WIP: authentication handling for ATST

atst/app.py

@@ -4,6 +4,7 @@ import tornado.web
 from tornado.web import url
 
 from atst.handlers.main import MainHandler
+from atst.handlers.login import Login
 from atst.handlers.workspace import Workspace
 from atst.handlers.request import Request
 from atst.handlers.request_new import RequestNew
@@ -16,7 +17,8 @@ def make_app(config):
     authz_client = ApiClient(config['default']['AUTHZ_BASE_URL'])
 
     app = tornado.web.Application([
-            url( r"/",           MainHandler, {'page': 'login'},      name='login' ),
+            url( r"/",           Login, {'page': 'login'},      name='main' ),
+            url( r"/login",      Login, {'page': 'login'},      name='login' ),
             url( r"/home",       MainHandler, {'page': 'home'},       name='home' ),
             url( r"/workspaces",
                  Workspace,

atst/handler.py

@@ -1,4 +1,5 @@
 import os
+import functools
 from webassets import Environment, Bundle
 import tornado.web
 from atst.home import home
@@ -19,9 +20,41 @@ helpers = {
     'assets': assets
 }
 
+def authenticated(method):
+    @functools.wraps(method)
+    def wrapper(self, *args, **kwargs):
+        if not self.current_user:
+            if self.get_cookie('bearer-token'):
+                bearer_token = self.get_cookie('bearer-token')
+                if validate_login_token(bearer_token):
+                    self._start_session()
+                else:
+                    raise NotImplementedError
+            elif self.request.method in ("GET", "HEAD"):
+                url = self.get_login_url()
+                self.redirect(url)
+                return
+            else:
+                raise tornado.web.HTTPError(403)
+        return method(self, *args, **kwargs)
+    return wrapper
+
+def validate_login_token(token):
+    # check against authnid
+    pass
+
 class BaseHandler(tornado.web.RequestHandler):
 
     def get_template_namespace(self):
         ns = super(BaseHandler, self).get_template_namespace()
         ns.update(helpers)
         return ns
+
+    def get_current_user(self):
+        if self.get_secure_cookie('atst'):
+            return True
+        else:
+            False
+
+    def _start_session(self):
+        self.set_secure_cookie('atst', 'valid-user-session')

atst/handlers/login.py

@@ -0,0 +1,10 @@
+import tornado
+from atst.handler import BaseHandler
+
+class Login(BaseHandler):
+
+    def initialize(self, page):
+        self.page = page
+
+    def get(self):
+        self.render( '%s.html.to' % self.page, page = self.page )

atst/handlers/main.py

@@ -1,9 +1,11 @@
-from atst.handler import BaseHandler
+import atst
+from atst.handler import BaseHandler, authenticated
 
 class MainHandler(BaseHandler):
 
     def initialize(self, page):
         self.page = page
 
+    @authenticated
     def get(self):
         self.render( '%s.html.to' % self.page, page = self.page )

atst/handlers/request.py

@@ -1,4 +1,4 @@
-from atst.handler import BaseHandler
+from atst.handler import BaseHandler, authenticated
 
 mock_requests = [
         {
@@ -31,5 +31,6 @@ class Request(BaseHandler):
     def initialize(self, page):
         self.page = page
 
+    @authenticated
     def get(self):
         self.render('requests.html.to', page = self.page, requests = mock_requests )

atst/handlers/request_new.py

@@ -1,4 +1,4 @@
-from atst.handler import BaseHandler
+from atst.handler import BaseHandler, authenticated
 
 class RequestNew(BaseHandler):
     screens = [
@@ -22,6 +22,7 @@ class RequestNew(BaseHandler):
     def initialize(self, page):
         self.page = page
 
+    @authenticated
     def get(self, screen = 1):
         self.render( 'requests/screen-%d.html.to' % int(screen),
                     page = self.page,

atst/handlers/workspace.py

@@ -1,5 +1,4 @@
-from atst.handler import BaseHandler
-import requests
+from atst.handler import BaseHandler, authenticated
 import tornado.gen
 
 mock_workspaces = [
@@ -13,8 +12,6 @@ mock_workspaces = [
     }
 ]
 
-session = requests.Session()
-
 class Workspace(BaseHandler):
 
     def initialize(self, page, authz_client):
@@ -22,5 +19,6 @@ class Workspace(BaseHandler):
         self.authz_client = authz_client
 
     @tornado.gen.coroutine
+    @authenticated
     def get(self):
         self.render( 'workspaces.html.to', page = self.page, workspaces = mock_workspaces )

tests/test_auth.py

@@ -0,0 +1,34 @@
+import pytest
+import tornado.web
+
+
+@pytest.mark.gen_test
+def test_redirects_when_not_logged_in(http_client, base_url):
+    response = yield http_client.fetch(
+        base_url + "/home", raise_error=False, follow_redirects=False
+    )
+    assert response.code == 302
+    assert response.error
+    assert response.headers["Location"] == "/login"
+
+
+@pytest.mark.gen_test
+def test_login_with_valid_bearer_token(app, monkeypatch, http_client, base_url):
+    monkeypatch.setattr("atst.handler.validate_login_token", lambda t: True)
+    response = yield http_client.fetch(
+        base_url + "/home", headers={"Cookie": "bearer-token=anything"}
+    )
+    assert response.headers['Set-Cookie'].startswith('atst')
+    assert response.code == 200
+    assert not response.error
+
+
+@pytest.mark.gen_test
+@pytest.mark.skip(reason="need to work out auth error user paths")
+def test_login_with_invalid_bearer_token(monkeypatch, http_client, base_url):
+    monkeypatch.setattr("atst.handler.validate_login_token", lambda t: False)
+    response = yield http_client.fetch(
+        base_url + "/home",
+        raise_error=False,
+        headers={"Cookie": "bearer-token=anything"},
+    )