Mercurial > p > roundup > code
annotate roundup/cgi/client.py @ 7800:2d4684e4702d
fix: enhancement to history command output and % template fix.
Rather than using the key field, use the label field for descriptions.
Call cls.labelprop(default_to_id=True) so it returns id rather than
the first sorted property name.
If labelprop() returns 'id' or 'title', we return nothing. 'id' means
there is no label set and no properties named 'name' or 'title'. So
have the caller do whatever it wants (prepend classname for example)
when there is no human readable name. This prevents %(name)s%(key)s
from producing: 23(23).
Also don't accept the 'title' property. Titles can be too
long. Arguably we could: '%(name)20s' to limit the title
length. However without ellipses or something truncating the title
might be confusing. So again pretend there is no human readable name.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 12 Mar 2024 11:52:17 -0400 |
| parents | 7102de2c8733 |
| children | cc4b11ab2f22 |
| rev | line source |
|---|---|
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1 """WWW request handler (also used in the stand-alone server). |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2 """ |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
3 __docformat__ = 'restructuredtext' |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
4 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
5 import base64 |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
6 import binascii |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
7 import codecs |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
8 import email.utils |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
9 import errno |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
10 import logging |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
11 import mimetypes |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
12 import os |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
13 import re |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
14 import socket |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
15 import stat |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
16 import sys |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
17 import time |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
18 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
19 from email.mime.multipart import MIMEMultipart |
|
4543
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
20 from traceback import format_exc |
|
4638
1ebc5f16aeda
Ignore OpenSSL.SSL.SysCallError similar to IOError.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4623
diff
changeset
|
21 try: |
|
1ebc5f16aeda
Ignore OpenSSL.SSL.SysCallError similar to IOError.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4623
diff
changeset
|
22 from OpenSSL.SSL import SysCallError |
|
1ebc5f16aeda
Ignore OpenSSL.SSL.SysCallError similar to IOError.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4623
diff
changeset
|
23 except ImportError: |
|
5429
daa19de102a2
Python 3 preparation: make fallback SysCallError an actual exception class.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5422
diff
changeset
|
24 class SysCallError(Exception): |
|
daa19de102a2
Python 3 preparation: make fallback SysCallError an actual exception class.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5422
diff
changeset
|
25 pass |
|
4638
1ebc5f16aeda
Ignore OpenSSL.SSL.SysCallError similar to IOError.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4623
diff
changeset
|
26 |
|
7582
978285986b2c
fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents:
7571
diff
changeset
|
27 from roundup.anypy.cgi_ import cgi |
|
6975
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
28 import roundup.anypy.email_ # noqa: F401 -- patches for email library code |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
29 import roundup.anypy.random_ as random_ # quality of random checked below |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
30 |
|
6975
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
31 from roundup import hyperdb, rest, xmlrpc |
|
5802
0e6d45413e88
catching last couple of cgi.escape references.
John Rouillard <rouilj@ieee.org>
parents:
5775
diff
changeset
|
32 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
33 from roundup.anypy import http_, urllib_, xmlrpc_ |
|
6975
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
34 from roundup.anypy.cookie_ import BaseCookie, CookieError, get_cookie_date, \ |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
35 SimpleCookie |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
36 from roundup.anypy.html import html_escape |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
37 from roundup.anypy.strings import s2b, b2s, bs2b, uchr, is_us |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
38 |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
39 from roundup.cgi import accept_language, actions, cgitb, templating, \ |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
40 TranslationService |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
41 from roundup.cgi.exceptions import ( |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
42 DetectorError, FormError, IndexerQueryError, NotFound, NotModified, |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
43 Redirect, SendFile, SendStaticFile, SeriousError) |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
44 from roundup.cgi.form_parser import FormParser |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
45 |
|
7556
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
46 from roundup.exceptions import LoginError, RateLimitExceeded, Reject, \ |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
47 RejectRaw, Unauthorised, UsageError |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
48 |
|
5493
725266c03eab
updated mailgw to no longer use mimetools based on jerrykan's patch
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5488
diff
changeset
|
49 from roundup.mailer import Mailer, MessageSendError |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
50 |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
51 logger = logging.getLogger('roundup') |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
52 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
53 if not random_.is_weak: |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
54 logger.debug("Importing good random generator") |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
55 else: |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
56 logger.warning("**SystemRandom not available. Using poor random generator") |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
57 |
|
5417
c749d6795bc2
Python 3 preparation: unichr.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5408
diff
changeset
|
58 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
59 def initialiseSecurity(security): |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
60 '''Create some Permissions and Roles on the security object |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
61 |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
62 This function is directly invoked by security.Security.__init__() |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
63 as a part of the Security object instantiation. |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
64 ''' |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
65 p = security.addPermission( |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
66 name="Web Access", |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
67 description="User may access the web interface") |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
68 security.addPermissionToRole('Admin', p) |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
69 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
70 p = security.addPermission( |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
71 name="Rest Access", |
|
5879
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
72 description="User may access the rest interface") |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
73 security.addPermissionToRole('Admin', p) |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
74 |
|
6975
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
75 p = security.addPermission( |
|
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
76 name="Xmlrpc Access", |
|
5879
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
77 description="User may access the xmlrpc interface") |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
78 security.addPermissionToRole('Admin', p) |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
79 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
80 # doing Role stuff through the web - make sure Admin can |
|
3276
3124e578db02
Email fixes:
Richard Jones <richard@users.sourceforge.net>
parents:
3069
diff
changeset
|
81 # TODO: deprecate this and use a property-based control |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
82 p = security.addPermission( |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
83 name="Web Roles", |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
84 description="User may manipulate user Roles through the web") |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
85 security.addPermissionToRole('Admin', p) |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
86 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
87 |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
88 def add_message(msg_list, msg, escape=True): |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
89 if escape: |
|
5804
8f50e00532e7
html.escape(string, quote=...) sets quote to True not False by
John Rouillard <rouilj@ieee.org>
parents:
5802
diff
changeset
|
90 msg = html_escape(msg, quote=False).replace('\n', '<br />\n') |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
91 else: |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
92 msg = msg.replace('\n', '<br />\n') |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
93 msg_list.append(msg) |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
94 return msg_list # for unittests |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
95 |
|
3916
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
96 |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
97 default_err_msg = ''"""<html><head><title>An error has occurred</title></head> |
|
3554
5e70726a86dd
fixed schema migration problem when Class keys were removed
Richard Jones <richard@users.sourceforge.net>
parents:
3551
diff
changeset
|
98 <body><h1>An error has occurred</h1> |
|
3551
3c70ab03c917
translate error message shown instead of tracebacks, add page title
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3548
diff
changeset
|
99 <p>A problem was encountered processing your request. |
|
3c70ab03c917
translate error message shown instead of tracebacks, add page title
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3548
diff
changeset
|
100 The tracker maintainers have been notified of the problem.</p> |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
101 </body></html>""" |
|
3548
61d48244e7a8
login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents:
3494
diff
changeset
|
102 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
103 |
|
5356
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
104 def seed_pseudorandom(): |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
105 '''A function to seed the default pseudorandom random number generator |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
106 which is used to (at minimum): |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
107 * generate part of email message-id |
|
5356
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
108 * generate OTK for password reset |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
109 * generate the temp recovery password |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
110 |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
111 This function limits the scope of the 'import random' call |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
112 as the random identifier is used throughout the code and |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
113 can refer to SystemRandom. |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
114 ''' |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
115 import random |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
116 random.seed() |
|
3916
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
117 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
118 |
|
3916
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
119 class LiberalCookie(SimpleCookie): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
120 """ Python's SimpleCookie throws an exception if the cookie uses invalid |
|
3916
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
121 syntax. Other applications on the same server may have done precisely |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
122 this, preventing roundup from working through no fault of roundup. |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
123 Numerous other python apps have run into the same problem: |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
124 |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
125 trac: http://trac.edgewall.org/ticket/2256 |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
126 mailman: http://bugs.python.org/issue472646 |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
127 |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
128 This particular implementation comes from trac's solution to the |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
129 problem. Unfortunately it requires some hackery in SimpleCookie's |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
130 internals to provide a more liberal __set method. |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
131 """ |
|
3916
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
132 def load(self, rawdata, ignore_parse_errors=True): |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
133 if ignore_parse_errors: |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
134 self.bad_cookies = [] |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
135 self._BaseCookie__set = self._loose_set |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
136 SimpleCookie.load(self, rawdata) |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
137 if ignore_parse_errors: |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
138 self._BaseCookie__set = self._strict_set |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
139 for key in self.bad_cookies: |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
140 del self[key] |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
141 |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
142 _strict_set = BaseCookie._BaseCookie__set |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
143 |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
144 def _loose_set(self, key, real_value, coded_value): |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
145 try: |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
146 self._strict_set(key, real_value, coded_value) |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
147 except CookieError: |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
148 self.bad_cookies.append(key) |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
149 dict.__setitem__(self, key, None) |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
150 |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
151 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
152 class Session: |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
153 """ |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
154 Needs DB to be already opened by client |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
155 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
156 Session attributes at instantiation: |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
157 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
158 - "client" - reference to client for add_cookie function |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
159 - "session_db" - session DB manager |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
160 - "cookie_name" - name of the cookie with session id |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
161 - "_sid" - session id for current user |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
162 - "_data" - session data cache |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
163 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
164 session = Session(client) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
165 session.set(name=value) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
166 value = session.get(name) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
167 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
168 session.destroy() # delete current session |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
169 session.clean_up() # clean up session table |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
170 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
171 session.update(set_cookie=True, expire=3600*24*365) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
172 # refresh session expiration time, setting persistent |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
173 # cookie if needed to last for 'expire' seconds |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
174 |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
175 """ |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
176 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
177 def __init__(self, client): |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
178 self._data = {} |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
179 self._sid = None |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
180 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
181 self.client = client |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
182 self.session_db = client.db.getSessionManager() |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
183 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
184 # parse cookies for session id |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
185 self.cookie_name = 'roundup_session_%s' % \ |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
186 re.sub('[^a-zA-Z]', '', client.instance.config.TRACKER_NAME) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
187 cookies = LiberalCookie(client.env.get('HTTP_COOKIE', '')) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
188 if self.cookie_name in cookies: |
|
6813
6b636fb29740
Refactor client.py session cookie code. Remove session db access.
John Rouillard <rouilj@ieee.org>
parents:
6693
diff
changeset
|
189 try: |
|
6b636fb29740
Refactor client.py session cookie code. Remove session db access.
John Rouillard <rouilj@ieee.org>
parents:
6693
diff
changeset
|
190 self._sid = cookies[self.cookie_name].value |
|
6b636fb29740
Refactor client.py session cookie code. Remove session db access.
John Rouillard <rouilj@ieee.org>
parents:
6693
diff
changeset
|
191 self._data = self.session_db.getall(self._sid) |
|
6b636fb29740
Refactor client.py session cookie code. Remove session db access.
John Rouillard <rouilj@ieee.org>
parents:
6693
diff
changeset
|
192 except KeyError: |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
193 self._sid = None |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
194 # remove old cookie |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
195 self.client.add_cookie(self.cookie_name, None) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
196 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
197 def _gen_sid(self): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
198 """ generate a unique session key """ |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
199 while 1: |
|
6082
a3221c686736
changing the sid after checking for collisions defeats the purpose
Christof Meerwald <cmeerw@cmeerw.org>
parents:
6053
diff
changeset
|
200 s = b2s(binascii.b2a_base64(random_.token_bytes(32)).strip()).rstrip('=') |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
201 if not self.session_db.exists(s): |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
202 break |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
203 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
204 return s |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
205 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
206 def clean_up(self): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
207 """Remove expired sessions""" |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
208 self.session_db.clean() |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
209 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
210 def destroy(self): |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
211 self.client.add_cookie(self.cookie_name, None) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
212 self._data = {} |
|
6147
f35ca71c9f2e
fixed logout action when there is no session
Christof Meerwald <cmeerw@cmeerw.org>
parents:
6082
diff
changeset
|
213 if self._sid: |
|
f35ca71c9f2e
fixed logout action when there is no session
Christof Meerwald <cmeerw@cmeerw.org>
parents:
6082
diff
changeset
|
214 self.session_db.destroy(self._sid) |
|
f35ca71c9f2e
fixed logout action when there is no session
Christof Meerwald <cmeerw@cmeerw.org>
parents:
6082
diff
changeset
|
215 self.session_db.commit() |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
216 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
217 def get(self, name, default=None): |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
218 return self._data.get(name, default) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
219 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
220 def set(self, **kwargs): |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
221 self._data.update(kwargs) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
222 if not self._sid: |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
223 self._sid = self._gen_sid() |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
224 self.session_db.set(self._sid, **self._data) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
225 # add session cookie |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
226 self.update(set_cookie=True) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
227 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
228 # XXX added when patching 1.4.4 for backward compatibility |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
229 # XXX remove |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
230 self.client.session = self._sid |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
231 else: |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
232 self.session_db.set(self._sid, **self._data) |
|
5319
62de601bdf6f
Fix commits although a Reject exception is raised
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
233 self.session_db.commit() |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
234 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
235 def update(self, set_cookie=False, expire=None): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
236 """ update timestamp in db to avoid expiration |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
237 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
238 if 'set_cookie' is True, set cookie with 'expire' seconds lifetime |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
239 if 'expire' is None - session will be closed with the browser |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
240 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
241 XXX the session can be purged within a week even if a cookie |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
242 lifetime is longer |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
243 """ |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
244 self.session_db.updateTimestamp(self._sid) |
|
5319
62de601bdf6f
Fix commits although a Reject exception is raised
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
245 self.session_db.commit() |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
246 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
247 if set_cookie: |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
248 self.client.add_cookie(self.cookie_name, self._sid, expire=expire) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
249 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
250 |
|
5775
17e110426ad7
issue2551046: Attempts to attach file or create large message fail
John Rouillard <rouilj@ieee.org>
parents:
5696
diff
changeset
|
251 # import from object as well so it's a new style object and I can use super() |
|
17e110426ad7
issue2551046: Attempts to attach file or create large message fail
John Rouillard <rouilj@ieee.org>
parents:
5696
diff
changeset
|
252 class BinaryFieldStorage(cgi.FieldStorage, object): |
|
5656
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
253 '''This class works around the bug https://bugs.python.org/issue27777. |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
254 |
|
5656
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
255 cgi.FieldStorage must save all data as binary/bytes. This is |
|
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
256 needed for handling json and xml data blobs under python |
|
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
257 3. Under python 2, str and binary are interchangable, not so |
|
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
258 under 3. |
|
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
259 ''' |
|
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
260 def make_file(self, mode=None): |
|
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
261 ''' work around https://bugs.python.org/issue27777 ''' |
|
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
262 import tempfile |
|
5671
f60c44563c3a
Adjust make_file override to use binary files only when needed.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5666
diff
changeset
|
263 if self.length >= 0: |
|
f60c44563c3a
Adjust make_file override to use binary files only when needed.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5666
diff
changeset
|
264 return tempfile.TemporaryFile("wb+") |
|
5775
17e110426ad7
issue2551046: Attempts to attach file or create large message fail
John Rouillard <rouilj@ieee.org>
parents:
5696
diff
changeset
|
265 return super(BinaryFieldStorage, self).make_file() |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
266 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
267 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
268 class Client: |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
269 """Instantiate to handle one CGI request. |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
270 |
|
1244
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1236
diff
changeset
|
271 See inner_main for request processing. |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
272 |
|
1244
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1236
diff
changeset
|
273 Client attributes at instantiation: |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
274 |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
275 - "path" is the PATH_INFO inside the instance (with no leading '/') |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
276 - "base" is the base URL for the instance |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
277 - "form" is the cgi form, an instance of FieldStorage from the standard |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
278 cgi module |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
279 - "additional_headers" is a dictionary of additional HTTP headers that |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
280 should be sent to the client |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
281 - "response_code" is the HTTP response code to send to the client |
|
2557
ff02e9851592
translator object must be Roundup Translation Service...
