X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=utils%2Ftest%2Ftestapi%2Fopnfv_testapi%2Fresources%2Fhandlers.py;h=bf8a92b546c4fad0186431e2c4f4d347f0af332f;hb=b485197b601e77e73690854bc9da6c0428fa5b6a;hp=89e91b3a15e9d8c6bfa69cee55a5f4cafa90cfef;hpb=a2567392d367889f2fd2bb464ce8b05bce12eb0c;p=releng.git diff --git a/utils/test/testapi/opnfv_testapi/resources/handlers.py b/utils/test/testapi/opnfv_testapi/resources/handlers.py index 89e91b3a1..bf8a92b54 100644 --- a/utils/test/testapi/opnfv_testapi/resources/handlers.py +++ b/utils/test/testapi/opnfv_testapi/resources/handlers.py @@ -21,15 +21,18 @@ ############################################################################## from datetime import datetime +import functools +import httplib import json from tornado import gen from tornado import web import models -from opnfv_testapi.common import constants from opnfv_testapi.tornado_swagger import swagger +DEFAULT_REPRESENTATION = "application/json" + class GenericApiHandler(web.RequestHandler): def __init__(self, application, request, **kwargs): @@ -43,23 +46,24 @@ class GenericApiHandler(web.RequestHandler): self.db_testcases = 'testcases' self.db_results = 'results' self.db_scenarios = 'scenarios' + self.auth = self.settings["auth"] def prepare(self): if self.request.method != "GET" and self.request.method != "DELETE": if self.request.headers.get("Content-Type") is not None: if self.request.headers["Content-Type"].startswith( - constants.DEFAULT_REPRESENTATION): + DEFAULT_REPRESENTATION): try: self.json_args = json.loads(self.request.body) except (ValueError, KeyError, TypeError) as error: - raise web.HTTPError(constants.HTTP_BAD_REQUEST, + raise web.HTTPError(httplib.BAD_REQUEST, "Bad Json format [{}]". format(error)) def finish_request(self, json_object=None): if json_object: self.write(json.dumps(json_object)) - self.set_header("Content-Type", constants.DEFAULT_REPRESENTATION) + self.set_header("Content-Type", DEFAULT_REPRESENTATION) self.finish() def _create_response(self, resource): @@ -70,21 +74,40 @@ class GenericApiHandler(web.RequestHandler): cls_data = self.table_cls.from_dict(data) return cls_data.format_http() - @web.asynchronous - @gen.coroutine + def authenticate(method): + @web.asynchronous + @gen.coroutine + @functools.wraps(method) + def wrapper(self, *args, **kwargs): + if self.auth: + try: + token = self.request.headers['X-Auth-Token'] + except KeyError: + raise web.HTTPError(httplib.UNAUTHORIZED, + "No Authentication Header.") + query = {'access_token': token} + check = yield self._eval_db_find_one(query, 'tokens') + if not check: + raise web.HTTPError(httplib.FORBIDDEN, + "Invalid Token.") + ret = yield gen.coroutine(method)(self, *args, **kwargs) + raise gen.Return(ret) + return wrapper + + @authenticate def _create(self, miss_checks, db_checks, **kwargs): """ :param miss_checks: [miss1, miss2] :param db_checks: [(table, exist, query, error)] """ if self.json_args is None: - raise web.HTTPError(constants.HTTP_BAD_REQUEST, "no body") + raise web.HTTPError(httplib.BAD_REQUEST, "no body") data = self.table_cls.from_dict(self.json_args) for miss in miss_checks: miss_data = data.__getattribute__(miss) if miss_data is None or miss_data == '': - raise web.HTTPError(constants.HTTP_BAD_REQUEST, + raise web.HTTPError(httplib.BAD_REQUEST, '{} missing'.format(miss)) for k, v in kwargs.iteritems(): @@ -130,33 +153,31 @@ class GenericApiHandler(web.RequestHandler): def _get_one(self, query): data = yield self._eval_db_find_one(query) if data is None: - raise web.HTTPError(constants.HTTP_NOT_FOUND, + raise web.HTTPError(httplib.NOT_FOUND, "[{}] not exist in table [{}]" .format(query, self.table)) self.finish_request(self.format_data(data)) - @web.asynchronous - @gen.coroutine + @authenticate def _delete(self, query): data = yield self._eval_db_find_one(query) if data is None: - raise web.HTTPError(constants.HTTP_NOT_FOUND, + raise web.HTTPError(httplib.NOT_FOUND, "[{}] not exit in table [{}]" .format(query, self.table)) yield self._eval_db(self.table, 'remove', query) self.finish_request() - @web.asynchronous - @gen.coroutine + @authenticate def _update(self, query, db_keys): if self.json_args is None: - raise web.HTTPError(constants.HTTP_BAD_REQUEST, "No payload") + raise web.HTTPError(httplib.BAD_REQUEST, "No payload") # check old data exist from_data = yield self._eval_db_find_one(query) if from_data is None: - raise web.HTTPError(constants.HTTP_NOT_FOUND, + raise web.HTTPError(httplib.NOT_FOUND, "{} could not be found in table [{}]" .format(query, self.table)) @@ -166,7 +187,7 @@ class GenericApiHandler(web.RequestHandler): if not equal: to_data = yield self._eval_db_find_one(new_query) if to_data is not None: - raise web.HTTPError(constants.HTTP_FORBIDDEN, + raise web.HTTPError(httplib.FORBIDDEN, "{} already exists in table [{}]" .format(new_query, self.table)) @@ -185,7 +206,7 @@ class GenericApiHandler(web.RequestHandler): request = self._update_request(request, k, v, data.__getattribute__(k)) if not request: - raise web.HTTPError(constants.HTTP_FORBIDDEN, "Nothing to update") + raise web.HTTPError(httplib.FORBIDDEN, "Nothing to update") edit_request = data.format() edit_request.update(request)