def post(self): data = json.loads(self.request.body) userName = data.get('name') password = data.get('pass') form_id = 'user_login' if not userName: raises.Unauthorized(message.req_username()) elif not password: raises.Unauthorized(message.req_password()) params = { "name": userName, "pass": password, "form_id": form_id, } headers = {'Content-Type': 'application/x-www-form-urlencoded'} response = requests.post('https://identity.linuxfoundation.org', data=params, headers=headers) response_text = response.content if "unrecognized username or password" in response_text: raises.Unauthorized(message.invalid_credentials()) # generate random token and store in memcache token = base.get_token() resp = {'status': 'success'} mc = memcache.Client(['127.0.0.1:11211'], debug=0) mc.set("token", token) self.set_header("token", token) self.finish_request(resp)
def wrapper(self, *args, **kwargs): if CONF.api_authenticate and self.table in [ 'pods', 'projects', 'testcases', 'scenarios' ]: testapi_id = self.get_secure_cookie(constants.TESTAPI_ID) if not testapi_id: raises.Unauthorized(message.not_login()) user_info = yield dbapi.db_find_one('users', {'user': testapi_id}) if not user_info: raises.Unauthorized(message.not_lfid()) if method.__name__ == "_create": kwargs['owner'] = testapi_id if self.table in ['projects']: query = kwargs.get('query') if type(query) is not dict: query_data = query() else: if self.json_args is None: query_data = query else: query_data = self.json_args group = "opnfv-gerrit-" + query_data['name'] + "-submitters" if group not in user_info['groups']: raises.Unauthorized(message.no_permission()) ret = yield gen.coroutine(method)(self, *args, **kwargs) raise gen.Return(ret)
def wrapper(self, *args, **kwargs): if self.table in ['pods']: testapi_id = self.get_secure_cookie(constants.TESTAPI_ID) if not testapi_id: raises.Unauthorized(message.not_login()) user_info = yield dbapi.db_find_one('users', {'user': testapi_id}) if not user_info: raises.Unauthorized(message.not_lfid()) kwargs['owner'] = testapi_id ret = yield gen.coroutine(method)(self, *args, **kwargs) raise gen.Return(ret)
def get(self): openid = self.get_secure_cookie('openid') if openid: try: user = yield dbapi.db_find_one(self.table, {'openid': openid}) self.finish_request({ "openid": user.get('openid'), "email": user.get('email'), "fullname": user.get('fullname'), "role": user.get('role', 'user'), "type": self.get_secure_cookie('signin_type'), "companyName": user.get('companyName'), "companyWebsite": user.get('companyWebsite'), "primaryContactName": user.get('primaryContactName'), "primaryBusinessEmail": user.get('primaryBusinessEmail'), "primaryPostalAddress": user.get('primaryPostalAddress'), "primaryPhoneNumber": user.get('primaryPhoneNumber') }) except Exception: pass raises.Unauthorized('Unauthorized')
def _post(self): query = {'openid': self.json_args['reviewer_openid']} user = yield dbapi.db_find_one('users', query) if not user: raises.Forbidden(message.unauthorized()) role = self.get_secure_cookie(auth_const.ROLE) if 'reviewer' not in role.split(','): raises.Unauthorized(message.no_auth()) test = yield dbapi.db_find_one('tests', {'id': self.json_args['test_id']}) if test['owner'] == self.json_args['reviewer_openid']: self.finish_request({ 'code': 403, 'msg': 'No permision to review own results' }) return query = { 'reviewer_openid': self.json_args['reviewer_openid'], 'test_id': self.json_args['test_id'] } review = yield dbapi.db_find_one(self.table, query) if review: if review['outcome'] != self.json_args['outcome']: yield dbapi.db_update( self.table, query, { '$set': { 'outcome': self.json_args['outcome'], 'creation_date': datetime.now() } }) self.finish_request() else: self.json_args['reviewer_name'] = user['fullname'] self.json_args['reviewer_email'] = user['email'] self._create(miss_fields=[], carriers=[])
def post(self): input_token = self.request.headers._dict['Token'] mc = memcache.Client(['127.0.0.1:11211'], debug=0) token = mc.get("token") if not token or not input_token == token: raises.Unauthorized(message.invalid_token()) mc.set("token", '') resp = {'Message': 'You have been logged out successfully.'} self.finish_request(resp)