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2514
diff
changeset
|
282 - "translator" is TranslationService instance |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
283 - "client-nonce" is a unique value for this client connection. Can be |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
284 used as a nonce for CSP headers and to sign javascript code |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
285 presented to the browser. This is different from the CSRF nonces |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
286 and can not be used for anti-csrf measures. |
|
1244
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1236
diff
changeset
|
287 |
|
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1236
diff
changeset
|
288 During the processing of a request, the following attributes are used: |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
289 |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
290 - "db" |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
291 - "_error_message" holds a list of error messages |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
292 - "_ok_message" holds a list of OK messages |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
293 - "session" is deprecated in favor of session_api (XXX remove) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
294 - "session_api" is the interface to store data in session |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
295 - "user" is the current user's name |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
296 - "userid" is the current user's id |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
297 - "template" is the current :template context |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
298 - "classname" is the current class context name |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
299 - "nodeid" is the current context item id |
|
1244
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1236
diff
changeset
|
300 |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
301 Note: _error_message and _ok_message should not be modified |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
302 directly, use add_ok_message and add_error_message, these, by |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
303 default, escape the message added to avoid XSS security issues. |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
304 |
|
1244
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1236
diff
changeset
|
305 User Identification: |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
306 Users that are absent in session data are anonymous and are logged |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
307 in as that user. This typically gives them all Permissions assigned |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
308 to the Anonymous Role. |
|
1244
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1236
diff
changeset
|
309 |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
310 Every user is assigned a session. "session_api" is the interface |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
311 to work with session data. |
|
1420
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
312 |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
313 Special form variables: |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
314 Note that in various places throughout this code, special form |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
315 variables of the form :<name> are used. The colon (":") part may |
|
1436
2f6647cf5345
bugger, dropping support for "+" special char
Richard Jones <richard@users.sourceforge.net>
parents:
1435
diff
changeset
|
316 actually be one of either ":" or "@". |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
317 """ |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
318 |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
319 # charset used for data storage and form templates |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
320 # Note: must be in lower case for comparisons! |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
321 # XXX take this from instance.config? |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
322 STORAGE_CHARSET = 'utf-8' |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
323 |
|
1421
90bb11eb40dc
oops, forgot the templating :)
Richard Jones <richard@users.sourceforge.net>
parents:
1420
diff
changeset
|
324 # |
|
1420
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
325 # special form variables |
|
1421
90bb11eb40dc
oops, forgot the templating :)
Richard Jones <richard@users.sourceforge.net>
parents:
1420
diff
changeset
|
326 # |
|
1436
2f6647cf5345
bugger, dropping support for "+" special char
Richard Jones <richard@users.sourceforge.net>
parents:
1435
diff
changeset
|
327 FV_TEMPLATE = re.compile(r'[@:]template') |
|
2f6647cf5345
bugger, dropping support for "+" special char
Richard Jones <richard@users.sourceforge.net>
parents:
1435
diff
changeset
|
328 FV_OK_MESSAGE = re.compile(r'[@:]ok_message') |
|
2f6647cf5345
bugger, dropping support for "+" special char
Richard Jones <richard@users.sourceforge.net>
parents:
1435
diff
changeset
|
329 FV_ERROR_MESSAGE = re.compile(r'[@:]error_message') |
|
1421
90bb11eb40dc
oops, forgot the templating :)
Richard Jones <richard@users.sourceforge.net>
parents:
1420
diff
changeset
|
330 |
|
90bb11eb40dc
oops, forgot the templating :)
Richard Jones <richard@users.sourceforge.net>
parents:
1420
diff
changeset
|
331 # Note: index page stuff doesn't appear here: |
|
90bb11eb40dc
oops, forgot the templating :)
Richard Jones <richard@users.sourceforge.net>
parents:
1420
diff
changeset
|
332 # columns, sort, sortdir, filter, group, groupdir, search_text, |
|
90bb11eb40dc
oops, forgot the templating :)
Richard Jones <richard@users.sourceforge.net>
parents:
1420
diff
changeset
|
333 # pagesize, startwith |
|
1420
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
334 |
|
3760
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
335 # list of network error codes that shouldn't be reported to tracker admin |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
336 # (error descriptions from FreeBSD intro(2)) |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
337 IGNORE_NET_ERRORS = ( |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
338 # A write on a pipe, socket or FIFO for which there is |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
339 # no process to read the data. |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
340 errno.EPIPE, |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
341 # A connection was forcibly closed by a peer. |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
342 # This normally results from a loss of the connection |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
343 # on the remote socket due to a timeout or a reboot. |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
344 errno.ECONNRESET, |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
345 # Software caused connection abort. A connection abort |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
346 # was caused internal to your host machine. |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
347 errno.ECONNABORTED, |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
348 # A connect or send request failed because the connected party |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
349 # did not properly respond after a period of time. |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
350 errno.ETIMEDOUT, |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
351 ) |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
352 |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
353 # Cache_Control[key] = Cache-Control header value |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
354 # Key can be explicitly file basename - value applied to just that file |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
355 # takes precedence over mime type. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
356 # Key can be mime type - all files of that mimetype will get the value |
|
6546
c58c7cd31243
issue2550991 - Some mechanism to set expiration header or max age for static resources
John Rouillard <rouilj@ieee.org>
parents:
6544
diff
changeset
|
357 Cache_Control = { |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
358 'application/javascript': "public, max-age=1209600", # 2 weeks |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
359 'text/javascript': "public, max-age=1209600", # 2 weeks |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
360 'text/css': "public, max-age=4838400", # 8 weeks/2 mnths |
|
6546
c58c7cd31243
issue2550991 - Some mechanism to set expiration header or max age for static resources
John Rouillard <rouilj@ieee.org>
parents:
6544
diff
changeset
|
361 } |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
362 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
363 # list of valid http compression (Content-Encoding) algorithms |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
364 # we have available |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
365 compressors = [] |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
366 try: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
367 # Only one provided by standard library |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
368 import gzip |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
369 compressors.append('gzip') |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
370 except ImportError: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
371 pass |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
372 try: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
373 import brotli |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
374 compressors.append('br') |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
375 except ImportError: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
376 pass |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
377 try: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
378 import zstd |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
379 compressors.append('zstd') |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
380 except ImportError: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
381 pass |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
382 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
383 # mime types of files that are already compressed and should not be |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
384 # compressed on the fly. Can be extended/reduced using interfaces.py. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
385 # This excludes types from being compressed. Should we have a list |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
386 # of mime types we should compress? write_html() calls compress_encode |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
387 # which uses this without a content-type so that's an issue. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
388 # Also for text based data, might have charset too so need to parse |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
389 # content-type. |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
390 precompressed_mime_types = ["image/png", "image/jpeg"] |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
391 |
|
2467
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
392 def __init__(self, instance, request, env, form=None, translator=None): |
|
5356
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
393 # re-seed the random number generator. Is this is an instance of |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
394 # random.SystemRandom it has no effect. |
|
5488
52cb53eedf77
reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5475
diff
changeset
|
395 random_.seed() |
|
5356
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
396 # So we also seed the pseudorandom random source obtained from |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
397 # import random |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
398 # to make sure that every forked copy of the client will return |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
399 # new random numbers. |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
400 seed_pseudorandom() |
|
2230
ca2664e095be
disable forking server when os.fork() not available [SF#938586]
Richard Jones <richard@users.sourceforge.net>
parents:
2183
diff
changeset
|
401 self.start = time.time() |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
402 self.instance = instance |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
403 self.request = request |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
404 self.env = env |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
405 if translator is not None: |
|
6658
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
406 self.setTranslator(translator) |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
407 # XXX we should set self.language to "translator"'s language, |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
408 # but how to get it ? |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
409 self.language = "" |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
410 else: |
|
6658
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
411 self.setTranslator(TranslationService.NullTranslationService()) |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
412 self.language = "" # as is the default from determine_language |
|
6658
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
413 |
|
1799
071ea6fc803f
Extracted duplicated mail-sending code...
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
1798
diff
changeset
|
414 self.mailer = Mailer(instance.config) |
|
5166
232c74973a56
issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5165
diff
changeset
|
415 # If True the form contents wins over the database contents when |
|
232c74973a56
issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5165
diff
changeset
|
416 # rendering html properties. This is set when an error occurs so |
|
232c74973a56
issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5165
diff
changeset
|
417 # that we don't lose submitted form contents. |
|
232c74973a56
issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5165
diff
changeset
|
418 self.form_wins = False |
|
1004
5f12d3259f31
logout works better now
Richard Jones <richard@users.sourceforge.net>
parents:
1003
diff
changeset
|
419 |
|
1157
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
420 # save off the path |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
421 self.path = env['PATH_INFO'] |
|
1004
5f12d3259f31
logout works better now
Richard Jones <richard@users.sourceforge.net>
parents:
1003
diff
changeset
|
422 |
|
1398
b3e1e9ab0500
fixed cookie path to use TRACKER_WEB [SF#667020]
Richard Jones <richard@users.sourceforge.net>
parents:
1393
diff
changeset
|
423 # this is the base URL for this tracker |
|
1157
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
424 self.base = self.instance.config.TRACKER_WEB |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
425 |
|
4586
b21bb66de6ff
Mark cookies HttpOnly and -- if https is used -- secure.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4578
diff
changeset
|
426 # should cookies be secure? |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
427 self.secure = self.base.startswith('https') |
|
4586
b21bb66de6ff
Mark cookies HttpOnly and -- if https is used -- secure.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4578
diff
changeset
|
428 |
|
6249
3b62c35e824d
client.py fix comment typo
John Rouillard <rouilj@ieee.org>
parents:
6211
diff
changeset
|
429 # check the tracker_web setting |
|
2183
ac24a9c74cca
be paranoid about TRACKER_WEB
Richard Jones <richard@users.sourceforge.net>
parents:
2137
diff
changeset
|
430 if not self.base.endswith('/'): |
|
ac24a9c74cca
be paranoid about TRACKER_WEB
Richard Jones <richard@users.sourceforge.net>
parents:
2137
diff
changeset
|
431 self.base = self.base + '/' |
|
ac24a9c74cca
be paranoid about TRACKER_WEB
Richard Jones <richard@users.sourceforge.net>
parents:
2137
diff
changeset
|
432 |
|
1398
b3e1e9ab0500
fixed cookie path to use TRACKER_WEB [SF#667020]
Richard Jones <richard@users.sourceforge.net>
parents:
1393
diff
changeset
|
433 # this is the "cookie path" for this tracker (ie. the path part of |
|
b3e1e9ab0500
fixed cookie path to use TRACKER_WEB [SF#667020]
Richard Jones <richard@users.sourceforge.net>
parents:
1393
diff
changeset
|
434 # the "base" url) |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
435 self.cookie_path = urllib_.urlparse(self.base)[2] |
|
2946
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
436 # cookies to set in http responce |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
437 # {(path, name): (value, expire)} |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
438 self._cookies = {} |
|
1398
b3e1e9ab0500
fixed cookie path to use TRACKER_WEB [SF#667020]
Richard Jones <richard@users.sourceforge.net>
parents:
1393
diff
changeset
|
439 |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
440 # define a unique nonce. Can be used for Content Security Policy |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
441 # nonces for scripts. |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
442 self.client_nonce = self._gen_nonce() |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
443 |
|
1157
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
444 # see if we need to re-parse the environment for the form (eg Zope) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
445 if form is None: |
|
5608
5df309febe49
Path to support OPTIONS verb when using rest interface via
John Rouillard <rouilj@ieee.org>
parents:
5603
diff
changeset
|
446 # cgi.FieldStorage doesn't special case OPTIONS, DELETE or |
|
5df309febe49
Path to support OPTIONS verb when using rest interface via
John Rouillard <rouilj@ieee.org>
parents:
5603
diff
changeset
|
447 # PATCH verbs. They are processed like POST. So FieldStorage |
|
5df309febe49
Path to support OPTIONS verb when using rest interface via
John Rouillard <rouilj@ieee.org>
parents:
5603
diff
changeset
|
448 # hangs on these verbs trying to read posted data that |
|
5df309febe49
Path to support OPTIONS verb when using rest interface via
John Rouillard <rouilj@ieee.org>
parents:
5603
diff
changeset
|
449 # will never arrive. |
|
5df309febe49
Path to support OPTIONS verb when using rest interface via
John Rouillard <rouilj@ieee.org>
parents:
5603
diff
changeset
|
450 # If not defined, set CONTENT_LENGTH to 0 so it doesn't |
|
5df309febe49
Path to support OPTIONS verb when using rest interface via
John Rouillard <rouilj@ieee.org>
parents:
5603
diff
changeset
|
451 # hang reading the data. |
|
5df309febe49
Path to support OPTIONS verb when using rest interface via
John Rouillard <rouilj@ieee.org>
parents:
5603
diff
changeset
|
452 if self.env['REQUEST_METHOD'] in ['OPTIONS', 'DELETE', 'PATCH']: |
|
5df309febe49
Path to support OPTIONS verb when using rest interface via
John Rouillard <rouilj@ieee.org>
parents:
5603
diff
changeset
|
453 if 'CONTENT_LENGTH' not in self.env: |
|
5df309febe49
Path to support OPTIONS verb when using rest interface via
John Rouillard <rouilj@ieee.org>
parents:
5603
diff
changeset
|
454 self.env['CONTENT_LENGTH'] = 0 |
|
5df309febe49
Path to support OPTIONS verb when using rest interface via
John Rouillard <rouilj@ieee.org>
parents:
5603
diff
changeset
|
455 logger.debug("Setting CONTENT_LENGTH to 0 for method: %s", |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
456 self.env['REQUEST_METHOD']) |
|
5608
5df309febe49
Path to support OPTIONS verb when using rest interface via
John Rouillard <rouilj@ieee.org>
parents:
5603
diff
changeset
|
457 |
|
5653
ba67e397f063
Fix string/bytes issues under python 3.
John Rouillard <rouilj@ieee.org>
parents:
5624
diff
changeset
|
458 # cgi.FieldStorage must save all data as |
|
5656
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
459 # binary/bytes. Subclass BinaryFieldStorage does this. |
|
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
460 # It's a workaround for a bug in cgi.FieldStorage. See class |
|
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
461 # def for details. |
|
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
462 self.form = BinaryFieldStorage(fp=request.rfile, environ=env) |
|
5554
a06a88ed38ae
Fake a list property to prevent "Error: not indexable".
martin.v.loewis <martin.v.loewis>
parents:
5549
diff
changeset
|
463 # In some case (e.g. content-type application/xml), cgi |
|
a06a88ed38ae
Fake a list property to prevent "Error: not indexable".
martin.v.loewis <martin.v.loewis>
parents:
5549
diff
changeset
|
464 # will not parse anything. Fake a list property in this case |
|
a06a88ed38ae
Fake a list property to prevent "Error: not indexable".
martin.v.loewis <martin.v.loewis>
parents:
5549
diff
changeset
|
465 if self.form.list is None: |
|
a06a88ed38ae
Fake a list property to prevent "Error: not indexable".
martin.v.loewis <martin.v.loewis>
parents:
5549
diff
changeset
|
466 self.form.list = [] |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
467 else: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
468 self.form = form |
|
1157
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
469 |
|
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
470 # turn debugging on/off |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
471 try: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
472 self.debug = int(env.get("ROUNDUP_DEBUG", 0)) |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
473 except ValueError: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
474 # someone gave us a non-int debug level, turn it off |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
475 self.debug = 0 |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
476 |
|
1157
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
477 # flag to indicate that the HTTP headers have been sent |
|
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
478 self.headers_done = 0 |
|
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
479 |
|
7106
64e1058051f3
pylint: fix first reference to properties outside of __init__
John Rouillard <rouilj@ieee.org>
parents:
7079
diff
changeset
|
480 # record of headers sent for debugging |
|
64e1058051f3
pylint: fix first reference to properties outside of __init__
John Rouillard <rouilj@ieee.org>
parents:
7079
diff
changeset
|
481 self.headers_sent = [] |
|
64e1058051f3
pylint: fix first reference to properties outside of __init__
John Rouillard <rouilj@ieee.org>
parents:
7079
diff
changeset
|
482 |
|
1120
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
483 # additional headers to send with the request - must be registered |
|
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
484 # before the first write |
|
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
485 self.additional_headers = {} |
|
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
486 self.response_code = 200 |
|
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
487 |
|
2947
e611be5ee6c4
initialize self.charset early to enable html output for tracebacks...
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2946
diff
changeset
|
488 # default character set |
|
e611be5ee6c4
initialize self.charset early to enable html output for tracebacks...
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2946
diff
changeset
|
489 self.charset = self.STORAGE_CHARSET |
|
e611be5ee6c4
initialize self.charset early to enable html output for tracebacks...
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2946
diff
changeset
|
490 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
491 # parse cookies (used for charset lookups) |
|
3916
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
492 # use our own LiberalCookie to handle bad apps on the same |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
493 # server that have set cookies that are out of spec |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
494 self.cookie = LiberalCookie(self.env.get('HTTP_COOKIE', '')) |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
495 |
|
2928
81c99c857b57
applied patch [SF#1067690]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2923
diff
changeset
|
496 self.user = None |
|
81c99c857b57
applied patch [SF#1067690]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2923
diff
changeset
|
497 self.userid = None |
|
2948
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
498 self.nodeid = None |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
499 self.classname = None |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
500 self.template = None |
|
7106
64e1058051f3
pylint: fix first reference to properties outside of __init__
John Rouillard <rouilj@ieee.org>
parents:
7079
diff
changeset
|
501 self._ok_message = [] |
|
64e1058051f3
pylint: fix first reference to properties outside of __init__
John Rouillard <rouilj@ieee.org>
parents:
7079
diff
changeset
|
502 self._error_message = [] |
|
2928
81c99c857b57
applied patch [SF#1067690]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2923
diff
changeset
|
503 |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
504 def _gen_nonce(self): |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
505 """ generate a unique nonce """ |
|
5488
52cb53eedf77
reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5475
diff
changeset
|
506 n = b2s(base64.b32encode(random_.token_bytes(40))) |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
507 return n |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
508 |
|
2467
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
509 def setTranslator(self, translator=None): |
|
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
510 """Replace the translation engine |
|
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
511 |
|
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
512 'translator' |
|
2557
ff02e9851592
translator object must be Roundup Translation Service...
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2514
diff
changeset
|
513 is TranslationService instance. |
|
ff02e9851592
translator object must be Roundup Translation Service...
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2514
diff
changeset
|
514 It must define methods 'translate' (TAL-compatible i18n), |
|
ff02e9851592
translator object must be Roundup Translation Service...
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2514
diff
changeset
|
515 'gettext' and 'ngettext' (gettext-compatible i18n). |
|
2467
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
516 |
|
2557
ff02e9851592
translator object must be Roundup Translation Service...
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2514
diff
changeset
|
517 If omitted, create default TranslationService. |
|
2467
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
518 """ |
|
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
519 if translator is None: |
|
2808
18c28d22b3b5
pass tracker home directory to get_translation()
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2800
diff
changeset
|
520 translator = TranslationService.get_translation( |
|
2923
29563959c026
language defaults to config option TRACKER_LANGUAGE
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2906
diff
changeset
|
521 language=self.instance.config["TRACKER_LANGUAGE"], |
|
2808
18c28d22b3b5
pass tracker home directory to get_translation()
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2800
diff
changeset
|
522 tracker_home=self.instance.config["TRACKER_HOME"]) |
|
2467
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
523 self.translator = translator |
|
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
524 self._ = self.gettext = translator.gettext |
|
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
525 self.ngettext = translator.ngettext |
|
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
526 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
527 def main(self): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
528 """ Wrap the real main in a try/finally so we always close off the db. |
|
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
529 """ |
|
5924
b40059d7036f
issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents:
5881
diff
changeset
|
530 |
|
b40059d7036f
issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents:
5881
diff
changeset
|
531 # strip HTTP_PROXY issue2550925 in case |
|
b40059d7036f
issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents:
5881
diff
changeset
|
532 # PROXY header is set. |
|
b40059d7036f
issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents:
5881
diff
changeset
|
533 if 'HTTP_PROXY' in self.env: |
|
7571
f8b07ffd0226
flake8: add space between return, del and (
John Rouillard <rouilj@ieee.org>
parents:
7556
diff
changeset
|
534 del (self.env['HTTP_PROXY']) |
|
5924
b40059d7036f
issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents:
5881
diff
changeset
|
535 if 'HTTP_PROXY' in os.environ: |
|
7571
f8b07ffd0226
flake8: add space between return, del and (
John Rouillard <rouilj@ieee.org>
parents:
7556
diff
changeset
|
536 del (os.environ['HTTP_PROXY']) |
|
5924
b40059d7036f
issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents:
5881
diff
changeset
|
537 |
|
5603
79da1ca2f94b
Make xmlrpc and rest APIs configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5568
diff
changeset
|
538 xmlrpc_enabled = self.instance.config.WEB_ENABLE_XMLRPC |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
539 rest_enabled = self.instance.config.WEB_ENABLE_REST |
|
1133
36ec30d286ea
Cleaned up CHANGES/TODO
Richard Jones <richard@users.sourceforge.net>
parents:
1130
diff
changeset
|
540 try: |
|
5603
79da1ca2f94b
Make xmlrpc and rest APIs configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5568
diff
changeset
|
541 if xmlrpc_enabled and self.path == 'xmlrpc': |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
542 self.handle_xmlrpc() |
|
5603
79da1ca2f94b
Make xmlrpc and rest APIs configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5568
diff
changeset
|
543 elif rest_enabled and (self.path == 'rest' or |
|
79da1ca2f94b
Make xmlrpc and rest APIs configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5568
diff
changeset
|
544 self.path[:5] == 'rest/'): |
|
5556
d75aa88c2a99
Added RestInstance and calling rest from client.py
Chau Nguyen <dangchau1991@yahoo.com>
parents:
5555
diff
changeset
|
545 self.handle_rest() |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
546 else: |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
547 self.inner_main() |
|
1133
36ec30d286ea
Cleaned up CHANGES/TODO
Richard Jones <richard@users.sourceforge.net>
parents:
1130
diff
changeset
|
548 finally: |
|
36ec30d286ea
Cleaned up CHANGES/TODO
Richard Jones <richard@users.sourceforge.net>
parents:
1130
diff
changeset
|
549 if hasattr(self, 'db'): |
|
36ec30d286ea
Cleaned up CHANGES/TODO
Richard Jones <richard@users.sourceforge.net>
parents:
1130
diff
changeset
|
550 self.db.close() |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
551 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
552 def handle_xmlrpc(self): |
|
4919
24209344b507
Link /xmlrpc to docs if accessed with browser
anatoly techtonik <techtonik@gmail.com>
parents:
4903
diff
changeset
|
553 if self.env.get('CONTENT_TYPE') != 'text/xml': |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
554 self.write( |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
|
|
5456
0fb04e717de0
fix encoding in handle_xmlrpc
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5441
diff
changeset
|
557 b"XML-RPC interface</a>.") |
|
4919
24209344b507
Link /xmlrpc to docs if accessed with browser
anatoly techtonik <techtonik@gmail.com>
parents:
4903
diff
changeset
|
558 return |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
559 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
560 # Pull the raw XML out of the form. The "value" attribute |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
561 # will be the raw content of the POST request. |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
562 assert self.form.file |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
563 input = self.form.value |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
564 # So that the rest of Roundup can query the form in the |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
565 # usual way, we create an empty list of fields. |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
566 self.form.list = [] |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
567 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
568 # Set the charset and language, since other parts of |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
569 # Roundup may depend upon that. |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
570 self.determine_charset() |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
571 if self.instance.config["WEB_TRANSLATE_XMLRPC"]: |
|
6658
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
572 self.determine_language() |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
573 # Open the database as the correct user. |
|
5878
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
574 try: |
|
7556
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
575 self.determine_user(is_api="xmlrpc") |
|
5881
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
576 self.db.tx_Source = "xmlrpc" |
|
6658
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
577 self.db.i18n = self.translator |
|
5878
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
578 except LoginError as msg: |
|
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
579 output = xmlrpc_.client.dumps( |
|
5879
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
580 xmlrpc_.client.Fault(401, "%s" % msg), |
|
5878
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
581 allow_none=True) |
|
5879
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
582 self.setHeader("Content-Type", "text/xml") |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
583 self.setHeader("Content-Length", str(len(output))) |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
584 self.write(s2b(output)) |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
585 return |
|
7556
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
586 except RateLimitExceeded as msg: |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
587 output = xmlrpc_.client.dumps( |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
588 xmlrpc_.client.Fault(429, "%s" % msg), |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
589 allow_none=True) |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
590 self.setHeader("Content-Type", "text/xml") |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
591 self.setHeader("Content-Length", str(len(output))) |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
592 self.write(s2b(output)) |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
593 return |
|
5878
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
594 |
|
5879
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
595 if not self.db.security.hasPermission('Xmlrpc Access', self.userid): |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
596 output = xmlrpc_.client.dumps( |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
597 xmlrpc_.client.Fault(403, "Forbidden"), |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
598 allow_none=True) |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
599 self.setHeader("Content-Type", "text/xml") |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
600 self.setHeader("Content-Length", str(len(output))) |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
601 self.write(s2b(output)) |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
602 return |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
603 |
|
4327
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
604 self.check_anonymous_access() |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
605 |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
606 try: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
607 # coverting from function returning true/false to |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
608 # raising exceptions |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
609 # Call csrf with xmlrpc checks enabled. |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
610 # It will return True if everything is ok, |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
611 # raises exception on check failure. |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
612 csrf_ok = self.handle_csrf(api=True) |
|
6975
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
613 except (Unauthorised, UsageError): |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
614 # report exception back to server |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
615 exc_type, exc_value, exc_tb = sys.exc_info() |
|
5408
e46ce04d5bbc
Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5395
diff
changeset
|
616 output = xmlrpc_.client.dumps( |
|
e46ce04d5bbc
Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5395
diff
changeset
|
617 xmlrpc_.client.Fault(1, "%s:%s" % (exc_type, exc_value)), |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
618 allow_none=True) |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
619 csrf_ok = False # we had an error, failed check |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
620 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
621 if csrf_ok is True: |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
622 handler = xmlrpc.RoundupDispatcher(self.db, |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
623 self.instance.actions, |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
624 self.translator, |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
625 allow_none=True) |
| 5474 | 626 output = handler.dispatch(input) |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
627 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
628 self.setHeader("Content-Type", "text/xml") |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
629 self.setHeader("Content-Length", str(len(output))) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
630 self.write(output) |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
631 |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
632 def is_cors_preflight(self): |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
633 return ( |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
634 self.env['REQUEST_METHOD'] == "OPTIONS" |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
635 and self.request.headers.get("Access-Control-Request-Headers") |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
636 and self.request.headers.get("Access-Control-Request-Method") |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
637 and self.request.headers.get("Origin")) |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
638 |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
639 def handle_preflight(self): |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
640 # Call rest library to handle the pre-flight request |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
641 handler = rest.RestfulInstance(self, self.db) |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
642 output = handler.dispatch(self.env['REQUEST_METHOD'], |
|
7228
07ce4e4110f5
flake8 fixes: whitespace, remove unused imports
John Rouillard <rouilj@ieee.org>
parents:
7159
diff
changeset
|
643 self.path, self.form) |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
644 |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
645 if self.response_code == 204: |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
646 self.write("") |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
647 else: |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
648 self.setHeader("Content-Length", str(len(output))) |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
649 self.write(output) |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
650 |
|
7153
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
651 def reject_request(self, message, message_type="text/plain", |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
652 status=http_.client.UNAUTHORIZED): |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
653 self.response_code = status |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
654 self.setHeader("Content-Length", str(len(message))) |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
655 self.setHeader("Content-Type", message_type) |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
656 self.write(message) |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
657 |
|
5556
d75aa88c2a99
Added RestInstance and calling rest from client.py
Chau Nguyen <dangchau1991@yahoo.com>
parents:
5555
diff
changeset
|
658 def handle_rest(self): |
|
d75aa88c2a99
Added RestInstance and calling rest from client.py
Chau Nguyen <dangchau1991@yahoo.com>
parents:
5555
diff
changeset
|
659 # Set the charset and language |
|
d75aa88c2a99
Added RestInstance and calling rest from client.py
Chau Nguyen <dangchau1991@yahoo.com>
parents:
5555
diff
changeset
|
660 self.determine_charset() |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
661 if self.instance.config["WEB_TRANSLATE_REST"]: |
|
6658
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
662 self.determine_language() |
|
5556
d75aa88c2a99
Added RestInstance and calling rest from client.py
Chau Nguyen <dangchau1991@yahoo.com>
parents:
5555
diff
changeset
|
663 # Open the database as the correct user. |
|
d75aa88c2a99
Added RestInstance and calling rest from client.py
Chau Nguyen <dangchau1991@yahoo.com>
parents:
5555
diff
changeset
|
664 # TODO: add everything to RestfulDispatcher |
|
5666
d660d1c1ba63
Handle LoginError in rest code. Stop standard "an error occurred check
John Rouillard <rouilj@ieee.org>
parents:
5657
diff
changeset
|
665 try: |
|
7556
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
666 self.determine_user(is_api="rest") |
|
5881
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
667 self.db.tx_Source = "rest" |
|
6658
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
668 self.db.i18n = self.translator |
|
5666
d660d1c1ba63
Handle LoginError in rest code. Stop standard "an error occurred check
John Rouillard <rouilj@ieee.org>
parents:
5657
diff
changeset
|
669 except LoginError as err: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
670 output = s2b("Invalid Login - %s" % str(err)) |
|
7153
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
671 self.reject_request(output, status=http_.client.UNAUTHORIZED) |
|
5666
d660d1c1ba63
Handle LoginError in rest code. Stop standard "an error occurred check
John Rouillard <rouilj@ieee.org>
parents:
5657
diff
changeset
|
672 return |
|
7556
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
673 except RateLimitExceeded as err: |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
674 output = s2b("%s" % str(err)) |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
675 # PYTHON2:FIXME http_.client.TOO_MANY_REQUESTS missing |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
676 # python2 so use numeric code. |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
677 self.reject_request(output, status=429) |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
678 return |
|
5666
d660d1c1ba63
Handle LoginError in rest code. Stop standard "an error occurred check
John Rouillard <rouilj@ieee.org>
parents:
5657
diff
changeset
|
679 |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
680 # verify Origin is allowed on all requests including GET. |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
681 # If a GET, missing origin is allowed (i.e. same site GET request) |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
682 if not self.is_origin_header_ok(api=True): |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
683 if 'HTTP_ORIGIN' not in self.env: |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
684 msg = self._("Required Header Missing") |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
685 else: |
|
6693
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
686 msg = self._("Client is not allowed to use Rest Interface.") |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
687 |
|
7153
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
688 # Use code 400. Codes 401 and 403 imply that authentication |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
689 # is needed or authenticated person is not authorized. |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
690 # Preflight doesn't do authentication. |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
691 output = s2b( |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
692 '{ "error": { "status": 400, "msg": "%s" } }' % msg) |
|
7153
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
693 self.reject_request(output, |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
694 message_type="application/json", |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
695 status=400) |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
696 return |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
697 |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
698 # Handle CORS preflight request. We know rest is enabled |
|
7228
07ce4e4110f5
flake8 fixes: whitespace, remove unused imports
John Rouillard <rouilj@ieee.org>
parents:
7159
diff
changeset
|
699 # because handle_rest is called. Preflight requests |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
700 # are unauthenticated, so no need to check permissions. |
|
7228
07ce4e4110f5
flake8 fixes: whitespace, remove unused imports
John Rouillard <rouilj@ieee.org>
parents:
7159
diff
changeset
|
701 if (self.is_cors_preflight()): |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
702 self.handle_preflight() |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
703 return |
|
6693
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
704 elif not self.db.security.hasPermission('Rest Access', self.userid): |
|
6504
e162845193c4
Eliminate hang with unauthorized use of REST interface.
John Rouillard <rouilj@ieee.org>
parents:
6467
diff
changeset
|
705 output = s2b('{ "error": { "status": 403, "msg": "Forbidden." } }') |
|
7153
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
706 self.reject_request(output, |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
707 message_type="application/json", |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
708 status=403) |
|
5879
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
709 return |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
710 |
|
5556
d75aa88c2a99
Added RestInstance and calling rest from client.py
Chau Nguyen <dangchau1991@yahoo.com>
parents:
5555
diff
changeset
|
711 self.check_anonymous_access() |
|
d75aa88c2a99
Added RestInstance and calling rest from client.py
Chau Nguyen <dangchau1991@yahoo.com>
parents:
5555
diff
changeset
|
712 |
|
5696
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
713 try: |
|
6681
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
714 # Call csrf with api (xmlrpc, rest) checks enabled. |
|
5696
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
715 # It will return True if everything is ok, |
|
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
716 # raises exception on check failure. |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
717 # Note this returns true for a GET request. |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
718 # Must check supplied Origin header for bad value first. |
|
6681
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
719 csrf_ok = self.handle_csrf(api=True) |
|
5696
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
720 except (Unauthorised, UsageError) as msg: |
|
7153
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
721 # FIXME should format return value according to |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
722 # client's accept header, so application/xml, text/plain etc.. |
|
6975
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
723 output = s2b('{ "error": { "status": 400, "msg": "%s"}}' % |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
724 str(msg)) |
|
7153
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
725 self.reject_request(output, |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
726 message_type="application/json", |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
727 status=400) |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
728 csrf_ok = False # we had an error, failed check |
|
5696
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
729 return |
|
5556
d75aa88c2a99
Added RestInstance and calling rest from client.py
Chau Nguyen <dangchau1991@yahoo.com>
parents:
5555
diff
changeset
|
730 |
|
5696
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
731 # With the return above the if will never be false, |
|
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
732 # Keeping the if so we can remove return to pass |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
733 # output though and format output according to accept |
|
5696
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
734 # header. |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
735 if csrf_ok is True: |
|
5696
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
736 # Call rest library to handle the request |
|
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
737 handler = rest.RestfulInstance(self, self.db) |
|
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
738 output = handler.dispatch(self.env['REQUEST_METHOD'], |
|
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
739 self.path, self.form) |
|
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
740 |
|
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
741 # type header set by rest handler |
|
5556
d75aa88c2a99
Added RestInstance and calling rest from client.py
Chau Nguyen <dangchau1991@yahoo.com>
parents:
5555
diff
changeset
|
742 # self.setHeader("Content-Type", "text/xml") |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
743 if self.response_code == 204: # no body with 204 |
|
6509
1fc765ef6379
Fix 204 responses, hangs and crashes with REST.
John Rouillard <rouilj@ieee.org>
parents:
6504
diff
changeset
|
744 self.write("") |
|
1fc765ef6379
Fix 204 responses, hangs and crashes with REST.
John Rouillard <rouilj@ieee.org>
parents:
6504
diff
changeset
|
745 else: |
|
1fc765ef6379
Fix 204 responses, hangs and crashes with REST.
John Rouillard <rouilj@ieee.org>
parents:
6504
diff
changeset
|
746 self.setHeader("Content-Length", str(len(output))) |
|
1fc765ef6379
Fix 204 responses, hangs and crashes with REST.
John Rouillard <rouilj@ieee.org>
parents:
6504
diff
changeset
|
747 self.write(output) |
|
5556
d75aa88c2a99
Added RestInstance and calling rest from client.py
Chau Nguyen <dangchau1991@yahoo.com>
parents:
5555
diff
changeset
|
748 |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
749 def add_ok_message(self, msg, escape=True): |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
750 add_message(self._ok_message, msg, escape) |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
751 |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
752 def add_error_message(self, msg, escape=True): |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
753 add_message(self._error_message, msg, escape) |
|
5166
232c74973a56
issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5165
diff
changeset
|
754 # Want to interpret form values when rendering when an error |
|
232c74973a56
issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5165
diff
changeset
|
755 # occurred: |
|
232c74973a56
issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5165
diff
changeset
|
756 self.form_wins = True |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
757 |
|
1133
36ec30d286ea
Cleaned up CHANGES/TODO
Richard Jones <richard@users.sourceforge.net>
parents:
1130
diff
changeset
|
758 def inner_main(self): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
759 """Process a request. |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
760 |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
761 The most common requests are handled like so: |
|
1054
3d8ea16347aa
more explanatory docstring
Richard Jones <richard@users.sourceforge.net>
parents:
1053
diff
changeset
|
762 |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
763 1. look for charset and language preferences, set up user locale |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
764 see determine_charset, determine_language |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
765 2. figure out who we are, defaulting to the "anonymous" user |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
766 see determine_user |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
767 3. figure out what the request is for - the context |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
768 see determine_context |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
769 4. handle any requested action (item edit, search, ...) |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
770 see handle_action |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
771 5. render a template, resulting in HTML output |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
772 |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
773 In some situations, exceptions occur: |
|
1054
3d8ea16347aa
more explanatory docstring
Richard Jones <richard@users.sourceforge.net>
parents:
1053
diff
changeset
|
774 |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
775 - HTTP Redirect (generally raised by an action) |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
776 - SendFile (generally raised by determine_context) |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
777 serve up a FileClass "content" property |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
778 - SendStaticFile (generally raised by determine_context) |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
779 serve up a file from the tracker "html" directory |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
780 - Unauthorised (generally raised by an action) |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
781 the action is cancelled, the request is rendered and an error |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
782 message is displayed indicating that permission was not |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
783 granted for the action to take place |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
784 - templating.Unauthorised (templating action not permitted) |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
785 raised by an attempted rendering of a template when the user |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
786 doesn't have permission |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
787 - NotFound (raised wherever it needs to be) |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
788 percolates up to the CGI interface that called the client |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
789 """ |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
790 self._ok_message = [] |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
791 self._error_message = [] |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
792 try: |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
793 self.determine_charset() |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
794 |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
795 try: |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
796 # make sure we're identified (even anonymously) |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
797 self.determine_user() |
|
2938
463902a0fbbb
determine user before context:
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2937
diff
changeset
|
798 |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
799 # figure out the context and desired content template |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
800 self.determine_context() |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
801 |
|
6658
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
802 self.determine_language() |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
803 self.db.i18n = self.translator |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
804 |
|
4326
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
805 # if we've made it this far the context is to a bit of |
|
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
806 # Roundup's real web interface (not a file being served up) |
| 7079 | 807 # so do the Anonymous Web Access check now |
|
4327
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
808 self.check_anonymous_access() |
|
4326
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
809 |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
810 # check for a valid csrf token identifying the right user |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
811 csrf_ok = True |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
812 try: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
813 # coverting from function returning true/false to |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
814 # raising exceptions |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
815 csrf_ok = self.handle_csrf() |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
816 except (UsageError, Unauthorised) as msg: |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
817 csrf_ok = False |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
818 self.form_wins = True |
|
5475
da22ff1c3501
use .args for exception information
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5474
diff
changeset
|
819 self._error_message = msg.args |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
820 |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
821 if csrf_ok: |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
822 # csrf checks pass. Run actions etc. |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
823 # possibly handle a form submit action (may change |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
824 # self.classname and self.template, and may also |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
825 # append error/ok_messages) |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
826 html = self.handle_action() |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
827 else: |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
828 html = None |
|
1697
c9f67f2f7ba7
don't open the database for static files
Richard Jones <richard@users.sourceforge.net>
parents:
1692
diff
changeset
|
829 |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
830 if html: |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
831 self.write_html(html) |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
832 return |
|
2045
d124af927369
Forward-porting of fixes from the maintenance branch.
Richard Jones <richard@users.sourceforge.net>
parents:
2032
diff
changeset
|
833 |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
834 # now render the page |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
835 # we don't want clients caching our dynamic pages |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
836 self.additional_headers['Cache-Control'] = 'no-cache' |
|
1579
07a6b8587bc2
removed Pragma: no-cache...
Richard Jones <richard@users.sourceforge.net>
parents:
1562
diff
changeset
|
837 |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
838 # pages with messages added expire right now |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
839 # simple views may be cached for a small amount of time |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
840 # TODO? make page expire time configurable |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
841 # <rj> always expire pages, as IE just doesn't seem to do the |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
842 # right thing here :( |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
843 date = time.time() - 1 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
844 # if self._error_message or self._ok_message: |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
845 # date = time.time() - 1 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
846 # else: |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
847 # date = time.time() + 5 |
|
4980
13f8f88ad984
Replace rfc822 imports with email package (issue2550870)
John Kristensen <john@jerrykan.com>
parents:
4979
diff
changeset
|
848 self.additional_headers['Expires'] = \ |
|
13f8f88ad984
Replace rfc822 imports with email package (issue2550870)
John Kristensen <john@jerrykan.com>
parents:
4979
diff
changeset
|
849 email.utils.formatdate(date, usegmt=True) |
| 1552 | 850 |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
851 # render the content |
|
3896
fca0365521fc
ignore client shutdown exceptions when sending responses
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3867
diff
changeset
|
852 self.write_html(self.renderContext()) |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
853 except SendFile as designator: |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
854 # The call to serve_file may result in an Unauthorised |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
855 # exception or a NotModified exception. Those |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
856 # exceptions will be handled by the outermost set of |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
857 # exception handlers. |
|
6658
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
858 self.determine_language() |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
859 self.db.i18n = self.translator |
|
7159
765222ef4cec
- issue2551257: add 'X-Content-Type-Options: nosniff' header for file download
John Rouillard <rouilj@ieee.org>
parents:
7155
diff
changeset
|
860 self.setHeader("X-Content-Type-Options", "nosniff") |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
861 self.serve_file(designator) |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
862 except SendStaticFile as file: |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
863 self.serve_static_file(str(file)) |
|
3896
fca0365521fc
ignore client shutdown exceptions when sending responses
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3867
diff
changeset
|
864 except IOError: |
|
3900
182ba3207899
wrap comment to less than 75 chars
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3898
diff
changeset
|
865 # IOErrors here are due to the client disconnecting before |
|
4638
1ebc5f16aeda
Ignore OpenSSL.SSL.SysCallError similar to IOError.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4623
diff
changeset
|
866 # receiving the reply. |
|
1ebc5f16aeda
Ignore OpenSSL.SSL.SysCallError similar to IOError.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4623
diff
changeset
|
867 pass |
|
1ebc5f16aeda
Ignore OpenSSL.SSL.SysCallError similar to IOError.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4623
diff
changeset
|
868 except SysCallError: |
|
1ebc5f16aeda
Ignore OpenSSL.SSL.SysCallError similar to IOError.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4623
diff
changeset
|
869 # OpenSSL.SSL.SysCallError is similar to IOError above |
|
3896
fca0365521fc
ignore client shutdown exceptions when sending responses
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3867
diff
changeset
|
870 pass |
|
7556
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
871 except RateLimitExceeded: |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
872 raise |
|
2230
ca2664e095be
disable forking server when os.fork() not available [SF#938586]
Richard Jones <richard@users.sourceforge.net>
parents:
2183
diff
changeset
|
873 |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
874 except SeriousError as message: |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
875 self.write_html(str(message)) |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
876 except Redirect as url: |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
877 # let's redirect - if the url isn't None, then we need to do |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
878 # the headers, otherwise the headers have been set before the |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
879 # exception was raised |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
880 if url: |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
881 self.additional_headers['Location'] = str(url) |
|
1120
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
882 self.response_code = 302 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
883 self.write_html('Redirecting to <a href="%s">%s</a>' % (url, url)) |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
884 except LoginError as message: |
|
4265
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
885 # The user tried to log in, but did not provide a valid |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
886 # username and password. If we support HTTP |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
887 # authorization, send back a response that will cause the |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
888 # browser to prompt the user again. |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
889 if self.instance.config.WEB_HTTP_AUTH: |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
890 self.response_code = http_.client.UNAUTHORIZED |
|
4265
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
891 realm = self.instance.config.TRACKER_NAME |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
892 self.setHeader("WWW-Authenticate", |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
893 "Basic realm=\"%s\"" % realm) |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
894 else: |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
895 self.response_code = http_.client.FORBIDDEN |
|
4898
850551a1568b
Fix issue2550843 (AttributeError: 'Unauthorised' object has no attribute 'replace')
Thomas Arendsen Hein <thomas@intevation.de>
parents:
4880
diff
changeset
|
896 self.renderFrontPage(str(message)) |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
897 except Unauthorised as message: |
|
1977
f96592a7c357
changes to support the new templating Unauthorised exception.
