Revision 5fb55fba
| b/api/fixtures/auth_test_data.json | ||
|---|---|---|
| 1 |
[ |
|
| 2 |
{
|
|
| 3 |
"model": "db.SynnefoUser", |
|
| 4 |
"pk": 1, |
|
| 5 |
"fields": {
|
|
| 6 |
"name": "Test User", |
|
| 7 |
"credit": 1024, |
|
| 8 |
"created": "2011-02-06 00:00:00", |
|
| 9 |
"updated": "2011-02-06 00:00:00" |
|
| 10 |
} |
|
| 11 |
} |
|
| 12 |
] |
|
| b/api/handlers.py | ||
|---|---|---|
| 6 | 6 |
from django.http import HttpResponse |
| 7 | 7 |
from piston.handler import BaseHandler, AnonymousBaseHandler |
| 8 | 8 |
from synnefo.api.faults import fault, noContent, accepted, created, notModified |
| 9 |
from synnefo.api.helpers import instance_to_server, paginator |
|
| 9 |
from synnefo.api.helpers import instance_to_server, paginator, authenticate
|
|
| 10 | 10 |
from synnefo.util.rapi import GanetiRapiClient, GanetiApiError |
| 11 | 11 |
from synnefo.util.rapi import CertificateError |
| 12 | 12 |
from synnefo.db.models import * |
| ... | ... | |
| 91 | 91 |
""" |
| 92 | 92 |
allowed_methods = ('GET', 'POST', 'PUT', 'DELETE')
|
| 93 | 93 |
|
| 94 |
#@authenticate |
|
| 94 | 95 |
def read(self, request, id=None): |
| 95 | 96 |
from time import sleep |
| 96 | 97 |
sleep(0.5) |
| b/api/helpers.py | ||
|---|---|---|
| 4 | 4 |
# |
| 5 | 5 |
|
| 6 | 6 |
# XXX: most of the keys below are dummy |
| 7 |
from synnefo.api.errors import Unauthorized |
|
| 8 |
|
|
| 7 | 9 |
def instance_to_server(instance): |
| 8 | 10 |
server = {
|
| 9 | 11 |
"id": instance["name"], |
| ... | ... | |
| 61 | 63 |
return { key: [] }
|
| 62 | 64 |
|
| 63 | 65 |
return inner_func |
| 66 |
|
|
| 67 |
def authenticate(func): |
|
| 68 |
""" |
|
| 69 |
Custom authentication filter supporting the OpenStack API protocol. |
|
| 70 |
|
|
| 71 |
All API methods are required to go through this. Temporarily implemented as |
|
| 72 |
a decorator until we find a way to apply it to all incoming requests. |
|
| 73 |
""" |
|
| 74 |
def inner(self, request, *args, **kwargs): |
|
| 75 |
if 'X-Auth-Token' in request.META: |
|
| 76 |
return func(self, request, *args, **kwargs) |
|
| 77 |
|
|
| 78 |
#An authentication request |
|
| 79 |
if 'X-Auth-User' in request.META and 'X-Auth-Key' in request.META \ |
|
| 80 |
and '/v1.0' == request.path and 'GET' == request.method: |
|
| 81 |
#Do authenticate or redirect |
|
| 82 |
return |
|
| 83 |
|
|
| 84 |
raise Unauthorized |
|
| 85 |
|
|
| 86 |
return inner |
|
| b/api/tests.py | ||
|---|---|---|
| 13 | 13 |
from synnefo.db.models import VirtualMachine, VirtualMachineGroup |
| 14 | 14 |
from synnefo.db.models import Flavor, Image |
| 15 | 15 |
from synnefo.api.tests_redux import APIReduxTestCase |
| 16 |
from synnefo.api.tests_auth import AuthTestCase |
|
| 16 | 17 |
|
| 17 |
from logic import utils |
|
| 18 |
from synnefo.logic import utils
|
|
| 18 | 19 |
|
| 19 | 20 |
class APITestCase(TestCase): |
| 20 | 21 |
fixtures = ['api_test_data', ] |
| b/api/tests_auth.py | ||
|---|---|---|
| 1 |
# |
|
| 2 |
# Unit Tests for api |
|
| 3 |
# |
|
| 4 |
# Provides automated tests for api module |
|
| 5 |
# |
|
| 6 |
# Copyright 2011 Greek Research and Technology Network |
|
| 7 |
# |
|
| 8 |
|
|
| 9 |
from django.test import TestCase |
|
| 10 |
from django.test.client import Client |
|
| 11 |
|
|
| 12 |
class AuthTestCase(TestCase): |
|
| 13 |
fixtures = ['auth_test_data'] |
|
| 14 |
apibase = '/api/v1.0' |
|
| 15 |
|
|
| 16 |
def setUp(self): |
|
| 17 |
self.client = Client() |
|
| 18 |
|
|
| 19 |
def test_auth_headers(self): |
|
| 20 |
""" test whether the authentication mechanism sets the correct headers |
|
| 21 |
