leverage token_check only when posting results

In this patch begin to consider the LFID authentication, token check only effects results, the permission of other resources(pods/projects...) will be checked by LFID. Change-Id: I20f6f221e3bd75ebf06dcd91012898b913f1d0be Signed-off-by: SerenaFeng <feng.xiaowei@zte.com.cn>
author: SerenaFeng <feng.xiaowei@zte.com.cn> 2017-09-07 16:18:56 +0800
committer: SerenaFeng <feng.xiaowei@zte.com.cn> 2017-09-12 10:08:13 +0800
commit: 28d5b3d14a6354ec170ebaea7f0f6ba342375b61 (patch)
tree: 16e26603cb920bcc1ed66c180cc5b198cdd2c44e
parent: 0a249a4a8047db77ea9a2eb44c847bf45c4b23cf (diff)
3 files changed, 17 insertions, 77 deletions
diff --git a/testapi/opnfv_testapi/common/check.py b/testapi/opnfv_testapi/common/check.py
index acd3317..9ded48d 100644
--- a/testapi/opnfv_testapi/common/check.py
+++ b/testapi/opnfv_testapi/common/check.py
@@ -10,19 +10,16 @@ import functools
 import re
 
 from tornado import gen
-from tornado import web
 
 from opnfv_testapi.common import message
 from opnfv_testapi.common import raises
 from opnfv_testapi.db import api as dbapi
 
 
-def authenticate(method):
-    @web.asynchronous
-    @gen.coroutine
+def valid_token(method):
     @functools.wraps(method)
     def wrapper(self, *args, **kwargs):
-        if self.auth:
+        if self.auth and self.table == 'results':
             try:
                 token = self.request.headers['X-Auth-Token']
             except KeyError:
diff --git a/testapi/opnfv_testapi/resources/handlers.py b/testapi/opnfv_testapi/resources/handlers.py
index ed55c70..757c817 100644
--- a/testapi/opnfv_testapi/resources/handlers.py
+++ b/testapi/opnfv_testapi/resources/handlers.py
@@ -73,7 +73,9 @@ class GenericApiHandler(web.RequestHandler):
         cls_data = self.table_cls.from_dict(data)
         return cls_data.format_http()
 
-    @check.authenticate
+    @web.asynchronous
+    @gen.coroutine
+    @check.valid_token
     @check.no_body
     @check.miss_fields
     @check.carriers_exist
@@ -172,13 +174,15 @@ class GenericApiHandler(web.RequestHandler):
     def _get_one(self, data, query=None):
         self.finish_request(self.format_data(data))
 
-    @check.authenticate
+    @web.asynchronous
+    @gen.coroutine
     @check.not_exist
     def _delete(self, data, query=None):
         yield dbapi.db_delete(self.table, query)
         self.finish_request()
 
-    @check.authenticate
+    @web.asynchronous
+    @gen.coroutine
     @check.no_body
     @check.not_exist
     @check.updated_one_not_exist
@@ -189,7 +193,8 @@ class GenericApiHandler(web.RequestHandler):
         update_req['_id'] = str(data._id)
         self.finish_request(update_req)
 
-    @check.authenticate
+    @web.asynchronous
+    @gen.coroutine
     @check.no_body
     @check.not_exist
     @check.updated_one_not_exist
diff --git a/testapi/opnfv_testapi/tests/unit/resources/test_token.py b/testapi/opnfv_testapi/tests/unit/resources/test_token.py
index 940e256..bd64723 100644
--- a/testapi/opnfv_testapi/tests/unit/resources/test_token.py
+++ b/testapi/opnfv_testapi/tests/unit/resources/test_token.py
@@ -9,13 +9,12 @@ import unittest
 from tornado import web
 
 from opnfv_testapi.common import message
-from opnfv_testapi.resources import project_models
 from opnfv_testapi.tests.unit import executor
 from opnfv_testapi.tests.unit import fake_pymongo
-from opnfv_testapi.tests.unit.resources import test_base as base
+from opnfv_testapi.tests.unit.resources import test_result
 
 
-class TestToken(base.TestBase):
+class TestTokenCreateResult(test_result.TestResultBase):
     def get_app(self):
         from opnfv_testapi.router import url_mappings
         return web.Application(
@@ -25,27 +24,23 @@ class TestToken(base.TestBase):
             auth=True
         )
 
