def wrap(self, *args, **kwargs):
query = kwargs.get('query')
data = yield dbapi.db_find_one(self.table, query)
if not data:
raises.NotFound(message.not_found(self.table, query))
ret = yield gen.coroutine(xstep)(self, data, *args, **kwargs)
raise gen.Return(ret)
def wrapper(self, *args, **kwargs):
if CONF.api_authenticate and self.table in [
'pods', 'projects', 'testcases', 'scenarios'
]:
testapi_id = self.get_secure_cookie(constants.TESTAPI_ID)
if not testapi_id:
raises.Unauthorized(message.not_login())
user_info = yield dbapi.db_find_one('users', {'user': testapi_id})
if not user_info:
raises.Unauthorized(message.not_lfid())
if method.__name__ == "_create":
kwargs['owner'] = testapi_id
if self.table in ['projects']:
query = kwargs.get('query')
if type(query) is not dict:
query_data = query()
else:
if self.json_args is None:
query_data = query
else:
query_data = self.json_args
group = "opnfv-gerrit-" + query_data['name'] + "-submitters"
if group not in user_info['groups']:
raises.Unauthorized(message.no_permission())
ret = yield gen.coroutine(method)(self, *args, **kwargs)
raise gen.Return(ret)
def get(self):
openid = self.get_secure_cookie('openid')
if openid:
try:
user = yield dbapi.db_find_one(self.table, {'openid': openid})
self.finish_request({
"openid":
user.get('openid'),
"email":
user.get('email'),
"fullname":
user.get('fullname'),
"role":
user.get('role', 'user'),
"type":
self.get_secure_cookie('signin_type'),
"companyName":
user.get('companyName'),
"companyWebsite":
user.get('companyWebsite'),
"primaryContactName":
user.get('primaryContactName'),
"primaryBusinessEmail":
user.get('primaryBusinessEmail'),
"primaryPostalAddress":
user.get('primaryPostalAddress'),
"primaryPhoneNumber":
user.get('primaryPhoneNumber')
})
except Exception:
pass
raises.Unauthorized('Unauthorized')
def get(self):
logging.warning("cas return")
ticket = self.get_query_argument('ticket')
logging.warning("ticket:%s", ticket)
client = CASClient(version='2',
renew=False,
extra_login_params=False,
server_url=CONF.lfid_url,
service_url=CONF.lfid_return_url)
user, attrs, _ = client.verify_ticket(ticket)
logging.debug("user:%s", user)
logging.debug("attr:%s", attrs)
openid = user
role = const.DEFAULT_ROLE
new_user_info = {
'openid': openid,
'email': attrs['mail'],
'fullname': attrs['profile_name_full'],
const.ROLE: role
}
user = yield dbapi.db_find_one(self.table, {'openid': openid})
if not user:
dbapi.db_save(self.table, new_user_info)
else:
role = user.get(const.ROLE)
self.clear_cookie(const.OPENID)
self.clear_cookie(const.ROLE)
self.clear_cookie('ticket')
self.set_secure_cookie(const.OPENID, openid)
self.set_secure_cookie(const.ROLE, role)
self.set_secure_cookie('ticket', ticket)
self.redirect("/")
def wrap(self, *args, **kwargs):
query = kwargs.get('query')
if query:
to_data = yield dbapi.db_find_one(self.table, query())
if to_data:
raises.Forbidden(message.exist(self.table, query()))
ret = yield gen.coroutine(xstep)(self, *args, **kwargs)
raise gen.Return(ret)
def _check_if_exists(self, *args, **kwargs):
query = kwargs['query']
table = kwargs['table']
if query and table:
data = yield dbapi.db_find_one(table, query)
if data:
raise gen.Return((True, 'Data alreay exists. %s' % (query)))
raise gen.Return((False, 'Data does not exist. %s' % (query)))
def _convert_to_id(self, email):
query = {"email": email}
table = "users"
if query and table:
data = yield dbapi.db_find_one(table, query)
if data:
raise gen.Return((True, 'Data already exists. %s' % (query),
data.get("openid")))
raise gen.Return((False, 'Data does not exist. %s' % (query), None))
def wrap(self, *args, **kwargs):
carriers = kwargs.pop('carriers', {})
if carriers:
for table, query in carriers:
exist = yield dbapi.db_find_one(table, query())
if not exist:
raises.Forbidden(message.not_found(table, query()))
ret = yield gen.coroutine(xstep)(self, *args, **kwargs)
raise gen.Return(ret)
def wrap(self, data, *args, **kwargs):
db_keys = kwargs.pop('db_keys', [])
query = self._update_query(db_keys, data)
if query:
to_data = yield dbapi.db_find_one(self.table, query)
if to_data:
raises.Forbidden(message.exist(self.table, query))
ret = yield gen.coroutine(xstep)(self, data, *args, **kwargs)
raise gen.Return(ret)
def check_review(self, data, *args):
current_user = self.get_secure_cookie(auth_const.OPENID)
for test in data:
query = {'reviewer_openid': current_user, 'test_id': test['id']}
ret = yield dbapi.db_find_one('reviews', query)
if ret:
test['voted'] = 'true'
else:
test['voted'] = 'false'
raise gen.Return({self.table: data})
def delete(self, id):
query = {'_id': objectid.ObjectId(id)}
application = yield dbapi.db_find_one(self.table, query)
test_id = application['test_id']
t_query = {'id': test_id}
yield dbapi.db_delete('reviews', {'test_id': test_id})
yield dbapi.db_update('tests', t_query,
{'$set': {
'status': 'private'
}})
self._delete(query=query)
def wrapper(self, *args, **kwargs):
if self.table in ['pods']:
testapi_id = self.get_secure_cookie(constants.TESTAPI_ID)
if not testapi_id:
raises.Unauthorized(message.not_login())
user_info = yield dbapi.db_find_one('users', {'user': testapi_id})
if not user_info:
raises.Unauthorized(message.not_lfid())
kwargs['owner'] = testapi_id
ret = yield gen.coroutine(method)(self, *args, **kwargs)
raise gen.Return(ret)
def _del(self):
query = {'openid': self.json_args['reviewer_openid']}
user = yield dbapi.db_find_one('users', query)
if not user:
raises.Forbidden(message.unauthorized())
role = self.get_secure_cookie(auth_const.ROLE)
if 'reviewer' not in role.split(','):
raises.Unauthorized(message.no_auth())
test = yield dbapi.db_find_one(
'tests', {'id': self.json_args['test_id']})
if test['owner'] == self.json_args['reviewer_openid']:
self.finish_request({'code': 403,
'msg': 'No permision to review own results'})
return
query = {
'reviewer_openid': self.json_args['reviewer_openid'],
'test_id': self.json_args['test_id']
}
yield dbapi.db_delete(self.table, query)
self.finish_request()
def wrapper(self, *args, **kwargs):
if self.auth:
try:
token = self.request.headers['X-Auth-Token']
except KeyError:
raises.Unauthorized(message.unauthorized())
query = {'access_token': token}
check = yield dbapi.db_find_one('tokens', query)
if not check:
raises.Forbidden(message.invalid_token())
ret = yield gen.coroutine(method)(self, *args, **kwargs)
raise gen.Return(ret)
def check_auth(self, item, value):
logging.debug('check_auth')
user = self.get_secure_cookie(auth_const.OPENID)
query = {}
if item == "status":
if value == "private" or value == "review":
logging.debug('check review')
query['user_id'] = user
data = yield dbapi.db_find_one('applications', query)
if data:
logging.debug('results are bound to an application')
raise gen.Return((False, message.no_auth()))
if value == "verified":
logging.debug('check verify')
query['role'] = {"$regex": ".*administrator.*"}
query['openid'] = user
data = yield dbapi.db_find_one('users', query)
if not data:
logging.debug('not found')
raise gen.Return((False, message.no_auth()))
raise gen.Return((True, {}))
def put(self):
db_keys = []
openid = self.get_secure_cookie(auth_const.OPENID)
if openid:
query = {'openid': openid}
user = yield dbapi.db_find_one(self.table, query)
if not user:
raises.NotFound(message.not_found(self.table, query))
self._update(query=query, db_keys=db_keys)
else:
raises.Unauthorized(message.no_auth())
def get(self, test_id):
query = dict()
query["_id"] = objectid.ObjectId(test_id)
data = yield dbapi.db_find_one(self.table, query)
if not data:
raises.NotFound(message.not_found(self.table, query))
validation = yield self._check_api_response_validation(data['id'])
data.update({'validation': validation})
self.finish_request(self.format_data(data))
def wrap(self, *args, **kwargs):
query = kwargs.get('query')
if query:
query_data = query()
if self.table == 'pods':
if query_data.get('name') is not None:
query_data['name'] = re.compile(
'\\b' + query_data.get('name') + '\\b', re.IGNORECASE)
to_data = yield dbapi.db_find_one(self.table, query_data)
if to_data:
raises.Forbidden(message.exist(self.table, query()))
ret = yield gen.coroutine(xstep)(self, *args, **kwargs)
raise gen.Return(ret)
def get(self, test_id):
query = dict()
query["_id"] = objectid.ObjectId(test_id)
data = yield dbapi.db_find_one(self.table, query)
if not data:
raises.NotFound(message.not_found(self.table, query))
# only do this when it's nfvi not vnf
if 'is_onap' not in data.keys() or data['is_onap'] != 'true':
validation = yield self._check_api_response_validation(data['id'])
data.update({'validation': validation})
self.finish_request(self.format_data(data))
def get(self):
logging.warning("jira return")
