Commit 39dceb4b authored by Georgios Gousios's avatar Georgios Gousios
Browse files

Restructure authentication mechanism.

Move authentication mechanism to the correct place, implement a dummy
decorator, some test data etc
parent ef52da70
......@@ -3,8 +3,10 @@
"model": "db.SynnefoUser",
"pk": 1,
"fields": {
"name": 1,
"credit": 1024
"name": "Test User",
"credit": 1024,
"created": "2011-02-06 00:00:00",
"updated": "2011-02-06 00:00:00"
}
}
]
\ No newline at end of file
......@@ -6,7 +6,7 @@ from django.utils import simplejson as json
from django.http import HttpResponse
from piston.handler import BaseHandler, AnonymousBaseHandler
from synnefo.api.faults import fault, noContent, accepted, created, notModified
from synnefo.api.helpers import instance_to_server, paginator
from synnefo.api.helpers import instance_to_server, paginator, authenticate
from synnefo.util.rapi import GanetiRapiClient, GanetiApiError
from synnefo.util.rapi import CertificateError
from synnefo.db.models import *
......@@ -91,6 +91,7 @@ class ServerHandler(BaseHandler):
"""
allowed_methods = ('GET', 'POST', 'PUT', 'DELETE')
#@authenticate
def read(self, request, id=None):
from time import sleep
sleep(0.5)
......
......@@ -4,6 +4,8 @@
#
# XXX: most of the keys below are dummy
from synnefo.api.errors import Unauthorized
def instance_to_server(instance):
server = {
"id": instance["name"],
......@@ -61,3 +63,24 @@ def paginator(func):
return { key: [] }
return inner_func
def authenticate(func):
"""
Custom authentication filter supporting the OpenStack API protocol.
All API methods are required to go through this. Temporarily implemented as
a decorator until we find a way to apply it to all incoming requests.
"""
def inner(self, request, *args, **kwargs):
if 'X-Auth-Token' in request.META:
return func(self, request, *args, **kwargs)
#An authentication request
if 'X-Auth-User' in request.META and 'X-Auth-Key' in request.META \
and '/v1.0' == request.path and 'GET' == request.method:
#Do authenticate or redirect
return
raise Unauthorized
return inner
\ No newline at end of file
......@@ -13,8 +13,9 @@ from django.test.client import Client
from synnefo.db.models import VirtualMachine, VirtualMachineGroup
from synnefo.db.models import Flavor, Image
from synnefo.api.tests_redux import APIReduxTestCase
from synnefo.api.tests_auth import AuthTestCase
from logic import utils
from synnefo.logic import utils
class APITestCase(TestCase):
fixtures = ['api_test_data', ]
......
#
# Unit Tests for api
#
# Provides automated tests for api module
#
# Copyright 2011 Greek Research and Technology Network
#
from django.test import TestCase
from django.test.client import Client
class AuthTestCase(TestCase):
fixtures = ['auth_test_data']
apibase = '/api/v1.0'
def setUp(self):
self.client = Client()
def test_auth_headers(self):
""" test whether the authentication mechanism sets the correct headers
"""
#Check with non-existing user
response = self.client.get( self.apibase + '/servers', {},
**{'X-Auth-User':'notme',
'X-Auth-Key':'0xdeadbabe'})
self.assertEquals(response.status_code, 401)
#Check with existing user
response = self.client.get( self.apibase + '/', {},
**{'X-Auth-User':'testuser',
'X-Auth-Key':'testuserpasswd'})
self.assertEquals(response.status_code, 204)
self.assertNotEqual(response['X-Auth-Token'], None)
self.assertEquals(response['X-Server-Management-Url'], '')
self.assertEquals(response['X-Storage-Url'], '')
self.assertEquals(response['X-CDN-Management-Url'], '')
#Check access now that we do have an auth token
token = response['X-Auth-Token']
response = self.client.get (self.apibase + '/servers/detail', {},
**{'X-Auth-Token': token})
self.assertEquals(response.status_code, 200)
......@@ -15,8 +15,14 @@ active(S);
active(A);
message(B,S,"GET /");
message(S,B,"304 Go to Sibbolleth");
message(B,A,"304 Go to Sibbolleth");
message(B,A,"Sibbolleth auth");
message(B,A,"Sibbolleth auth");
message(A,S,"auth token");
message(S,S,"store Sibbolleth token");
message(S,A,"get user details");
message(A,S,"user details");
message(S,S,"store user details");
message(S,B,"");
complete(T);
complete(S);
......
......@@ -99,35 +99,3 @@ class DebitAccountTestCase(TestCase):
s_user = SynnefoUser.objects.get(pk=30000)
self.assertEqual(0, s_user.credit, 'SynnefoUser (pk=30000) should have zero credits (%d)' % ( s_user.credit, ))
class AuthTestCase(TestCase):
fixtures = ['api_test_data', 'auth_test_data']
apibase = '/api/v1.0'
def setUp(self):
self.client = Client()
def test_auth_headers(self):
""" test whether the authentication mechanism sets the correct headers
"""
#Check with non-existing user
response = self.client.get( self.apibase + '/servers', {},
**{'X-Auth-User':'notme',
'X-Auth-Key':'0xdeadbabe'})
self.assertEquals(response.status_code, 401)
#Check with existing user
response = self.client.get( self.apibase + '/', {},
**{'X-Auth-User':'testuser',
'X-Auth-Key':'testuserpasswd'})
self.assertEquals(response.status_code, 204)
self.assertNotEqual(response['X-Auth-Token'], None)
self.assertEquals(response['X-Server-Management-Url'], '')
self.assertEquals(response['X-Storage-Url'], '')
self.assertEquals(response['X-CDN-Management-Url'], '')
#Check access now that we do have an auth token
token = response['X-Auth-Token']
response = self.client.get (self.apibase + '/servers/detail', {},
**{'X-Auth-Token': token})
self.assertEquals(response.status_code, 200)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment