a/hc/api/tests/test_badge.py
+++ b/hc/api/tests/test_badge.py
@@ -15,13 +15,13 @@ class BadgeTestCase(BaseTestCase):
         self.check = Check.objects.create(user=self.alice, project=self.project,
                                           tags="foo bar")
 
-        sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY)
+        sig = base64_hmac(str(self.project.badge_key), "foo", settings.SECRET_KEY)
         sig = sig[:8]
-        self.svg_url = "/badge/%s/%s/foo.svg" % (self.alice.username, sig)
-        self.json_url = "/badge/%s/%s/foo.json" % (self.alice.username, sig)
+        self.svg_url = "/badge/%s/%s/foo.svg" % (self.project.badge_key, sig)
+        self.json_url = "/badge/%s/%s/foo.json" % (self.project.badge_key, sig)
 
     def test_it_rejects_bad_signature(self):
-        r = self.client.get("/badge/%s/12345678/foo.svg" % self.alice.username)
+        r = self.client.get("/badge/%s/12345678/foo.svg" % self.project.badge_key)
         assert r.status_code == 404
 
     def test_it_returns_svg(self):
@@ -30,11 +30,7 @@ class BadgeTestCase(BaseTestCase):
         self.assertContains(r, "#4c1")
 
     def test_it_handles_options(self):
-        sig = base64_hmac(str(self.alice.username), "foo", settings.SECRET_KEY)
-        sig = sig[:8]
-        url = "/badge/%s/%s/foo.svg" % (self.alice.username, sig)
-
-        r = self.client.options(url)
+        r = self.client.options(self.svg_url)
         self.assertEqual(r.status_code, 204)
         self.assertEqual(r["Access-Control-Allow-Origin"], "*")
 
diff --git a/hc/api/urls.py b/hc/api/urls.py
index 923042a8..4b865ead 100644
--- a/hc/api/urls.py
+++ b/hc/api/urls.py
@@ -17,16 +17,16 @@ urlpatterns = [
     path('api/v1/channels/', views.channels),
 
 
-    path('badge/<slug:username>/<slug:signature>/<slug:tag>.svg', views.badge,
+    path('badge/<slug:badge_key>/<slug:signature>/<slug:tag>.svg', views.badge,
          name="hc-badge"),
 
-    path('badge/<slug:username>/<slug:signature>.svg', views.badge,
+    path('badge/<slug:badge_key>/<slug:signature>.svg', views.badge,
          {"tag": "*"}, name="hc-badge-all"),
 
-    path('badge/<slug:username>/<slug:signature>/<slug:tag>.json', views.badge,
+    path('badge/<slug:badge_key>/<slug:signature>/<slug:tag>.json', views.badge,
          {"format": "json"}, name="hc-badge-json"),
 
-    path('badge/<slug:username>/<slug:signature>.json', views.badge,
+    path('badge/<slug:badge_key>/<slug:signature>.json', views.badge,
          {"format": "json", "tag": "*"}, name="hc-badge-json-all"),
 
     path('api/v1/status/', views.status),
diff --git a/hc/api/views.py b/hc/api/views.py
index 4be9f157..ff8147e2 100644
--- a/hc/api/views.py
+++ b/hc/api/views.py
@@ -198,12 +198,12 @@ def pause(request, code):
 
 @never_cache
 @cors("GET")
-def badge(request, username, signature, tag, format="svg"):
-    if not check_signature(username, tag, signature):
+def badge(request, badge_key, signature, tag, format="svg"):
+    if not check_signature(badge_key, tag, signature):
         return HttpResponseNotFound()
 
     status = "up"
-    q = Check.objects.filter(project__owner__username=username)
+    q = Check.objects.filter(project__badge_key=badge_key)
     if tag != "*":
         q = q.filter(tags__contains=tag)
         label = tag