From e1eb3b2c0bdb7462d330703702677b3354ceb9ff Mon Sep 17 00:00:00 2001
From: tierno <alfonso.tiernosepulveda@telefonica.com>
Date: Mon, 26 Aug 2019 15:59:24 +0000
Subject: [PATCH] bug 832. Fixing non-authorized configuration for testing

Change-Id: I3c851031e902da8dddf542ee40c64699e088f6e8
Signed-off-by: tierno <alfonso.tiernosepulveda@telefonica.com>
---
 osm_nbi/auth.py              |  6 ++++++
 osm_nbi/authconn_internal.py | 10 +---------
 osm_nbi/nbi.cfg              |  9 ++++-----
 3 files changed, 11 insertions(+), 14 deletions(-)

diff --git a/osm_nbi/auth.py b/osm_nbi/auth.py
index fde7455..c320d50 100644
--- a/osm_nbi/auth.py
+++ b/osm_nbi/auth.py
@@ -348,6 +348,12 @@ class Authenticator:
                 if cherrypy.session.get('Authorization'):
                     del cherrypy.session['Authorization']
                 cherrypy.response.headers["WWW-Authenticate"] = 'Bearer realm="{}"'.format(e)
+            elif self.config.get("user_not_authorized"):
+                # TODO provide user_id, roles id (not name), project_id
+                return {"id": "fake-token-id-for-test",
+                        "project_id": self.config.get("project_not_authorized", "admin"),
+                        "username": self.config["user_not_authorized"],
+                        "roles": ["system_admin"]}
             raise
 
     def new_token(self, token_info, indata, remote):
diff --git a/osm_nbi/authconn_internal.py b/osm_nbi/authconn_internal.py
index 40d3215..2d2ddab 100644
--- a/osm_nbi/authconn_internal.py
+++ b/osm_nbi/authconn_internal.py
@@ -47,9 +47,6 @@ class AuthconnInternal(Authconn):
 
         self.logger = logging.getLogger("nbi.authenticator.internal")
 
-        # Get Configuration
-        # self.xxx = config.get("xxx", "default")
-
         self.db = db
         self.token_cache = token_cache
 
@@ -99,12 +96,7 @@ class AuthconnInternal(Authconn):
             else:
                 raise
         except AuthException:
-            if self.config["global"].get("test.user_not_authorized"):
-                return {"id": "fake-token-id-for-test",
-                        "project_id": self.config["global"].get("test.project_not_authorized", "admin"),
-                        "username": self.config["global"]["test.user_not_authorized"], "admin": True}
-            else:
-                raise
+            raise
         except Exception:
             self.logger.exception("Error during token validation using internal backend")
             raise AuthException("Error during token validation using internal backend",
diff --git a/osm_nbi/nbi.cfg b/osm_nbi/nbi.cfg
index a65e1d5..b8db711 100644
--- a/osm_nbi/nbi.cfg
+++ b/osm_nbi/nbi.cfg
@@ -41,10 +41,6 @@ server.ssl_private_key: "./http/privkey.pem"
 server.ssl_pass_phrase: "osm4u"
 server.thread_pool: 10
 
-# Only for test. It works without authorization using the provided user and project:
-# test.user_not_authorized: "admin"
-# test.project_not_authorized: "admin"
-
 # Uncomment for allow basic authentication apart from bearer
 # auth.allow_basic_authentication: True
 
@@ -93,7 +89,10 @@ loglevel:  "DEBUG"
 group_id: "nbi-server"
 
 [authentication]
-backend: "internal"
+backend: "internal"         # internal or keystone
+# Only for test. It works without authorization using the provided user and project:
+# user_not_authorized: "admin"
+# project_not_authorized: "admin"
 
 [rbac]
 # roles_to_operations: "roles_to_operations.yml"  # initial role generation when database
-- 
2.17.1