d18f8ad221
There were three main issues in the code from refstack repository that
were preventing refstack jobs from working:
1) Improper handling of sessions in the database API.
2) PEP8 job was failing because of outdated version of flake8.
3) The new version of cryptography library doesn't support signer() and
verifier() functions.
Issue #1 was solved by using the get_session() function as a context
manager instead of using session.begin() as a context manager. Using
session.begin() as a context manager does not ensure that the session
will be closed at the end of the context (see "Opening and Closing
a Session" and "Framing out a begin / commit / rollback block"
here [1]).
Issue #2 was solved by updating the libraries in
test-requirements.txt file. This change also forces flake8 to ignore
some pep8 errors (similar to the ones ignored in tempest project).
Issue #3 was solved by using the sign() and verify() functions instead
of verifier() and signer() functions [2].
Related Taiga issues:
- https://tree.taiga.io/project/openstack-interop-working-group/issue/77
- https://tree.taiga.io/project/openstack-interop-working-group/issue/79
[1] https://docs.sqlalchemy.org/en/14/orm/session_basics.html
[2] e71c0df301
Change-Id: If98670475b371d1ece7c877a0eea3158f6c1b3f5
88 lines
2.7 KiB
Python
88 lines
2.7 KiB
Python
# Copyright (c) 2015 Mirantis, Inc.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
"""User profile controller."""
|
|
|
|
import pecan
|
|
from pecan import rest
|
|
from pecan.secure import secure
|
|
|
|
from refstack.api.controllers import validation
|
|
from refstack.api import utils as api_utils
|
|
from refstack.api import validators
|
|
from refstack import db
|
|
|
|
|
|
class PublicKeysController(validation.BaseRestControllerWithValidation):
|
|
"""/v1/profile/pubkeys handler."""
|
|
|
|
__validator__ = validators.PubkeyValidator
|
|
|
|
@secure(api_utils.is_authenticated)
|
|
@pecan.expose('json')
|
|
def post(self, ):
|
|
"""Handler for uploading public pubkeys."""
|
|
return super(PublicKeysController, self).post()
|
|
|
|
def store_item(self, body):
|
|
"""Handler for storing item."""
|
|
pubkey = {'openid': api_utils.get_user_id()}
|
|
parts = body['raw_key'].strip().split()
|
|
if len(parts) == 2:
|
|
parts.append('')
|
|
pubkey['format'], pubkey['pubkey'], pubkey['comment'] = parts
|
|
pubkey_id = db.store_pubkey(pubkey)
|
|
return pubkey_id
|
|
|
|
@secure(api_utils.is_authenticated)
|
|
@pecan.expose('json')
|
|
def get(self):
|
|
"""Retrieve all user's public pubkeys."""
|
|
return api_utils.get_user_public_keys()
|
|
|
|
@secure(api_utils.is_authenticated)
|
|
@pecan.expose('json')
|
|
def delete(self, pubkey_id):
|
|
"""Delete public key."""
|
|
pubkeys = api_utils.get_user_public_keys()
|
|
for key in pubkeys:
|
|
if key['id'] == pubkey_id:
|
|
db.delete_pubkey(pubkey_id)
|
|
pecan.response.status = 204
|
|
return
|
|
else:
|
|
pecan.abort(404)
|
|
|
|
|
|
class ProfileController(rest.RestController):
|
|
"""Controller provides user information in OpenID 2.0 IdP.
|
|
|
|
/v1/profile handler
|
|
"""
|
|
|
|
pubkeys = PublicKeysController()
|
|
|
|
@secure(api_utils.is_authenticated)
|
|
@pecan.expose('json')
|
|
def get(self):
|
|
"""Handle get request on user info."""
|
|
user = api_utils.get_user()
|
|
return {
|
|
"openid": user.openid,
|
|
"email": user.email,
|
|
"fullname": user.fullname,
|
|
"is_admin": api_utils.check_user_is_foundation_admin()
|
|
}
|