-
-class TestTokenCreateProject(TestToken):
     def setUp(self):
-        super(TestTokenCreateProject, self).setUp()
-        self.req_d = project_models.ProjectCreateRequest('vping')
+        super(TestTokenCreateResult, self).setUp()
         fake_pymongo.tokens.insert({"access_token": "12345"})
-        self.basePath = '/api/v1/projects'
 
     @executor.create(httplib.FORBIDDEN, message.invalid_token())
-    def test_projectCreateTokenInvalid(self):
+    def test_resultCreateTokenInvalid(self):
         self.headers['X-Auth-Token'] = '1234'
         return self.req_d
 
     @executor.create(httplib.UNAUTHORIZED, message.unauthorized())
-    def test_projectCreateTokenUnauthorized(self):
+    def test_resultCreateTokenUnauthorized(self):
         if 'X-Auth-Token' in self.headers:
             self.headers.pop('X-Auth-Token')
         return self.req_d
 
     @executor.create(httplib.OK, '_create_success')
-    def test_projectCreateTokenSuccess(self):
+    def test_resultCreateTokenSuccess(self):
         self.headers['X-Auth-Token'] = '12345'
         return self.req_d
 
@@ -53,62 +48,5 @@ class TestTokenCreateProject(TestToken):
         self.assertIn('CreateResponse', str(type(body)))
 
 
-class TestTokenDeleteProject(TestToken):
-    def setUp(self):
-        super(TestTokenDeleteProject, self).setUp()
-        self.req_d = project_models.ProjectCreateRequest('vping')
-        fake_pymongo.tokens.insert({"access_token": "12345"})
-        self.basePath = '/api/v1/projects'
-        self.headers['X-Auth-Token'] = '12345'
-        self.create_d()
-
-    @executor.delete(httplib.FORBIDDEN, message.invalid_token())
-    def test_projectDeleteTokenIvalid(self):
-        self.headers['X-Auth-Token'] = '1234'
-        return self.req_d.name
-
-    @executor.delete(httplib.UNAUTHORIZED, message.unauthorized())
-    def test_projectDeleteTokenUnauthorized(self):
-        self.headers.pop('X-Auth-Token')
-        return self.req_d.name
-
-    @executor.delete(httplib.OK, '_delete_success')
-    def test_projectDeleteTokenSuccess(self):
-        return self.req_d.name
-
-    def _delete_success(self, body):
-        self.assertEqual('', body)
-
-
-class TestTokenUpdateProject(TestToken):
-    def setUp(self):
-        super(TestTokenUpdateProject, self).setUp()
-        self.req_d = project_models.ProjectCreateRequest('vping')
-        fake_pymongo.tokens.insert({"access_token": "12345"})
-        self.basePath = '/api/v1/projects'
-        self.headers['X-Auth-Token'] = '12345'
-        self.create_d()
-
-    @executor.update(httplib.FORBIDDEN, message.invalid_token())
-    def test_projectUpdateTokenIvalid(self):
-        self.headers['X-Auth-Token'] = '1234'
-        req = project_models.ProjectUpdateRequest('newName', 'new description')
-        return req, self.req_d.name
-
-    @executor.update(httplib.UNAUTHORIZED, message.unauthorized())
-    def test_projectUpdateTokenUnauthorized(self):
-        self.headers.pop('X-Auth-Token')
-        req = project_models.ProjectUpdateRequest('newName', 'new description')
-        return req, self.req_d.name
-
-    @executor.update(httplib.OK, '_update_success')
-    def test_projectUpdateTokenSuccess(self):
-        req = project_models.ProjectUpdateRequest('newName', 'new description')
-        return req, self.req_d.name
-
-    def _update_success(self, request, body):
-        self.assertIn(request.name, body)
-
-
 if __name__ == '__main__':
     unittest.main()
author	SerenaFeng <feng.xiaowei@zte.com.cn>	2017-09-07 16:18:56 +0800
committer	SerenaFeng <feng.xiaowei@zte.com.cn>	2017-09-12 10:08:13 +0800
commit	28d5b3d14a6354ec170ebaea7f0f6ba342375b61 (patch)
tree	16e26603cb920bcc1ed66c180cc5b198cdd2c44e
parent	0a249a4a8047db77ea9a2eb44c847bf45c4b23cf (diff)