Revision 5fb55fba
b/api/fixtures/auth_test_data.json | ||
---|---|---|
1 |
[ |
|
2 |
{ |
|
3 |
"model": "db.SynnefoUser", |
|
4 |
"pk": 1, |
|
5 |
"fields": { |
|
6 |
"name": "Test User", |
|
7 |
"credit": 1024, |
|
8 |
"created": "2011-02-06 00:00:00", |
|
9 |
"updated": "2011-02-06 00:00:00" |
|
10 |
} |
|
11 |
} |
|
12 |
] |
b/api/handlers.py | ||
---|---|---|
6 | 6 |
from django.http import HttpResponse |
7 | 7 |
from piston.handler import BaseHandler, AnonymousBaseHandler |
8 | 8 |
from synnefo.api.faults import fault, noContent, accepted, created, notModified |
9 |
from synnefo.api.helpers import instance_to_server, paginator |
|
9 |
from synnefo.api.helpers import instance_to_server, paginator, authenticate
|
|
10 | 10 |
from synnefo.util.rapi import GanetiRapiClient, GanetiApiError |
11 | 11 |
from synnefo.util.rapi import CertificateError |
12 | 12 |
from synnefo.db.models import * |
... | ... | |
91 | 91 |
""" |
92 | 92 |
allowed_methods = ('GET', 'POST', 'PUT', 'DELETE') |
93 | 93 |
|
94 |
#@authenticate |
|
94 | 95 |
def read(self, request, id=None): |
95 | 96 |
from time import sleep |
96 | 97 |
sleep(0.5) |
b/api/helpers.py | ||
---|---|---|
4 | 4 |
# |
5 | 5 |
|
6 | 6 |
# XXX: most of the keys below are dummy |
7 |
from synnefo.api.errors import Unauthorized |
|
8 |
|
|
7 | 9 |
def instance_to_server(instance): |
8 | 10 |
server = { |
9 | 11 |
"id": instance["name"], |
... | ... | |
61 | 63 |
return { key: [] } |
62 | 64 |
|
63 | 65 |
return inner_func |
66 |
|
|
67 |
def authenticate(func): |
|
68 |
""" |
|
69 |
Custom authentication filter supporting the OpenStack API protocol. |
|
70 |
|
|
71 |
All API methods are required to go through this. Temporarily implemented as |
|
72 |
a decorator until we find a way to apply it to all incoming requests. |
|
73 |
""" |
|
74 |
def inner(self, request, *args, **kwargs): |
|
75 |
if 'X-Auth-Token' in request.META: |
|
76 |
return func(self, request, *args, **kwargs) |
|
77 |
|
|
78 |
#An authentication request |
|
79 |
if 'X-Auth-User' in request.META and 'X-Auth-Key' in request.META \ |
|
80 |
and '/v1.0' == request.path and 'GET' == request.method: |
|
81 |
#Do authenticate or redirect |
|
82 |
return |
|
83 |
|
|
84 |
raise Unauthorized |
|
85 |
|
|
86 |
return inner |
b/api/tests.py | ||
---|---|---|
13 | 13 |
from synnefo.db.models import VirtualMachine, VirtualMachineGroup |
14 | 14 |
from synnefo.db.models import Flavor, Image |
15 | 15 |
from synnefo.api.tests_redux import APIReduxTestCase |
16 |
from synnefo.api.tests_auth import AuthTestCase |
|
16 | 17 |
|
17 |
from logic import utils |
|
18 |
from synnefo.logic import utils
|
|
18 | 19 |
|
19 | 20 |
class APITestCase(TestCase): |
20 | 21 |
fixtures = ['api_test_data', ] |
b/api/tests_auth.py | ||
---|---|---|
1 |
# |
|
2 |
# Unit Tests for api |
|
3 |
# |
|
4 |
# Provides automated tests for api module |
|
5 |
# |
|
6 |
# Copyright 2011 Greek Research and Technology Network |
|
7 |
# |
|
8 |
|
|
9 |
from django.test import TestCase |
|
10 |
from django.test.client import Client |
|
11 |
|
|
12 |
class AuthTestCase(TestCase): |
|
13 |
fixtures = ['auth_test_data'] |
|
14 |
apibase = '/api/v1.0' |
|
15 |
|
|
16 |
def setUp(self): |
|
17 |
self.client = Client() |
|
18 |
|
|
19 |
def test_auth_headers(self): |
|
20 |
""" test whether the authentication mechanism sets the correct headers |
|
21 |
""" |
|
22 |