# Step 1. Use the request token in the session to build a new client.
consumer = oauth.Consumer(CONF.jira_oauth_consumer_key,
CONF.jira_oauth_consumer_secret)
token = oauth.Token(self.get_secure_cookie('oauth_token'),
self.get_secure_cookie('oauth_token_secret'))
client = oauth.Client(consumer, token)
client.set_signature_method(SignatureMethod_RSA_SHA1())
# Step 2. Request the authorized access token from Jira.
try:
resp, content = client.request(CONF.jira_oauth_access_token_url,
"POST")
except Exception as e:
logging.error("Connect jira exception:%s", e)
self._auth_failure('Error: Connection to Jira failed. \
Please contact an Administrator')
if resp['status'] != '200':
logging.error("Connect jira error:%s", resp)
self._auth_failure('Error: Connection to Jira failed. \
Please contact an Administrator')
access_token = dict(parse.parse_qsl(content.decode()))
logging.warning("access_token: %s", access_token)
# jira = JIRA(server=CONF.jira_jira_url, oauth=oauth_dict)
jira = get_jira(access_token)
lf_id = jira.current_user()
logging.warning("lf_id: %s", lf_id)
user = jira.myself()
logging.warning("user: %s", user)
# Step 3. Lookup the user or create them if they don't exist.
role = const.DEFAULT_ROLE
new_user_info = {
'openid': lf_id,
'email': user['emailAddress'],
'fullname': user['displayName'],
const.ROLE: role
}
user = yield dbapi.db_find_one(self.table, {'openid': lf_id})
if not user:
dbapi.db_save(self.table, new_user_info)
else:
role = user.get(const.ROLE)
self.clear_cookie(const.OPENID)
self.clear_cookie(const.ROLE)
self.set_secure_cookie(const.OPENID, lf_id)
self.set_secure_cookie(const.ROLE, role)
self.redirect(url=CONF.ui_url)
def set_query(self):
query = dict()
date_range = dict()
for k in self.request.query_arguments.keys():
v = self.get_query_argument(k)
if k == 'period':
v = self.get_int(k, v)
if v > 0:
period = datetime.now() - timedelta(days=v)
obj = {"$gte": str(period)}
query['start_date'] = obj
elif k == 'from':
date_range.update({'$gte': str(v)})
elif k == 'to':
date_range.update({'$lt': str(v)})
elif k == 'signed':
openid = self.get_secure_cookie(auth_const.OPENID)
user = yield dbapi.db_find_one("users", {'openid': openid})
role = self.get_secure_cookie(auth_const.ROLE)
logging.info('role:%s', role)
if role:
query['$or'] = [
{
"shared": {
"$elemMatch": {"$eq": openid}
}
},
{"owner": openid},
{
"shared": {
"$elemMatch": {"$eq": user.get("email")}
}
}
]
if role.find("reviewer") != -1:
query['$or'].append({"status": {"$ne": "private"}})
elif k not in ['last', 'page', 'descend', 'per_page']:
query[k] = v
if date_range:
query['start_date'] = date_range
# if $lt is not provided,
# empty/None/null/'' start_date will also be returned
if 'start_date' in query and '$lt' not in query['start_date']:
query['start_date'].update({'$lt': str(datetime.now())})
logging.debug("query:%s", query)
raise gen.Return((query))
def delete(self, result_id):
curr_user = self.get_secure_cookie(auth_const.OPENID)
curr_user_role = self.get_secure_cookie(auth_const.ROLE)
if curr_user is not None:
query = {'_id': objectid.ObjectId(result_id)}
test_data = yield dbapi.db_find_one(self.table, query)
if not test_data:
raises.NotFound(message.not_found(self.table, query))
if curr_user == test_data['owner'] or \
curr_user_role.find('administrator') != -1:
self._delete(query=query)
else:
raises.Forbidden(message.no_auth())
else:
raises.Unauthorized(message.no_auth())
def get(self):
openid = self.get_secure_cookie('openid')
if openid:
try:
user = yield dbapi.db_find_one(self.table, {'openid': openid})
self.finish_request({
"openid":
user.get('openid'),
"email":
user.get('email'),
"fullname":
user.get('fullname'),
"role":
user.get('role', 'user'),
"type":
self.get_secure_cookie('signin_type')
})
except Exception:
pass
raises.Unauthorized('Unauthorized')
def update(self, application_id, item, value, owner):
self.json_args = {}
self.json_args[item] = value
query = {'_id': objectid.ObjectId(application_id), 'owner': owner}
db_keys = ['_id', 'owner']
if item == 'approved':
if value == 'true':
