diff options
Diffstat (limited to 'utils/test/testapi/opnfv_testapi')
16 files changed, 92 insertions, 238 deletions
diff --git a/utils/test/testapi/opnfv_testapi/common/check.py b/utils/test/testapi/opnfv_testapi/common/check.py index 24ba876a9..009d3d46c 100644 --- a/utils/test/testapi/opnfv_testapi/common/check.py +++ b/utils/test/testapi/opnfv_testapi/common/check.py @@ -8,14 +8,49 @@ ############################################################################## import functools +import cas from tornado import gen from tornado import web +from opnfv_testapi.common import constants from opnfv_testapi.common import message from opnfv_testapi.common import raises +from opnfv_testapi.common.config import CONF from opnfv_testapi.db import api as dbapi +def login(method): + @web.asynchronous + @gen.coroutine + @functools.wraps(method) + def wrapper(self, *args, **kwargs): + ticket = self.get_query_argument('ticket', default=None) + if ticket: + client = cas.CASClient(version='2', + server_url=CONF.lfid_cas_url, + service_url=CONF.ui_url) + (user, attrs, _) = client.verify_ticket(ticket=ticket) + print 'login user: {}'.format(user) + login_user = { + 'user': user, + 'email': attrs.get('mail'), + 'fullname': attrs.get('field_lf_full_name'), + 'groups': constants.TESTAPI_USERS + attrs.get('group', []) + } + q_user = {'user': user} + db_user = yield dbapi.db_find_one(constants.USER_TABLE, q_user) + if not db_user: + dbapi.db_save(constants.USER_TABLE, login_user) + else: + dbapi.db_update(constants.USER_TABLE, q_user, login_user) + + self.clear_cookie(constants.TESTAPI_ID) + self.set_secure_cookie(constants.TESTAPI_ID, user) + ret = yield gen.coroutine(method)(self, *args, **kwargs) + raise gen.Return(ret) + return wrapper + + def authenticate(method): @web.asynchronous @gen.coroutine diff --git a/utils/test/testapi/opnfv_testapi/common/constants.py b/utils/test/testapi/opnfv_testapi/common/constants.py new file mode 100644 index 000000000..b37ebb3d6 --- /dev/null +++ b/utils/test/testapi/opnfv_testapi/common/constants.py @@ -0,0 +1,5 @@ +TESTAPI_ID = 'testapi_id' +CSRF_TOKEN = 'csrf_token' +ROLE = 'role' +TESTAPI_USERS = ['opnfv-testapi-users'] +USER_TABLE = 'users' diff --git a/utils/test/testapi/opnfv_testapi/resources/result_handlers.py b/utils/test/testapi/opnfv_testapi/resources/result_handlers.py index 9389d266d..e202f5c2c 100644 --- a/utils/test/testapi/opnfv_testapi/resources/result_handlers.py +++ b/utils/test/testapi/opnfv_testapi/resources/result_handlers.py @@ -6,20 +6,20 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## -import logging -from datetime import datetime -from datetime import timedelta import json +import logging from bson import objectid +from datetime import datetime +from datetime import timedelta -from opnfv_testapi.common.config import CONF +from opnfv_testapi.common import constants from opnfv_testapi.common import message from opnfv_testapi.common import raises +from opnfv_testapi.common.config import CONF from opnfv_testapi.resources import handlers from opnfv_testapi.resources import result_models from opnfv_testapi.tornado_swagger import swagger -from opnfv_testapi.ui.auth import constants as auth_const class GenericResultHandler(handlers.GenericApiHandler): @@ -59,13 +59,12 @@ class GenericResultHandler(handlers.GenericApiHandler): elif k == 'to': date_range.update({'$lt': str(v)}) elif k == 'signed': - openid = self.get_secure_cookie(auth_const.OPENID) - role = self.get_secure_cookie(auth_const.ROLE) - logging.info('role:%s', role) + username = self.get_secure_cookie(constants.TESTAPI_ID) + role = self.get_secure_cookie(constants.ROLE) if role: del query['public'] if role != "reviewer": - query['user'] = openid + query['user'] = username elif k not in ['last', 'page', 'descend']: query[k] = v if date_range: @@ -246,7 +245,7 @@ class ResultsUploadHandler(ResultsCLHandler): self.json_args = json.loads(fileinfo['body']).copy() self.json_args['public'] = is_public - openid = self.get_secure_cookie(auth_const.OPENID) + openid = self.get_secure_cookie(constants.TESTAPI_ID) if openid: self.json_args['user'] = openid diff --git a/utils/test/testapi/opnfv_testapi/router/url_mappings.py b/utils/test/testapi/opnfv_testapi/router/url_mappings.py index 3e3ab87aa..be6240e70 100644 --- a/utils/test/testapi/opnfv_testapi/router/url_mappings.py +++ b/utils/test/testapi/opnfv_testapi/router/url_mappings.py @@ -76,8 +76,7 @@ mappings = [ (r'/', root.RootHandler), (r'/api/v1/auth/signin', sign.SigninHandler), - (r'/api/v1/auth/signin_return', sign.SigninReturnHandler), (r'/api/v1/auth/signout', sign.SignoutHandler), - (r'/api/v1/profile', user.ProfileHandler), + (r'/api/v1/profile', user.UserHandler), ] diff --git a/utils/test/testapi/opnfv_testapi/tests/unit/common/noparam.ini b/utils/test/testapi/opnfv_testapi/tests/unit/common/noparam.ini deleted file mode 100644 index be7f2b9f8..000000000 --- a/utils/test/testapi/opnfv_testapi/tests/unit/common/noparam.ini +++ /dev/null @@ -1,16 +0,0 @@ -# to add a new parameter in the config file, -# the CONF object in config.ini must be updated -[mongo] -# URL of the mongo DB -# Mongo auth url => mongodb://user1:pwd1@host1/?authSource=db1 -url = mongodb://127.0.0.1:27017/ - -[api] -# Listening port -port = 8000 -# With debug_on set to true, error traces will be shown in HTTP responses -debug = True -authenticate = False - -[ui] -url = http://localhost:8000 diff --git a/utils/test/testapi/opnfv_testapi/tests/unit/common/normal.ini b/utils/test/testapi/opnfv_testapi/tests/unit/common/normal.ini deleted file mode 100644 index c81c6c56a..000000000 --- a/utils/test/testapi/opnfv_testapi/tests/unit/common/normal.ini +++ /dev/null @@ -1,17 +0,0 @@ -# to add a new parameter in the config file, -# the CONF object in config.ini must be updated -[mongo] -# URL of the mongo DB -# Mongo auth url => mongodb://user1:pwd1@host1/?authSource=db1 -url = mongodb://127.0.0.1:27017/ -dbname = test_results_collection - -[api] -# Listening port -port = 8000 -# With debug_on set to true, error traces will be shown in HTTP responses -debug = True -authenticate = False - -[ui] -url = http://localhost:8000 diff --git a/utils/test/testapi/opnfv_testapi/tests/unit/common/nosection.ini b/utils/test/testapi/opnfv_testapi/tests/unit/common/nosection.ini deleted file mode 100644 index a9ed49c5c..000000000 --- a/utils/test/testapi/opnfv_testapi/tests/unit/common/nosection.ini +++ /dev/null @@ -1,11 +0,0 @@ -# to add a new parameter in the config file, -# the CONF object in config.ini must be updated -[api] -# Listening port -port = 8000 -# With debug_on set to true, error traces will be shown in HTTP responses -debug = True -authenticate = False - -[ui] -url = http://localhost:8000 diff --git a/utils/test/testapi/opnfv_testapi/tests/unit/common/notboolean.ini