From b3580028292d2927564020e8143bc1f659ef0ab3 Mon Sep 17 00:00:00 2001 From: SerenaFeng Date: Wed, 6 Sep 2017 14:21:23 +0800 Subject: hide cas ticket from web portal In the previous implementation, when login the url will shown as: http://localhost:8000/?ticket=ST-5WzYs6SD2A#/ this patch aims to hide the ticket mechanism. 1) add /api/v1/auth/signin_return to process login verify 2) refactor code, leverage SignBaseHanlder() to manage casclient Change-Id: I62e23eb69ee52304c30753e861b4f0a4e0d45541 Signed-off-by: SerenaFeng --- testapi/opnfv_testapi/ui/auth/sign.py | 55 +++++++++++++++++++++++++++++------ testapi/opnfv_testapi/ui/root.py | 2 -- 2 files changed, 46 insertions(+), 11 deletions(-) (limited to 'testapi/opnfv_testapi/ui') diff --git a/testapi/opnfv_testapi/ui/auth/sign.py b/testapi/opnfv_testapi/ui/auth/sign.py index 01cd0f7..318473e 100644 --- a/testapi/opnfv_testapi/ui/auth/sign.py +++ b/testapi/opnfv_testapi/ui/auth/sign.py @@ -1,22 +1,59 @@ from cas import CASClient +from tornado import gen +from tornado import web from opnfv_testapi.common import constants from opnfv_testapi.common.config import CONF +from opnfv_testapi.db import api as dbapi from opnfv_testapi.resources import handlers -class SigninHandler(handlers.GenericApiHandler): +class SignBaseHandler(handlers.GenericApiHandler): + def __init__(self, application, request, **kwargs): + super(SignBaseHandler, self).__init__(application, request, **kwargs) + self.table = 'users' + self.cas_client = CASClient(version='2', + server_url=CONF.lfid_cas_url, + service_url='{}/{}'.format( + CONF.ui_url, + CONF.lfid_signin_return)) + + +class SigninHandler(SignBaseHandler): + def get(self): + self.redirect(url=(self.cas_client.get_login_url())) + + +class SigninReturnHandler(SignBaseHandler): + + @web.asynchronous + @gen.coroutine def get(self): - client = CASClient(version='2', - server_url=CONF.lfid_cas_url, - service_url=CONF.ui_url) - self.redirect(url=(client.get_login_url())) + ticket = self.get_query_argument('ticket', default=None) + if ticket: + (user, attrs, _) = self.cas_client.verify_ticket(ticket=ticket) + login_user = { + 'user': user, + 'email': attrs.get('mail'), + 'fullname': attrs.get('field_lf_full_name'), + 'groups': constants.TESTAPI_USERS + attrs.get('group', []) + } + q_user = {'user': user} + db_user = yield dbapi.db_find_one(self.table, q_user) + if not db_user: + dbapi.db_save(self.table, login_user) + else: + dbapi.db_update(self.table, q_user, login_user) + + self.clear_cookie(constants.TESTAPI_ID) + self.set_secure_cookie(constants.TESTAPI_ID, user) + + self.redirect(url=CONF.ui_url) -class SignoutHandler(handlers.GenericApiHandler): +class SignoutHandler(SignBaseHandler): def get(self): """Handle signout request.""" self.clear_cookie(constants.TESTAPI_ID) - client = CASClient(version='2', - server_url=CONF.lfid_cas_url) - self.redirect(url=(client.get_logout_url(redirect_url=CONF.ui_url))) + logout_url = self.cas_client.get_logout_url(redirect_url=CONF.ui_url) + self.redirect(url=logout_url) diff --git a/testapi/opnfv_testapi/ui/root.py b/testapi/opnfv_testapi/ui/root.py index 576cbdd..286a6b0 100644 --- a/testapi/opnfv_testapi/ui/root.py +++ b/testapi/opnfv_testapi/ui/root.py @@ -1,4 +1,3 @@ -from opnfv_testapi.common import check from opnfv_testapi.common.config import CONF from opnfv_testapi.resources import handlers @@ -7,6 +6,5 @@ class RootHandler(handlers.GenericApiHandler): def get_template_path(self): return CONF.ui_static_path - @check.login def get(self): self.render('testapi-ui/index.html') -- cgit 1.2.3-korg