@@ -402,6 +402,41 @@ func TestAPIKey(t *testing.T) {
402402 require .Equal (t , token .Expiry , gotAPIKey .ExpiresAt )
403403 require .Equal (t , token .AccessToken , gotAPIKey .OAuthAccessToken )
404404 })
405+
406+ t .Run ("RemoteIPUpdates" , func (t * testing.T ) {
407+ t .Parallel ()
408+ var (
409+ db = databasefake .New ()
410+ id , secret = randomAPIKeyParts ()
411+ hashed = sha256 .Sum256 ([]byte (secret ))
412+ r = httptest .NewRequest ("GET" , "/" , nil )
413+ rw = httptest .NewRecorder ()
414+ user = createUser (r .Context (), t , db )
415+ )
416+ r .RemoteAddr = "1.1.1.1"
417+ r .AddCookie (& http.Cookie {
418+ Name : httpmw .SessionTokenKey ,
419+ Value : fmt .Sprintf ("%s-%s" , id , secret ),
420+ })
421+
422+ sentAPIKey , err := db .InsertAPIKey (r .Context (), database.InsertAPIKeyParams {
423+ ID : id ,
424+ HashedSecret : hashed [:],
425+ LastUsed : database .Now ().AddDate (0 , 0 , - 1 ),
426+ ExpiresAt : database .Now ().AddDate (0 , 0 , 1 ),
427+ UserID : user .ID ,
428+ })
429+ require .NoError (t , err )
430+ httpmw .ExtractAPIKey (db , nil )(successHandler ).ServeHTTP (rw , r )
431+ res := rw .Result ()
432+ defer res .Body .Close ()
433+ require .Equal (t , http .StatusOK , res .StatusCode )
434+
435+ gotAPIKey , err := db .GetAPIKeyByID (r .Context (), id )
436+ require .NoError (t , err )
437+
438+ require .NotEqual (t , sentAPIKey .IPAddress , gotAPIKey .IPAddress )
439+ })
405440}
406441
407442func createUser (ctx context.Context , t * testing.T , db database.Store ) database.User {
0 commit comments