Richard Jones <richard@users.sourceforge.net>
parents:
1973
diff
changeset
|
898 # users may always see the front page |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
899 self.response_code = 403 |
|
4898
850551a1568b
Fix issue2550843 (AttributeError: 'Unauthorised' object has no attribute 'replace')
Thomas Arendsen Hein <thomas@intevation.de>
parents:
4880
diff
changeset
|
900 self.renderFrontPage(str(message)) |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
901 except NotModified: |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
902 # send the 304 response |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
903 self.response_code = 304 |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
904 self.header() |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
905 except NotFound as e: |
|
5165
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
906 if self.response_code == 400: |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
907 # We can't find a parameter (e.g. property name |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
908 # incorrect). Tell the user what was raised. |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
909 # Do not change to the 404 template since the |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
910 # base url is valid just query args are not. |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
911 # copy the page format from SeriousError _str_ exception. |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
912 error_page = """ |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
913 <html><head><title>Roundup issue tracker: An error has occurred</title> |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
914 <link rel="stylesheet" type="text/css" href="@@file/style.css"> |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
915 </head> |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
916 <body class="body" marginwidth="0" marginheight="0"> |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
917 <p class="error-message">%s</p> |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
918 </body></html> |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
919 """ |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
920 self.write_html(error_page % str(e)) |
|
5165
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
921 else: |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
922 self.response_code = 404 |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
923 self.template = '404' |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
924 try: |
|
6975
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
925 # generates keyerror if class does not exist |
|
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
926 self.db.getclass(self.classname) |
|
5165
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
927 self.write_html(self.renderContext()) |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
928 except KeyError: |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
929 # we can't map the URL to a class we know about |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
930 # reraise the NotFound and let roundup_server |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
931 # handle it |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
932 raise NotFound(e) |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
933 except FormError as e: |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
934 self.add_error_message(self._('Form Error: ') + str(e)) |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
935 self.write_html(self.renderContext()) |
|
7556
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
936 except RateLimitExceeded as e: |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
937 self.add_error_message(str(e)) |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
938 self.write_html(self.renderContext()) |
|
4640
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
939 except IOError: |
|
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
940 # IOErrors here are due to the client disconnecting before |
|
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
941 # receiving the reply. |
|
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
942 # may happen during write_html and serve_file, too. |
|
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
943 pass |
|
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
944 except SysCallError: |
|
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
945 # OpenSSL.SSL.SysCallError is similar to IOError above |
|
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
946 # may happen during write_html and serve_file, too. |
|
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
947 pass |
|
5079
65fef7858606
issue2550826 IOError in detector causes apache 'premature end of script headers' error
John Rouillard <rouilj@ieee.org>
parents:
5073
diff
changeset
|
948 except DetectorError as e: |
|
65fef7858606
issue2550826 IOError in detector causes apache 'premature end of script headers' error
John Rouillard <rouilj@ieee.org>
parents:
5073
diff
changeset
|
949 if not self.instance.config.WEB_DEBUG: |
|
65fef7858606
issue2550826 IOError in detector causes apache 'premature end of script headers' error
John Rouillard <rouilj@ieee.org>
parents:
5073
diff
changeset
|
950 # run when we are not in debug mode, so errors |
|
65fef7858606
issue2550826 IOError in detector causes apache 'premature end of script headers' error
John Rouillard <rouilj@ieee.org>
parents:
5073
diff
changeset
|
951 # go to admin too. |
|
65fef7858606
issue2550826 IOError in detector causes apache 'premature end of script headers' error
John Rouillard <rouilj@ieee.org>
parents:
5073
diff
changeset
|
952 self.send_error_to_admin(e.subject, e.html, e.txt) |
|
65fef7858606
issue2550826 IOError in detector causes apache 'premature end of script headers' error
John Rouillard <rouilj@ieee.org>
parents:
5073
diff
changeset
|
953 self.write_html(e.html) |
|
65fef7858606
issue2550826 IOError in detector causes apache 'premature end of script headers' error
John Rouillard <rouilj@ieee.org>
parents:
5073
diff
changeset
|
954 else: |
|
65fef7858606
issue2550826 IOError in detector causes apache 'premature end of script headers' error
John Rouillard <rouilj@ieee.org>
parents:
5073
diff
changeset
|
955 # in debug mode, only write error to screen. |
|
65fef7858606
issue2550826 IOError in detector causes apache 'premature end of script headers' error
John Rouillard <rouilj@ieee.org>
parents:
5073
diff
changeset
|
956 self.write_html(e.html) |
|
6975
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
957 except Exception as e: # noqa: F841 |
|
4264
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
958 # Something has gone badly wrong. Therefore, we should |
|
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
959 # make sure that the response code indicates failure. |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
960 if self.response_code == http_.client.OK: |
|
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
961 self.response_code = http_.client.INTERNAL_SERVER_ERROR |
|
4264
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
962 # Help the administrator work out what went wrong. |
|
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
963 html = ("<h1>Traceback</h1>" |
|
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
964 + cgitb.html(i18n=self.translator) |
|
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
965 + ("<h1>Environment Variables</h1><table>%s</table>" |
|
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
966 % cgitb.niceDict("", self.env))) |
|
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
967 if not self.instance.config.WEB_DEBUG: |
|
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
968 exc_info = sys.exc_info() |
|
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
969 subject = "Error: %s" % exc_info[1] |
|
4543
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
970 self.send_error_to_admin(subject, html, format_exc()) |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
971 self.write_html(self._(default_err_msg)) |
|
3548
61d48244e7a8
login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents:
3494
diff
changeset
|
972 else: |
|
4264
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
973 self.write_html(html) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
974 |
|
1372
3931614b1cce
cleaning old unused sessions only once per hour, not on every cgi request
Andrey Lebedev <kedder@users.sourceforge.net>
parents:
1358
diff
changeset
|
975 def clean_sessions(self): |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
976 """Deprecated |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
977 XXX remove |
|
1937
4c850112895b
Some reformatting and fixing docstrings for emacs.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
1936
diff
changeset
|
978 """ |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
979 self.clean_up() |
|
1372
3931614b1cce
cleaning old unused sessions only once per hour, not on every cgi request
Andrey Lebedev <kedder@users.sourceforge.net>
parents:
1358
diff
changeset
|
980 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
981 def clean_up(self): |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
982 """Remove expired sessions and One Time Keys. |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
983 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
984 Do it only once an hour. |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
985 """ |
|
1372
3931614b1cce
cleaning old unused sessions only once per hour, not on every cgi request
Andrey Lebedev <kedder@users.sourceforge.net>
parents:
1358
diff
changeset
|
986 hour = 60*60 |
|
3931614b1cce
cleaning old unused sessions only once per hour, not on every cgi request
Andrey Lebedev <kedder@users.sourceforge.net>
parents:
1358
diff
changeset
|
987 now = time.time() |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
988 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
989 # XXX: hack - use OTK table to store last_clean time information |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
990 # 'last_clean' string is used instead of otk key |
|
5319
62de601bdf6f
Fix commits although a Reject exception is raised
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
991 otks = self.db.getOTKManager() |
|
62de601bdf6f
Fix commits although a Reject exception is raised
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
992 last_clean = otks.get('last_clean', 'last_use', 0) |
|
2046
f913b6beac35
document and make easier the actions-returning-content idiom
Richard Jones <richard@users.sourceforge.net>
parents:
2045
diff
changeset
|
993 if now - last_clean < hour: |
|
f913b6beac35
document and make easier the actions-returning-content idiom
Richard Jones <richard@users.sourceforge.net>
parents:
2045
diff
changeset
|
994 return |
|
f913b6beac35
document and make easier the actions-returning-content idiom
Richard Jones <richard@users.sourceforge.net>
parents:
2045
diff
changeset
|
995 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
996 self.session_api.clean_up() |
|
5319
62de601bdf6f
Fix commits although a Reject exception is raised
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
997 otks.clean() |
|
62de601bdf6f
Fix commits although a Reject exception is raised
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
998 otks.set('last_clean', last_use=now) |
|
62de601bdf6f
Fix commits although a Reject exception is raised
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
999 otks.commit() |
|
1372
3931614b1cce
cleaning old unused sessions only once per hour, not on every cgi request
Andrey Lebedev <kedder@users.sourceforge.net>
parents:
1358
diff
changeset
|
1000 |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1001 def determine_charset(self): |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1002 """Look for client charset in the form parameters or browser cookie. |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1003 |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1004 If no charset requested by client, use storage charset (utf-8). |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1005 |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1006 If the charset is found, and differs from the storage charset, |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1007 recode all form fields of type 'text/plain' |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1008 """ |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1009 # look for client charset |
|
2946
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1010 charset_parameter = 0 |
|
4799
b474adb17fda
Fix case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
1011 # Python 2.6 form may raise a TypeError if list in form is None |
|
b474adb17fda
Fix case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
1012 charset = None |
|
4800
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1013 try: |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1014 charset = self.form['@charset'].value |
|
2946
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1015 if charset.lower() == "none": |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1016 charset = "" |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1017 charset_parameter = 1 |
|
4799
b474adb17fda
Fix case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
1018 except (KeyError, TypeError): |
|
b474adb17fda
Fix case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
1019 pass |
|
b474adb17fda
Fix case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
1020 if charset is None and 'roundup_charset' in self.cookie: |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1021 charset = self.cookie['roundup_charset'].value |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1022 if charset: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1023 # make sure the charset is recognized |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1024 try: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1025 codecs.lookup(charset) |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1026 except LookupError: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1027 self.add_error_message(self._('Unrecognized charset: %r') % |
|
6975
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
1028 charset) |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1029 |
|
2946
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1030 charset_parameter = 0 |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1031 else: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1032 self.charset = charset.lower() |
|
2946
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1033 # If we've got a character set in request parameters, |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1034 # set the browser cookie to keep the preference. |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1035 # This is done after codecs.lookup to make sure |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1036 # that we aren't keeping a wrong value. |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1037 if charset_parameter: |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1038 self.add_cookie('roundup_charset', charset) |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1039 |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1040 # if client charset is different from the storage charset, |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1041 # recode form fields |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1042 # XXX this requires FieldStorage from Python library. |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1043 # mod_python FieldStorage is not supported! |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1044 if self.charset != self.STORAGE_CHARSET: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1045 decoder = codecs.getdecoder(self.charset) |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1046 encoder = codecs.getencoder(self.STORAGE_CHARSET) |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1047 re_charref = re.compile('&#([0-9]+|x[0-9a-f]+);', re.IGNORECASE) |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1048 |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1049 def _decode_charref(matchobj): |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1050 num = matchobj.group(1) |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1051 if num[0].lower() == 'x': |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1052 uc = int(num[1:], 16) |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1053 else: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1054 uc = int(num) |
|
5417
c749d6795bc2
Python 3 preparation: unichr.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5408
diff
changeset
|
1055 return uchr(uc) |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1056 |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1057 for field_name in self.form: |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1058 field = self.form[field_name] |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1059 if (field.type == 'text/plain') and not field.filename: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1060 try: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1061 value = decoder(field.value)[0] |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1062 except UnicodeError: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1063 continue |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1064 value = re_charref.sub(_decode_charref, value) |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1065 field.value = encoder(value)[0] |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1066 |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1067 def determine_language(self): |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1068 """Determine the language""" |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1069 # look for language parameter |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1070 # then for language cookie |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1071 # last for the Accept-Language header |
|
4800
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1072 # Python 2.6 form may raise a TypeError if list in form is None |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1073 language = None |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1074 try: |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1075 language = self.form["@language"].value |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1076 if language.lower() == "none": |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1077 language = "" |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1078 self.add_cookie("roundup_language", language) |
|
4800
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1079 except (KeyError, TypeError): |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1080 pass |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1081 if language is None: |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1082 if "roundup_language" in self.cookie: |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1083 language = self.cookie["roundup_language"].value |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1084 elif self.instance.config["WEB_USE_BROWSER_LANGUAGE"]: |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1085 hal = self.env.get('HTTP_ACCEPT_LANGUAGE') |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1086 language = accept_language.parse(hal) |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1087 else: |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1088 language = "" |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1089 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1090 if not language: |
|
6658
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
1091 # default to tracker language |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
1092 language = self.instance.config["TRACKER_LANGUAGE"] |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
1093 |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
1094 # this maybe is not correct, as get_translation could not |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
1095 # find desired locale and switch back to "en" but we set |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
1096 # self.language to the desired language ! |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1097 self.language = language |
|
6658
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
1098 |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
1099 self.setTranslator(TranslationService.get_translation( |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
1100 language, |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
1101 tracker_home=self.instance.config["TRACKER_HOME"])) |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1102 |
|
5934
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1103 def authenticate_bearer_token(self, challenge): |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1104 ''' authenticate the bearer token. Refactored from determine_user() |
|
7474
1cf1ffa65522
Fix mispellings in comments.
John Rouillard <rouilj@ieee.org>
parents:
7258
diff
changeset
|
1105 to allow it to be overridden if needed. |
|
5934
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1106 ''' |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1107 try: # will jwt import? |
|
5934
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1108 import jwt |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1109 except ImportError: |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1110 # no support for jwt, this is fine. |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1111 self.setHeader("WWW-Authenticate", "Basic") |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1112 raise LoginError('Support for jwt disabled.') |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1113 |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1114 secret = self.db.config.WEB_JWT_SECRET |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1115 if len(secret) < 32: |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1116 # no support for jwt, this is fine. |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1117 self.setHeader("WWW-Authenticate", "Basic") |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1118 raise LoginError('Support for jwt disabled by admin.') |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1119 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1120 try: # handle jwt exceptions |
|
5934
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1121 token = jwt.decode(challenge, secret, |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1122 algorithms=['HS256'], |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1123 audience=self.db.config.TRACKER_WEB, |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1124 issuer=self.db.config.TRACKER_WEB) |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1125 except jwt.exceptions.InvalidTokenError as err: |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1126 self.setHeader("WWW-Authenticate", "Basic, Bearer") |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1127 self.make_user_anonymous() |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1128 raise LoginError(str(err)) |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1129 |
|
7571
f8b07ffd0226
flake8: add space between return, del and (
John Rouillard <rouilj@ieee.org>
parents:
7556
diff
changeset
|
1130 return (token) |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1131 |
|
7556
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
1132 def determine_user(self, is_api=False): |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1133 """Determine who the user is""" |
|
1724
bc4f0aec594e
oops, we really do need a database
Richard Jones <richard@users.sourceforge.net>
parents:
1719
diff
changeset
|
1134 self.opendb('admin') |
|
bc4f0aec594e
oops, we really do need a database
Richard Jones <richard@users.sourceforge.net>
parents:
1719
diff
changeset
|
1135 |
|
5878
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1136 # if we get a jwt, it includes the roles to be used for this session |
|
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1137 # so we define a new function to encpsulate and return the jwt roles |
|
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1138 # and not take the roles from the database. |
|
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1139 override_get_roles = None |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1140 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1141 # get session data from db |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1142 # XXX: rename |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1143 self.session_api = Session(self) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1144 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1145 # take the opportunity to cleanup expired sessions and otks |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1146 self.clean_up() |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1147 |
|
3453
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
1148 user = None |
|
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
1149 # first up, try http authorization if enabled |
|
6053
380dec305c28
Add config option 'http_auth_convert_realm_to_lowercase'
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6014
diff
changeset
|
1150 cfg = self.instance.config |
|
6436
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6382
diff
changeset
|
1151 remote_user_header = cfg.WEB_HTTP_AUTH_HEADER or 'REMOTE_USER' |
|
6211
50960479f627
New config-option 'cookie_takes_precedence'
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6147
diff
changeset
|
1152 if cfg.WEB_COOKIE_TAKES_PRECEDENCE: |
|
50960479f627
New config-option 'cookie_takes_precedence'
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6147
diff
changeset
|
1153 user = self.session_api.get('user') |
|
50960479f627
New config-option 'cookie_takes_precedence'
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6147
diff
changeset
|
1154 if user: |
|
50960479f627
New config-option 'cookie_takes_precedence'
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6147
diff
changeset
|
1155 # update session lifetime datestamp |
|
50960479f627
New config-option 'cookie_takes_precedence'
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6147
diff
changeset
|
1156 self.session_api.update() |
|
6436
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6382
diff
changeset
|
1157 if remote_user_header in self.env: |
|
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6382
diff
changeset
|
1158 del self.env[remote_user_header] |
|
6211
50960479f627
New config-option 'cookie_takes_precedence'
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6147
diff
changeset
|
1159 if not user and cfg.WEB_HTTP_AUTH: |
|
6436
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6382
diff
changeset
|
1160 if remote_user_header in self.env: |
|
3453
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
1161 # we have external auth (e.g. by Apache) |
|
6436
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6382
diff
changeset
|
1162 user = self.env[remote_user_header] |
|
6053
380dec305c28
Add config option 'http_auth_convert_realm_to_lowercase'
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6014
diff
changeset
|
1163 if cfg.WEB_HTTP_AUTH_CONVERT_REALM_TO_LOWERCASE and '@' in user: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1164 u, d = user.split('@', 1) |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1165 user = '@'.join((u, d.lower())) |
|
3356
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
1166 elif self.env.get('HTTP_AUTHORIZATION', ''): |
|
3453
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
1167 # try handling Basic Auth ourselves |
|
3356
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
1168 auth = self.env['HTTP_AUTHORIZATION'] |
|
5549
901d7ba146ad
Avoid errors from invalid Authorization headers (issue2550992).
Joseph Myers <jsm@polyomino.org.uk>
parents:
5524
diff
changeset
|
1169 try: |
|
901d7ba146ad
Avoid errors from invalid Authorization headers (issue2550992).
Joseph Myers <jsm@polyomino.org.uk>
parents:
5524
diff
changeset
|
1170 scheme, challenge = auth.split(' ', 1) |
|
901d7ba146ad
Avoid errors from invalid Authorization headers (issue2550992).
Joseph Myers <jsm@polyomino.org.uk>
parents:
5524
diff
changeset
|
1171 except ValueError: |
|
901d7ba146ad
Avoid errors from invalid Authorization headers (issue2550992).
Joseph Myers <jsm@polyomino.org.uk>
parents:
5524
diff
changeset
|
1172 # Invalid header. |
|
901d7ba146ad
Avoid errors from invalid Authorization headers (issue2550992).