#Check with non-existing user |
|
23 |
response = self.client.get( self.apibase + '/servers', {}, |
|
24 |
**{'X-Auth-User':'notme', |
|
25 |
'X-Auth-Key':'0xdeadbabe'}) |
|
26 |
self.assertEquals(response.status_code, 401) |
|
27 |
|
|
28 |
#Check with existing user |
|
29 |
response = self.client.get( self.apibase + '/', {}, |
|
30 |
**{'X-Auth-User':'testuser', |
|
31 |
'X-Auth-Key':'testuserpasswd'}) |
|
32 |
self.assertEquals(response.status_code, 204) |
|
33 |
self.assertNotEqual(response['X-Auth-Token'], None) |
|
34 |
self.assertEquals(response['X-Server-Management-Url'], '') |
|
35 |
self.assertEquals(response['X-Storage-Url'], '') |
|
36 |
self.assertEquals(response['X-CDN-Management-Url'], '') |
|
37 |
|
|
38 |
#Check access now that we do have an auth token |
|
39 |
token = response['X-Auth-Token'] |
|
40 |
response = self.client.get (self.apibase + '/servers/detail', {}, |
|
41 |
**{'X-Auth-Token': token}) |
|
42 |
self.assertEquals(response.status_code, 200) |
b/authentication.seq | ||
---|---|---|
15 | 15 |
active(A); |
16 | 16 |
message(B,S,"GET /"); |
17 | 17 |
message(S,B,"304 Go to Sibbolleth"); |
18 |
message(B,A,"304 Go to Sibbolleth"); |
|
19 |
|
|
18 |
message(B,A,"Sibbolleth auth"); |
|
19 |
message(B,A,"Sibbolleth auth"); |
|
20 |
message(A,S,"auth token"); |
|
21 |
message(S,S,"store Sibbolleth token"); |
|
22 |
message(S,A,"get user details"); |
|
23 |
message(A,S,"user details"); |
|
24 |
message(S,S,"store user details"); |
|
25 |
message(S,B,""); |
|
20 | 26 |
|
21 | 27 |
complete(T); |
22 | 28 |
complete(S); |
/dev/null | ||
---|---|---|
1 |
[ |
|
2 |
{ |
|
3 |
"model": "db.SynnefoUser", |
|
4 |
"pk": 1, |
|
5 |
"fields": { |
|
6 |
"name": 1, |
|
7 |
"credit": 1024 |
|
8 |
} |
|
9 |
} |
|
10 |
] |
b/logic/tests.py | ||
---|---|---|
99 | 99 |
s_user = SynnefoUser.objects.get(pk=30000) |
100 | 100 |
|
101 | 101 |
self.assertEqual(0, s_user.credit, 'SynnefoUser (pk=30000) should have zero credits (%d)' % ( s_user.credit, )) |
102 |
|
|
103 |
class AuthTestCase(TestCase): |
|
104 |
fixtures = ['api_test_data', 'auth_test_data'] |
|
105 |
apibase = '/api/v1.0' |
|
106 |
|
|
107 |
def setUp(self): |
|
108 |
self.client = Client() |
|
109 |
|
|
110 |
def test_auth_headers(self): |
|
111 |
""" test whether the authentication mechanism sets the correct headers |
|
112 |
""" |
|
113 |
#Check with non-existing user |
|
114 |
response = self.client.get( self.apibase + '/servers', {}, |
|
115 |
**{'X-Auth-User':'notme', |
|
116 |
'X-Auth-Key':'0xdeadbabe'}) |
|
117 |
self.assertEquals(response.status_code, 401) |
|
118 |
|
|
119 |
#Check with existing user |
|
120 |
response = self.client.get( self.apibase + '/', {}, |
|
121 |
**{'X-Auth-User':'testuser', |
|
122 |
'X-Auth-Key':'testuserpasswd'}) |
|
123 |
self.assertEquals(response.status_code, 204) |
|
124 |
self.assertNotEqual(response['X-Auth-Token'], None) |
|
125 |
self.assertEquals(response['X-Server-Management-Url'], '') |
|
126 |
self.assertEquals(response['X-Storage-Url'], '') |
|
127 |
self.assertEquals(response['X-CDN-Management-Url'], '') |
|
128 |
|
|
129 |
#Check access now that we do have an auth token |
|
130 |
token = response['X-Auth-Token'] |
|
131 |
response = self.client.get (self.apibase + '/servers/detail', {}, |
|
132 |
**{'X-Auth-Token': token}) |
|
133 |
self.assertEquals(response.status_code, 200) |
Also available in: Unified diff