summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSerenaFeng <feng.xiaowei@zte.com.cn>2017-09-06 14:21:23 +0800
committerSerenaFeng <feng.xiaowei@zte.com.cn>2017-09-06 14:32:17 +0800
commitb3580028292d2927564020e8143bc1f659ef0ab3 (patch)
tree6fffa805732173047ef7ae449c9754e9fd40ee05
parent3c77911dfb82fe165607496ca8a14ad7bd1a4337 (diff)
hide cas ticket from web portal
In the previous implementation, when login the url will shown as: http://localhost:8000/?ticket=ST-5WzYs6SD2A#/ this patch aims to hide the ticket mechanism. 1) add /api/v1/auth/signin_return to process login verify 2) refactor code, leverage SignBaseHanlder() to manage casclient Change-Id: I62e23eb69ee52304c30753e861b4f0a4e0d45541 Signed-off-by: SerenaFeng <feng.xiaowei@zte.com.cn>
-rw-r--r--testapi/etc/config.ini2
-rw-r--r--testapi/opnfv_testapi/common/check.py35
-rw-r--r--testapi/opnfv_testapi/common/constants.py1
-rw-r--r--testapi/opnfv_testapi/router/url_mappings.py1
-rw-r--r--testapi/opnfv_testapi/ui/auth/sign.py55
-rw-r--r--testapi/opnfv_testapi/ui/root.py2
6 files changed, 49 insertions, 47 deletions
diff --git a/testapi/etc/config.ini b/testapi/etc/config.ini
index a7d8da6..8d0bde2 100644
--- a/testapi/etc/config.ini
+++ b/testapi/etc/config.ini
@@ -27,3 +27,5 @@ static_path = /usr/local/share/opnfv_testapi
[lfid]
# Linux Foundation cas URL
cas_url = https://identity.linuxfoundation.org/cas/
+#service url used to authenticate to cas
+signin_return = api/v1/auth/signin_return
diff --git a/testapi/opnfv_testapi/common/check.py b/testapi/opnfv_testapi/common/check.py
index 009d3d4..24ba876 100644
--- a/testapi/opnfv_testapi/common/check.py
+++ b/testapi/opnfv_testapi/common/check.py
@@ -8,49 +8,14 @@
##############################################################################
import functools
-import cas
from tornado import gen
from tornado import web
-from opnfv_testapi.common import constants
from opnfv_testapi.common import message
from opnfv_testapi.common import raises
-from opnfv_testapi.common.config import CONF
from opnfv_testapi.db import api as dbapi
-def login(method):
- @web.asynchronous
- @gen.coroutine
- @functools.wraps(method)
- def wrapper(self, *args, **kwargs):
- ticket = self.get_query_argument('ticket', default=None)
- if ticket:
- client = cas.CASClient(version='2',
- server_url=CONF.lfid_cas_url,
- service_url=CONF.ui_url)
- (user, attrs, _) = client.verify_ticket(ticket=ticket)
- print 'login user: {}'.format(user)
- login_user = {
- 'user': user,
- 'email': attrs.get('mail'),
- 'fullname': attrs.get('field_lf_full_name'),
- 'groups': constants.TESTAPI_USERS + attrs.get('group', [])
- }
- q_user = {'user': user}
- db_user = yield dbapi.db_find_one(constants.USER_TABLE, q_user)
- if not db_user:
- dbapi.db_save(constants.USER_TABLE, login_user)
- else:
- dbapi.db_update(constants.USER_TABLE, q_user, login_user)
-
- self.clear_cookie(constants.TESTAPI_ID)
- self.set_secure_cookie(constants.TESTAPI_ID, user)
- ret = yield gen.coroutine(method)(self, *args, **kwargs)
- raise gen.Return(ret)
- return wrapper
-
-
def authenticate(method):
@web.asynchronous
@gen.coroutine
diff --git a/testapi/opnfv_testapi/common/constants.py b/testapi/opnfv_testapi/common/constants.py
index b37ebb3..70c9223 100644
--- a/testapi/opnfv_testapi/common/constants.py
+++ b/testapi/opnfv_testapi/common/constants.py
@@ -2,4 +2,3 @@ TESTAPI_ID = 'testapi_id'
