summaryrefslogtreecommitdiffstats
path: root/utils/test/testapi/opnfv_testapi/ui/auth
diff options
context:
space:
mode:
Diffstat (limited to 'utils/test/testapi/opnfv_testapi/ui/auth')
-rw-r--r--utils/test/testapi/opnfv_testapi/ui/auth/base.py35
-rw-r--r--utils/test/testapi/opnfv_testapi/ui/auth/constants.py18
-rw-r--r--utils/test/testapi/opnfv_testapi/ui/auth/sign.py103
-rw-r--r--utils/test/testapi/opnfv_testapi/ui/auth/user.py43
4 files changed, 65 insertions, 134 deletions
diff --git a/utils/test/testapi/opnfv_testapi/ui/auth/base.py b/utils/test/testapi/opnfv_testapi/ui/auth/base.py
deleted file mode 100644
index bea87c4d9..000000000
--- a/utils/test/testapi/opnfv_testapi/ui/auth/base.py
+++ /dev/null
@@ -1,35 +0,0 @@
-import random
-import string
-
-from six.moves.urllib import parse
-
-from opnfv_testapi.resources import handlers
-
-
-class BaseHandler(handlers.GenericApiHandler):
- def __init__(self, application, request, **kwargs):
- super(BaseHandler, self).__init__(application, request, **kwargs)
- self.table = 'users'
-
- def set_cookies(self, cookies):
- for cookie_n, cookie_v in cookies:
- self.set_secure_cookie(cookie_n, cookie_v)
-
-
-def get_token(length=30):
- """Get random token."""
- return ''.join(random.choice(string.ascii_lowercase)
- for i in range(length))
-
-
-def set_query_params(url, params):
- """Set params in given query."""
- url_parts = parse.urlparse(url)
- url = parse.urlunparse((
- url_parts.scheme,
- url_parts.netloc,
- url_parts.path,
- url_parts.params,
- parse.urlencode(params),
- url_parts.fragment))
- return url
diff --git a/utils/test/testapi/opnfv_testapi/ui/auth/constants.py b/utils/test/testapi/opnfv_testapi/ui/auth/constants.py
deleted file mode 100644
index 44ccb46d7..000000000
--- a/utils/test/testapi/opnfv_testapi/ui/auth/constants.py
+++ /dev/null
@@ -1,18 +0,0 @@
-OPENID = 'openid'
-ROLE = 'role'
-DEFAULT_ROLE = 'user'
-
-# OpenID parameters
-OPENID_MODE = 'openid.mode'
-OPENID_NS = 'openid.ns'
-OPENID_RETURN_TO = 'openid.return_to'
-OPENID_CLAIMED_ID = 'openid.claimed_id'
-OPENID_IDENTITY = 'openid.identity'
-OPENID_REALM = 'openid.realm'
-OPENID_NS_SREG = 'openid.ns.sreg'
-OPENID_NS_SREG_REQUIRED = 'openid.sreg.required'
-OPENID_NS_SREG_EMAIL = 'openid.sreg.email'
-OPENID_NS_SREG_FULLNAME = 'openid.sreg.fullname'
-OPENID_ERROR = 'openid.error'
-
-CSRF_TOKEN = 'csrf_token'
diff --git a/utils/test/testapi/opnfv_testapi/ui/auth/sign.py b/utils/test/testapi/opnfv_testapi/ui/auth/sign.py
index 462395225..318473ea2 100644
--- a/utils/test/testapi/opnfv_testapi/ui/auth/sign.py
+++ b/utils/test/testapi/opnfv_testapi/ui/auth/sign.py
@@ -1,76 +1,59 @@
-from six.moves.urllib import parse
+from cas import CASClient
from tornado import gen
from tornado import web
+from opnfv_testapi.common import constants
from opnfv_testapi.common.config import CONF
from opnfv_testapi.db import api as dbapi
-from opnfv_testapi.ui.auth import base
-from opnfv_testapi.ui.auth import constants as const
+from opnfv_testapi.resources import handlers
-class SigninHandler(base.BaseHandler):
+class SignBaseHandler(handlers.GenericApiHandler):
+ def __init__(self, application, request, **kwargs):
+ super(SignBaseHandler, self).__init__(application, request, **kwargs)
+ self.table = 'users'
+ self.cas_client = CASClient(version='2',
+ server_url=CONF.lfid_cas_url,
+ service_url='{}/{}'.format(
+ CONF.ui_url,
+ CONF.lfid_signin_return))
+
+
+class SigninHandler(SignBaseHandler):
def get(self):
- csrf_token = base.get_token()
- return_endpoint = parse.urljoin(CONF.api_url,
- CONF.osid_openid_return_to)
- return_to = base.set_query_params(return_endpoint,
- {const.CSRF_TOKEN: csrf_token})
+ self.redirect(url=(self.cas_client.get_login_url()))
- params = {
- const.OPENID_MODE: CONF.osid_openid_mode,
- const.OPENID_NS: CONF.osid_openid_ns,
- const.OPENID_RETURN_TO: return_to,
- const.OPENID_CLAIMED_ID: CONF.osid_openid_claimed_id,
- const.OPENID_IDENTITY: CONF.osid_openid_identity,
- const.OPENID_REALM: CONF.api_url,
- const.OPENID_NS_SREG: CONF.osid_openid_ns_sreg,
- const.OPENID_NS_SREG_REQUIRED: CONF.osid_openid_sreg_required,
- }
- url = CONF.osid_openstack_openid_endpoint
- url = base.set_query_params(url, params)
- self.redirect(url=url, permanent=False)
+class SigninReturnHandler(SignBaseHandler):
-class SigninReturnHandler(base.BaseHandler):
@web.asynchronous
@gen.coroutine
def get(self):
- if self.get_query_argument(const.OPENID_MODE) == 'cancel':
- self._auth_failure('Authentication canceled.')
