utils/test/testapi/opnfv_testapi/ui/auth/sign.py

   1 from six.moves.urllib import parse
   2 from tornado import gen
   3 from tornado import web
   4
   5 from opnfv_testapi.common.config import CONF
   6 from opnfv_testapi.db import api as dbapi
   7 from opnfv_testapi.ui.auth import base
   8 from opnfv_testapi.ui.auth import constants as const
   9
  10
  11 class SigninHandler(base.BaseHandler):
  12     def get(self):
  13         csrf_token = base.get_token()
  14         return_endpoint = parse.urljoin(CONF.api_url,
  15                                         CONF.osid_openid_return_to)
  16         return_to = base.set_query_params(return_endpoint,
  17                                           {const.CSRF_TOKEN: csrf_token})
  18
  19         params = {
  20             const.OPENID_MODE: CONF.osid_openid_mode,
  21             const.OPENID_NS: CONF.osid_openid_ns,
  22             const.OPENID_RETURN_TO: return_to,
  23             const.OPENID_CLAIMED_ID: CONF.osid_openid_claimed_id,
  24             const.OPENID_IDENTITY: CONF.osid_openid_identity,
  25             const.OPENID_REALM: CONF.api_url,
  26             const.OPENID_NS_SREG: CONF.osid_openid_ns_sreg,
  27             const.OPENID_NS_SREG_REQUIRED: CONF.osid_openid_sreg_required,
  28         }
  29         url = CONF.osid_openstack_openid_endpoint
  30         url = base.set_query_params(url, params)
  31         self.redirect(url=url, permanent=False)
  32
  33
  34 class SigninReturnHandler(base.BaseHandler):
  35     @web.asynchronous
  36     @gen.coroutine
  37     def get(self):
  38         if self.get_query_argument(const.OPENID_MODE) == 'cancel':
  39             self._auth_failure('Authentication canceled.')
  40
  41         openid = self.get_query_argument(const.OPENID_CLAIMED_ID)
  42         role = const.DEFAULT_ROLE
  43         new_user_info = {
  44             'openid': openid,
  45             'email': self.get_query_argument(const.OPENID_NS_SREG_EMAIL),
  46             'fullname': self.get_query_argument(const.OPENID_NS_SREG_FULLNAME),
  47             const.ROLE: role
  48         }
  49         user = yield dbapi.db_find_one(self.table, {'openid': openid})
  50         if not user:
  51             dbapi.db_save(self.table, new_user_info)
  52         else:
  53             role = user.get(const.ROLE)
  54
  55         self.clear_cookie(const.OPENID)
  56         self.clear_cookie(const.ROLE)
  57         self.set_secure_cookie(const.OPENID, openid)
  58         self.set_secure_cookie(const.ROLE, role)
  59         self.redirect(url=CONF.ui_url)
  60
  61     def _auth_failure(self, message):
  62         params = {'message': message}
  63         url = parse.urljoin(CONF.ui_url,
  64                             '/#/auth_failure?' + parse.urlencode(params))
  65         self.redirect(url)
  66
  67
  68 class SignoutHandler(base.BaseHandler):
  69     def get(self):
  70         """Handle signout request."""
  71         self.clear_cookie(const.OPENID)
  72         self.clear_cookie(const.ROLE)
  73         params = {'openid_logout': CONF.osid_openid_logout_endpoint}
  74         url = parse.urljoin(CONF.ui_url,
  75                             '/#/logout?' + parse.urlencode(params))
  76         self.redirect(url)