From e035f3119ab8aef4f1e470b02c0091f183bc24e6 Mon Sep 17 00:00:00 2001 From: Simone Rubino Date: Thu, 4 Jun 2026 16:23:58 +0200 Subject: [PATCH] [FIX] auth_api_key: Read API key from headers --- auth_api_key/models/ir_http.py | 4 ++-- auth_api_key/tests/test_auth_api_key.py | 14 ++++++++++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/auth_api_key/models/ir_http.py b/auth_api_key/models/ir_http.py index c4959103d0..71481fab2a 100644 --- a/auth_api_key/models/ir_http.py +++ b/auth_api_key/models/ir_http.py @@ -18,8 +18,8 @@ class IrHttp(models.AbstractModel): @classmethod def _auth_method_api_key(cls): - headers = request.httprequest.environ - api_key = headers.get("HTTP_API_KEY") + headers = request.httprequest.headers + api_key = headers.get("API_KEY") if api_key: request.update_env(user=1) auth_api_key = request.env["auth.api.key"]._retrieve_api_key(api_key) diff --git a/auth_api_key/tests/test_auth_api_key.py b/auth_api_key/tests/test_auth_api_key.py index 7908c42eb7..35224153b1 100644 --- a/auth_api_key/tests/test_auth_api_key.py +++ b/auth_api_key/tests/test_auth_api_key.py @@ -1,8 +1,13 @@ # Copyright 2018 ACSONE SA/NV # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl). + +from werkzeug.datastructures import EnvironHeaders + from odoo.exceptions import AccessError, ValidationError from odoo.tests.common import TransactionCase +from odoo.addons.website.tools import MockRequest + class TestAuthApiKey(TransactionCase): @classmethod @@ -68,3 +73,12 @@ def test_user_archived_unarchived_with_option_off(self): self.assertEqual( self.env["auth.api.key"]._retrieve_uid_from_api_key("api_key"), demo_user.id ) + + def test_api_key_headers(self): + """The API key in the headers is read.""" + with MockRequest(self.env) as mocked_request: + mocked_request.httprequest.environ["HTTP_API_KEY"] = self.api_key_good.key + mocked_request.httprequest.headers = EnvironHeaders( + mocked_request.httprequest.environ + ) + self.assertTrue(self.env["ir.http"]._auth_method_api_key())