Added Token Validation for test upload api

Issue-ID: DOVETAIL-801 Signed-off-by: Kanagaraj Manickam <kanagaraj.manickam@huawei.com> Change-Id: I4e4d4c5fdbb16ebf79a039039bd16fa59dbb04e1
author: Kanagaraj Manickam <kanagaraj.manickam@huawei.com> 2020-09-25 20:25:38 +0530
committer: Kanagaraj Manickam <kanagaraj.manickam@huawei.com> 2020-10-19 22:19:56 +0530
commit: f4c52e30cc86c8d54cfaa04aadec46068ed95771 (patch)
tree: c72091dd054cb88ecce3e245cc8930f7ecce2103
parent: 7e15b15dbd4631960c28fcc4c32dba5c3a1b7e60 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/opnfv_testapi/resources/test_handlers.py b/opnfv_testapi/resources/test_handlers.py
index 36c4e8b..d4fc445 100644
--- a/opnfv_testapi/resources/test_handlers.py
+++ b/opnfv_testapi/resources/test_handlers.py
@@ -440,9 +440,13 @@ class TestsUploadDataHandler(GenericTestHandler):
             @raise 404: pod/project/testcase not exist
             @raise 400: body/pod_name/project_name/case_name not provided
         """
+        token = self.get_secure_cookie("token")
         openid = self.request.headers._dict['Openid']
         if openid:
             self.json_args['owner'] = openid
+        input_token = self.request.headers._dict['Token']
+        if not input_token or not input_token == token:
+            raises.Unauthorized(message.invalid_token())
 
         self._post()
author	Kanagaraj Manickam <kanagaraj.manickam@huawei.com>	2020-09-25 20:25:38 +0530
committer	Kanagaraj Manickam <kanagaraj.manickam@huawei.com>	2020-10-19 22:19:56 +0530
commit	f4c52e30cc86c8d54cfaa04aadec46068ed95771 (patch)
tree	c72091dd054cb88ecce3e245cc8930f7ecce2103
parent	7e15b15dbd4631960c28fcc4c32dba5c3a1b7e60 (diff)