def get(self): if CONF.api_authenticate: username = self.get_secure_cookie(constants.TESTAPI_ID) if username: self._get_one(query={'user': username}) else: raises.Unauthorized('Unauthorized') else: self.finish_request( User('anonymous', '*****@*****.**', 'anonymous lf', constants.TESTAPI_USERS).format())
def wrapper(self, *args, **kwargs): if self.auth: try: token = self.request.headers['X-Auth-Token'] except KeyError: raises.Unauthorized(message.unauthorized()) query = {'access_token': token} check = yield self._eval_db_find_one(query, 'tokens') if not check: raises.Forbidden(message.invalid_token()) ret = yield gen.coroutine(method)(self, *args, **kwargs) raise gen.Return(ret)
def put(self): db_keys = [] openid = self.get_secure_cookie(auth_const.OPENID) if openid: query = {'openid': openid} user = yield dbapi.db_find_one(self.table, query) if not user: raises.NotFound(message.not_found(self.table, query)) self._update(query=query, db_keys=db_keys) else: raises.Unauthorized(message.no_auth())
def get(self): """ @description: Retrieve result(s) for a test project on a specific pod. @notes: Retrieve result(s) for a test project on a specific pod. Available filters for this request are : - id : Test id - period : x last days, incompatible with from/to - from : starting time in 2016-01-01 or 2016-01-01 00:01:23 - to : ending time in 2016-01-01 or 2016-01-01 00:01:23 - signed : get logined user result GET /results/project=functest&case=vPing&version=Arno-R1 \ &pod=pod_name&period=15&signed @return 200: all test results consist with query, empty list if no result is found @rtype: L{Tests} """ def descend_limit(): descend = self.get_query_argument('descend', 'true') return -1 if descend.lower() == 'true' else 1 def last_limit(): return self.get_int('last', self.get_query_argument('last', 0)) def page_limit(): return self.get_int('page', self.get_query_argument('page', 0)) limitations = { 'sort': { '_id': descend_limit() }, 'last': last_limit(), 'page': page_limit(), 'per_page': CONF.api_results_per_page } curr_user = self.get_secure_cookie(auth_const.OPENID) if curr_user is None: raises.Unauthorized(message.no_auth()) review = self.request.query_arguments.pop('review', None) query = yield self.set_query() if review: yield self._list(query=query, res_op=self.check_review, **limitations) else: yield self._list(query=query, **limitations) logging.debug('list end')
def delete(self, result_id): curr_user = self.get_secure_cookie(auth_const.OPENID) curr_user_role = self.get_secure_cookie(auth_const.ROLE) if curr_user is not None: query = {'_id': objectid.ObjectId(result_id)} test_data = yield dbapi.db_find_one(self.table, query) if not test_data: raises.NotFound(message.not_found(self.table, query)) if curr_user == test_data['owner'] or \ curr_user_role.find('administrator') != -1: self._delete(query=query) else: raises.Forbidden(message.no_auth()) else: raises.Unauthorized(message.no_auth())
def _del(self): query = {'openid': self.json_args['reviewer_openid']} user = yield dbapi.db_find_one('users', query) if not user: raises.Forbidden(message.unauthorized()) role = self.get_secure_cookie(auth_const.ROLE) if 'reviewer' not in role.split(','): raises.Unauthorized(message.no_auth()) test = yield dbapi.db_find_one( 'tests', {'id': self.json_args['test_id']}) if test['owner'] == self.json_args['reviewer_openid']: self.finish_request({'code': 403, 'msg': 'No permision to review own results'}) return query = { 'reviewer_openid': self.json_args['reviewer_openid'], 'test_id': self.json_args['test_id'] } yield dbapi.db_delete(self.table, query) self.finish_request()
def get(self): openid = self.get_secure_cookie('openid') if openid: try: user = yield dbapi.db_find_one(self.table, {'openid': openid}) self.finish_request({ "openid": user.get('openid'), "email": user.get('email'), "fullname": user.get('fullname'), "role": user.get('role', 'user'), "type": self.get_secure_cookie('signin_type') }) except Exception: pass raises.Unauthorized('Unauthorized')