Joseph Myers <jsm@polyomino.org.uk>
parents:
5524
diff
changeset
|
1173 scheme = '' |
|
901d7ba146ad
Avoid errors from invalid Authorization headers (issue2550992).
Joseph Myers <jsm@polyomino.org.uk>
parents:
5524
diff
changeset
|
1174 challenge = '' |
|
3356
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
1175 if scheme.lower() == 'basic': |
|
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
1176 try: |
| 5474 | 1177 decoded = b2s(base64.b64decode(challenge)) |
|
3356
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
1178 except TypeError: |
|
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
1179 # invalid challenge |
| 5474 | 1180 decoded = '' |
|
5549
901d7ba146ad
Avoid errors from invalid Authorization headers (issue2550992).
Joseph Myers <jsm@polyomino.org.uk>
parents:
5524
diff
changeset
|
1181 try: |
|
901d7ba146ad
Avoid errors from invalid Authorization headers (issue2550992).
Joseph Myers <jsm@polyomino.org.uk>
parents:
5524
diff
changeset
|
1182 username, password = decoded.split(':', 1) |
|
901d7ba146ad
Avoid errors from invalid Authorization headers (issue2550992).
Joseph Myers <jsm@polyomino.org.uk>
parents:
5524
diff
changeset
|
1183 except ValueError: |
|
901d7ba146ad
Avoid errors from invalid Authorization headers (issue2550992).
Joseph Myers <jsm@polyomino.org.uk>
parents:
5524
diff
changeset
|
1184 # Invalid challenge. |
|
901d7ba146ad
Avoid errors from invalid Authorization headers (issue2550992).
Joseph Myers <jsm@polyomino.org.uk>
parents:
5524
diff
changeset
|
1185 username = '' |
|
901d7ba146ad
Avoid errors from invalid Authorization headers (issue2550992).
Joseph Myers <jsm@polyomino.org.uk>
parents:
5524
diff
changeset
|
1186 password = '' |
|
3356
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
1187 try: |
|
4669
d7ac6c7bc371
Fix basic authentication.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4649
diff
changeset
|
1188 # Current user may not be None, otherwise |
|
d7ac6c7bc371
Fix basic authentication.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4649
diff
changeset
|
1189 # instatiation of the login action will fail. |
|
d7ac6c7bc371
Fix basic authentication.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4649
diff
changeset
|
1190 # So we set the user to anonymous first. |
|
d7ac6c7bc371
Fix basic authentication.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4649
diff
changeset
|
1191 self.make_user_anonymous() |
|
3356
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
1192 login = self.get_action_class('login')(self) |
|
7556
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
1193 login.verifyLogin(username, password, is_api=is_api) |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
1194 except (LoginError, RateLimitExceeded): |
|
3356
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
1195 self.make_user_anonymous() |
|
4265
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
1196 raise |
|
3356
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
1197 user = username |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1198 # try to seed with something harder to guess than |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1199 # just the time. If random is SystemRandom, |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1200 # this is a no-op. |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1201 random_.seed("%s%s" % (password, time.time())) |
|
5878
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1202 elif scheme.lower() == 'bearer': |
|
5934
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1203 token = self.authenticate_bearer_token(challenge) |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1204 |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1205 from roundup.hyperdb import iter_roles |
|
5878
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1206 |
|
5934
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1207 # if we got here token is valid, use the role |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1208 # and sub claims. |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1209 try: |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1210 # make sure to str(token['sub']) the |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1211 # subject. As decoded by json, it is unicode |
|
7474
1cf1ffa65522
Fix mispellings in comments.
John Rouillard <rouilj@ieee.org>
parents:
7258
diff
changeset
|
1212 # which throws an error when used with 'nodeid |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1213 # in db' down the call chain. |
|
5934
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1214 user = self.db.user.get(str(token['sub']), 'username') |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1215 except IndexError: |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1216 raise LoginError("Token subject is invalid.") |
|
5878
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1217 |
|
5934
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1218 # validate roles |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1219 all_rolenames = [role[0] for role in self.db.security.role.items()] |
|
5934
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1220 for r in token['roles']: |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1221 if r.lower() not in all_rolenames: |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1222 raise LoginError("Token roles are invalid.") |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1223 |
|
5934
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1224 # will be used later to override the get_roles method |
|
6977
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1225 # having it defined as truthy allows it to be used. |
|
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1226 override_get_roles = lambda self: iter_roles( # noqa: E731 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1227 ','.join(token['roles'])) |
|
2928
81c99c857b57
applied patch [SF#1067690]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2923
diff
changeset
|
1228 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1229 # if user was not set by http authorization, try session lookup |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1230 if not user: |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1231 user = self.session_api.get('user') |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1232 if user: |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1233 # update session lifetime datestamp |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1234 self.session_api.update() |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1235 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1236 # if no user name set by http authorization or session lookup |
|
3453
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
1237 # the user is anonymous |
|
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
1238 if not user: |
|
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
1239 user = 'anonymous' |
|
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
1240 |
|
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
1241 # sanity check on the user still being valid, |
|
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
1242 # getting the userid at the same time |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1243 try: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1244 self.userid = self.db.user.lookup(user) |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1245 except (KeyError, TypeError): |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1246 user = 'anonymous' |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1247 |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1248 # make sure the anonymous user is valid if we're using it |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1249 if user == 'anonymous': |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1250 self.make_user_anonymous() |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1251 else: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1252 self.user = user |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1253 |
|
1003
f89b8d32291b
Hack hack hack...
Richard Jones <richard@users.sourceforge.net>
parents:
1002
diff
changeset
|
1254 # reopen the database as the correct user |
|
f89b8d32291b
Hack hack hack...
Richard Jones <richard@users.sourceforge.net>
parents:
1002
diff
changeset
|
1255 self.opendb(self.user) |
|
5878
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1256 if override_get_roles: |
|
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1257 # opendb destroys and re-opens the db if instance.optimize |
|
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1258 # is not true. This deletes an override of get_roles. So |
|
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1259 # assign get_roles override from the jwt if needed at this |
|
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1260 # point. |
|
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1261 self.db.user.get_roles = override_get_roles |
|
1003
f89b8d32291b
Hack hack hack...
Richard Jones <richard@users.sourceforge.net>
parents:
1002
diff
changeset
|
1262 |
|
4327
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
1263 def check_anonymous_access(self): |
|
4326
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
1264 """Check that the Anonymous user is actually allowed to use the web |
|
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
1265 interface and short-circuit all further processing if they're not. |
|
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
1266 """ |
|
4327
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
1267 # allow Anonymous to use the "login" and "register" actions (noting |
|
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
1268 # that "register" has its own "Register" permission check) |
|
4367
fa5587802af9
Handle multiple @action values from broken trackers
Richard Jones <richard@users.sourceforge.net>
parents:
4362
diff
changeset
|
1269 |
|
4802
e1ffab417c28
Yet another instance of a TypeError fixed
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4801
diff
changeset
|
1270 action = '' |
|
e1ffab417c28
Yet another instance of a TypeError fixed
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4801
diff
changeset
|
1271 try: |
|
e1ffab417c28
Yet another instance of a TypeError fixed
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4801
diff
changeset
|
1272 if ':action' in self.form: |
|
e1ffab417c28
Yet another instance of a TypeError fixed
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4801
diff
changeset
|
1273 action = self.form[':action'] |
|
e1ffab417c28
Yet another instance of a TypeError fixed
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4801
diff
changeset
|
1274 elif '@action' in self.form: |
|
e1ffab417c28
Yet another instance of a TypeError fixed
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4801
diff
changeset
|
1275 action = self.form['@action'] |
|
e1ffab417c28
Yet another instance of a TypeError fixed
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4801
diff
changeset
|
1276 except TypeError: |
|
e1ffab417c28
Yet another instance of a TypeError fixed
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4801
diff
changeset
|
1277 pass |
|
4367
fa5587802af9
Handle multiple @action values from broken trackers
Richard Jones <richard@users.sourceforge.net>
parents:
4362
diff
changeset
|
1278 if isinstance(action, list): |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1279 raise SeriousError( |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1280 self._('broken form: multiple @action values submitted')) |
|
4384
b0d812e10549
fix actions check for < Python2.6
Richard Jones <richard@users.sourceforge.net>
parents:
4380
diff
changeset
|
1281 elif action != '': |
|
4367
fa5587802af9
Handle multiple @action values from broken trackers
Richard Jones <richard@users.sourceforge.net>
parents:
4362
diff
changeset
|
1282 action = action.value.lower() |
|
4327
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
1283 if action in ('login', 'register'): |
|
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
1284 return |
|
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
1285 |
|
4329
58b7ba47af87
fixes to make registration work again
Richard Jones <richard@users.sourceforge.net>
parents:
4327
diff
changeset
|
1286 # allow Anonymous to view the "user" "register" template if they're |
|
58b7ba47af87
fixes to make registration work again
Richard Jones <richard@users.sourceforge.net>
parents:
4327
diff
changeset
|
1287 # allowed to register |
|
58b7ba47af87
fixes to make registration work again
Richard Jones <richard@users.sourceforge.net>
parents:
4327
diff
changeset
|
1288 if (self.db.security.hasPermission('Register', self.userid, 'user') |
|
58b7ba47af87
fixes to make registration work again
Richard Jones <richard@users.sourceforge.net>
parents:
4327
diff
changeset
|
1289 and self.classname == 'user' and self.template == 'register'): |
|
58b7ba47af87
fixes to make registration work again
Richard Jones <richard@users.sourceforge.net>
parents:
4327
diff
changeset
|
1290 return |
|
58b7ba47af87
fixes to make registration work again
Richard Jones <richard@users.sourceforge.net>
parents:
4327
diff
changeset
|
1291 |
|
4327
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
1292 # otherwise for everything else |
|
4326
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
1293 if self.user == 'anonymous': |
|
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
1294 if not self.db.security.hasPermission('Web Access', self.userid): |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1295 raise Unauthorised(self._("Anonymous users are not " |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1296 "allowed to use the web interface")) |
|
4326
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
1297 |
|
7155
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1298 def is_origin_header_ok(self, api=False, credentials=False): |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
1299 """Determine if origin is valid for the context |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
1300 |
|
7155
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1301 Header is ok (return True) if ORIGIN is missing and it is a GET. |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1302 Header is ok if ORIGIN matches the base url. |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
1303 If this is a API call: |
|
7155
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1304 Header is ok if ORIGIN matches an element of allowed_api_origins. |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1305 Header is ok if allowed_api_origins includes '*' as first |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1306 element and credentials is False. |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1307 Otherwise header is not ok. |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1308 |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1309 In a credentials context, if we match * we will return |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1310 header is not ok. All credentialed requests must be |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1311 explicitly matched. |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
1312 """ |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
1313 |
|
7113
5c6dd791d638
bug: handle exception when origin header is missing
John Rouillard <rouilj@ieee.org>
parents:
7106
diff
changeset
|
1314 try: |
|
5c6dd791d638
bug: handle exception when origin header is missing
John Rouillard <rouilj@ieee.org>
parents:
7106
diff
changeset
|
1315 origin = self.env['HTTP_ORIGIN'] |
|
5c6dd791d638
bug: handle exception when origin header is missing
John Rouillard <rouilj@ieee.org>
parents:
7106
diff
changeset
|
1316 except KeyError: |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
1317 if self.env['REQUEST_METHOD'] == 'GET': |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
1318 return True |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
1319 else: |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
1320 return False |
|
7113
5c6dd791d638
bug: handle exception when origin header is missing
John Rouillard <rouilj@ieee.org>
parents:
7106
diff
changeset
|
1321 |
|
6681
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1322 # note base https://host/... ends host with with a /, |
|
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1323 # so add it to origin. |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1324 foundat = self.base.find(origin + '/') |
|
6681
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1325 if foundat == 0: |
|
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1326 return True |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1327 |
|
6681
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1328 if not api: |
|
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1329 return False |
|
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1330 |
|
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1331 allowed_origins = self.db.config['WEB_ALLOWED_API_ORIGINS'] |
|
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1332 # find a match for other possible origins |
|
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1333 # Original spec says origin is case sensitive match. |
|
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1334 # Living spec doesn't address Origin value's case or |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1335 # how to compare it. So implement case sensitive.... |
|
7155
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1336 if origin in allowed_origins: |
|
7228
07ce4e4110f5
flake8 fixes: whitespace, remove unused imports
John Rouillard <rouilj@ieee.org>
parents:
7159
diff
changeset
|
1337 return True |
|
7155
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1338 # Block use of * when origin match is used for |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1339 # allowing credentials. See: |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1340 # https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1341 # under Credentials Requests and Wildcards |
|
7228
07ce4e4110f5
flake8 fixes: whitespace, remove unused imports
John Rouillard <rouilj@ieee.org>
parents:
7159
diff
changeset
|
1342 if (allowed_origins and allowed_origins[0] == '*' |
|
07ce4e4110f5
flake8 fixes: whitespace, remove unused imports
John Rouillard <rouilj@ieee.org>
parents:
7159
diff
changeset
|
1343 and not credentials): |
|
7155
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1344 return True |
|
6693
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1345 |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1346 return False |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1347 |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1348 def is_referer_header_ok(self, api=False): |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1349 referer = self.env['HTTP_REFERER'] |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1350 # parse referer and create an origin |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1351 referer_comp = urllib_.urlparse(referer) |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1352 |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1353 # self.base always has trailing /, so add trailing / to referer_origin |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1354 referer_origin = "%s://%s/" % (referer_comp[0], referer_comp[1]) |
|
6693
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1355 foundat = self.base.find(referer_origin) |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1356 if foundat == 0: |
|
6681
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1357 return True |
|
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1358 |
|
6693
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1359 if not api: |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1360 return False |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1361 |
|
6693
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1362 allowed_origins = self.db.config['WEB_ALLOWED_API_ORIGINS'] |
|
7074
ec8be5bd8bd6
bug: fix crash unguarded reference allowed_origins[0]
John Rouillard <rouilj@ieee.org>
parents:
7068
diff
changeset
|
1363 if allowed_origins and allowed_origins[0] == '*': |
|
6693
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1364 return True |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1365 |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1366 # For referer, loop over allowed_api_origins and |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1367 # see if any of them are a prefix to referer, case sensitive. |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1368 # Append / to each origin so that: |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1369 # an allowed_origin of https://my.host does not match |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1370 # a referer of https://my.host.com/my/path |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1371 for allowed_origin in allowed_origins: |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1372 foundat = referer_origin.find(allowed_origin + '/') |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1373 if foundat == 0: |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1374 return True |
|
6681
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1375 return False |
|
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1376 |
|
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1377 def handle_csrf(self, api=False): |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1378 '''Handle csrf token lookup and validate current user and session |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1379 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1380 This implements (or tries to implement) the |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1381 Session-Dependent Nonce from |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1382 https://seclab.stanford.edu/websec/csrf/csrf.pdf. |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1383 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1384 Changing this to an HMAC(sessionid,secret) will |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1385 remove the need for saving a fair amount of |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1386 state on the server (one nonce per form per |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1387 page). If you have multiple forms/page this can |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1388 lead to abandoned csrf tokens that have to time |
|
5946
1b50c2c5619a
Fix crash bug where looking for @csrf in a form failed.
John Rouillard <rouilj@ieee.org>
parents:
5934
diff
changeset
|
1389 out and get cleaned up. But you lose per form |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1390 tokens which may be an advantage. Also the HMAC |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1391 is constant for the session, so provides more |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1392 occasions for it to be exposed. |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1393 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1394 This only runs on post (or put and delete for |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1395 future use). Nobody should be changing data |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1396 with a get. |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1397 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1398 A session token lifetime is settable in |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1399 config.ini. A future enhancement to the |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1400 creation routines should allow for the requester |
|
5946
1b50c2c5619a
Fix crash bug where looking for @csrf in a form failed.
John Rouillard <rouilj@ieee.org>
parents:
5934
diff
changeset
|
1401 of the token to set the lifetime. |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1402 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1403 The unique session key and user id is stored |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1404 with the token. The token is valid if the stored |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1405 values match the current client's userid and |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1406 session. |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1407 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1408 If a user logs out, the csrf keys are |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1409 invalidated since no other connection should |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1410 have the same session id. |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1411 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1412 At least to start I am reporting anti-csrf to |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1413 the user. If it's an attacker who can see the |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1414 site, they can see the @csrf fields and can |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1415 probably figure out that he needs to supply |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1416 valid headers. Or they can just read this code |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1417 8-). So hiding it doesn't seem to help but it |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1418 does arguably show the enforcement settings, but |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1419 given the newness of this code notifying the |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1420 user and having them notify the admins for |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1421 debugging seems to be an advantage. |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1422 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1423 ''' |
|
5210
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1424 # Create the otks handle here as we need it almost immediately. |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1425 # If this is perf issue, set to None here and check below |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1426 # once all header checks have passed if it needs to be opened. |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1427 otks = self.db.getOTKManager() |
|
5210
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1428 |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1429 # Assume: never allow changes via GET |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1430 if self.env['REQUEST_METHOD'] not in ['POST', 'PUT', 'DELETE']: |
|
5946
1b50c2c5619a
Fix crash bug where looking for @csrf in a form failed.
John Rouillard <rouilj@ieee.org>
parents:
5934
diff
changeset
|
1431 if (self.form.list is not None) and ("@csrf" in self.form): |
|
5210
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1432 # We have a nonce being used with a method it should |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1433 # not be. If the nonce exists, report to admin so they |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1434 # can fix the nonce leakage and destroy it. (nonces |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1435 # used in a get are more exposed than those used in a |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1436 # post.) Note, I don't attempt to validate here since |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1437 # existence here is the sign of a failure. If nonce |
|
5210
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1438 # exists try to report the referer header to try to |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1439 # find where this comes from so it can be fixed. If |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1440 # nonce doesn't exist just ignore it. Maybe we should |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1441 # report, but somebody could spam us with a ton of |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1442 # invalid keys and fill up the logs. |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1443 if 'HTTP_REFERER' in self.env: |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1444 referer = self.env['HTTP_REFERER'] |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1445 else: |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1446 referer = self._("Referer header not available.") |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1447 key = self.form['@csrf'].value |
|
5210
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1448 if otks.exists(key): |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1449 logger.error( |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1450 self._("csrf key used with wrong method from: %s"), |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1451 referer) |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1452 otks.destroy(key) |
|
5319
62de601bdf6f
Fix commits although a Reject exception is raised
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
1453 otks.commit() |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1454 # do return here. Keys have been obsoleted. |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1455 # we didn't do a expire cycle of session keys, |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1456 # but that's ok. |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1457 return True |
|
5210
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1458 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1459 config = self.instance.config |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1460 current_user = self.db.getuid() |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1461 |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1462 # List HTTP headers we check. Note that the xmlrpc header is |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1463 # missing. Its enforcement is different (yes/required are the |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1464 # same for example) so we don't include here. |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1465 header_names = [ |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1466 "ORIGIN", |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1467 "REFERER", |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1468 "X-FORWARDED-HOST", |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1469 "HOST" |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1470 ] |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1471 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1472 header_pass = 0 # count of passing header checks |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1473 |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1474 # If required headers are missing, raise an error |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1475 for header in header_names: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1476 if (config["WEB_CSRF_ENFORCE_HEADER_%s" % header] == 'required' |
|
5624
b3618882f906
issue2551023: Fix CSRF headers for use with wsgi and cgi. The
John Rouillard <rouilj@ieee.org>
parents:
5615
diff
changeset
|
1477 and "HTTP_%s" % header.replace('-', '_') not in self.env): |
|
7058
7259ce224d65
Fix internationalized strings with multiple unlabeled % replacements.
