From: Kanagaraj Manickam <kanagaraj.manickam@huawei.com>
Date: Fri, 25 Sep 2020 14:16:24 +0000 (+0530)
Subject: Added token validation for result upload
X-Git-Tag: opnfv-10.0.0~15
X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=ce47ddba11aaad9c73f53ce89758a3bfb5f2b29e;p=dovetail-webportal.git

Added token validation for result upload

Issue-ID: DOVETAIL-801
Signed-off-by: Kanagaraj Manickam <kanagaraj.manickam@huawei.com>
Change-Id: I1a9faf804d028c32896f915c4f9fb52ed2d4aace
---

diff --git a/opnfv_testapi/resources/result_handlers.py b/opnfv_testapi/resources/result_handlers.py
index c65c757..bb1b488 100644
--- a/opnfv_testapi/resources/result_handlers.py
+++ b/opnfv_testapi/resources/result_handlers.py
@@ -398,6 +398,10 @@ class ResultsFileUploadHandler(ResultsCLHandler):
             @raise 404: pod/project/testcase not exist
             @raise 400: body/pod_name/project_name/case_name not provided
         """
+        token = self.get_secure_cookie("token")
+        input_token = self.request.headers._dict['Token']
+        if not input_token or not input_token == token:
+             raises.Unauthorized(message.invalid_token())
         file_array = self.request.files.get('file', None)
         fileinfo = file_array[0]
         try: