handle auth via redirect with parameter

atst/app.py

@@ -4,6 +4,7 @@ import tornado.web
 from tornado.web import url
 
 from atst.handlers.main import MainHandler
+from atst.handlers.home import Home
 from atst.handlers.login import Login
 from atst.handlers.workspace import Workspace
 from atst.handlers.request import Request
@@ -20,7 +21,7 @@ def make_app(config):
     authnid_client = ApiClient(config["default"]["AUTHNID_BASE_URL"])
 
     routes = [
-        url(r"/", Login, {"page": "login"}, name="main"),
+        url(r"/", Home, {"page": "login"}, name="main"),
         url(r"/login", Login, {"page": "login"}, name="login"),
         url(r"/home", MainHandler, {"page": "home"}, name="home"),
         url(
@@ -47,7 +48,7 @@ def make_app(config):
 
     app = tornado.web.Application(
         routes,
-        login_url="/login",
+        login_url="/",
         template_path = home.child('templates'),
         static_path   = home.child('static'),
         cookie_secret=config["default"]["COOKIE_SECRET"],

atst/handler.py

@@ -22,17 +22,9 @@ helpers = {
 
 def authenticated(method):
     @functools.wraps(method)
-    @tornado.gen.coroutine
     def wrapper(self, *args, **kwargs):
         if not self.current_user:
-            if self.get_cookie('bearer-token'):
-                bearer_token = self.get_cookie('bearer-token')
-                valid = yield validate_login_token(self.application.authnid_client, bearer_token)
-                if valid:
-                    self._start_session()
-                else:
-                    raise NotImplementedError
-            elif self.request.method in ("GET", "HEAD"):
+            if self.request.method in ("GET", "HEAD"):
                 url = self.get_login_url()
                 self.redirect(url)
                 return
@@ -41,17 +33,6 @@ def authenticated(method):
         return method(self, *args, **kwargs)
     return wrapper
 
-@tornado.gen.coroutine
-def validate_login_token(client, token):
-    try:
-        response = yield client.post('/api/v1/validate', raise_error=False, json={"token": token})
-        return response.code == 200
-    except tornado.httpclient.HTTPError as error:
-        if error.response.code == 401:
-            return False
-        else:
-            raise error
-
 class BaseHandler(tornado.web.RequestHandler):
 
     def get_template_namespace(self):

atst/handlers/home.py

@@ -0,0 +1,10 @@
+import tornado
+from atst.handler import BaseHandler
+
+class Home(BaseHandler):
+
+    def initialize(self, page):
+        self.page = page
+
+    def get(self):
+        self.render( '%s.html.to' % self.page, page = self.page )

atst/handlers/login.py

@@ -1,10 +1,37 @@
 import tornado
 from atst.handler import BaseHandler
 
+
 class Login(BaseHandler):
 
     def initialize(self, page):
         self.page = page
 
+    @tornado.gen.coroutine
     def get(self):
-        self.render( '%s.html.to' % self.page, page = self.page )
+        token = self.get_query_argument("bearer-token")
+        if token:
+            valid = yield self._validate_login_token(token)
+            if valid:
+                self._start_session()
+                self.redirect("/home")
+                return
+
+        url = self.get_login_url()
+        self.redirect(url)
+        return
+
+    @tornado.gen.coroutine
+    def _validate_login_token(self, token):
+        try:
+            response = yield self.application.authnid_client.post(
+                "/api/v1/validate", json={"token": token}
+            )
+            return response.code == 200
+
+        except tornado.httpclient.HTTPError as error:
+            if error.response.code == 401:
+                return False
+
+            else:
+                raise error