John Rouillard <rouilj@ieee.org>
parents:
6977
diff
changeset
|
1478 logger.error(self._( |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1479 ''"csrf header %(header)s required but missing " |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1480 ''"for user%(userid)s.") % { |
|
7058
7259ce224d65
Fix internationalized strings with multiple unlabeled % replacements.
John Rouillard <rouilj@ieee.org>
parents:
6977
diff
changeset
|
1481 'header': header, |
|
7259ce224d65
Fix internationalized strings with multiple unlabeled % replacements.
John Rouillard <rouilj@ieee.org>
parents:
6977
diff
changeset
|
1482 'userid': current_user}) |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1483 raise Unauthorised(self._("Missing header: %s") % header) |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1484 |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1485 # self.base always matches: ^https?://hostname |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1486 enforce = config['WEB_CSRF_ENFORCE_HEADER_REFERER'] |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1487 if 'HTTP_REFERER' in self.env and enforce != "no": |
|
6693
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1488 if not self.is_referer_header_ok(api=api): |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1489 referer = self.env['HTTP_REFERER'] |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1490 logmsg = self._( |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1491 ''"csrf Referer header check failed for user%(userid)s. " |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1492 ''"Value=%(referer)s") % {'userid': current_user, |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1493 'referer': referer} |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1494 if enforce in ('required', 'yes'): |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1495 logger.error(logmsg) |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1496 raise Unauthorised(self._("Invalid Referer: %s") % ( |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1497 referer)) |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1498 elif enforce == 'logfailure': |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1499 logger.warning(logmsg) |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1500 else: |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1501 header_pass += 1 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1502 |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1503 # if you change these make sure to consider what |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1504 # happens if header variable exists but is empty. |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1505 # self.base.find("") returns 0 for example not -1 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1506 enforce = config['WEB_CSRF_ENFORCE_HEADER_ORIGIN'] |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1507 if 'HTTP_ORIGIN' in self.env and enforce != "no": |
|
6681
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1508 if not self.is_origin_header_ok(api=api): |
|
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1509 origin = self.env['HTTP_ORIGIN'] |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1510 logmsg = self._( |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1511 ''"csrf Origin header check failed for user%(userid)s. " |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1512 ''"Value=%(origin)s") % { |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1513 'userid': current_user, 'origin': origin} |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1514 if enforce in ('required', 'yes'): |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1515 logger.error(logmsg) |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1516 raise Unauthorised(self._("Invalid Origin %s" % origin)) |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1517 elif enforce == 'logfailure': |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1518 logger.warning(logmsg) |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1519 else: |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1520 header_pass += 1 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1521 |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1522 enforce = config['WEB_CSRF_ENFORCE_HEADER_X-FORWARDED-HOST'] |
|
5624
b3618882f906
issue2551023: Fix CSRF headers for use with wsgi and cgi. The
John Rouillard <rouilj@ieee.org>
parents:
5615
diff
changeset
|
1523 if 'HTTP_X_FORWARDED_HOST' in self.env: |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1524 if enforce != "no": |
|
5624
b3618882f906
issue2551023: Fix CSRF headers for use with wsgi and cgi. The
John Rouillard <rouilj@ieee.org>
parents:
5615
diff
changeset
|
1525 host = self.env['HTTP_X_FORWARDED_HOST'] |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1526 foundat = self.base.find('://' + host + '/') |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1527 # 4 means self.base has http:/ prefix, 5 means https:/ prefix |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1528 if foundat not in [4, 5]: |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1529 logmsg = self._( |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1530 ''"csrf X-FORWARDED-HOST header check failed " |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1531 ''"for user%(userid)s. Value=%(host)s") % { |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1532 'userid': current_user, 'host': host} |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1533 if enforce in ('required', 'yes'): |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1534 logger.error(logmsg) |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1535 raise Unauthorised(self._( |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1536 "Invalid X-FORWARDED-HOST %s") % host) |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1537 elif enforce == 'logfailure': |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1538 logger.warning(logmsg) |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1539 else: |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1540 header_pass += 1 |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1541 else: |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1542 # https://seclab.stanford.edu/websec/csrf/csrf.pdf |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1543 # recommends checking HTTP HOST header as well. |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1544 # If there is an X-FORWARDED-HOST header, check |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1545 # that only. The proxy setting X-F-H has probably set |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1546 # the host header to a local hostname that is |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1547 # internal name of system not name supplied by user. |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1548 enforce = config['WEB_CSRF_ENFORCE_HEADER_HOST'] |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1549 if 'HTTP_HOST' in self.env and enforce != "no": |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1550 host = self.env['HTTP_HOST'] |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1551 foundat = self.base.find('://' + host + '/') |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1552 # 4 means http:// prefix, 5 means https:// prefix |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1553 if foundat not in [4, 5]: |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1554 logmsg = self._( |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1555 ''"csrf HOST header check failed for " |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1556 ''"user%(userid)s. Value=%(host)s") % { |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1557 'userid': current_user, 'host': host} |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1558 if enforce in ('required', 'yes'): |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1559 logger.error(logmsg) |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1560 raise Unauthorised(self._("Invalid HOST %s") % host) |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1561 elif enforce == 'logfailure': |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1562 logger.warning(logmsg) |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1563 else: |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1564 header_pass += 1 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1565 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1566 enforce = config['WEB_CSRF_HEADER_MIN_COUNT'] |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1567 if header_pass < enforce: |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1568 logger.error(self._("Csrf: unable to verify sufficient headers")) |
|
5378
35ea9b1efc14
Python 3 preparation: "raise" syntax.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5356
diff
changeset
|
1569 raise UsageError(self._("Unable to verify sufficient headers")) |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1570 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1571 enforce = config['WEB_CSRF_ENFORCE_HEADER_X-REQUESTED-WITH'] |
|
6681
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1572 if api: |
|
5218
44f7e6b958fe
Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
1573 if enforce in ['required', 'yes']: |
|
44f7e6b958fe
Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
1574 # if we get here we have usually passed at least one |
|
44f7e6b958fe
Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
1575 # header check. We check for presence of this custom |
|
6681
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1576 # header for xmlrpc/rest calls only. |
|
5218
44f7e6b958fe
Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
1577 # E.G. X-Requested-With: XMLHttpRequest |
|
6681
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1578 # Note we do not use CSRF nonces for xmlrpc/rest requests. |
|
5218
44f7e6b958fe
Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
1579 # |
|
44f7e6b958fe
Added tests for csrf with xmlrpc.
John Rouillard <rouilj@ieee.org>
parents:
5212
diff
changeset
|
1580 # see: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Protecting_REST_Services:_Use_of_Custom_Request_Headers |
|
5624
b3618882f906
issue2551023: Fix CSRF headers for use with wsgi and cgi. The
John Rouillard <rouilj@ieee.org>
parents:
5615
diff
changeset
|
1581 if 'HTTP_X_REQUESTED_WITH' not in self.env: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1582 logger.error(self._( |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1583 ''"csrf X-REQUESTED-WITH xmlrpc required header " |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1584 ''"check failed for user%s."), |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1585 current_user) |
|
5378
35ea9b1efc14
Python 3 preparation: "raise" syntax.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5356
diff
changeset
|
1586 raise UsageError(self._("Required Header Missing")) |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1587 |
|
5211
f4b6a2a3e605
Fix expiration dates and expire csrf tokens properly
John Rouillard <rouilj@ieee.org>
parents:
5210
diff
changeset
|
1588 # Expire old csrf tokens now so we don't use them. These will |
|
f4b6a2a3e605
Fix expiration dates and expire csrf tokens properly
John Rouillard <rouilj@ieee.org>
parents:
5210
diff
changeset
|
1589 # be committed after the otks.destroy below. Note that the |
|
f4b6a2a3e605
Fix expiration dates and expire csrf tokens properly
John Rouillard <rouilj@ieee.org>
parents:
5210
diff
changeset
|
1590 # self.clean_up run as part of determine_user() will run only |
|
f4b6a2a3e605
Fix expiration dates and expire csrf tokens properly
John Rouillard <rouilj@ieee.org>
parents:
5210
diff
changeset
|
1591 # once an hour. If we have short lived (e.g. 5 minute) keys |
|
f4b6a2a3e605
Fix expiration dates and expire csrf tokens properly
John Rouillard <rouilj@ieee.org>
parents:
5210
diff
changeset
|
1592 # they will live too long if we depend on clean_up. So we do |
|
f4b6a2a3e605
Fix expiration dates and expire csrf tokens properly
John Rouillard <rouilj@ieee.org>
parents:
5210
diff
changeset
|
1593 # our own. |
|
f4b6a2a3e605
Fix expiration dates and expire csrf tokens properly
John Rouillard <rouilj@ieee.org>
parents:
5210
diff
changeset
|
1594 otks.clean() |
|
f4b6a2a3e605
Fix expiration dates and expire csrf tokens properly
John Rouillard <rouilj@ieee.org>
parents:
5210
diff
changeset
|
1595 |
|
6681
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1596 if api: |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1597 # Save removal of expired keys from database. |
|
5319
62de601bdf6f
Fix commits although a Reject exception is raised
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
1598 otks.commit() |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1599 # Return from here since we have done housekeeping |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1600 # and don't use csrf tokens for xmlrpc. |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1601 return True |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1602 |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1603 # process @csrf tokens past this point. |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1604 key = None |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1605 nonce_user = None |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1606 nonce_session = None |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1607 |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1608 if '@csrf' in self.form: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1609 key = self.form['@csrf'].value |
|
5210
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1610 |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1611 nonce_user = otks.get(key, 'uid', default=None) |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1612 nonce_session = otks.get(key, 'sid', default=None) |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1613 # The key has been used or compromised. |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1614 # Delete it to prevent replay. |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1615 otks.destroy(key) |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1616 |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1617 # commit the deletion/expiration of all keys |
|
5319
62de601bdf6f
Fix commits although a Reject exception is raised
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
1618 otks.commit() |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1619 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1620 enforce = config['WEB_CSRF_ENFORCE_TOKEN'] |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1621 if key is None: # we do not have an @csrf token |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1622 if enforce == 'required': |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1623 logger.error(self._( |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1624 "Required csrf field missing for user%s"), current_user) |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1625 raise UsageError(self._( |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1626 ''"We can't validate your session (csrf failure). " |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1627 ''"Re-enter any unsaved data and try again.")) |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1628 elif enforce == 'logfailure': |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1629 # FIXME include url |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1630 logger.warning(self._("csrf field not supplied by user%s"), |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1631 current_user) |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1632 else: |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1633 # enforce is either yes or no. Both permit change if token is |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1634 # missing |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1635 return True |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1636 |
|
5211
f4b6a2a3e605
Fix expiration dates and expire csrf tokens properly
John Rouillard <rouilj@ieee.org>
parents:
5210
diff
changeset
|
1637 current_session = self.session_api._sid |
|
f4b6a2a3e605
Fix expiration dates and expire csrf tokens properly
John Rouillard <rouilj@ieee.org>
parents:
5210
diff
changeset
|
1638 |
|
5210
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1639 # validate against user and session |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1640 if current_user != nonce_user: |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1641 logmsg = self._( |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1642 ''"Csrf mismatch user: current user %(user)s != stored " |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1643 ''"user %(stored)s, current session, stored session: " |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1644 ''"%(cur_sess)s,%(stor_sess)s for key %(key)s.") % { |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1645 'user': current_user, |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1646 'stored': nonce_user, |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1647 'cur_sess': current_session, |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1648 'stor_sess': nonce_session, |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1649 'key': key} |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1650 if enforce in ('required', 'yes'): |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1651 logger.error(logmsg) |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1652 raise UsageError(self._( |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1653 ''"We can't validate your session (csrf failure). " |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1654 ''"Re-enter any unsaved data and try again.")) |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1655 elif enforce == 'logfailure': |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1656 logger.warning(logmsg) |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1657 |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1658 if current_session != nonce_session: |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1659 logmsg = self._( |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1660 ''"Csrf mismatch user: current session %(curr_sess)s " |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1661 ''"!= stored session %(stor_sess)s, current user/stored " |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1662 ''"user is: %(user)s for key %(key)s.") % { |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1663 'curr_sess': current_session, |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1664 'stor_sess': nonce_session, |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1665 'user': current_user, |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1666 'key': key} |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1667 if enforce in ('required', 'yes'): |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1668 logger.error(logmsg) |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1669 raise UsageError(self._( |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1670 ''"We can't validate your session (csrf failure). " |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1671 ''"Re-enter any unsaved data and try again.")) |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1672 elif enforce == 'logfailure': |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1673 logger.warning(logmsg) |
|
7058
7259ce224d65
Fix internationalized strings with multiple unlabeled % replacements.
John Rouillard <rouilj@ieee.org>
parents:
6977
diff
changeset
|
1674 |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1675 # we are done and the change can occur. |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1676 return True |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1677 |
|
2940
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1678 def opendb(self, username): |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1679 """Open the database and set the current user. |
|
2940
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1680 |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1681 Opens a database once. On subsequent calls only the user is set on |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1682 the database object the instance.optimize is set. If we are in |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1683 "Development Mode" (cf. roundup_server) then the database is always |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1684 re-opened. |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1685 """ |
|
2940
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1686 # don't do anything if the db is open and the user has not changed |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1687 if hasattr(self, 'db') and self.db.isCurrentUser(username): |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1688 return |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1689 |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1690 # open the database or only set the user |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1691 if not hasattr(self, 'db'): |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1692 self.db = self.instance.open(username) |
| 4781 | 1693 self.db.tx_Source = "web" |
|
2940
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1694 else: |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1695 if self.instance.optimize: |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1696 self.db.setCurrentUser(username) |
| 4781 | 1697 self.db.tx_Source = "web" |
|
2940
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1698 else: |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1699 self.db.close() |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1700 self.db = self.instance.open(username) |
| 4781 | 1701 self.db.tx_Source = "web" |
|
4212
51a098592b78
Reopen session with database.
Stefan Seefeld <stefan@seefeld.name>
parents:
4145
diff
changeset
|
1702 # The old session API refers to the closed database; |
|
51a098592b78
Reopen session with database.
Stefan Seefeld <stefan@seefeld.name>
parents:
4145
diff
changeset
|
1703 # we can no longer use it. |
|
51a098592b78
Reopen session with database.
Stefan Seefeld <stefan@seefeld.name>
parents:
4145
diff
changeset
|
1704 self.session_api = Session(self) |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
1705 |
|
6977
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1706 # match designator in URL stripping leading 0's. So: |
|
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1707 # https://issues.roundup-tracker.org/issue002551190 is the same as |
|
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1708 # https://issues.roundup-tracker.org/issue2551190 |
|
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1709 # Note: id's are strings not numbers so "02" != "2" but 02 == 2 |
|
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1710 dre_url = re.compile(r'([^\d]+)0*(\d+)') |
|
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1711 |
|
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1712 def determine_context(self, dre=dre_url): |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1713 """Determine the context of this page from the URL: |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1714 |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1715 The URL path after the instance identifier is examined. The path |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1716 is generally only one entry long. |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1717 |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1718 - if there is no path, then we are in the "home" context. |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1719 - if the path is "_file", then the additional path entry |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1720 specifies the filename of a static file we're to serve up |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1721 from the instance "html" directory. Raises a SendStaticFile |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1722 exception.(*) |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1723 - if there is something in the path (eg "issue"), it identifies |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1724 the tracker class we're to display. |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1725 - if the path is an item designator (eg "issue123"), then we're |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1726 to display a specific item. |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1727 - if the path starts with an item designator and is longer than |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1728 one entry, then we're assumed to be handling an item of a |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1729 FileClass, and the extra path information gives the filename |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1730 that the client is going to label the download with (ie |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1731 "file123/image.png" is nicer to download than "file123"). This |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1732 raises a SendFile exception.(*) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1733 |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1734 Both of the "*" types of contexts stop before we bother to |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1735 determine the template we're going to use. That's because they |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1736 don't actually use templates. |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1737 |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1738 The template used is specified by the :template CGI variable, |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1739 which defaults to: |
|
1053
b28393def972
more explanatory docsting
Richard Jones <richard@users.sourceforge.net>
parents:
1051
diff
changeset
|
1740 |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1741 - only classname suplied: "index" |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1742 - full item designator supplied: "item" |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1743 |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1744 We set: |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1745 |
|
1041
c28603c9f831
Class help and generic class editing done.
Richard Jones <richard@users.sourceforge.net>
parents:
1029
diff
changeset
|
1746 self.classname - the class to display, can be None |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1747 |
|
1041
c28603c9f831
Class help and generic class editing done.
Richard Jones <richard@users.sourceforge.net>
parents:
1029
diff
changeset
|
1748 self.template - the template to render the current context with |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1749 |
|
1041
c28603c9f831
Class help and generic class editing done.
Richard Jones <richard@users.sourceforge.net>
parents:
1029
diff
changeset
|
1750 self.nodeid - the nodeid of the class we're displaying |
|
1937
4c850112895b
Some reformatting and fixing docstrings for emacs.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
1936
diff
changeset
|
1751 """ |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1752 # default the optional variables |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1753 self.classname = None |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1754 self.nodeid = None |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1755 |
|
1420
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1756 # see if a template or messages are specified |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1757 template_override = ok_message = error_message = None |
|
4801
bff9e4145f70
Fix another instance of a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4800
diff
changeset
|
1758 try: |
|
bff9e4145f70
Fix another instance of a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4800
diff
changeset
|
1759 keys = self.form.keys() |
|
bff9e4145f70
Fix another instance of a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4800
diff
changeset
|
1760 except TypeError: |
|
bff9e4145f70
Fix another instance of a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4800
diff
changeset
|
1761 keys = () |
|
bff9e4145f70
Fix another instance of a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4800
diff
changeset
|
1762 for key in keys: |
|
1420
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1763 if self.FV_TEMPLATE.match(key): |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1764 template_override = self.form[key].value |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1765 elif self.FV_OK_MESSAGE.match(key): |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1766 ok_message = self.form[key].value |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1767 elif self.FV_ERROR_MESSAGE.match(key): |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1768 error_message = self.form[key].value |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1769 |
|
1977
f96592a7c357
changes to support the new templating Unauthorised exception.
Richard Jones <richard@users.sourceforge.net>
parents:
1973
diff
changeset
|
1770 # see if we were passed in a message |
|
f96592a7c357
changes to support the new templating Unauthorised exception.
Richard Jones <richard@users.sourceforge.net>
parents:
1973
diff
changeset
|
1771 if ok_message: |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
1772 self.add_ok_message(ok_message) |
|
1977
f96592a7c357
changes to support the new templating Unauthorised exception.
Richard Jones <richard@users.sourceforge.net>
parents:
1973
diff
changeset
|
1773 if error_message: |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
1774 self.add_error_message(error_message) |
|
1977
f96592a7c357
changes to support the new templating Unauthorised exception.
Richard Jones <richard@users.sourceforge.net>
parents:
1973
diff
changeset
|
1775 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1776 # determine the classname and possibly nodeid |
|
1157
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
1777 path = self.path.split('/') |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1778 if not path or path[0] in ('', 'home', 'index'): |
|
1420
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1779 if template_override is not None: |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1780 self.template = template_override |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1781 else: |
|
1041
c28603c9f831
Class help and generic class editing done.