b/utils/test/testapi/opnfv_testapi/tests/unit/common/notboolean.ini deleted file mode 100644 index 3a11f9dd3..000000000 --- a/utils/test/testapi/opnfv_testapi/tests/unit/common/notboolean.ini +++ /dev/null @@ -1,17 +0,0 @@ -# to add a new parameter in the config file, -# the CONF object in config.ini must be updated -[mongo] -# URL of the mongo DB -# Mongo auth url => mongodb://user1:pwd1@host1/?authSource=db1 -url = mongodb://127.0.0.1:27017/ -dbname = test_results_collection - -[api] -# Listening port -port = 8000 -# With debug_on set to true, error traces will be shown in HTTP responses -debug = True -authenticate = notboolean - -[ui] -url = http://localhost:8000 diff --git a/utils/test/testapi/opnfv_testapi/tests/unit/common/notint.ini b/utils/test/testapi/opnfv_testapi/tests/unit/common/notint.ini deleted file mode 100644 index 8180719b8..000000000 --- a/utils/test/testapi/opnfv_testapi/tests/unit/common/notint.ini +++ /dev/null @@ -1,17 +0,0 @@ -# to add a new parameter in the config file, -# the CONF object in config.ini must be updated -[mongo] -# URL of the mongo DB -# Mongo auth url => mongodb://user1:pwd1@host1/?authSource=db1 -url = mongodb://127.0.0.1:27017/ -dbname = test_results_collection - -[api] -# Listening port -port = notint -# With debug_on set to true, error traces will be shown in HTTP responses -debug = True -authenticate = False - -[ui] -url = http://localhost:8000 diff --git a/utils/test/testapi/opnfv_testapi/tests/unit/conftest.py b/utils/test/testapi/opnfv_testapi/tests/unit/conftest.py index feff1daaa..75e621d0e 100644 --- a/utils/test/testapi/opnfv_testapi/tests/unit/conftest.py +++ b/utils/test/testapi/opnfv_testapi/tests/unit/conftest.py @@ -5,4 +5,4 @@ import pytest @pytest.fixture def config_normal(): - return path.join(path.dirname(__file__), 'common/normal.ini') + return path.join(path.dirname(__file__), '../../../etc/config.ini') diff --git a/utils/test/testapi/opnfv_testapi/tests/unit/resources/test_base.py b/utils/test/testapi/opnfv_testapi/tests/unit/resources/test_base.py index 77a8d18c1..39633e5f5 100644 --- a/utils/test/testapi/opnfv_testapi/tests/unit/resources/test_base.py +++ b/utils/test/testapi/opnfv_testapi/tests/unit/resources/test_base.py @@ -37,7 +37,8 @@ class TestBase(testing.AsyncHTTPTestCase): def _patch_server(self): import argparse - config = path.join(path.dirname(__file__), '../common/normal.ini') + config = path.join(path.dirname(__file__), + '../../../../etc/config.ini') self.config_patcher = mock.patch( 'argparse.ArgumentParser.parse_known_args', return_value=(argparse.Namespace(config_file=config), None)) @@ -46,9 +47,6 @@ class TestBase(testing.AsyncHTTPTestCase): self.config_patcher.start() self.db_patcher.start() - def set_config_file(self): - self.config_file = 'normal.ini' - def get_app(self): from opnfv_testapi.cmd import server return server.make_app() diff --git a/utils/test/testapi/opnfv_testapi/ui/auth/base.py b/utils/test/testapi/opnfv_testapi/ui/auth/base.py deleted file mode 100644 index bea87c4d9..000000000 --- a/utils/test/testapi/opnfv_testapi/ui/auth/base.py +++ /dev/null @@ -1,35 +0,0 @@ -import random -import string - -from six.moves.urllib import parse - -from opnfv_testapi.resources import handlers - - -class BaseHandler(handlers.GenericApiHandler): - def __init__(self, application, request, **kwargs): - super(BaseHandler, self).