From 02e8765db17f2a28ef04aa28d10a3b28ad5eeb3f Mon Sep 17 00:00:00 2001 From: SerenaFeng Date: Thu, 7 Sep 2017 16:18:56 +0800 Subject: leverage token_check only when posting results In this patch begin to consider the LFID authentication, token check only effects results, the permission of other resources(pods/projects...) will be checked by LFID. Change-Id: I20f6f221e3bd75ebf06dcd91012898b913f1d0be Signed-off-by: SerenaFeng --- utils/test/testapi/opnfv_testapi/common/check.py | 7 +- .../testapi/opnfv_testapi/resources/handlers.py | 13 ++-- .../tests/unit/resources/test_token.py | 74 ++-------------------- 3 files changed, 17 insertions(+), 77 deletions(-) (limited to 'utils') diff --git a/utils/test/testapi/opnfv_testapi/common/check.py b/utils/test/testapi/opnfv_testapi/common/check.py index acd331784..9ded48dd4 100644 --- a/utils/test/testapi/opnfv_testapi/common/check.py +++ b/utils/test/testapi/opnfv_testapi/common/check.py @@ -10,19 +10,16 @@ import functools import re from tornado import gen -from tornado import web from opnfv_testapi.common import message from opnfv_testapi.common import raises from opnfv_testapi.db import api as dbapi -def authenticate(method): - @web.asynchronous - @gen.coroutine +def valid_token(method): @functools.wraps(method) def wrapper(self, *args, **kwargs): - if self.auth: + if self.auth and self.table == 'results': try: token = self.request.headers['X-Auth-Token'] except KeyError: diff --git a/utils/test/testapi/opnfv_testapi/resources/handlers.py b/utils/test/testapi/opnfv_testapi/resources/handlers.py index ed55c7028..757c81753 100644 --- a/utils/test/testapi/opnfv_testapi/resources/handlers.py +++ b/utils/test/testapi/opnfv_testapi/resources/handlers.py @@ -73,7 +73,9 @@ class GenericApiHandler(web.RequestHandler): cls_data = self.table_cls.from_dict(data) return cls_data.format_http() - @check.authenticate + @web.asynchronous + @gen.coroutine + @check.valid_token @check.no_body @check.miss_fields @check.carriers_exist @@ -172,13 +174,15 @@ class GenericApiHandler(web.RequestHandler): def _get_one(self, data, query=None): self.finish_request(self.format_data(data)) - @check.authenticate + @web.asynchronous + @gen.coroutine @check.not_exist def _delete(self, data, query=None): yield dbapi.db_delete(self.table, query) self.finish_request() - @check.authenticate + @web.asynchronous + @gen.coroutine @check.no_body @check.not_exist @check.updated_one_not_exist @@ -189,7 +193,8 @@ class GenericApiHandler(web.RequestHandler): update_req['_id'] = str(data._id) self.finish_request(update_req) - @check.authenticate + @web.asynchronous + @gen.coroutine @check.no_body @check.not_exist @check.updated_one_not_exist diff --git a/utils/test/testapi/opnfv_testapi/tests/unit/resources/test_token.py b/utils/test/testapi/opnfv_testapi/tests/unit/resources/test_token.py index 940e256c6..bd64723be 100644 --- a/utils/test/testapi/opnfv_testapi/tests/unit/resources/test_token.py +++ b/utils/test/testapi/opnfv_testapi/tests/unit/resources/test_token.py @@ -9,13 +9,12 @@ import unittest from tornado import web from opnfv_testapi.common import message -from opnfv_testapi.resources import project_models from opnfv_testapi.tests.unit import executor from opnfv_testapi.tests.unit import fake_pymongo -from opnfv_testapi.tests.unit.resources import test_base as base +from opnfv_testapi.tests.unit.resources import test_result -class TestToken(base.TestBase): +class TestTokenCreateResult(test_result.TestResultBase): def get_app(self): from opnfv_testapi.router import url_mappings return web.Application( @@ -25,27 +24,23 @@ class TestToken(base.TestBase): auth=True ) - -class TestTokenCreateProject(TestToken): def setUp(self): - super(TestTokenCreateProject, self).setUp() - self.req_d = project_models.ProjectCreateRequest('vping') + super(TestTokenCreateResult, self).setUp() fake_pymongo.tokens.insert({"access_token": "12345"}) - self.basePath = '/api/v1/projects' @executor.create(httplib.FORBIDDEN, message.invalid_token()) - def test_projectCreateTokenInvalid(self): + def test_resultCreateTokenInvalid(self): self.headers['X-Auth-Token'] = '1234' return self.req_d @executor.create(httplib.UNAUTHORIZED, message.unauthorized()) - def test_projectCreateTokenUnauthorized(self): + def test_resultCreateTokenUnauthorized(self): if 'X-Auth-Token' in self.headers: self.headers.pop('X-Auth-Token') return self.req_d @executor.create(httplib.OK, '_create_success') - def test_projectCreateTokenSuccess(self): + def test_resultCreateTokenSuccess(self): self.headers['X-Auth-Token'] = '12345' return self.req_d @@ -53,62 +48,5 @@ class TestTokenCreateProject(TestToken): self.assertIn('CreateResponse', str(type(body))) -class TestTokenDeleteProject(TestToken): - def setUp(self): - super(TestTokenDeleteProject, self).setUp() - self.req_d = project_models.ProjectCreateRequest('vping') - fake_pymongo.tokens.insert({"access_token": "12345"}) - self.basePath = '/api/v1/projects' - self.headers['X-Auth-Token'] = '12345' - self.create_d() - - @executor.delete(httplib.FORBIDDEN, message.invalid_token()) - def test_projectDeleteTokenIvalid(self): - self.headers['X-Auth-Token'] = '1234' - return self.req_d.name - - @executor.delete(httplib.UNAUTHORIZED, message.unauthorized()) - def test_projectDeleteTokenUnauthorized(self): - self.headers.pop('X-Auth-Token') - return self.req_d.name - - @executor.delete(httplib.OK, '_delete_success') - def test_projectDeleteTokenSuccess(self): - return self.req_d.name - - def _delete_success(self, body): - self.assertEqual('', body) - - -class TestTokenUpdateProject(TestToken): - def setUp(self): - super(TestTokenUpdateProject, self).setUp() - self.req_d = project_models.ProjectCreateRequest('vping') - fake_pymongo.tokens.insert({"access_token": "12345"}) - self.basePath = '/api/v1/projects' - self.headers['X-Auth-Token'] = '12345' - self.create_d() - - @executor.update(httplib.FORBIDDEN, message.invalid_token()) - def test_projectUpdateTokenIvalid(self): - self.headers['X-Auth-Token'] = '1234' - req = project_models.ProjectUpdateRequest('newName', 'new description') - return req, self.req_d.name - - @executor.update(httplib.UNAUTHORIZED, message.unauthorized()) - def test_projectUpdateTokenUnauthorized(self): - self.headers.pop('X-Auth-Token') - req = project_models.ProjectUpdateRequest('newName', 'new description') - return req, self.req_d.name - - @executor.update(httplib.OK, '_update_success') - def test_projectUpdateTokenSuccess(self): - req = project_models.ProjectUpdateRequest('newName', 'new description') - return req, self.req_d.name - - def _update_success(self, request, body): - self.assertIn(request.name, body) - - if __name__ == '__main__': unittest.main() -- cgit 1.2.3-korg