def post(self): """ @description: create a test @param body: test to be created @type body: L{TestCreateRequest} @in body: body @rtype: L{CreateResponse} @return 200: test is created. @raise 404: pod/project/testcase not exist @raise 400: body/pod_name/project_name/case_name not provided """ mc = memcache.Client(['127.0.0.1:11211'], debug=0) token = mc.get("token") openid = self.request.headers._dict['Openid'] if openid: self.json_args['owner'] = openid input_token = self.request.headers._dict['Token'] if not token or not input_token == token: raises.Unauthorized(message.invalid_token()) self._post()
def post(self): """ @description: upload and create a test result @param body: result to be created @type body: L{ResultCreateRequest} @in body: body @rtype: L{CreateResponse} @return 200: result is created. @raise 404: pod/project/testcase not exist @raise 400: body/pod_name/project_name/case_name not provided """ mc = memcache.Client(['127.0.0.1:11211'], debug=0) token = mc.get("token") input_token = self.request.headers._dict['Token'] if not token or not input_token == token: raises.Unauthorized(message.invalid_token()) file_array = self.request.files.get('file', None) if file_array is None: msg = 'Please upload a file.' self.finish_request({'code': 403, 'msg': msg}) return fileinfo = file_array[0] try: tar_in = tarfile.open(fileobj=io.BytesIO(fileinfo['body']), mode="r:gz") except tarfile.ReadError: msg = 'Please upload a valid gzip file.' self.finish_request({'code': 403, 'msg': msg}) return try: # Deal with results that are in the 'root' of the tar # file, instead of in results/ missing_results_dir = '' tar_files = tar_in.getnames() if 'results/results.json' not in tar_files: missing_results_dir = '/results' results = tar_in.extractfile('results.json').read() else: results = tar_in.extractfile('results/results.json').read() except KeyError: msg = 'Uploaded results must contain at least one passing test.' self.finish_request({'code': 403, 'msg': msg}) return # results = results.split('\n') result_ids = [] version = '' vnf_type = None vnf_checksum = None try: self.json_args = json.loads(results).copy() openid = self.get_secure_cookie(auth_const.OPENID) if openid: self.json_args['owner'] = openid if self.is_onap: self.json_args['is_onap'] = 'true' vnf_type = self.json_args['vnf_type'] vnf_checksum = self.json_args['vnf_checksum'] # the result files used in the first release of OVP did not # specify an OVP version if (self.json_args['version'] == 'master' or self.json_args['version'] == 'unknown'): version = '2018.01' else: version = self.json_args['version'] build_tag = self.json_args['build_tag'] _id = yield self._inner_create() result_ids.append(str(_id)) except ValueError: msg = 'Uploaded results don''t appear to contain a '\ 'valid results.json file!' self.finish_request({'code': 403, 'msg': msg}) return # Build a test id from the build_tag, where this field takes a couple # of different formats between Dovetail NFVI testing and VNF testing. # If a valid UUID isn't part of the build_tag, we will generate one # here. test_id_match = re.search('[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-' '[0-9A-F]{4}-[0-9A-F]{12}', build_tag) if not test_id_match: print('test_id doesn''t look to be a valid UUID, generating a ' 'new one...') test_id = str(uuid.uuid4()) else: test_id = test_id_match.group(1) log_path = '/home/testapi/logs/%s%s' % (test_id, missing_results_dir) tar_in.extractall(log_path) log_filename = "/home/testapi/logs/log_%s.tar.gz" % (test_id) with open(log_filename, "wb") as tar_out: tar_out.write(fileinfo['body']) resp = {'id': test_id, 'results': result_ids, 'version': version} if vnf_type: resp['vnf_type'] = vnf_type resp['vnf_checksum'] = vnf_checksum self.finish_request(resp)
def get(self): username = self.get_secure_cookie(constants.TESTAPI_ID) if username: self._get_one(query={'user': username}) else: raises.Unauthorized('Unauthorized')