diff options
author | SerenaFeng <feng.xiaowei@zte.com.cn> | 2017-09-06 14:21:23 +0800 |
---|---|---|
committer | SerenaFeng <feng.xiaowei@zte.com.cn> | 2017-09-06 14:32:17 +0800 |
commit | b3580028292d2927564020e8143bc1f659ef0ab3 (patch) | |
tree | 6fffa805732173047ef7ae449c9754e9fd40ee05 | |
parent | 3c77911dfb82fe165607496ca8a14ad7bd1a4337 (diff) |
hide cas ticket from web portal
In the previous implementation, when login the url will shown as:
http://localhost:8000/?ticket=ST-5WzYs6SD2A#/
this patch aims to hide the ticket mechanism.
1) add /api/v1/auth/signin_return to process login verify
2) refactor code, leverage SignBaseHanlder() to manage casclient
Change-Id: I62e23eb69ee52304c30753e861b4f0a4e0d45541
Signed-off-by: SerenaFeng <feng.xiaowei@zte.com.cn>
-rw-r--r-- | testapi/etc/config.ini | 2 | ||||
-rw-r--r-- | testapi/opnfv_testapi/common/check.py | 35 | ||||
-rw-r--r-- | testapi/opnfv_testapi/common/constants.py | 1 | ||||
-rw-r--r-- | testapi/opnfv_testapi/router/url_mappings.py | 1 | ||||
-rw-r--r-- | testapi/opnfv_testapi/ui/auth/sign.py | 55 | ||||
-rw-r--r-- | testapi/opnfv_testapi/ui/root.py | 2 |
6 files changed, 49 insertions, 47 deletions
diff --git a/testapi/etc/config.ini b/testapi/etc/config.ini index a7d8da6..8d0bde2 100644 --- a/testapi/etc/config.ini +++ b/testapi/etc/config.ini @@ -27,3 +27,5 @@ static_path = /usr/local/share/opnfv_testapi [lfid] # Linux Foundation cas URL cas_url = https://identity.linuxfoundation.org/cas/ +#service url used to authenticate to cas +signin_return = api/v1/auth/signin_return diff --git a/testapi/opnfv_testapi/common/check.py b/testapi/opnfv_testapi/common/check.py index 009d3d4..24ba876 100644 --- a/testapi/opnfv_testapi/common/check.py +++ b/testapi/opnfv_testapi/common/check.py @@ -8,49 +8,14 @@ ############################################################################## import functools -import cas from tornado import gen from tornado import web -from opnfv_testapi.common import constants from opnfv_testapi.common import message from opnfv_testapi.common import raises -from opnfv_testapi.common.config import CONF from opnfv_testapi.db import api as dbapi -def login(method): - @web.asynchronous - @gen.coroutine - @functools.wraps(method) - def wrapper(self, *args, **kwargs): - ticket = self.get_query_argument('ticket', default=None) - if ticket: - client = cas.CASClient(version='2', - server_url=CONF.lfid_cas_url, - service_url=CONF.ui_url) - (user, attrs, _) = client.verify_ticket(ticket=ticket) - print 'login user: {}'.format(user) - login_user = { - 'user': user, - 'email': attrs.get('mail'), - 'fullname': attrs.get('field_lf_full_name'), - 'groups': constants.TESTAPI_USERS + attrs.get('group', []) - } - q_user = {'user': user} - db_user = yield dbapi.db_find_one(constants.USER_TABLE, q_user) - if not db_user: - dbapi.db_save(constants.USER_TABLE, login_user) - else: - dbapi.db_update(constants.USER_TABLE, q_user, login_user) - - self.clear_cookie(constants.TESTAPI_ID) - self.set_secure_cookie(constants.TESTAPI_ID, user) - ret = yield gen.coroutine(method)(self, *args, **kwargs) - raise gen.Return(ret) - return wrapper - - def authenticate(method): @web.asynchronous @gen.coroutine diff --git a/testapi/opnfv_testapi/common/constants.py b/testapi/opnfv_testapi/common/constants.py index b37ebb3..70c9223 100644 --- a/testapi/opnfv_testapi/common/constants.py +++ b/testapi/opnfv_testapi/common/constants.py @@ -2,4 +2,3 @@ TESTAPI_ID = 'testapi_id' CSRF_TOKEN = 'csrf_token' ROLE = 'role' TESTAPI_USERS = ['opnfv-testapi-users'] -USER_TABLE = 'users' diff --git a/testapi/opnfv_testapi/router/url_mappings.py b/testapi/opnfv_testapi/router/url_mappings.py index c038e88..ce0a3ee 100644 --- a/testapi/opnfv_testapi/router/url_mappings.py +++ b/testapi/opnfv_testapi/router/url_mappings.py @@ -76,6 +76,7 @@ mappings = [ (r'/', root.RootHandler), (r'/api/v1/auth/signin', sign.SigninHandler), + (r'/{}'.format(CONF.lfid_signin_return), sign.SigninReturnHandler), (r'/api/v1/auth/signout', sign.SignoutHandler), (r'/api/v1/profile', user.UserHandler), diff --git a/testapi/opnfv_testapi/ui/auth/sign.py b/testapi/opnfv_testapi/ui/auth/sign.py index 01cd0f7..318473e 100644 --- a/testapi/opnfv_testapi/ui/auth/sign.py +++ b/testapi/opnfv_testapi/ui/auth/sign.py @@ -1,22 +1,59 @@ from cas import CASClient +from tornado import gen +from tornado import web from opnfv_testapi.common import constants from opnfv_testapi.common.config import CONF +from opnfv_testapi.db import api as dbapi from opnfv_testapi.resources import handlers -class SigninHandler(handlers.GenericApiHandler): +class SignBaseHandler(handlers.GenericApiHandler): + def __init__(self, application, request, **kwargs): + super(SignBaseHandler, self).__init__(application, request, **kwargs) + self.table = 'users' + self.cas_client = CASClient(version='2', + server_url=CONF.lfid_cas_url, + service_url='{}/{}'.format( + CONF.ui_url, + CONF.lfid_signin_return)) + + +class SigninHandler(SignBaseHandler): + def get(self): + self.redirect(url=(self.cas_client.get_login_url())) + + +class SigninReturnHandler(SignBaseHandler): + + @web.asynchronous + @gen.coroutine def get(self): - client = CASClient(version='2', - server_url=CONF.lfid_cas_url, - service_url=CONF.ui_url) - self.redirect(url=(client.get_login_url())) + ticket = self.get_query_argument('ticket', default=None) + if ticket: + (user, attrs, _) = self.cas_client.verify_ticket(ticket=ticket) + login_user = { + 'user': user, + 'email': attrs.get('mail'), + 'fullname': attrs.get('field_lf_full_name'), + 'groups': constants.TESTAPI_USERS + attrs.get('group', []) + } + q_user = {'user': user} + db_user = yield dbapi.db_find_one(self.table, q_user) + if not db_user: + dbapi.db_save(self.table, login_user) + else: + dbapi.db_update(self.table, q_user, login_user) + + self.clear_cookie(constants.TESTAPI_ID) + self.set_secure_cookie(constants.TESTAPI_ID, user) + + self.redirect(url=CONF.ui_url) -class SignoutHandler(handlers.GenericApiHandler): +class SignoutHandler(SignBaseHandler): def get(self): """Handle signout request.""" self.clear_cookie(constants.TESTAPI_ID) - client = CASClient(version='2', - server_url=CONF.lfid_cas_url) - self.redirect(url=(client.get_logout_url(redirect_url=CONF.ui_url))) + logout_url = self.cas_client.get_logout_url(redirect_url=CONF.ui_url) + self.redirect(url=logout_url) diff --git a/testapi/opnfv_testapi/ui/root.py b/testapi/opnfv_testapi/ui/root.py index 576cbdd..286a6b0 100644 --- a/testapi/opnfv_testapi/ui/root.py +++ b/testapi/opnfv_testapi/ui/root.py @@ -1,4 +1,3 @@ -from opnfv_testapi.common import check from opnfv_testapi.common.config import CONF from opnfv_testapi.resources import handlers @@ -7,6 +6,5 @@ class RootHandler(handlers.GenericApiHandler): def get_template_path(self): return CONF.ui_static_path - @check.login def get(self): self.render('testapi-ui/index.html') |