-
- openid = self.get_query_argument(const.OPENID_CLAIMED_ID)
- role = const.DEFAULT_ROLE
- new_user_info = {
- 'openid': openid,
- 'email': self.get_query_argument(const.OPENID_NS_SREG_EMAIL),
- 'fullname': self.get_query_argument(const.OPENID_NS_SREG_FULLNAME),
- const.ROLE: role
- }
- user = yield dbapi.db_find_one(self.table, {'openid': openid})
- if not user:
- dbapi.db_save(self.table, new_user_info)
- else:
- role = user.get(const.ROLE)
-
- self.clear_cookie(const.OPENID)
- self.clear_cookie(const.ROLE)
- self.set_secure_cookie(const.OPENID, openid)
- self.set_secure_cookie(const.ROLE, role)
- self.redirect(url=CONF.ui_url)
-
- def _auth_failure(self, message):
- params = {'message': message}
- url = parse.urljoin(CONF.ui_url,
- '/#/auth_failure?' + parse.urlencode(params))
- self.redirect(url)
-
-
-class SignoutHandler(base.BaseHandler):
+ ticket = self.get_query_argument('ticket', default=None)
+ if ticket:
+ (user, attrs, _) = self.cas_client.verify_ticket(ticket=ticket)
+ login_user = {
+ 'user': user,
+ 'email': attrs.get('mail'),
+ 'fullname': attrs.get('field_lf_full_name'),
+ 'groups': constants.TESTAPI_USERS + attrs.get('group', [])
+ }
+ q_user = {'user': user}
+ db_user = yield dbapi.db_find_one(self.table, q_user)
+ if not db_user:
+ dbapi.db_save(self.table, login_user)
+ else:
+ dbapi.db_update(self.table, q_user, login_user)
+
+ self.clear_cookie(constants.TESTAPI_ID)
+ self.set_secure_cookie(constants.TESTAPI_ID, user)
+
+ self.redirect(url=CONF.ui_url)
+
+
+class SignoutHandler(SignBaseHandler):
def get(self):
"""Handle signout request."""
- self.clear_cookie(const.OPENID)
- self.clear_cookie(const.ROLE)
- params = {'openid_logout': CONF.osid_openid_logout_endpoint}
- url = parse.urljoin(CONF.ui_url,
- '/#/logout?' + parse.urlencode(params))
- self.redirect(url)
+ self.clear_cookie(constants.TESTAPI_ID)
+ logout_url = self.cas_client.get_logout_url(redirect_url=CONF.ui_url)
+ self.redirect(url=logout_url)
diff --git a/utils/test/testapi/opnfv_testapi/ui/auth/user.py b/utils/test/testapi/opnfv_testapi/ui/auth/user.py
index 955cdeead..ab86007f1 100644
--- a/utils/test/testapi/opnfv_testapi/ui/auth/user.py
+++ b/utils/test/testapi/opnfv_testapi/ui/auth/user.py
@@ -1,25 +1,26 @@
-from tornado import gen
-from tornado import web
-
+from opnfv_testapi.common import constants
from opnfv_testapi.common import raises
-from opnfv_testapi.db import api as dbapi
-from opnfv_testapi.ui.auth import base
+from opnfv_testapi.resources import handlers
+from opnfv_testapi.resources import models
+
+
+class User(models.ModelBase):
+ def __init__(self, user=None, email=None, fullname=None, groups=None):
+ self.user = user
+ self.email = email
+ self.fullname = fullname
+ self.groups = groups
+
+class UserHandler(handlers.GenericApiHandler):
+ def __init__(self, application, request, **kwargs):
+ super(UserHandler, self).__init__(application, request, **kwargs)
+ self.table = 'users'
+ self.table_cls = User
-class ProfileHandler(base.BaseHandler):
- @web.asynchronous
- @gen.coroutine
def get(self):
- openid = self.get_secure_cookie('openid')
- if openid:
- try:
- user = yield dbapi.db_find_one(self.table, {'openid': openid})
- self.finish_request({
- "openid": user.get('openid'),
- "email": user.get('email'),
- "fullname": user.get('fullname'),
- "role": user.get('role', 'user')
- })
- except Exception:
- pass
- raises.Unauthorized('Unauthorized')
+ username = self.get_secure_cookie(constants.TESTAPI_ID)
+ if username:
+ self._get_one(query={'user': username})
+ else:
+ raises.Unauthorized('Unauthorized')