__init__(application, request, **kwargs) - self.table = 'users' - - def set_cookies(self, cookies): - for cookie_n, cookie_v in cookies: - self.set_secure_cookie(cookie_n, cookie_v) - - -def get_token(length=30): - """Get random token.""" - return ''.join(random.choice(string.ascii_lowercase) - for i in range(length)) - - -def set_query_params(url, params): - """Set params in given query.""" - url_parts = parse.urlparse(url) - url = parse.urlunparse(( - url_parts.scheme, - url_parts.netloc, - url_parts.path, - url_parts.params, - parse.urlencode(params), - url_parts.fragment)) - return url diff --git a/utils/test/testapi/opnfv_testapi/ui/auth/constants.py b/utils/test/testapi/opnfv_testapi/ui/auth/constants.py deleted file mode 100644 index 44ccb46d7..000000000 --- a/utils/test/testapi/opnfv_testapi/ui/auth/constants.py +++ /dev/null @@ -1,18 +0,0 @@ -OPENID = 'openid' -ROLE = 'role' -DEFAULT_ROLE = 'user' - -# OpenID parameters -OPENID_MODE = 'openid.mode' -OPENID_NS = 'openid.ns' -OPENID_RETURN_TO = 'openid.return_to' -OPENID_CLAIMED_ID = 'openid.claimed_id' -OPENID_IDENTITY = 'openid.identity' -OPENID_REALM = 'openid.realm' -OPENID_NS_SREG = 'openid.ns.sreg' -OPENID_NS_SREG_REQUIRED = 'openid.sreg.required' -OPENID_NS_SREG_EMAIL = 'openid.sreg.email' -OPENID_NS_SREG_FULLNAME = 'openid.sreg.fullname' -OPENID_ERROR = 'openid.error' - -CSRF_TOKEN = 'csrf_token' diff --git a/utils/test/testapi/opnfv_testapi/ui/auth/sign.py b/utils/test/testapi/opnfv_testapi/ui/auth/sign.py index 462395225..01cd0f7c3 100644 --- a/utils/test/testapi/opnfv_testapi/ui/auth/sign.py +++ b/utils/test/testapi/opnfv_testapi/ui/auth/sign.py @@ -1,76 +1,22 @@ -from six.moves.urllib import parse -from tornado import gen -from tornado import web +from cas import CASClient +from opnfv_testapi.common import constants from opnfv_testapi.common.config import CONF -from opnfv_testapi.db import api as dbapi -from opnfv_testapi.ui.auth import base -from opnfv_testapi.ui.auth import constants as const +from opnfv_testapi.resources import handlers -class SigninHandler(base.BaseHandler): +class SigninHandler(handlers.GenericApiHandler): def get(self): - csrf_token = base.get_token() - return_endpoint = parse.urljoin(CONF.api_url, - CONF.osid_openid_return_to) - return_to = base.set_query_params(return_endpoint, - {const.CSRF_TOKEN: csrf_token}) + client = CASClient(version='2', + server_url=CONF.lfid_cas_url, + service_url=CONF.ui_url) + self.redirect(url=(client.get_login_url())) - params = { - const.OPENID_MODE: CONF.osid_openid_mode, - const.OPENID_NS: CONF.osid_openid_ns, - const.OPENID_RETURN_TO: return_to, - const.OPENID_CLAIMED_ID: CONF.osid_openid_claimed_id, - const.OPENID_IDENTITY: CONF.osid_openid_identity, - const.OPENID_REALM: CONF.api_url, - const.OPENID_NS_SREG: CONF.osid_openid_ns_sreg, - const.OPENID_NS_SREG_REQUIRED: CONF.osid_openid_sreg_required, - } - url = CONF.osid_openstack_openid_endpoint - url = base.set_query_params(url, params) - self.redirect(url=url, permanent=False) - -class SigninReturnHandler(base.BaseHandler): - @web.asynchronous - @gen.coroutine - def get(self): - if self.get_query_argument(const.OPENID_MODE) == 'cancel': - self._auth_failure('Authentication canceled.') - - openid = self.get_query_argument(const.OPENID_CLAIMED_ID) - role = const.DEFAULT_ROLE - new_user_info = { - 'openid': openid, - 'email': self.get_query_argument(const.OPENID_NS_SREG_EMAIL), - 