diff options
-rw-r--r-- | utils/test/testapi/opnfv_testapi/cmd/server.py | 3 | ||||
-rw-r--r-- | utils/test/testapi/opnfv_testapi/resources/handlers.py | 8 | ||||
-rw-r--r-- | utils/test/testapi/opnfv_testapi/router/url_mappings.py | 8 | ||||
-rw-r--r-- | utils/test/testapi/opnfv_testapi/ui/auth/base.py (renamed from utils/test/testapi/opnfv_testapi/ui/auth/utils.py) | 12 | ||||
-rw-r--r-- | utils/test/testapi/opnfv_testapi/ui/auth/sign.py (renamed from utils/test/testapi/opnfv_testapi/ui/auth/handlers.py) | 26 | ||||
-rw-r--r-- | utils/test/testapi/opnfv_testapi/ui/auth/user.py | 24 |
6 files changed, 68 insertions, 13 deletions
diff --git a/utils/test/testapi/opnfv_testapi/cmd/server.py b/utils/test/testapi/opnfv_testapi/cmd/server.py index 2696bb397..545d5e367 100644 --- a/utils/test/testapi/opnfv_testapi/cmd/server.py +++ b/utils/test/testapi/opnfv_testapi/cmd/server.py @@ -64,7 +64,8 @@ def make_app(): url_mappings.mappings, db=get_db(), debug=CONF.api_debug, - auth=CONF.api_authenticate + auth=CONF.api_authenticate, + cookie_secret='opnfv-testapi', ) diff --git a/utils/test/testapi/opnfv_testapi/resources/handlers.py b/utils/test/testapi/opnfv_testapi/resources/handlers.py index dbf94eb75..2426805b6 100644 --- a/utils/test/testapi/opnfv_testapi/resources/handlers.py +++ b/utils/test/testapi/opnfv_testapi/resources/handlers.py @@ -188,6 +188,14 @@ class GenericApiHandler(web.RequestHandler): table = self.table return self._eval_db(table, 'find_one', query) + def db_save(self, collection, data): + self._eval_db(collection, 'insert', data, check_keys=False) + + def db_find_one(self, query, collection=None): + if not collection: + collection = self.table + return self._eval_db(collection, 'find_one', query) + class VersionHandler(GenericApiHandler): @swagger.operation(nickname='listAllVersions') diff --git a/utils/test/testapi/opnfv_testapi/router/url_mappings.py b/utils/test/testapi/opnfv_testapi/router/url_mappings.py index 7bd34300f..d68670185 100644 --- a/utils/test/testapi/opnfv_testapi/router/url_mappings.py +++ b/utils/test/testapi/opnfv_testapi/router/url_mappings.py @@ -16,7 +16,8 @@ from opnfv_testapi.resources import result_handlers from opnfv_testapi.resources import scenario_handlers from opnfv_testapi.resources import testcase_handlers from opnfv_testapi.ui import root -from opnfv_testapi.ui.auth import handlers as auth_handlers +from opnfv_testapi.ui.auth import sign +from opnfv_testapi.ui.auth import user mappings = [ # GET /versions => GET API version @@ -59,6 +60,7 @@ mappings = [ {'path': config.Config().static_path}), (r'/', root.RootHandler), - (r'/api/v1/auth/signin', auth_handlers.SigninHandler), - (r'/api/v1/auth/signin_return', auth_handlers.SigninReturnHandler), + (r'/api/v1/auth/signin', sign.SigninHandler), + (r'/api/v1/auth/signin_return', sign.SigninReturnHandler), + (r'/api/v1/profile', user.ProfileHandler), ] diff --git a/utils/test/testapi/opnfv_testapi/ui/auth/utils.py b/utils/test/testapi/opnfv_testapi/ui/auth/base.py index c3912ad0c..bea87c4d9 100644 --- a/utils/test/testapi/opnfv_testapi/ui/auth/utils.py +++ b/utils/test/testapi/opnfv_testapi/ui/auth/base.py @@ -3,6 +3,18 @@ import string from six.moves.urllib import parse +from opnfv_testapi.resources import handlers + + +class BaseHandler(handlers.GenericApiHandler): + def __init__(self, application, request, **kwargs): + super(BaseHandler, self).__init__(application, request, **kwargs) + self.table = 'users' + + def set_cookies(self, cookies): + for cookie_n, cookie_v in cookies: + self.set_secure_cookie(cookie_n, cookie_v) + def get_token(length=30): """Get random token.""" diff --git a/utils/test/testapi/opnfv_testapi/ui/auth/handlers.py b/utils/test/testapi/opnfv_testapi/ui/auth/sign.py index 511952dfd..c92196a7a 100644 --- a/utils/test/testapi/opnfv_testapi/ui/auth/handlers.py +++ b/utils/test/testapi/opnfv_testapi/ui/auth/sign.py @@ -1,21 +1,19 @@ from six.moves.urllib import parse from opnfv_testapi.common import config -from opnfv_testapi.resources import handlers +from opnfv_testapi.ui.auth import base from opnfv_testapi.ui.auth import constants as const -from opnfv_testapi.ui.auth import utils - CONF = config.Config() -class SigninHandler(handlers.GenericApiHandler): +class SigninHandler(base.BaseHandler): def get(self): - csrf_token = utils.get_token() + csrf_token = base.get_token() return_endpoint = parse.urljoin(CONF.api_url, CONF.osid_openid_return_to) - return_to = utils.set_query_params(return_endpoint, - {const.CSRF_TOKEN: csrf_token}) + return_to = base.set_query_params(return_endpoint, + {const.CSRF_TOKEN: csrf_token}) params = { const.OPENID_MODE: CONF.osid_openid_mode, @@ -28,10 +26,20 @@ class SigninHandler(handlers.GenericApiHandler): const.OPENID_NS_SREG_REQUIRED: CONF.osid_openid_sreg_required, } url = CONF.osid_openstack_openid_endpoint - url = utils.set_query_params(url, params) + url = base.set_query_params(url, params) self.redirect(url=url, permanent=False) -class SigninReturnHandler(handlers.GenericApiHandler): +class SigninReturnHandler(base.BaseHandler): def get(self): + openid = self.get_query_argument(const.OPENID_CLAIMED_ID) + user_info = { + 'openid': openid, + 'email': self.get_query_argument(const.OPENID_NS_SREG_EMAIL), + 'fullname': self.get_query_argument(const.OPENID_NS_SREG_FULLNAME) + } + + self.db_save(self.table, user_info) + if not self.get_secure_cookie('openid'): + self.set_secure_cookie('openid', openid) self.redirect(url=CONF.ui_url) diff --git a/utils/test/testapi/opnfv_testapi/ui/auth/user.py b/utils/test/testapi/opnfv_testapi/ui/auth/user.py new file mode 100644 index 000000000..140bca51c --- /dev/null +++ b/utils/test/testapi/opnfv_testapi/ui/auth/user.py @@ -0,0 +1,24 @@ +from tornado import gen +from tornado import web + +from opnfv_testapi.common import raises +from opnfv_testapi.ui.auth import base + + +class ProfileHandler(base.BaseHandler): + @web.asynchronous + @gen.coroutine + def get(self): + openid = self.get_secure_cookie('openid') + if openid: + try: + user = yield self.db_find_one({'openid': openid}) + self.finish_request({ + "openid": user.get('openid'), + "email": user.get('email'), + "fullname": user.get('fullname'), + "is_admin": False + }) + except Exception: + pass + raises.Unauthorized('Unauthorized') |