Added token validation for result upload

author Kanagaraj Manickam <kanagaraj.manickam@huawei.com>

Fri, 25 Sep 2020 14:16:24 +0000 (19:46 +0530)

committer Kanagaraj Manickam <kanagaraj.manickam@huawei.com>

Mon, 19 Oct 2020 16:49:56 +0000 (22:19 +0530)
author Kanagaraj Manickam <kanagaraj.manickam@huawei.com>
Fri, 25 Sep 2020 14:16:24 +0000 (19:46 +0530)
committer Kanagaraj Manickam <kanagaraj.manickam@huawei.com>
Mon, 19 Oct 2020 16:49:56 +0000 (22:19 +0530)
diff --git a/opnfv_testapi/resources/result_handlers.py b/opnfv_testapi/resources/result_handlers.py

index c65c757..bb1b488 100644 (file)
--- a/opnfv_testapi/resources/result_handlers.py
+++ b/opnfv_testapi/resources/result_handlers.py
@@ -398,6 +398,10 @@ class ResultsFileUploadHandler(ResultsCLHandler):
              @raise 404: pod/project/testcase not exist
              @raise 400: body/pod_name/project_name/case_name not provided
          """
+        token = self.get_secure_cookie("token")
+        input_token = self.request.headers._dict['Token']
+        if not input_token or not input_token == token:
+             raises.Unauthorized(message.invalid_token())
          file_array = self.request.files.get('file', None)
          fileinfo = file_array[0]
          try:
author	Kanagaraj Manickam <kanagaraj.manickam@huawei.com>
	Fri, 25 Sep 2020 14:16:24 +0000 (19:46 +0530)
committer	Kanagaraj Manickam <kanagaraj.manickam@huawei.com>
	Mon, 19 Oct 2020 16:49:56 +0000 (22:19 +0530)