pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create authz users on login

Browse Source
This commit is contained in:
richard-dds 2018-07-16 13:19:35 -04:00
parent 5b4a8fd2d3
commit e48644fb44
7 changed files with 82 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
atst/app.py
View File

@ -26,7 +26,7 @@ def make_app(config, deps, **kwargs):
url( url(
r"/login-redirect", r"/login-redirect",
LoginRedirect, LoginRedirect,
{"sessions": deps["sessions"], "authnid_client": deps["authnid_client"]}, {"sessions": deps["sessions"], "authnid_client": deps["authnid_client"], "authz_client": deps["authz_client"]},
name="login_redirect", name="login_redirect",
), ),
url(r"/home", Main, {"page": "home"}, name="home"), url(r"/home", Main, {"page": "home"}, name="home"),
@ -88,7 +88,7 @@ def make_app(config, deps, **kwargs):
url( url(
r"/login-dev", r"/login-dev",
Dev, Dev,
{"action": "login", "sessions": deps["sessions"]}, {"action": "login", "sessions": deps["sessions"], "authz_client": deps["authz_client"]},
name="dev-login", name="dev-login",
) )
] ]

22
atst/handlers/dev.py
View File

@ -1,15 +1,33 @@
import tornado.gen
from atst.handler import BaseHandler from atst.handler import BaseHandler
class Dev(BaseHandler): class Dev(BaseHandler):
def initialize(self, action, sessions): def initialize(self, action, sessions, authz_client):
self.action = action self.action = action
self.sessions = sessions self.sessions = sessions
self.authz_client = authz_client
@tornado.gen.coroutine
def get(self): def get(self):
user = { user = {
"id": "164497f6-c1ea-4f42-a5ef-101da278c012", "id": "164497f6-c1ea-4f42-a5ef-101da278c012",
"first_name": "Test", "first_name": "Test",
"last_name": "User" "last_name": "User",
} }
user_permissions = yield self.get_or_fetch_user_permissions(user["id"])
user["atat_permissions"] = user_permissions
self.login(user) self.login(user)
@tornado.gen.coroutine
def get_or_fetch_user_permissions(self, user_id):
response = yield self.authz_client.post(
"/users", json={"id": user_id, "atat_role": "ccpo"}, raise_error=False
)
if response.code == 200:
return response.json["atat_permissions"]
elif response.code == 409:
# User already exists
response = yield self.authz_client.get("/users/{}".format(user_id))
return response.json["atat_permissions"]

12
atst/handlers/login_redirect.py
View File

@ -3,9 +3,10 @@ from atst.handler import BaseHandler
class LoginRedirect(BaseHandler): class LoginRedirect(BaseHandler):
def initialize(self, authnid_client, sessions): def initialize(self, authnid_client, sessions, authz_client):
self.authnid_client = authnid_client self.authnid_client = authnid_client
self.sessions = sessions self.sessions = sessions
self.authz_client = authz_client
@tornado.gen.coroutine @tornado.gen.coroutine
def get(self): def get(self):
@ -13,6 +14,8 @@ class LoginRedirect(BaseHandler):
if token: if token:
user = yield self._fetch_user_info(token) user = yield self._fetch_user_info(token)
if user: if user:
authz_user = yield self.create_authz_user(user["id"])
user["atat_permissions"] = authz_user["atat_permissions"]
self.login(user) self.login(user)
else: else:
self.write_error(401) self.write_error(401)
@ -35,3 +38,10 @@ class LoginRedirect(BaseHandler):
else: else:
raise error raise error
@tornado.gen.coroutine
def create_authz_user(self, user_id):
response = yield self.authz_client.post(
"/users", json={"id": user_id, "atat_role": "ccpo"}
)
return response.json

