From 9e36409f1bf52a6fd510c4f4896d85761b59cfa9 Mon Sep 17 00:00:00 2001 From: SerenaFeng Date: Wed, 30 Aug 2017 11:59:46 +0800 Subject: leverage LFID as Authentication delete openid authentication add LFID authentication Change-Id: Iead144b5130bce51448024e65092fdea3bb2f07a Signed-off-by: SerenaFeng --- testapi/opnfv_testapi/ui/auth/sign.py | 80 ++++++----------------------------- 1 file changed, 13 insertions(+), 67 deletions(-) (limited to 'testapi/opnfv_testapi/ui/auth/sign.py') diff --git a/testapi/opnfv_testapi/ui/auth/sign.py b/testapi/opnfv_testapi/ui/auth/sign.py index 4623952..01cd0f7 100644 --- a/testapi/opnfv_testapi/ui/auth/sign.py +++ b/testapi/opnfv_testapi/ui/auth/sign.py @@ -1,76 +1,22 @@ -from six.moves.urllib import parse -from tornado import gen -from tornado import web +from cas import CASClient +from opnfv_testapi.common import constants from opnfv_testapi.common.config import CONF -from opnfv_testapi.db import api as dbapi -from opnfv_testapi.ui.auth import base -from opnfv_testapi.ui.auth import constants as const +from opnfv_testapi.resources import handlers -class SigninHandler(base.BaseHandler): +class SigninHandler(handlers.GenericApiHandler): def get(self): - csrf_token = base.get_token() - return_endpoint = parse.urljoin(CONF.api_url, - CONF.osid_openid_return_to) - return_to = base.set_query_params(return_endpoint, - {const.CSRF_TOKEN: csrf_token}) + client = CASClient(version='2', + server_url=CONF.lfid_cas_url, + service_url=CONF.ui_url) + self.redirect(url=(client.get_login_url())) - params = { - const.OPENID_MODE: CONF.osid_openid_mode, - const.OPENID_NS: CONF.osid_openid_ns, - const.OPENID_RETURN_TO: return_to, - const.OPENID_CLAIMED_ID: CONF.osid_openid_claimed_id, - const.OPENID_IDENTITY: CONF.osid_openid_identity, - const.OPENID_REALM: CONF.api_url, - const.OPENID_NS_SREG: CONF.osid_openid_ns_sreg, - const.OPENID_NS_SREG_REQUIRED: CONF.osid_openid_sreg_required, - } - url = CONF.osid_openstack_openid_endpoint - url = base.set_query_params(url, params) - self.redirect(url=url, permanent=False) - -class SigninReturnHandler(base.BaseHandler): - @web.asynchronous - @gen.coroutine - def get(self): - if self.get_query_argument(const.OPENID_MODE) == 'cancel': - self._auth_failure('Authentication canceled.') - - openid = self.get_query_argument(const.OPENID_CLAIMED_ID) - role = const.DEFAULT_ROLE - new_user_info = { - 'openid': openid, - 'email': self.get_query_argument(const.OPENID_NS_SREG_EMAIL), - 'fullname': self.get_query_argument(const.OPENID_NS_SREG_FULLNAME), - const.ROLE: role - } - user = yield dbapi.db_find_one(self.table, {'openid': openid}) - if not user: - dbapi.db_save(self.table, new_user_info) - else: - role = user.get(const.ROLE) - - self.clear_cookie(const.OPENID) - self.clear_cookie(const.ROLE) - self.set_secure_cookie(const.OPENID, openid) - self.set_secure_cookie(const.ROLE, role) - self.redirect(url=CONF.ui_url) - - def _auth_failure(self, message): - params = {'message': message} - url = parse.urljoin(CONF.ui_url, - '/#/auth_failure?' + parse.urlencode(params)) - self.redirect(url) - - -class SignoutHandler(base.BaseHandler): +class SignoutHandler(handlers.GenericApiHandler): def get(self): """Handle signout request.""" - self.clear_cookie(const.OPENID) - self.clear_cookie(const.ROLE) - params = {'openid_logout': CONF.osid_openid_logout_endpoint} - url = parse.urljoin(CONF.ui_url, - '/#/logout?' + parse.urlencode(params)) - self.redirect(url) + self.clear_cookie(constants.TESTAPI_ID) + client = CASClient(version='2', + server_url=CONF.lfid_cas_url) + self.redirect(url=(client.get_logout_url(redirect_url=CONF.ui_url))) -- cgit 1.2.3-korg