From 9e36409f1bf52a6fd510c4f4896d85761b59cfa9 Mon Sep 17 00:00:00 2001
From: SerenaFeng <feng.xiaowei@zte.com.cn>
Date: Wed, 30 Aug 2017 11:59:46 +0800
Subject: leverage LFID as Authentication

delete openid authentication
add LFID authentication

Change-Id: Iead144b5130bce51448024e65092fdea3bb2f07a
Signed-off-by: SerenaFeng <feng.xiaowei@zte.com.cn>
---
 testapi/opnfv_testapi/ui/auth/base.py      | 35 -------------
 testapi/opnfv_testapi/ui/auth/constants.py | 18 -------
 testapi/opnfv_testapi/ui/auth/sign.py      | 80 +++++-------------------------
 testapi/opnfv_testapi/ui/auth/user.py      | 43 ++++++++--------
 testapi/opnfv_testapi/ui/root.py           |  6 ++-
 5 files changed, 39 insertions(+), 143 deletions(-)
 delete mode 100644 testapi/opnfv_testapi/ui/auth/base.py
 delete mode 100644 testapi/opnfv_testapi/ui/auth/constants.py

(limited to 'testapi/opnfv_testapi/ui')

diff --git a/testapi/opnfv_testapi/ui/auth/base.py b/testapi/opnfv_testapi/ui/auth/base.py
deleted file mode 100644
index bea87c4..0000000
--- a/testapi/opnfv_testapi/ui/auth/base.py
+++ /dev/null
@@ -1,35 +0,0 @@
-import random
-import string
-
-from six.moves.urllib import parse
-
-from opnfv_testapi.resources import handlers
-
-
-class BaseHandler(handlers.GenericApiHandler):
-    def __init__(self, application, request, **kwargs):
-        super(BaseHandler, self).__init__(application, request, **kwargs)
-        self.table = 'users'
-
-    def set_cookies(self, cookies):
-        for cookie_n, cookie_v in cookies:
-            self.set_secure_cookie(cookie_n, cookie_v)
-
-
-def get_token(length=30):
-    """Get random token."""
-    return ''.join(random.choice(string.ascii_lowercase)
-                   for i in range(length))
-
-
-def set_query_params(url, params):
-    """Set params in given query."""
-    url_parts = parse.urlparse(url)
-    url = parse.urlunparse((
-        url_parts.scheme,
-        url_parts.netloc,
-        url_parts.path,
-        url_parts.params,
-        parse.urlencode(params),
-        url_parts.fragment))
-    return url
diff --git a/testapi/opnfv_testapi/ui/auth/constants.py b/testapi/opnfv_testapi/ui/auth/constants.py
deleted file mode 100644
index 44ccb46..0000000
--- a/testapi/opnfv_testapi/ui/auth/constants.py
+++ /dev/null
@@ -1,18 +0,0 @@
-OPENID = 'openid'
-ROLE = 'role'
-DEFAULT_ROLE = 'user'
-
-# OpenID parameters
-OPENID_MODE = 'openid.mode'
-OPENID_NS = 'openid.ns'
-OPENID_RETURN_TO = 'openid.return_to'
-OPENID_CLAIMED_ID = 'openid.claimed_id'
-OPENID_IDENTITY = 'openid.identity'
-OPENID_REALM = 'openid.realm'
-OPENID_NS_SREG = 'openid.ns.sreg'
-OPENID_NS_SREG_REQUIRED = 'openid.sreg.required'
-OPENID_NS_SREG_EMAIL = 'openid.sreg.email'
-OPENID_NS_SREG_FULLNAME = 'openid.sreg.fullname'
-OPENID_ERROR = 'openid.error'
-
-CSRF_TOKEN = 'csrf_token'
diff --git a/testapi/opnfv_testapi/ui/auth/sign.py b/testapi/opnfv_testapi/ui/auth/sign.py
index 4623952..01cd0f7 100644
--- a/testapi/opnfv_testapi/ui/auth/sign.py
+++ b/testapi/opnfv_testapi/ui/auth/sign.py
@@ -1,76 +1,22 @@
-from six.moves.urllib import parse
-from tornado import gen
-from tornado import web
+from cas import CASClient
 
+from opnfv_testapi.common import constants
 from opnfv_testapi.common.config import CONF
-from opnfv_testapi.db import api as dbapi
-from opnfv_testapi.ui.auth import base
-from opnfv_testapi.ui.auth import constants as const
+from opnfv_testapi.resources import handlers
 
 
-class SigninHandler(base.BaseHandler):
+class SigninHandler(handlers.GenericApiHandler):
     def get(self):
-        csrf_token = base.get_token()
-        return_endpoint = parse.urljoin(CONF.api_url,
-                                        CONF.osid_openid_return_to)
-        return_to = base.set_query_params(return_endpoint,
-                                          {const.CSRF_TOKEN: csrf_token})
+        client = CASClient(version='2',
+                           server_url=CONF.lfid_cas_url,
+                           service_url=CONF.ui_url)
+        self.redirect(url=(client.get_login_url()))
 
