Restructure authentication mechanism.

Move authentication mechanism to the correct place, implement a dummy decorator, some test data etc

Restructure authentication mechanism.
Move authentication mechanism to the correct place, implement a dummy decorator, some test data etc
39dceb4b · Georgios Gousios · ef52da70 · 39dceb4b · 39dceb4b · 39dceb4b
Commit 39dceb4b authored Apr 01, 2011 by Georgios Gousios
--- a/logic/fixtures/auth_test_data.json
+++ b/logic/fixtures/auth_test_data.json
@@ -3,8 +3,10 @@
        "model": "db.SynnefoUser",
        "pk": 1,
        "fields": {
-            "name": 1,
-            "credit": 1024
+            "name": "Test User",
+            "credit": 1024,
+            "created": "2011-02-06 00:00:00",
+            "updated": "2011-02-06 00:00:00"
        }
    }
 ]
\ No newline at end of file
--- a/api/handlers.py
+++ b/api/handlers.py
@@ -6,7 +6,7 @@ from django.utils import simplejson as json
 from django.http import HttpResponse
 from piston.handler import BaseHandler, AnonymousBaseHandler
 from synnefo.api.faults import fault, noContent, accepted, created, notModified
-from synnefo.api.helpers import instance_to_server, paginator
+from synnefo.api.helpers import instance_to_server, paginator, authenticate
 from synnefo.util.rapi import GanetiRapiClient, GanetiApiError
 from synnefo.util.rapi import CertificateError
 from synnefo.db.models import *
@@ -91,6 +91,7 @@ class ServerHandler(BaseHandler):
    """
    allowed_methods = ('GET', 'POST', 'PUT', 'DELETE')

+    #@authenticate
    def read(self, request, id=None):
        from time import sleep
        sleep(0.5)

--- a/api/helpers.py
+++ b/api/helpers.py
@@ -4,6 +4,8 @@
 #

 # XXX: most of the keys below are dummy
+from synnefo.api.errors import Unauthorized
+
 def instance_to_server(instance):
    server = {
            "id": instance["name"],
@@ -61,3 +63,24 @@ def paginator(func):
            return { key: [] }

    return inner_func
+
+def authenticate(func):
+    """
+    Custom authentication filter supporting the OpenStack API protocol.
+
+    All API methods are required to go through this. Temporarily implemented as
+    a decorator until we find a way to apply it to all incoming requests.
+    """
+    def inner(self, request, *args, **kwargs):
+        if 'X-Auth-Token' in request.META:
+            return func(self, request, *args, **kwargs)
+
+        #An authentication request
+        if 'X-Auth-User' in request.META and 'X-Auth-Key' in request.META \
+           and '/v1.0' == request.path and 'GET' == request.method:
+            #Do authenticate or redirect
+            return
+
+        raise Unauthorized
+
+    return inner
\ No newline at end of file
--- a/api/tests.py
+++ b/api/tests.py
@@ -13,8 +13,9 @@ from django.test.client import Client
 from synnefo.db.models import VirtualMachine, VirtualMachineGroup
 from synnefo.db.models import Flavor, Image
 from synnefo.api.tests_redux import APIReduxTestCase
+from synnefo.api.tests_auth import AuthTestCase

-from logic import utils
+from synnefo.logic import utils

 class APITestCase(TestCase):
    fixtures = ['api_test_data', ]

--- a/api/tests_auth.py
+++ b/api/tests_auth.py
+#
+# Unit Tests for api
+#
+# Provides automated tests for api module
+#
+# Copyright 2011 Greek Research and Technology Network
+#
+
+from django.test import TestCase
+from django.test.client import Client
+
+class AuthTestCase(TestCase):
+    fixtures = ['auth_test_data']
+    apibase = '/api/v1.0'
+
+    def setUp(self):
+        self.client = Client()
+
+    def test_auth_headers(self):
+        """ test whether the authentication mechanism sets the correct headers
+        """
+        #Check with non-existing user
+        response = self.client.get( self.apibase + '/servers', {},
+                                   **{'X-Auth-User':'notme',
+                                      'X-Auth-Key':'0xdeadbabe'})
+        self.assertEquals(response.status_code, 401)
+
+        #Check with existing user
+        response = self.client.get( self.apibase + '/', {},
+                                   **{'X-Auth-User':'testuser',
+                                      'X-Auth-Key':'testuserpasswd'})
+        self.assertEquals(response.status_code, 204)
+        self.assertNotEqual(response['X-Auth-Token'], None)
+        self.assertEquals(response['X-Server-Management-Url'], '')
+        self.assertEquals(response['X-Storage-Url'], '')
+        self.assertEquals(response['X-CDN-Management-Url'], '')
+
+        #Check access now that we do have an auth token
+        token = response['X-Auth-Token']
+        response = self.client.get (self.apibase + '/servers/detail', {},
+                                   **{'X-Auth-Token': token})
+        self.assertEquals(response.status_code, 200)
--- a/authentication.seq
+++ b/authentication.seq
@@ -15,8 +15,14 @@ active(S);
 active(A);
 message(B,S,"GET /");
 message(S,B,"304 Go to Sibbolleth");
-message(B,A,"304 Go to Sibbolleth");
-
+message(B,A,"Sibbolleth auth");
+message(B,A,"Sibbolleth auth");
+message(A,S,"auth token");
+message(S,S,"store Sibbolleth token");
+message(S,A,"get user details");
+message(A,S,"user details");
+message(S,S,"store user details");
+message(S,B,"");

 complete(T);
 complete(S);

--- a/logic/tests.py
+++ b/logic/tests.py
@@ -99,35 +99,3 @@ class DebitAccountTestCase(TestCase):
        s_user = SynnefoUser.objects.get(pk=30000)

        self.assertEqual(0, s_user.credit, 'SynnefoUser (pk=30000) should have zero credits (%d)' % ( s_user.credit, ))
-
-class AuthTestCase(TestCase):
-    fixtures = ['api_test_data', 'auth_test_data']
-    apibase = '/api/v1.0'
-
-    def setUp(self):
-        self.client = Client()
-
-    def test_auth_headers(self):
-        """ test whether the authentication mechanism sets the correct headers
-        """
-        #Check with non-existing user
-        response = self.client.get( self.apibase + '/servers', {},
-                                   **{'X-Auth-User':'notme',
-                                      'X-Auth-Key':'0xdeadbabe'})
-        self.assertEquals(response.status_code, 401)
-
-        #Check with existing user
-        response = self.client.get( self.apibase + '/', {},
-                                   **{'X-Auth-User':'testuser',
-                                      'X-Auth-Key':'testuserpasswd'})
-        self.assertEquals(response.status_code, 204)
-        self.assertNotEqual(response['X-Auth-Token'], None)
-        self.assertEquals(response['X-Server-Management-Url'], '')
-        self.assertEquals(response['X-Storage-Url'], '')
-        self.assertEquals(response['X-CDN-Management-Url'], '')
-
-        #Check access now that we do have an auth token
-        token = response['X-Auth-Token']
-        response = self.client.get (self.apibase + '/servers/detail', {},
-                                   **{'X-Auth-Token': token})
-        self.assertEquals(response.status_code, 200)