2
config/base.ini
View File

@ -2,7 +2,7 @@
PORT=8000 PORT=8000
ENVIRONMENT = dev ENVIRONMENT = dev
DEBUG = true DEBUG = true
AUTHZ_BASE_URL = http://localhost AUTHZ_BASE_URL = http://localhost:8002
AUTHNID_BASE_URL= https://localhost:8001 AUTHNID_BASE_URL= https://localhost:8001
COOKIE_SECRET = some-secret-please-replace COOKIE_SECRET = some-secret-please-replace
SECRET = change_me_into_something_secret SECRET = change_me_into_something_secret

4
tests/conftest.py
View File

@ -1,14 +1,14 @@
import pytest import pytest
from atst.app import make_app, make_deps, make_config from atst.app import make_app, make_deps, make_config
from tests.mocks import MockApiClient, MockRequestsClient from tests.mocks import MockApiClient, MockRequestsClient, MockAuthzClient
from atst.sessions import DictSessions from atst.sessions import DictSessions
@pytest.fixture @pytest.fixture
def app(): def app():
TEST_DEPS = { TEST_DEPS = {
"authz_client": MockApiClient("authz"), "authz_client": MockAuthzClient("authz"),
"requests_client": MockRequestsClient("requests"), "requests_client": MockRequestsClient("requests"),
"authnid_client": MockApiClient("authnid"), "authnid_client": MockApiClient("authnid"),
"sessions": DictSessions(), "sessions": DictSessions(),

46
tests/mocks.py
View File

@ -49,7 +49,7 @@ class MockRequestsClient(MockApiClient):
"id": "66b8ef71-86d3-48ef-abc2-51bfa1732b6b", "id": "66b8ef71-86d3-48ef-abc2-51bfa1732b6b",
"creator": "49903ae7-da4a-49bf-a6dc-9dff5d004238", "creator": "49903ae7-da4a-49bf-a6dc-9dff5d004238",
"body": {}, "body": {},
"status": "incomplete" "status": "incomplete",
} }
return self._get_response("GET", path, 200, json=json) return self._get_response("GET", path, 200, json=json)
@ -61,3 +61,47 @@ class MockRequestsClient(MockApiClient):
"body": {}, "body": {},
} }
return self._get_response("POST", path, 202, json=json) return self._get_response("POST", path, 202, json=json)
class MockAuthzClient(MockApiClient):
@tornado.gen.coroutine
def post(self, path, **kwargs):
json = {
"atat_permissions": [
"view_original_jedi_request",
"review_and_approve_jedi_workspace_request",
"modify_atat_role_permissions",
"create_csp_role",
"delete_csp_role",
"deactivate_csp_role",
"modify_csp_role_permissions",
"view_usage_report",
"view_usage_dollars",
"add_and_assign_csp_roles",
"remove_csp_roles",
"request_new_csp_role",
"assign_and_unassign_atat_role",
"view_assigned_atat_role_configurations",
"view_assigned_csp_role_configurations",
"deactivate_workspace",
"view_atat_permissions",
"transfer_ownership_of_workspace",
"add_application_in_workspace",
"delete_application_in_workspace",
"deactivate_application_in_workspace",
"view_application_in_workspace",
"rename_application_in_workspace",
"add_environment_in_application",
"delete_environment_in_application",
"deactivate_environment_in_application",
"view_environment_in_application",
"rename_environment_in_application",
"add_tag_to_workspace",
"remove_tag_from_workspace",
],
"atat_role": "ccpo",
"id": "164497f6-c1ea-4f42-a5ef-101da278c012",
"username": None,
"workspace_roles": [],
}
return self._get_response("POST", path, 200, json=json)

2
tests/test_auth.py
View File

@ -3,7 +3,7 @@ import pytest
import tornado.web import tornado.web
import tornado.gen import tornado.gen
MOCK_USER = {"user": {"id": "438567dd-25fa-4d83-a8cc-8aa8366cb24a"}} MOCK_USER = {"id": "438567dd-25fa-4d83-a8cc-8aa8366cb24a"}
@tornado.gen.coroutine @tornado.gen.coroutine
def _fetch_user_info(c, t): def _fetch_user_info(c, t):
return MOCK_USER return MOCK_USER