Richard Jones <richard@users.sourceforge.net>
parents:
1029
diff
changeset
|
1782 self.template = '' |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1783 return |
|
1911
f5c804379c85
fixed ZRoundup - mostly changes to classic template
Richard Jones <richard@users.sourceforge.net>
parents:
1905
diff
changeset
|
1784 elif path[0] in ('_file', '@@file'): |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1785 raise SendStaticFile(os.path.join(*path[1:])) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1786 else: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1787 self.classname = path[0] |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1788 if len(path) > 1: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1789 # send the file identified by the designator in path[0] |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1790 raise SendFile(path[0]) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1791 |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1792 # see if we got a designator |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1793 m = dre.match(self.classname) |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1794 if m: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1795 self.classname = m.group(1) |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1796 self.nodeid = m.group(2) |
|
3494
5a56abcf1b22
catch bad classname in URL (related to [SF#1240541])
Richard Jones <richard@users.sourceforge.net>
parents:
3453
diff
changeset
|
1797 try: |
|
5a56abcf1b22
catch bad classname in URL (related to [SF#1240541])
Richard Jones <richard@users.sourceforge.net>
parents:
3453
diff
changeset
|
1798 klass = self.db.getclass(self.classname) |
|
5a56abcf1b22
catch bad classname in URL (related to [SF#1240541])
Richard Jones <richard@users.sourceforge.net>
parents:
3453
diff
changeset
|
1799 except KeyError: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1800 raise NotFound('%s/%s' % (self.classname, self.nodeid)) |
|
5555
7b663b588292
Don't pass huge itemids into the backend.
martin.v.loewis <martin.v.loewis>
parents:
5554
diff
changeset
|
1801 if int(self.nodeid) > 2**31: |
|
7b663b588292
Don't pass huge itemids into the backend.
martin.v.loewis <martin.v.loewis>
parents:
5554
diff
changeset
|
1802 # Postgres will complain with a ProgrammingError |
|
7b663b588292
Don't pass huge itemids into the backend.
martin.v.loewis <martin.v.loewis>
parents:
5554
diff
changeset
|
1803 # if we try to pass in numbers that are too large |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1804 raise NotFound('%s/%s' % (self.classname, self.nodeid)) |
|
3494
5a56abcf1b22
catch bad classname in URL (related to [SF#1240541])
Richard Jones <richard@users.sourceforge.net>
parents:
3453
diff
changeset
|
1805 if not klass.hasnode(self.nodeid): |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1806 raise NotFound('%s/%s' % (self.classname, self.nodeid)) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1807 # with a designator, we default to item view |
|
1041
c28603c9f831
Class help and generic class editing done.
Richard Jones <richard@users.sourceforge.net>
parents:
1029
diff
changeset
|
1808 self.template = 'item' |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1809 else: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1810 # with only a class, we default to index view |
|
1041
c28603c9f831
Class help and generic class editing done.
Richard Jones <richard@users.sourceforge.net>
parents:
1029
diff
changeset
|
1811 self.template = 'index' |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1812 |
|
1288
ad8de51d7cd5
handle "classname" URL path errors cleaner (generate a 404)
Richard Jones <richard@users.sourceforge.net>
parents:
1277
diff
changeset
|
1813 # make sure the classname is valid |
|
ad8de51d7cd5
handle "classname" URL path errors cleaner (generate a 404)
Richard Jones <richard@users.sourceforge.net>
parents:
1277
diff
changeset
|
1814 try: |
|
ad8de51d7cd5
handle "classname" URL path errors cleaner (generate a 404)
Richard Jones <richard@users.sourceforge.net>
parents:
1277
diff
changeset
|
1815 self.db.getclass(self.classname) |
|
ad8de51d7cd5
handle "classname" URL path errors cleaner (generate a 404)
Richard Jones <richard@users.sourceforge.net>
parents:
1277
diff
changeset
|
1816 except KeyError: |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1817 raise NotFound(self.classname) |
|
1288
ad8de51d7cd5
handle "classname" URL path errors cleaner (generate a 404)
Richard Jones <richard@users.sourceforge.net>
parents:
1277
diff
changeset
|
1818 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1819 # see if we have a template override |
|
1420
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1820 if template_override is not None: |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1821 self.template = template_override |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1822 |
|
6977
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1823 # re for splitting designator, see also dre_url above this one |
|
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1824 # doesn't strip leading 0's from the id. Why not?? |
|
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1825 dre = re.compile(r'([^\d]+)(\d+)') |
|
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1826 |
|
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1827 def serve_file(self, designator, dre=dre): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
1828 """ Serve the file from the content property of the designated item. |
|
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
1829 """ |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1830 m = dre.match(str(designator)) |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1831 if not m: |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1832 raise NotFound(str(designator)) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1833 classname, nodeid = m.group(1), m.group(2) |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1834 |
|
4263
bd000a1e9a57
Robustify web interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4224
diff
changeset
|
1835 try: |
|
bd000a1e9a57
Robustify web interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4224
diff
changeset
|
1836 klass = self.db.getclass(classname) |
|
bd000a1e9a57
Robustify web interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4224
diff
changeset
|
1837 except KeyError: |
|
bd000a1e9a57
Robustify web interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4224
diff
changeset
|
1838 # The classname was not valid. |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1839 raise NotFound(str(designator)) |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
1840 |
|
4326
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
1841 # perform the Anonymous user access check |
|
4327
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
1842 self.check_anonymous_access() |
|
1946
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1843 |
|
1967
d30cd44321f2
commit old file-serving bugfix, and new pt content-type fix
Richard Jones <richard@users.sourceforge.net>
parents:
1946
diff
changeset
|
1844 # make sure we have the appropriate properties |
|
d30cd44321f2
commit old file-serving bugfix, and new pt content-type fix
Richard Jones <richard@users.sourceforge.net>
parents:
1946
diff
changeset
|
1845 props = klass.getprops() |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1846 if 'type' not in props: |
|
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1847 raise NotFound(designator) |
|
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1848 if 'content' not in props: |
|
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1849 raise NotFound(designator) |
|
1967
d30cd44321f2
commit old file-serving bugfix, and new pt content-type fix
Richard Jones <richard@users.sourceforge.net>
parents:
1946
diff
changeset
|
1850 |
|
2870
795cdba40c05
enforce View Permission when serving file content [SF#1050470]
Richard Jones <richard@users.sourceforge.net>
parents:
2864
diff
changeset
|
1851 # make sure we have permission |
|
795cdba40c05
enforce View Permission when serving file content [SF#1050470]
Richard Jones <richard@users.sourceforge.net>
parents:
2864
diff
changeset
|
1852 if not self.db.security.hasPermission('View', self.userid, |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1853 classname, 'content', nodeid): |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1854 raise Unauthorised(self._("You are not allowed to view " |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1855 "this file.")) |
|
4962
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1856 |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1857 # --- mime-type security |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1858 # mime type detection is performed in cgi.form_parser |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1859 |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1860 # everything not here is served as 'application/octet-stream' |
|
7614
7102de2c8733
refactor: rename the mime type whitelist
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
1861 mime_type_allowlist = [ |
|
4962
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1862 'text/plain', |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1863 'text/x-csrc', # .c |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1864 'text/x-chdr', # .h |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1865 'text/x-patch', # .patch and .diff |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1866 'text/x-python', # .py |
|
4962
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1867 'text/xml', |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1868 'text/csv', |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1869 'text/css', |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1870 'application/pdf', |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1871 'image/gif', |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1872 'image/jpeg', |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1873 'image/png', |
|
6447
8f8f4988b856
Add image/svg-xml as valid type to serve.
John Rouillard <rouilj@ieee.org>
parents:
6436
diff
changeset
|
1874 'image/svg+xml', |
|
4962
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1875 'image/webp', |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1876 'audio/ogg', |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1877 'video/webm', |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1878 ] |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1879 |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1880 if self.instance.config['WEB_ALLOW_HTML_FILE']: |
|
7614
7102de2c8733
refactor: rename the mime type whitelist
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
1881 mime_type_allowlist.append('text/html') |
|
4962
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1882 |
|
4530
c1c395058dee
issue2550715: IndexError when requesting non-existing file via http.
Bernhard Reiter <Bernhard.Reiter@intevation.de>
parents:
4523
diff
changeset
|
1883 try: |
|
c1c395058dee
issue2550715: IndexError when requesting non-existing file via http.
Bernhard Reiter <Bernhard.Reiter@intevation.de>
parents:
4523
diff
changeset
|
1884 mime_type = klass.get(nodeid, 'type') |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
1885 except IndexError as e: |
|
4530
c1c395058dee
issue2550715: IndexError when requesting non-existing file via http.
Bernhard Reiter <Bernhard.Reiter@intevation.de>
parents:
4523
diff
changeset
|
1886 raise NotFound(e) |
|
4291
b1772fdb09d0
Fix traceback on .../msgN/ url...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4265
diff
changeset
|
1887 # Can happen for msg class: |
|
b1772fdb09d0
Fix traceback on .../msgN/ url...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4265
diff
changeset
|
1888 if not mime_type: |
|
b1772fdb09d0
Fix traceback on .../msgN/ url...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4265
diff
changeset
|
1889 mime_type = 'text/plain' |
|
4047
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1890 |
|
7614
7102de2c8733
refactor: rename the mime type whitelist
John Rouillard <rouilj@ieee.org>
parents:
7582
diff
changeset
|
1891 if mime_type not in mime_type_allowlist: |
|
4962
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1892 mime_type = 'application/octet-stream' |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1893 |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1894 # --/ mime-type security |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
1895 |
|
4047
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1896 # If this object is a file (i.e., an instance of FileClass), |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1897 # see if we can find it in the filesystem. If so, we may be |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1898 # able to use the more-efficient request.sendfile method of |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1899 # sending the file. If not, just get the "content" property |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1900 # in the usual way, and use that. |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1901 content = None |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1902 filename = None |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1903 if isinstance(klass, hyperdb.FileClass): |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1904 try: |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1905 filename = self.db.filename(classname, nodeid) |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1906 except AttributeError: |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1907 # The database doesn't store files in the filesystem |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1908 # and therefore doesn't provide the "filename" method. |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1909 pass |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1910 except IOError: |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1911 # The file does not exist. |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1912 pass |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1913 if not filename: |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1914 content = klass.get(nodeid, 'content') |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
1915 |
|
1967
d30cd44321f2
commit old file-serving bugfix, and new pt content-type fix
Richard Jones <richard@users.sourceforge.net>
parents:
1946
diff
changeset
|
1916 lmt = klass.get(nodeid, 'activity').timestamp() |
|
1946
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1917 |
|
4047
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1918 self._serve_file(lmt, mime_type, content, filename) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1919 |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1920 def serve_static_file(self, file): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
1921 """ Serve up the file named from the templates dir |
|
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
1922 """ |
|
2864
930e780c751f
support STATIC_FILES directory in addition to TEMPLATES
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2853
diff
changeset
|
1923 # figure the filename - try STATIC_FILES, then TEMPLATES dir |
|
930e780c751f
support STATIC_FILES directory in addition to TEMPLATES
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2853
diff
changeset
|
1924 for dir_option in ('STATIC_FILES', 'TEMPLATES'): |
|
930e780c751f
support STATIC_FILES directory in addition to TEMPLATES
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2853
diff
changeset
|
1925 prefix = self.instance.config[dir_option] |
|
930e780c751f
support STATIC_FILES directory in addition to TEMPLATES
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2853
diff
changeset
|
1926 if not prefix: |
|
930e780c751f
support STATIC_FILES directory in addition to TEMPLATES
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2853
diff
changeset
|
1927 continue |
|
5613
0a8f0fddc2ae
Support non-ASCII prefixes in instance config for finding static files (issue2551022).
Cédric Krier <cedric.krier@b2ck.com>
parents:
5608
diff
changeset
|
1928 if is_us(prefix): |
|
5231
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
1929 # prefix can be a string or list depending on |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
1930 # option. Make it a list to iterate over. |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1931 prefix = [prefix] |
|
5231
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
1932 |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
1933 for p in prefix: |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
1934 # if last element of STATIC_FILES ends with '/-', |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
1935 # we failed to find the file and we should |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
1936 # not look in TEMPLATES. So raise exception. |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
1937 if dir_option == 'STATIC_FILES' and p[-2:] == '/-': |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
1938 raise NotFound(file) |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
1939 |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
1940 # ensure the load doesn't try to poke outside |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
1941 # of the static files directory |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
1942 p = os.path.normpath(p) |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
1943 filename = os.path.normpath(os.path.join(p, file)) |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
1944 if os.path.isfile(filename) and filename.startswith(p): |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1945 break # inner loop over list of directories |
|
5231
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
1946 else: |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
1947 # reset filename to None as sentinel for use below. |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
1948 filename = None |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
1949 |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
1950 # break out of outer loop over options |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
1951 if filename: |
|
2864
930e780c751f
support STATIC_FILES directory in addition to TEMPLATES
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2853
diff
changeset
|
1952 break |
|
5231
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
1953 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1954 if filename is None: # we didn't find a filename |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1955 raise NotFound(file) |
|
1946
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1956 |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1957 # last-modified time |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1958 lmt = os.stat(filename)[stat.ST_MTIME] |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1959 |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1960 # detemine meta-type |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1961 file = str(file) |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1962 mime_type = mimetypes.guess_type(file)[0] |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1963 if not mime_type: |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1964 if file.endswith('.css'): |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1965 mime_type = 'text/css' |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1966 else: |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1967 mime_type = 'text/plain' |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1968 |
|
5980
54d0080769f9
Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents:
5946
diff
changeset
|
1969 # get filename: given a/b/c.js extract c.js |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1970 fn = file.rpartition("/")[2] |
|
5980
54d0080769f9
Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents:
5946
diff
changeset
|
1971 if fn in self.Cache_Control: |
|
54d0080769f9
Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents:
5946
diff
changeset
|
1972 # if filename matches, don't use cache control |
|
54d0080769f9
Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents:
5946
diff
changeset
|
1973 # for mime type. |
|
54d0080769f9
Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents:
5946
diff
changeset
|
1974 self.additional_headers['Cache-Control'] = \ |
|
54d0080769f9
Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents:
5946
diff
changeset
|
1975 self.Cache_Control[fn] |
|
54d0080769f9
Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents:
5946
diff
changeset
|
1976 elif mime_type in self.Cache_Control: |
|
54d0080769f9
Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents:
5946
diff
changeset
|
1977 self.additional_headers['Cache-Control'] = \ |
|
54d0080769f9
Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents:
5946
diff
changeset
|
1978 self.Cache_Control[mime_type] |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1979 |
|
4047
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1980 self._serve_file(lmt, mime_type, '', filename) |
|
1946
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1981 |
|
4047
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1982 def _serve_file(self, lmt, mime_type, content=None, filename=None): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
1983 """ guts of serve_file() and serve_static_file() |
|
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
1984 """ |
|
4047
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
1985 |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
1986 # spit out headers |
|
4980
13f8f88ad984
Replace rfc822 imports with email package (issue2550870)
John Kristensen <john@jerrykan.com>
parents:
4979
diff
changeset
|
1987 self.additional_headers['Last-Modified'] = email.utils.formatdate(lmt) |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
1988 |
|
1498
203f6a154b30
even better if-modified-since handling for cgi-bin
Andrey Lebedev <kedder@users.sourceforge.net>
parents:
1497
diff
changeset
|
1989 ims = None |
|
1469
79d8956de3f5
implemented last-modified and if-modified-since support
Richard Jones <richard@users.sourceforge.net>
parents:
1468
diff
changeset
|
1990 # see if there's an if-modified-since... |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
1991 # used if this is run behind a non-caching http proxy |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
1992 if hasattr(self.request, 'headers'): |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
1993 ims = self.request.headers.get('if-modified-since') |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
1994 elif 'HTTP_IF_MODIFIED_SINCE' in self.env: |
|
1497
2704d8438823
better if-modified-since handling for cgi-bin
Richard Jones <richard@users.sourceforge.net>
parents:
1477
diff
changeset
|
1995 # cgi will put the header in the env var |
|
1469
79d8956de3f5
implemented last-modified and if-modified-since support
Richard Jones <richard@users.sourceforge.net>
parents:
1468
diff
changeset
|
1996 ims = self.env['HTTP_IF_MODIFIED_SINCE'] |
|
79d8956de3f5
implemented last-modified and if-modified-since support
Richard Jones <richard@users.sourceforge.net>
parents:
1468
diff
changeset
|
1997 if ims: |
|
4980
13f8f88ad984
Replace rfc822 imports with email package (issue2550870)
John Kristensen <john@jerrykan.com>
parents:
4979
diff
changeset
|
1998 ims = email.utils.parsedate(ims)[:6] |
|
3800
75d3896929bb
really fix the last-modified code
Richard Jones <richard@users.sourceforge.net>
parents:
3796
diff
changeset
|
1999 lmtt = time.gmtime(lmt)[:6] |
|
1469
79d8956de3f5
implemented last-modified and if-modified-since support
Richard Jones <richard@users.sourceforge.net>
parents:
1468
diff
changeset
|
2000 if lmtt <= ims: |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2001 if (self.determine_content_encoding()): |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2002 # set vary header as though we were returning 200 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2003 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Vary |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2004 self.setVary("Accept-Encoding") |
|
1469
79d8956de3f5
implemented last-modified and if-modified-since support
Richard Jones <richard@users.sourceforge.net>
parents:
1468
diff
changeset
|
2005 raise NotModified |
|
79d8956de3f5
implemented last-modified and if-modified-since support
Richard Jones <richard@users.sourceforge.net>
parents:
1468
diff
changeset
|
2006 |
|
6548
de5f5f9c02f2
Fix spurious content-ty on 304; xfail css Cache-Control
John Rouillard <rouilj@ieee.org>
parents:
6546
diff
changeset
|
2007 # don't set until we are sure we are sending a response body. |
|
de5f5f9c02f2
Fix spurious content-ty on 304; xfail css Cache-Control
John Rouillard <rouilj@ieee.org>
parents:
6546
diff
changeset
|
2008 self.additional_headers['Content-Type'] = mime_type |
|
de5f5f9c02f2
Fix spurious content-ty on 304; xfail css Cache-Control
John Rouillard <rouilj@ieee.org>
parents:
6546
diff
changeset
|
2009 |
|
4047
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
2010 if filename: |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2011 self.write_file(filename) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2012 else: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2013 self.additional_headers['Content-Length'] = str(len(content)) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2014 self.write(content) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2015 |
|
4543
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
2016 def send_error_to_admin(self, subject, html, txt): |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
2017 """Send traceback information to admin via email. |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
2018 We send both, the formatted html (with more information) and |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
2019 the text version of the traceback. We use |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
2020 multipart/alternative so the receiver can chose which version |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
2021 to display. |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
2022 """ |
|
4264
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
2023 to = [self.mailer.config.ADMIN_EMAIL] |
|
4543
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
2024 message = MIMEMultipart('alternative') |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
2025 self.mailer.set_message_attributes(message, to, subject) |
|
5518
db3a95f28b3c
fixed typos in send_error_to_admin
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5493
diff
changeset
|
2026 part = self.mailer.get_text_message('utf-8', 'html') |
|
5493
725266c03eab
updated mailgw to no longer use mimetools based on jerrykan's patch
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5488
diff
changeset
|
2027 part.set_payload(html, part.get_charset()) |
|
4543
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
2028 message.attach(part) |
|
5518
db3a95f28b3c
fixed typos in send_error_to_admin
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5493
diff
changeset
|
2029 part = self.mailer.get_text_message() |
|
db3a95f28b3c
fixed typos in send_error_to_admin
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5493
diff
changeset
|
2030 part.set_payload(txt, part.get_charset()) |
|
4543
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
2031 message.attach(part) |
|
4523
a03646a02f68
Fix issue2550691 where a Unix From-Header was sometimes inserted...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4384
diff
changeset
|
2032 self.mailer.smtp_send(to, message.as_string()) |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
2033 |
|
4265
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
2034 def renderFrontPage(self, message): |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
2035 """Return the front page of the tracker.""" |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
2036 |
|
4265
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
2037 self.classname = self.nodeid = None |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
2038 self.template = '' |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
2039 self.add_error_message(message) |
|
4265
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
2040 self.write_html(self.renderContext()) |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
2041 |
|
4740
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2042 def selectTemplate(self, name, view): |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
2043 """ Choose existing template for the given combination of |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
2044 classname (name parameter) and template request variable |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
2045 (view parameter) and return its name. |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
2046 |
|
5185
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2047 View can be a single template or two templates separated |
|
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2048 by a vbar '|' character. If the Client object has a |
|
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2049 non-empty _error_message attribute, the right hand |
|
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2050 template (error template) will be used. If the |
|
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2051 _error_message is empty, the left hand template (ok |
|
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2052 template) will be used. |
|
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2053 |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
2054 In most cases the name will be "classname.view", but |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
2055 if "view" is None, then template name "classname" will |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
2056 be returned. |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
2057 |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
2058 If "classname.view" template doesn't exist, the |
|
4740
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2059 "_generic.view" is used as a fallback. |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2060 |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2061 [ ] cover with tests |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2062 """ |
|
5185
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2063 |
|
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2064 # determine if view is oktmpl|errortmpl. If so assign the |
|
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2065 # right one to the view parameter. If we don't have alternate |
|
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2066 # templates, just leave view alone. |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2067 if (view and view.find('|') != -1): |
|
5185
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2068 # we have alternate templates, parse them apart. |
|
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2069 (oktmpl, errortmpl) = view.split("|", 2) |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2070 if self._error_message: |
|
5185
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2071 # we have an error, use errortmpl |
|
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2072 view = errortmpl |
|
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2073 else: |
|
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2074 # no error message recorded, use oktmpl |
|
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2075 view = oktmpl |
|
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2076 |
|
4739
94be76e04140
templating: Move template selection logic from the template loaders
anatoly techtonik <techtonik@gmail.com>
parents:
4728
diff
changeset
|
2077 loader = self.instance.templates |
|
94be76e04140
templating: Move template selection logic from the template loaders
anatoly techtonik <techtonik@gmail.com>
parents:
4728
diff
changeset
|
2078 |
|
94be76e04140
templating: Move template selection logic from the template loaders
anatoly techtonik <techtonik@gmail.com>
parents:
4728
diff
changeset
|
2079 # if classname is not set, use "home" template |
|
94be76e04140
templating: Move template selection logic from the template loaders
anatoly techtonik <techtonik@gmail.com>
parents:
4728
diff
changeset
|
2080 if name is None: |
|
94be76e04140
templating: Move template selection logic from the template loaders
anatoly techtonik <techtonik@gmail.com>
parents:
4728
diff
changeset
|
2081 name = 'home' |
|
94be76e04140
templating: Move template selection logic from the template loaders
anatoly techtonik <techtonik@gmail.com>
parents:
4728
diff
changeset
|
2082 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2083 tplname = name |
|
4740
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2084 if view: |
|
5154
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2085 # Support subdirectories for templates. Value is path/to/VIEW |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2086 # or just VIEW if the template is in the html directory of |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2087 # the tracker. |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2088 slash_loc = view.rfind("/") |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2089 if slash_loc == -1: |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2090 # try plain class.view |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2091 tplname = '%s.%s' % (name, view) |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2092 else: |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2093 # try path/class.view |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2094 tplname = '%s/%s.%s' % ( |
|
5154
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2095 view[:slash_loc], name, view[slash_loc+1:]) |
|
4740
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2096 |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2097 if loader.check(tplname): |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2098 return tplname |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2099 |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2100 # rendering class/context with generic template for this view. |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2101 # with no view it's impossible to choose which generic template to use |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2102 if not view: |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2103 raise templating.NoTemplate('Template "%s" doesn\'t exist' % name) |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2104 |
|
5154
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2105 if slash_loc == -1: |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2106 generic = '_generic.%s' % view |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2107 else: |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2108 generic = '%s/_generic.%s' % (view[:slash_loc], view[slash_loc+1:]) |
|
4740
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2109 if loader.check(generic): |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2110 return generic |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2111 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2112 raise templating.NoTemplate( |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2113 'No template file exists for templating ' |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2114 '"%s" with template "%s" (neither "%s" nor "%s")' % ( |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2115 name, view, tplname, generic)) |
|
4739
94be76e04140
templating: Move template selection logic from the template loaders
anatoly techtonik <techtonik@gmail.com>
parents:
4728
diff
changeset
|
2116 |
|
1204
b862bbf2067a
Replaced the content() callback ickiness with Page Template macro usage
Richard Jones <richard@users.sourceforge.net>
parents:
1196
diff
changeset
|
2117 def renderContext(self): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
2118 """ Return a PageTemplate for the named page |
|
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
2119 """ |
|
6382
b35a50d02890
Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents:
6267
diff
changeset
|
2120 try: |
|
b35a50d02890
Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents:
6267
diff
changeset
|
2121 tplname = self.selectTemplate(self.classname, self.template) |
|
1204
b862bbf2067a
Replaced the content() callback ickiness with Page Template macro usage
Richard Jones <richard@users.sourceforge.net>
parents:
1196
diff
changeset
|
2122 |
|
6382
b35a50d02890
Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents:
6267
diff
changeset
|
2123 # catch errors so we can handle PT rendering errors more nicely |
|
b35a50d02890
Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents:
6267
diff
changeset
|
2124 args = { |
|
b35a50d02890
Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents:
6267
diff
changeset
|
2125 'ok_message': self._ok_message, |
|
b35a50d02890
Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents:
6267
diff
changeset
|
2126 'error_message': self._error_message |
|
b35a50d02890
Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents:
6267
diff
changeset
|
2127 } |
|
4740
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2128 pt = self.instance.templates.load(tplname) |
|
1016
d6c13142e7b9
Keep a cache of compiled PageTemplates.
