Added token validation for result upload

Issue-ID: DOVETAIL-801 Signed-off-by: Kanagaraj Manickam <kanagaraj.manickam@huawei.com> Change-Id: I1a9faf804d028c32896f915c4f9fb52ed2d4aace
author: Kanagaraj Manickam <kanagaraj.manickam@huawei.com> 2020-09-25 19:46:24 +0530
committer: Kanagaraj Manickam <kanagaraj.manickam@huawei.com> 2020-10-19 22:19:56 +0530
commit: ce47ddba11aaad9c73f53ce89758a3bfb5f2b29e (patch)
tree: 1e465365b19571f87df119b2cbfcaf32f69fa7ab
parent: 45d8fbdc5d01eddf184fad33bc33179c2dc9c269 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/opnfv_testapi/resources/result_handlers.py b/opnfv_testapi/resources/result_handlers.py
index c65c757..bb1b488 100644
--- a/opnfv_testapi/resources/result_handlers.py
+++ b/opnfv_testapi/resources/result_handlers.py
@@ -398,6 +398,10 @@ class ResultsFileUploadHandler(ResultsCLHandler):
             @raise 404: pod/project/testcase not exist
             @raise 400: body/pod_name/project_name/case_name not provided
         """
+        token = self.get_secure_cookie("token")
+        input_token = self.request.headers._dict['Token']
+        if not input_token or not input_token == token:
+             raises.Unauthorized(message.invalid_token())
         file_array = self.request.files.get('file', None)
         fileinfo = file_array[0]
         try:
author	Kanagaraj Manickam <kanagaraj.manickam@huawei.com>	2020-09-25 19:46:24 +0530
committer	Kanagaraj Manickam <kanagaraj.manickam@huawei.com>	2020-10-19 22:19:56 +0530
commit	ce47ddba11aaad9c73f53ce89758a3bfb5f2b29e (patch)
tree	1e465365b19571f87df119b2cbfcaf32f69fa7ab
parent	45d8fbdc5d01eddf184fad33bc33179c2dc9c269 (diff)