CSRF_TOKEN = 'csrf_token'
ROLE = 'role'
TESTAPI_USERS = ['opnfv-testapi-users']
-USER_TABLE = 'users'
diff --git a/testapi/opnfv_testapi/router/url_mappings.py b/testapi/opnfv_testapi/router/url_mappings.py
index c038e88..ce0a3ee 100644
--- a/testapi/opnfv_testapi/router/url_mappings.py
+++ b/testapi/opnfv_testapi/router/url_mappings.py
@@ -76,6 +76,7 @@ mappings = [
(r'/', root.RootHandler),
(r'/api/v1/auth/signin', sign.SigninHandler),
+ (r'/{}'.format(CONF.lfid_signin_return), sign.SigninReturnHandler),
(r'/api/v1/auth/signout', sign.SignoutHandler),
(r'/api/v1/profile', user.UserHandler),
diff --git a/testapi/opnfv_testapi/ui/auth/sign.py b/testapi/opnfv_testapi/ui/auth/sign.py
index 01cd0f7..318473e 100644
--- a/testapi/opnfv_testapi/ui/auth/sign.py
+++ b/testapi/opnfv_testapi/ui/auth/sign.py
@@ -1,22 +1,59 @@
from cas import CASClient
+from tornado import gen
+from tornado import web
from opnfv_testapi.common import constants
from opnfv_testapi.common.config import CONF
+from opnfv_testapi.db import api as dbapi
from opnfv_testapi.resources import handlers
-class SigninHandler(handlers.GenericApiHandler):
+class SignBaseHandler(handlers.GenericApiHandler):
+ def __init__(self, application, request, **kwargs):
+ super(SignBaseHandler, self).__init__(application, request, **kwargs)
+ self.table = 'users'
+ self.cas_client = CASClient(version='2',
+ server_url=CONF.lfid_cas_url,
+ service_url='{}/{}'.format(
+ CONF.ui_url,
+ CONF.lfid_signin_return))
+
+
+class SigninHandler(SignBaseHandler):
+ def get(self):
+ self.redirect(url=(self.cas_client.get_login_url()))
+
+
+class SigninReturnHandler(SignBaseHandler):
+
+ @web.asynchronous
+ @gen.coroutine
def get(self):
- client = CASClient(version='2',
- server_url=CONF.lfid_cas_url,
- service_url=CONF.ui_url)
- self.redirect(url=(client.get_login_url()))
+ ticket = self.get_query_argument('ticket', default=None)
+ if ticket:
+ (user, attrs, _) = self.cas_client.verify_ticket(ticket=ticket)
+ login_user = {
+ 'user': user,
+ 'email': attrs.get('mail'),
+ 'fullname': attrs.get('field_lf_full_name'),
+ 'groups': constants.TESTAPI_USERS + attrs.get('group', [])
+ }
+ q_user = {'user': user}
+ db_user = yield dbapi.db_find_one(self.table, q_user)
+ if not db_user:
+ dbapi.db_save(self.table, login_user)
+ else:
+ dbapi.db_update(self.table, q_user, login_user)
+
+ self.clear_cookie(constants.TESTAPI_ID)
+ self.set_secure_cookie(constants.TESTAPI_ID, user)
+
+ self.redirect(url=CONF.ui_url)
-class SignoutHandler(handlers.GenericApiHandler):
+class SignoutHandler(SignBaseHandler):
def get(self):
"""Handle signout request."""
self.clear_cookie(constants.TESTAPI_ID)
- client = CASClient(version='2',
- server_url=CONF.lfid_cas_url)
- self.redirect(url=(client.get_logout_url(redirect_url=CONF.ui_url)))
+ logout_url = self.cas_client.get_logout_url(redirect_url=CONF.ui_url)
+ self.redirect(url=logout_url)
diff --git a/testapi/opnfv_testapi/ui/root.py b/testapi/opnfv_testapi/ui/root.py
index 576cbdd..286a6b0 100644
--- a/testapi/opnfv_testapi/ui/root.py
+++ b/testapi/opnfv_testapi/ui/root.py
@@ -1,4 +1,3 @@
-from opnfv_testapi.common import check
from opnfv_testapi.common.config import CONF
from opnfv_testapi.resources import handlers
@@ -7,6 +6,5 @@ class RootHandler(handlers.GenericApiHandler):
def get_template_path(self):
return CONF.ui_static_path
- @check.login
def get(self):
self.render('testapi-ui/index.html')