Commit c06b7e43 authored by Sofia Papagiannaki's avatar Sofia Papagiannaki

astakos: slight change in POST /tokens

tenantName is options in the request input.
Howver, if it is provided, the call should check whether
it conforms with the token holder.
parent 229203d6
...@@ -484,7 +484,7 @@ Example xml response: ...@@ -484,7 +484,7 @@ Example xml response:
Return Code Description Return Code Description
=========================== ===================== =========================== =====================
200 (OK) The request succeeded 200 (OK) The request succeeded
400 (Bad Request) Method not allowed or invalid request format or missing expected input 400 (Bad Request) Method not allowed or invalid request format or missing expected input or not consistent tenantName
401 (Unauthorized) Invalid token or invalid creadentials or tenantName does not comply with the provided token 401 (Unauthorized) Invalid token or invalid creadentials or tenantName does not comply with the provided token
500 (Internal Server Error) The request cannot be completed because of an internal error 500 (Internal Server Error) The request cannot be completed because of an internal error
=========================== ===================== =========================== =====================
...@@ -68,10 +68,13 @@ def authenticate(request): ...@@ -68,10 +68,13 @@ def authenticate(request):
token_id = req['auth']['passwordCredentials']['password'] token_id = req['auth']['passwordCredentials']['password']
uuid = req['auth']['passwordCredentials']['username'] uuid = req['auth']['passwordCredentials']['username']
except KeyError: except KeyError:
raise faults.BadRequest('Malformed request') raise faults.BadRequest(
'Malformed request: missing credentials')
tenant = req['auth'].get('tenantName')
if token_id is None: if token_id is None:
raise faults.BadRequest('Malformed request') raise faults.BadRequest('Malformed request: missing token')
try: try:
user = AstakosUser.objects.get(auth_token=token_id) user = AstakosUser.objects.get(auth_token=token_id)
...@@ -84,6 +87,10 @@ def authenticate(request): ...@@ -84,6 +87,10 @@ def authenticate(request):
if user.uuid != uuid: if user.uuid != uuid:
raise faults.Unauthorized('Invalid credentials') raise faults.Unauthorized('Invalid credentials')
if tenant is not None:
if user.uuid != tenant:
raise faults.BadRequest('Not conforming tenantName')
d["access"]["token"] = { d["access"]["token"] = {
"id": user.auth_token, "id": user.auth_token,
"expires": utils.isoformat(user.auth_token_expires), "expires": utils.isoformat(user.auth_token_expires),
......
...@@ -462,8 +462,8 @@ class TokensApiTest(TestCase): ...@@ -462,8 +462,8 @@ class TokensApiTest(TestCase):
r = client.post(url, post_data, content_type='application/json') r = client.post(url, post_data, content_type='application/json')
self.assertEqual(r.status_code, 400) self.assertEqual(r.status_code, 400)
body = json.loads(r.content) body = json.loads(r.content)
self.assertEqual(body['badRequest']['message'], self.assertTrue(body['badRequest']['message'].
'Malformed request') startswith('Malformed request'))
# Check malformed request: missing username # Check malformed request: missing username
url = reverse('astakos.api.tokens.authenticate') url = reverse('astakos.api.tokens.authenticate')
...@@ -473,8 +473,8 @@ class TokensApiTest(TestCase): ...@@ -473,8 +473,8 @@ class TokensApiTest(TestCase):
r = client.post(url, post_data, content_type='application/json') r = client.post(url, post_data, content_type='application/json')
self.assertEqual(r.status_code, 400) self.assertEqual(r.status_code, 400)
body = json.loads(r.content) body = json.loads(r.content)
self.assertEqual(body['badRequest']['message'], self.assertTrue(body['badRequest']['message'].
'Malformed request') startswith('Malformed request'))
# Check invalid pass # Check invalid pass
url = reverse('astakos.api.tokens.authenticate') url = reverse('astakos.api.tokens.authenticate')
...@@ -520,6 +520,28 @@ class TokensApiTest(TestCase): ...@@ -520,6 +520,28 @@ class TokensApiTest(TestCase):
except Exception, e: except Exception, e:
self.fail(e) self.fail(e)
# Check malformed request: missing token
url = reverse('astakos.api.tokens.authenticate')
post_data = """{"auth":{"auth_token":{"id":"%s"},
"tenantName":"%s"}}""" % (
self.user1.auth_token, self.user1.uuid)
r = client.post(url, post_data, content_type='application/json')
self.assertEqual(r.status_code, 400)
body = json.loads(r.content)
self.assertTrue(body['badRequest']['message'].
startswith('Malformed request'))
# Check bad request: inconsistent tenant
url = reverse('astakos.api.tokens.authenticate')
post_data = """{"auth":{"token":{"id":"%s"},
"tenantName":"%s"}}""" % (
self.user1.auth_token, self.user2.uuid)
r = client.post(url, post_data, content_type='application/json')
self.assertEqual(r.status_code, 400)
body = json.loads(r.content)
self.assertEqual(body['badRequest']['message'],
'Not conforming tenantName')
# Check successful json response # Check successful json response
url = reverse('astakos.api.tokens.authenticate') url = reverse('astakos.api.tokens.authenticate')
post_data = """{"auth":{"passwordCredentials":{"username":"%s", post_data = """{"auth":{"passwordCredentials":{"username":"%s",
...@@ -560,5 +582,3 @@ class TokensApiTest(TestCase): ...@@ -560,5 +582,3 @@ class TokensApiTest(TestCase):
# body = minidom.parseString(r.content) # body = minidom.parseString(r.content)
# except Exception, e: # except Exception, e:
# self.fail(e) # self.fail(e)
# test public mode: json response
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment