hide cas ticket from web portal
[releng.git] / utils / test / testapi / opnfv_testapi / ui / auth / sign.py
index 01cd0f7..318473e 100644 (file)
@@ -1,22 +1,59 @@
 from cas import CASClient
+from tornado import gen
+from tornado import web
 
 from opnfv_testapi.common import constants
 from opnfv_testapi.common.config import CONF
+from opnfv_testapi.db import api as dbapi
 from opnfv_testapi.resources import handlers
 
 
-class SigninHandler(handlers.GenericApiHandler):
+class SignBaseHandler(handlers.GenericApiHandler):
+    def __init__(self, application, request, **kwargs):
+        super(SignBaseHandler, self).__init__(application, request, **kwargs)
+        self.table = 'users'
+        self.cas_client = CASClient(version='2',
+                                    server_url=CONF.lfid_cas_url,
+                                    service_url='{}/{}'.format(
+                                        CONF.ui_url,
+                                        CONF.lfid_signin_return))
+
+
+class SigninHandler(SignBaseHandler):
+    def get(self):
+        self.redirect(url=(self.cas_client.get_login_url()))
+
+
+class SigninReturnHandler(SignBaseHandler):
+
+    @web.asynchronous
+    @gen.coroutine
     def get(self):
-        client = CASClient(version='2',
-                           server_url=CONF.lfid_cas_url,
-                           service_url=CONF.ui_url)
-        self.redirect(url=(client.get_login_url()))
+        ticket = self.get_query_argument('ticket', default=None)
+        if ticket:
+            (user, attrs, _) = self.cas_client.verify_ticket(ticket=ticket)
+            login_user = {
+                'user': user,
+                'email': attrs.get('mail'),
+                'fullname': attrs.get('field_lf_full_name'),
+                'groups': constants.TESTAPI_USERS + attrs.get('group', [])
+            }
+            q_user = {'user': user}
+            db_user = yield dbapi.db_find_one(self.table, q_user)
+            if not db_user:
+                dbapi.db_save(self.table, login_user)
+            else:
+                dbapi.db_update(self.table, q_user, login_user)
+
+            self.clear_cookie(constants.TESTAPI_ID)
+            self.set_secure_cookie(constants.TESTAPI_ID, user)
+
+            self.redirect(url=CONF.ui_url)
 
 
-class SignoutHandler(handlers.GenericApiHandler):
+class SignoutHandler(SignBaseHandler):
     def get(self):
         """Handle signout request."""
         self.clear_cookie(constants.TESTAPI_ID)
-        client = CASClient(version='2',
-                           server_url=CONF.lfid_cas_url)
-        self.redirect(url=(client.get_logout_url(redirect_url=CONF.ui_url)))
+        logout_url = self.cas_client.get_logout_url(redirect_url=CONF.ui_url)
+        self.redirect(url=logout_url)