From ce47ddba11aaad9c73f53ce89758a3bfb5f2b29e Mon Sep 17 00:00:00 2001
From: Kanagaraj Manickam <kanagaraj.manickam@huawei.com>
Date: Fri, 25 Sep 2020 19:46:24 +0530
Subject: Added token validation for result upload

Issue-ID: DOVETAIL-801
Signed-off-by: Kanagaraj Manickam <kanagaraj.manickam@huawei.com>
Change-Id: I1a9faf804d028c32896f915c4f9fb52ed2d4aace
---
 opnfv_testapi/resources/result_handlers.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/opnfv_testapi/resources/result_handlers.py b/opnfv_testapi/resources/result_handlers.py
index c65c757..bb1b488 100644
--- a/opnfv_testapi/resources/result_handlers.py
+++ b/opnfv_testapi/resources/result_handlers.py
@@ -398,6 +398,10 @@ class ResultsFileUploadHandler(ResultsCLHandler):
             @raise 404: pod/project/testcase not exist
             @raise 400: body/pod_name/project_name/case_name not provided
         """
+        token = self.get_secure_cookie("token")
+        input_token = self.request.headers._dict['Token']
+        if not input_token or not input_token == token:
+             raises.Unauthorized(message.invalid_token())
         file_array = self.request.files.get('file', None)
         fileinfo = file_array[0]
         try:
-- 
cgit 1.2.3-korg