status = 'verified'
self.json_args['approve_date'] = str(datetime.now())
else:
status = 'review'
self.json_args['approve_date'] = ''
application = yield dbapi.db_find_one(self.table, query)
test_id = application['test_id']
t_query = {'id': test_id}
yield dbapi.db_update('tests', t_query,
{'$set': {
'status': status
}})
self._update(query=query, db_keys=db_keys)
def get(self):
ticket = self.get_query_argument('ticket', default=None)
if ticket:
(user, attrs, _) = self.cas_client.verify_ticket(ticket=ticket)
login_user = {
'user': user,
'email': attrs.get('mail'),
'fullname': attrs.get('field_lf_full_name'),
'groups': constants.TESTAPI_USERS + attrs.get('group', [])
}
q_user = {'user': user}
db_user = yield dbapi.db_find_one(self.table, q_user)
if not db_user:
dbapi.db_save(self.table, login_user)
else:
dbapi.db_update(self.table, q_user, login_user)
self.clear_cookie(constants.TESTAPI_ID)
self.set_secure_cookie(constants.TESTAPI_ID, user)
self.redirect(url=CONF.ui_url)
def get(self):
if self.get_query_argument(const.OPENID_MODE) == 'cancel':
self._auth_failure('Authentication canceled.')
openid = self.get_query_argument(const.OPENID_CLAIMED_ID)
role = const.DEFAULT_ROLE
new_user_info = {
'openid': openid,
'email': self.get_query_argument(const.OPENID_NS_SREG_EMAIL),
'fullname': self.get_query_argument(const.OPENID_NS_SREG_FULLNAME),
const.ROLE: role
}
user = yield dbapi.db_find_one(self.table, {'openid': openid})
if not user:
dbapi.db_save(self.table, new_user_info)
else:
role = user.get(const.ROLE)
self.clear_cookie(const.OPENID)
self.clear_cookie(const.ROLE)
self.set_secure_cookie(const.OPENID, openid)
self.set_secure_cookie(const.ROLE, role)
self.redirect(url=CONF.ui_url)
def update(self, _id, item, value):
logging.debug("update")
if item == "shared":
new_list = []
for user in value:
ret, msg, user_id = yield self._convert_to_id(user)
if ret:
user = user_id
new_list.append(user)
query = {"$or": [{"openid": user}, {"email": user}]}
table = "users"
ret, msg = yield self._check_if_exists(table=table,
query=query)
logging.debug('ret:%s', ret)
if not ret:
self.finish_request({'code': '403', 'msg': msg})
return
if len(new_list) != len(set(new_list)):
msg = "Already shared with this user"
self.finish_request({'code': '403', 'msg': msg})
return
logging.debug("before _update")
self.json_args = {}
self.json_args[item] = value
ret, msg = yield self.check_auth(item, value)
if not ret:
self.finish_request({'code': '404', 'msg': msg})
return
query = {'_id': objectid.ObjectId(_id)}
db_keys = [
'_id',
]
test = yield dbapi.db_find_one("tests", query)
if not test:
msg = 'Record does not exist'
self.finish_request({'code': 404, 'msg': msg})
return
curr_user = self.get_secure_cookie(auth_const.OPENID)
if item in {"shared", "label", "sut_label"}:
query['owner'] = curr_user
db_keys.append('owner')
if item == 'sut_label':
if test['status'] != 'private' and not value:
msg = 'SUT version cannot be changed to None after submitting.'
self.finish_request({'code': 403, 'msg': msg})
return
if item == "status":
if value == 'verified':
if test['status'] == 'private':
msg = 'Not allowed to verify'
self.finish_request({'code': 403, 'msg': msg})
return
user = yield dbapi.db_find_one("users", {'openid': curr_user})
if 'administrator' not in user['role']:
msg = 'No permission to operate'
self.finish_request({'code': 403, 'msg': msg})
return
elif value == 'review':
if test['status'] != 'private':
msg = 'Not allowed to submit to review'
self.finish_request({'code': 403, 'msg': msg})
return
query['owner'] = curr_user
db_keys.append('owner')
test_query = {
'id': test['id'],
'$or': [{
'status': 'review'
}, {
'status': 'verified'
}]
}
record = yield dbapi.db_find_one("tests", test_query)
if record:
msg = ('{} has already submitted one record with the same '
'Test ID: {}'.format(record['owner'], test['id']))
self.finish_request({'code': 403, 'msg': msg})
return
else:
query['owner'] = curr_user
db_keys.append('owner')
logging.debug("before _update 2")
self._update(query=query, db_keys=db_keys)
