Merged in [19393] from krathnayake@ietf.org:

    Fixes API authentication issue.
 - Legacy-Id: 19395
Note: SVN reference [19393] has been migrated to Git commit 90297bc

Author: rjsparks

ietf/ietfauth/tests.py

@@ -656,7 +656,7 @@ def test_apikey_errors(self):
             unauthorized_url = urlreverse('ietf.api.views.author_tools')
             invalidated_apikey = PersonalApiKey.objects.create(
                         endpoint=unauthorized_url, person=person, valid=False)
-            r = self.client.post(unauthorized_url, {'apikey': invalidated_apikey})
+            r = self.client.post(unauthorized_url, {'apikey': invalidated_apikey.hash()})
             self.assertContains(r, 'Invalid apikey', status_code=403)
 
             # too long since regular login

ietf/person/models.py

@@ -394,6 +394,8 @@ def validate_key(cls, s):
         if not k.exists():
             return None
         k = k.first()
+        if not k.valid:
+            return None
         check = hashlib.sha256()
         for v in (str(id), str(k.person.id), k.created.isoformat(), k.endpoint, str(k.valid), salt, settings.SECRET_KEY):
             v = smart_bytes(v)