-        params = {
-            const.OPENID_MODE: CONF.osid_openid_mode,
-            const.OPENID_NS: CONF.osid_openid_ns,
-            const.OPENID_RETURN_TO: return_to,
-            const.OPENID_CLAIMED_ID: CONF.osid_openid_claimed_id,
-            const.OPENID_IDENTITY: CONF.osid_openid_identity,
-            const.OPENID_REALM: CONF.api_url,
-            const.OPENID_NS_SREG: CONF.osid_openid_ns_sreg,
-            const.OPENID_NS_SREG_REQUIRED: CONF.osid_openid_sreg_required,
-        }
-        url = CONF.osid_openstack_openid_endpoint
-        url = base.set_query_params(url, params)
-        self.redirect(url=url, permanent=False)
 
-
-class SigninReturnHandler(base.BaseHandler):
-    @web.asynchronous
-    @gen.coroutine
-    def get(self):
-        if self.get_query_argument(const.OPENID_MODE) == 'cancel':
-            self._auth_failure('Authentication canceled.')
-
-        openid = self.get_query_argument(const.OPENID_CLAIMED_ID)
-        role = const.DEFAULT_ROLE
-        new_user_info = {
-            'openid': openid,
-            'email': self.get_query_argument(const.OPENID_NS_SREG_EMAIL),
-            'fullname': self.get_query_argument(const.OPENID_NS_SREG_FULLNAME),
-            const.ROLE: role
-        }
-        user = yield dbapi.db_find_one(self.table, {'openid': openid})
-        if not user:
-            dbapi.db_save(self.table, new_user_info)
-        else:
-            role = user.get(const.ROLE)
-
-        self.clear_cookie(const.OPENID)
-        self.clear_cookie(const.ROLE)
-        self.set_secure_cookie(const.OPENID, openid)
-        self.set_secure_cookie(const.ROLE, role)
-        self.redirect(url=CONF.ui_url)
-
-    def _auth_failure(self, message):
-        params = {'message': message}
-        url = parse.urljoin(CONF.ui_url,
-                            '/#/auth_failure?' + parse.urlencode(params))
-        self.redirect(url)
-
-
-class SignoutHandler(base.BaseHandler):
+class SignoutHandler(handlers.GenericApiHandler):
     def get(self):
         """Handle signout request."""
-        self.clear_cookie(const.OPENID)
-        self.clear_cookie(const.ROLE)
-        params = {'openid_logout': CONF.osid_openid_logout_endpoint}
-        url = parse.urljoin(CONF.ui_url,
-                            '/#/logout?' + parse.urlencode(params))
-        self.redirect(url)
+        self.clear_cookie(constants.TESTAPI_ID)
+        client = CASClient(version='2',
+                           server_url=CONF.lfid_cas_url)
+        self.redirect(url=(client.get_logout_url(redirect_url=CONF.ui_url)))
diff --git a/testapi/opnfv_testapi/ui/auth/user.py b/testapi/opnfv_testapi/ui/auth/user.py
index 955cdee..ab86007 100644
--- a/testapi/opnfv_testapi/ui/auth/user.py
+++ b/testapi/opnfv_testapi/ui/auth/user.py
@@ -1,25 +1,26 @@
-from tornado import gen
-from tornado import web
-
+from opnfv_testapi.common import constants
 from opnfv_testapi.common import raises
-from opnfv_testapi.db import api as dbapi
-from opnfv_testapi.ui.auth import base
+from opnfv_testapi.resources import handlers
+from opnfv_testapi.resources import models
+
+
+class User(models.ModelBase):
+    def __init__(self, user=None, email=None, fullname=None, groups=None):
+        self.user = user
+        self.email = email
+        self.fullname = fullname
+        self.groups = groups
+
 
+class UserHandler(handlers.GenericApiHandler):
+    def __init__(self, application, request, **kwargs):
+        super(UserHandler, self).__init__(application, request, **kwargs)
+        self.table = 'users'
+        self.table_cls = User
 
-class ProfileHandler(base.BaseHandler):
-    @web.asynchronous
-    @gen.coroutine
     def get(self):
-        openid = self.get_secure_cookie('openid')
-        if openid:
-            try:
-                user = yield dbapi.db_find_one(self.table, {'openid': openid})
-                self.finish_request({
-                    "openid": user.get('openid'),
-                    "email": user.get('email'),
-                    "fullname": user.get('fullname'),
-                    "role": user.get('role', 'user')
-                })
-            except Exception:
-                pass
-        raises.Unauthorized('Unauthorized')
+        username = self.get_secure_cookie(constants.TESTAPI_ID)
+        if username:
+            self._get_one(query={'user': username})
+        else:
+            raises.Unauthorized('Unauthorized')
diff --git a/testapi/opnfv_testapi/ui/root.py b/testapi/opnfv_testapi/ui/root.py
index 5b2c922..069ad5e 100644
--- a/testapi/opnfv_testapi/ui/root.py
+++ b/testapi/opnfv_testapi/ui/root.py
@@ -1,10 +1,12 @@
-from opnfv_testapi.resources.handlers import GenericApiHandler
+from opnfv_testapi.common import check
 from opnfv_testapi.common.config import CONF
+from opnfv_testapi.resources import handlers
 
 
-class RootHandler(GenericApiHandler):
+class RootHandler(handlers.GenericApiHandler):
     def get_template_path(self):
         return CONF.static_path
 
+    @check.login
     def get(self):
         self.render('testapi-ui/index.html')
-- 
cgit 1.2.3-korg