'fullname': self.get_query_argument(const.OPENID_NS_SREG_FULLNAME), - const.ROLE: role - } - user = yield dbapi.db_find_one(self.table, {'openid': openid}) - if not user: - dbapi.db_save(self.table, new_user_info) - else: - role = user.get(const.ROLE) - - self.clear_cookie(const.OPENID) - self.clear_cookie(const.ROLE) - self.set_secure_cookie(const.OPENID, openid) - self.set_secure_cookie(const.ROLE, role) - self.redirect(url=CONF.ui_url) - - def _auth_failure(self, message): - params = {'message': message} - url = parse.urljoin(CONF.ui_url, - '/#/auth_failure?' + parse.urlencode(params)) - self.redirect(url) - - -class SignoutHandler(base.BaseHandler): +class SignoutHandler(handlers.GenericApiHandler): def get(self): """Handle signout request.""" - self.clear_cookie(const.OPENID) - self.clear_cookie(const.ROLE) - params = {'openid_logout': CONF.osid_openid_logout_endpoint} - url = parse.urljoin(CONF.ui_url, - '/#/logout?' + parse.urlencode(params)) - self.redirect(url) + self.clear_cookie(constants.TESTAPI_ID) + client = CASClient(version='2', + server_url=CONF.lfid_cas_url) + self.redirect(url=(client.get_logout_url(redirect_url=CONF.ui_url))) diff --git a/utils/test/testapi/opnfv_testapi/ui/auth/user.py b/utils/test/testapi/opnfv_testapi/ui/auth/user.py index 955cdeead..ab86007f1 100644 --- a/utils/test/testapi/opnfv_testapi/ui/auth/user.py +++ b/utils/test/testapi/opnfv_testapi/ui/auth/user.py @@ -1,25 +1,26 @@ -from tornado import gen -from tornado import web - +from opnfv_testapi.common import constants from opnfv_testapi.common import raises -from opnfv_testapi.db import api as dbapi -from opnfv_testapi.ui.auth import base +from opnfv_testapi.resources import handlers +from opnfv_testapi.resources import models + + +class User(models.ModelBase): + def __init__(self, user=None, email=None, fullname=None, groups=None): + self.user = user + self.email = email + self.fullname = fullname + self.groups = groups + +class UserHandler(handlers.GenericApiHandler): + def __init__(self, application, request, **kwargs): + super(UserHandler, self).__init__(application, request, **kwargs) + self.table = 'users' + self.table_cls = User -class ProfileHandler(base.BaseHandler): - @web.asynchronous - @gen.coroutine def get(self): - openid = self.get_secure_cookie('openid') - if openid: - try: - user = yield dbapi.db_find_one(self.table, {'openid': openid}) - self.finish_request({ - "openid": user.get('openid'), - "email": user.get('email'), - "fullname": user.get('fullname'), - "role": user.get('role', 'user') - }) - except Exception: - pass - raises.Unauthorized('Unauthorized') + username = self.get_secure_cookie(constants.TESTAPI_ID) + if username: + self._get_one(query={'user': username}) + else: + raises.Unauthorized('Unauthorized') diff --git a/utils/test/testapi/opnfv_testapi/ui/root.py b/utils/test/testapi/opnfv_testapi/ui/root.py index 5b2c922d7..069ad5e93 100644 --- a/utils/test/testapi/opnfv_testapi/ui/root.py +++ b/utils/test/testapi/opnfv_testapi/ui/root.py @@ -1,10 +1,12 @@ -from opnfv_testapi.resources.handlers import GenericApiHandler +from opnfv_testapi.common import check from opnfv_testapi.common.config import CONF +from opnfv_testapi.resources import handlers -class RootHandler(GenericApiHandler): +class RootHandler(handlers.GenericApiHandler): def get_template_path(self): return CONF.static_path + @check.login def get(self): self.render('testapi-ui/index.html') |