utils/test/testapi/opnfv_testapi/ui/auth/sign.py

   1 from six.moves.urllib import parse
   2 from tornado import gen
   3 from tornado import web
   4 import logging
   5
   6 from opnfv_testapi.common import config
   7 from opnfv_testapi.ui.auth import base
   8 from opnfv_testapi.ui.auth import constants as const
   9
  10 CONF = config.Config()
  11
  12
  13 class SigninHandler(base.BaseHandler):
  14     def get(self):
  15         csrf_token = base.get_token()
  16         return_endpoint = parse.urljoin(CONF.api_url,
  17                                         CONF.osid_openid_return_to)
  18         return_to = base.set_query_params(return_endpoint,
  19                                           {const.CSRF_TOKEN: csrf_token})
  20
  21         params = {
  22             const.OPENID_MODE: CONF.osid_openid_mode,
  23             const.OPENID_NS: CONF.osid_openid_ns,
  24             const.OPENID_RETURN_TO: return_to,
  25             const.OPENID_CLAIMED_ID: CONF.osid_openid_claimed_id,
  26             const.OPENID_IDENTITY: CONF.osid_openid_identity,
  27             const.OPENID_REALM: CONF.api_url,
  28             const.OPENID_NS_SREG: CONF.osid_openid_ns_sreg,
  29             const.OPENID_NS_SREG_REQUIRED: CONF.osid_openid_sreg_required,
  30         }
  31         url = CONF.osid_openstack_openid_endpoint
  32         url = base.set_query_params(url, params)
  33         self.redirect(url=url, permanent=False)
  34
  35
  36 class SigninReturnHandler(base.BaseHandler):
  37     @web.asynchronous
  38     @gen.coroutine
  39     def get(self):
  40         if self.get_query_argument(const.OPENID_MODE) == 'cancel':
  41             self._auth_failure('Authentication canceled.')
  42
  43         openid = self.get_query_argument(const.OPENID_CLAIMED_ID)
  44         role = const.DEFAULT_ROLE
  45         new_user_info = {
  46             'openid': openid,
  47             'email': self.get_query_argument(const.OPENID_NS_SREG_EMAIL),
  48             'fullname': self.get_query_argument(const.OPENID_NS_SREG_FULLNAME),
  49             const.ROLE: role
  50         }
  51         user = yield self.db_find_one({'openid': openid})
  52         if not user:
  53             self.db_save(self.table, new_user_info)
  54             logging.info('save to db:%s', new_user_info)
  55         else:
  56             role = user.get(const.ROLE)
  57
  58         self.clear_cookie(const.OPENID)
  59         self.clear_cookie(const.ROLE)
  60         self.set_secure_cookie(const.OPENID, openid)
  61         self.set_secure_cookie(const.ROLE, role)
  62         self.redirect(url=CONF.ui_url)
  63
  64     def _auth_failure(self, message):
  65         params = {'message': message}
  66         url = parse.urljoin(CONF.ui_url,
  67                             '/#/auth_failure?' + parse.urlencode(params))
  68         self.redirect(url)
  69
  70
  71 class SignoutHandler(base.BaseHandler):
  72     def get(self):
  73         """Handle signout request."""
  74         self.clear_cookie(const.OPENID)
  75         self.clear_cookie(const.ROLE)
  76         params = {'openid_logout': CONF.osid_openid_logout_endpoint}
  77         url = parse.urljoin(CONF.ui_url,
  78                             '/#/logout?' + parse.urlencode(params))
  79         self.redirect(url)