""" |
|
| 22 |
#Check with non-existing user |
|
| 23 |
response = self.client.get( self.apibase + '/servers', {},
|
|
| 24 |
**{'X-Auth-User':'notme',
|
|
| 25 |
'X-Auth-Key':'0xdeadbabe'}) |
|
| 26 |
self.assertEquals(response.status_code, 401) |
|
| 27 |
|
|
| 28 |
#Check with existing user |
|
| 29 |
response = self.client.get( self.apibase + '/', {},
|
|
| 30 |
**{'X-Auth-User':'testuser',
|
|
| 31 |
'X-Auth-Key':'testuserpasswd'}) |
|
| 32 |
self.assertEquals(response.status_code, 204) |
|
| 33 |
self.assertNotEqual(response['X-Auth-Token'], None) |
|
| 34 |
self.assertEquals(response['X-Server-Management-Url'], '') |
|
| 35 |
self.assertEquals(response['X-Storage-Url'], '') |
|
| 36 |
self.assertEquals(response['X-CDN-Management-Url'], '') |
|
| 37 |
|
|
| 38 |
#Check access now that we do have an auth token |
|
| 39 |
token = response['X-Auth-Token'] |
|
| 40 |
response = self.client.get (self.apibase + '/servers/detail', {},
|
|
| 41 |
**{'X-Auth-Token': token})
|
|
| 42 |
self.assertEquals(response.status_code, 200) |
|
| b/authentication.seq | ||
|---|---|---|
| 15 | 15 |
active(A); |
| 16 | 16 |
message(B,S,"GET /"); |
| 17 | 17 |
message(S,B,"304 Go to Sibbolleth"); |
| 18 |
message(B,A,"304 Go to Sibbolleth"); |
|
| 19 |
|
|
| 18 |
message(B,A,"Sibbolleth auth"); |
|
| 19 |
message(B,A,"Sibbolleth auth"); |
|
| 20 |
message(A,S,"auth token"); |
|
| 21 |
message(S,S,"store Sibbolleth token"); |
|
| 22 |
message(S,A,"get user details"); |
|
| 23 |
message(A,S,"user details"); |
|
| 24 |
message(S,S,"store user details"); |
|
| 25 |
message(S,B,""); |
|
| 20 | 26 |
|
| 21 | 27 |
complete(T); |
| 22 | 28 |
complete(S); |
| /dev/null | ||
|---|---|---|
| 1 |
[ |
|
| 2 |
{
|
|
| 3 |
"model": "db.SynnefoUser", |
|
| 4 |
"pk": 1, |
|
| 5 |
"fields": {
|
|
| 6 |
"name": 1, |
|
| 7 |
"credit": 1024 |
|
| 8 |
} |
|
| 9 |
} |
|
| 10 |
] |
|
| b/logic/tests.py | ||
|---|---|---|
| 99 | 99 |
s_user = SynnefoUser.objects.get(pk=30000) |
| 100 | 100 |
|
| 101 | 101 |
self.assertEqual(0, s_user.credit, 'SynnefoUser (pk=30000) should have zero credits (%d)' % ( s_user.credit, )) |
| 102 |
|
|
| 103 |
class AuthTestCase(TestCase): |
|
| 104 |
fixtures = ['api_test_data', 'auth_test_data'] |
|
| 105 |
apibase = '/api/v1.0' |
|
| 106 |
|
|
| 107 |
def setUp(self): |
|
| 108 |
self.client = Client() |
|
| 109 |
|
|
| 110 |
def test_auth_headers(self): |
|
| 111 |
""" test whether the authentication mechanism sets the correct headers |
|
| 112 |
""" |
|
| 113 |
#Check with non-existing user |
|
| 114 |
response = self.client.get( self.apibase + '/servers', {},
|
|
| 115 |
**{'X-Auth-User':'notme',
|
|
| 116 |
'X-Auth-Key':'0xdeadbabe'}) |
|
| 117 |
self.assertEquals(response.status_code, 401) |
|
| 118 |
|
|
| 119 |
#Check with existing user |
|
| 120 |
response = self.client.get( self.apibase + '/', {},
|
|
| 121 |
**{'X-Auth-User':'testuser',
|
|
| 122 |
'X-Auth-Key':'testuserpasswd'}) |
|
| 123 |
self.assertEquals(response.status_code, 204) |
|
| 124 |
self.assertNotEqual(response['X-Auth-Token'], None) |
|
| 125 |
self.assertEquals(response['X-Server-Management-Url'], '') |
|
| 126 |
self.assertEquals(response['X-Storage-Url'], '') |
|
| 127 |
self.assertEquals(response['X-CDN-Management-Url'], '') |
|
| 128 |
|
|
| 129 |
#Check access now that we do have an auth token |
|
| 130 |
token = response['X-Auth-Token'] |
|
| 131 |
response = self.client.get (self.apibase + '/servers/detail', {},
|
|
| 132 |
**{'X-Auth-Token': token})
|
|
| 133 |
self.assertEquals(response.status_code, 200) |
|
Also available in: Unified diff