Richard Jones <richard@users.sourceforge.net>
parents:
1008
diff
changeset
|
2129 # let the template render figure stuff out |
|
6588
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2130 try: |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2131 result = pt.render(self, None, None, **args) |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2132 except IndexerQueryError as e: |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2133 result = self.renderError(e.args[0]) |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2134 |
|
1967
d30cd44321f2
commit old file-serving bugfix, and new pt content-type fix
Richard Jones <richard@users.sourceforge.net>
parents:
1946
diff
changeset
|
2135 self.additional_headers['Content-Type'] = pt.content_type |
|
2942
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
2136 if self.env.get('CGI_SHOW_TIMING', ''): |
|
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
2137 if self.env['CGI_SHOW_TIMING'].upper() == 'COMMENT': |
|
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
2138 timings = {'starttag': '<!-- ', 'endtag': ' -->'} |
|
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
2139 else: |
|
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
2140 timings = {'starttag': '<p>', 'endtag': '</p>'} |
|
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
2141 timings['seconds'] = time.time()-self.start |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2142 s = self._( |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2143 '%(starttag)sTime elapsed: %(seconds)fs%(endtag)s\n' |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2144 ) % timings |
|
2237
f624fc20f8fe
added capturing of stats
Richard Jones <richard@users.sourceforge.net>
parents:
2233
diff
changeset
|
2145 if hasattr(self.db, 'stats'): |
|
2942
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
2146 timings.update(self.db.stats) |
|
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
2147 s += self._("%(starttag)sCache hits: %(cache_hits)d," |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2148 " misses %(cache_misses)d." |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2149 " Loading items: %(get_items)f secs." |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2150 " Filtering: %(filtering)f secs." |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2151 "%(endtag)s\n") % timings |
|
2237
f624fc20f8fe
added capturing of stats
Richard Jones <richard@users.sourceforge.net>
parents:
2233
diff
changeset
|
2152 s += '</body>' |
|
2230
ca2664e095be
disable forking server when os.fork() not available [SF#938586]
Richard Jones <richard@users.sourceforge.net>
parents:
2183
diff
changeset
|
2153 result = result.replace('</body>', s) |
|
1967
d30cd44321f2
commit old file-serving bugfix, and new pt content-type fix
Richard Jones <richard@users.sourceforge.net>
parents:
1946
diff
changeset
|
2154 return result |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
2155 except templating.NoTemplate as message: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2156 self.response_code = 400 |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2157 return '<strong>%s</strong>' % html_escape(str(message)) |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
2158 except templating.Unauthorised as message: |
|
5802
0e6d45413e88
catching last couple of cgi.escape references.
John Rouillard <rouilj@ieee.org>
parents:
5775
diff
changeset
|
2159 raise Unauthorised(html_escape(str(message))) |
| 6976 | 2160 except Exception: |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2161 # everything else |
|
4045
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
2162 if self.instance.config.WEB_DEBUG: |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
2163 return cgitb.pt_html(i18n=self.translator) |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
2164 exc_info = sys.exc_info() |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
2165 try: |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
2166 # If possible, send the HTML page template traceback |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
2167 # to the administrator. |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
2168 subject = "Templating Error: %s" % exc_info[1] |
|
4543
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
2169 self.send_error_to_admin(subject, cgitb.pt_html(), format_exc()) |
|
4045
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
2170 # Now report the error to the user. |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
2171 return self._(default_err_msg) |
| 6976 | 2172 except Exception: |
|
4045
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
2173 # Reraise the original exception. The user will |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
2174 # receive an error message, and the adminstrator will |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
2175 # receive a traceback, albeit with less information |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
2176 # than the one we tried to generate above. |
|
5378
35ea9b1efc14
Python 3 preparation: "raise" syntax.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5356
diff
changeset
|
2177 if sys.version_info[0] > 2: |
|
35ea9b1efc14
Python 3 preparation: "raise" syntax.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5356
diff
changeset
|
2178 raise exc_info[0](exc_info[1]).with_traceback(exc_info[2]) |
|
35ea9b1efc14
Python 3 preparation: "raise" syntax.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5356
diff
changeset
|
2179 else: |
|
6014
6ed03d01491d
Bandit - ignore use of exec which re-raises exception
John Rouillard <rouilj@ieee.org>
parents:
5980
diff
changeset
|
2180 exec('raise exc_info[0], exc_info[1], exc_info[2]') # nosec |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2181 |
|
6588
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2182 def renderError(self, error, response_code=400, use_template=True): |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2183 self.response_code = response_code |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2184 |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2185 # see if error message already logged add if not |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2186 if error not in self._error_message: |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2187 self.add_error_message(error, escape=True) |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2188 |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2189 # allow use of template for a specific code |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2190 trial_templates = [] |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2191 if use_template: |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2192 if response_code == 400: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2193 trial_templates = ["400"] |
|
6588
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2194 else: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2195 trial_templates = [str(response_code), "400"] |
|
6588
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2196 |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2197 tplname = None |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2198 for rcode in trial_templates: |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2199 try: |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2200 tplname = self.selectTemplate(self.classname, rcode) |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2201 break |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2202 except templating.NoTemplate: |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2203 pass |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2204 |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2205 if not tplname: |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2206 # call string of serious error to get basic html |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2207 # response. |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2208 return str(SeriousError(error)) |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2209 |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2210 args = { |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2211 'ok_message': self._ok_message, |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2212 'error_message': self._error_message |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2213 } |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2214 |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2215 try: |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2216 pt = self.instance.templates.load(tplname) |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2217 return pt.render(self, None, None, **args) |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2218 except Exception: |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2219 # report original error |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2220 return str(SeriousError(error)) |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2221 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2222 # these are the actions that are available |
| 2904 | 2223 actions = ( |
|
5073
d0aa596daca8
Remove 'import *' statement from cgi/client.py
John Kristensen <john@jerrykan.com>
parents:
5044
diff
changeset
|
2224 ('edit', actions.EditItemAction), |
|
d0aa596daca8
Remove 'import *' statement from cgi/client.py
John Kristensen <john@jerrykan.com>
parents:
5044
diff
changeset
|
2225 ('editcsv', actions.EditCSVAction), |
|
d0aa596daca8
Remove 'import *' statement from cgi/client.py
John Kristensen <john@jerrykan.com>
parents:
5044
diff
changeset
|
2226 ('new', actions.NewItemAction), |
|
d0aa596daca8
Remove 'import *' statement from cgi/client.py
John Kristensen <john@jerrykan.com>
parents:
5044
diff
changeset
|
2227 ('register', actions.RegisterAction), |
|
d0aa596daca8
Remove 'import *' statement from cgi/client.py
John Kristensen <john@jerrykan.com>
parents:
5044
diff
changeset
|
2228 ('confrego', actions.ConfRegoAction), |
|
d0aa596daca8
Remove 'import *' statement from cgi/client.py
John Kristensen <john@jerrykan.com>
parents:
5044
diff
changeset
|
2229 ('passrst', actions.PassResetAction), |
|
d0aa596daca8
Remove 'import *' statement from cgi/client.py
John Kristensen <john@jerrykan.com>
parents:
5044
diff
changeset
|
2230 ('login', actions.LoginAction), |
|
d0aa596daca8
Remove 'import *' statement from cgi/client.py
John Kristensen <john@jerrykan.com>
parents:
5044
diff
changeset
|
2231 ('logout', actions.LogoutAction), |
|
d0aa596daca8
Remove 'import *' statement from cgi/client.py
John Kristensen <john@jerrykan.com>
parents:
5044
diff
changeset
|
2232 ('search', actions.SearchAction), |
|
5119
748ba87e1aca
Added a new cgi action restore. The opposite of (and a clone of) the existing retire action.
John Rouillard <rouilj@ieee.org>
parents:
5079
diff
changeset
|
2233 ('restore', actions.RestoreAction), |
|
5073
d0aa596daca8
Remove 'import *' statement from cgi/client.py
John Kristensen <john@jerrykan.com>
parents:
5044
diff
changeset
|
2234 ('retire', actions.RetireAction), |
|
d0aa596daca8
Remove 'import *' statement from cgi/client.py
John Kristensen <john@jerrykan.com>
parents:
5044
diff
changeset
|
2235 ('show', actions.ShowAction), |
|
d0aa596daca8
Remove 'import *' statement from cgi/client.py
John Kristensen <john@jerrykan.com>
parents:
5044
diff
changeset
|
2236 ('export_csv', actions.ExportCSVAction), |
|
5614
be99aa02c616
issue2550833 enhance the export csv action to include the keys for
John Rouillard <rouilj@ieee.org>
parents:
5608
diff
changeset
|
2237 ('export_csv_id', actions.ExportCSVWithIdAction), |
| 2904 | 2238 ) |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2239 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2240 def handle_action(self): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
2241 """ Determine whether there should be an Action called. |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2242 |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2243 The action is defined by the form variable :action which |
|
1477
ed725179953d
Added password reset facility for forgotten passwords.
Richard Jones <richard@users.sourceforge.net>
parents:
1472
diff
changeset
|
2244 identifies the method on this object to call. The actions |
| 2904 | 2245 are defined in the "actions" sequence on this class. |
|
2045
d124af927369
Forward-porting of fixes from the maintenance branch.
Richard Jones <richard@users.sourceforge.net>
parents:
2032
diff
changeset
|
2246 |
|
d124af927369
Forward-porting of fixes from the maintenance branch.
Richard Jones <richard@users.sourceforge.net>
parents:
2032
diff
changeset
|
2247 Actions may return a page (by default HTML) to return to the |
|
d124af927369
Forward-porting of fixes from the maintenance branch.
Richard Jones <richard@users.sourceforge.net>
parents:
2032
diff
changeset
|
2248 user, bypassing the usual template rendering. |
|
3388
0c66acaea802
present Reject exception messages to web users [SF#1237685]
Richard Jones <richard@users.sourceforge.net>
parents:
3356
diff
changeset
|
2249 |
|
0c66acaea802
present Reject exception messages to web users [SF#1237685]
Richard Jones <richard@users.sourceforge.net>
parents:
3356
diff
changeset
|
2250 We explicitly catch Reject and ValueError exceptions and |
|
0c66acaea802
present Reject exception messages to web users [SF#1237685]
Richard Jones <richard@users.sourceforge.net>
parents:
3356
diff
changeset
|
2251 present their messages to the user. |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
2252 """ |
|
4804
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
2253 action = None |
|
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
2254 try: |
|
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
2255 if ':action' in self.form: |
|
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
2256 action = self.form[':action'] |
|
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
2257 elif '@action' in self.form: |
|
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
2258 action = self.form['@action'] |
|
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
2259 except TypeError: |
|
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
2260 pass |
|
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
2261 if action is None: |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2262 return None |
|
2638
18e86941c950
Load up extensions in the tracker "extensions" directory.
Richard Jones <richard@users.sourceforge.net>
parents:
2592
diff
changeset
|
2263 |
|
4367
fa5587802af9
Handle multiple @action values from broken trackers
Richard Jones <richard@users.sourceforge.net>
parents:
4362
diff
changeset
|
2264 if isinstance(action, list): |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
2265 raise SeriousError( |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
2266 self._('broken form: multiple @action values submitted')) |
|
4367
fa5587802af9
Handle multiple @action values from broken trackers
Richard Jones <richard@users.sourceforge.net>
parents:
4362
diff
changeset
|
2267 else: |
|
fa5587802af9
Handle multiple @action values from broken trackers
Richard Jones <richard@users.sourceforge.net>
parents:
4362
diff
changeset
|
2268 action = action.value.lower() |
|
fa5587802af9
Handle multiple @action values from broken trackers
Richard Jones <richard@users.sourceforge.net>
parents:
4362
diff
changeset
|
2269 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2270 try: |
|
2948
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
2271 action_klass = self.get_action_class(action) |
|
2019
8fab5d394f22
Call actions in a different way so we won't hide any bad TypeErrors.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
2018
diff
changeset
|
2272 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2273 # call the mapped action |
|
2019
8fab5d394f22
Call actions in a different way so we won't hide any bad TypeErrors.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
2018
diff
changeset
|
2274 if isinstance(action_klass, type('')): |
|
8fab5d394f22
Call actions in a different way so we won't hide any bad TypeErrors.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
2018
diff
changeset
|
2275 # old way of specifying actions |
|
2045
d124af927369
Forward-porting of fixes from the maintenance branch.
Richard Jones <richard@users.sourceforge.net>
parents:
2032
diff
changeset
|
2276 return getattr(self, action_klass)() |
|
2019
8fab5d394f22
Call actions in a different way so we won't hide any bad TypeErrors.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
2018
diff
changeset
|
2277 else: |
|
2045
d124af927369
Forward-porting of fixes from the maintenance branch.
Richard Jones <richard@users.sourceforge.net>
parents:
2032
diff
changeset
|
2278 return action_klass(self).execute() |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
2279 except (ValueError, Reject) as err: |
|
5004
494d255043c9
Display errors containing HTML with RejectRaw (issue2550847)
John Kristensen <john@jerrykan.com>
parents:
4980
diff
changeset
|
2280 escape = not isinstance(err, RejectRaw) |
|
494d255043c9
Display errors containing HTML with RejectRaw (issue2550847)
John Kristensen <john@jerrykan.com>
parents:
4980
diff
changeset
|
2281 self.add_error_message(str(err), escape=escape) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2282 |
|
2948
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
2283 def get_action_class(self, action_name): |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
2284 if (hasattr(self.instance, 'cgi_actions') and |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
2285 action_name in self.instance.cgi_actions): |
|
2948
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
2286 # tracker-defined action |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
2287 action_klass = self.instance.cgi_actions[action_name] |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
2288 else: |
|
6975
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
2289 # go with a default, action_klass used after end of loop |
|
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
2290 for name, action_klass in self.actions: # noqa: B007 |
|
2948
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
2291 if name == action_name: |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
2292 break |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
2293 else: |
|
6975
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
2294 raise ValueError('No such action "%s"' % |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2295 html_escape(action_name)) |
|
2948
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
2296 return action_klass |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
2297 |
|
3760
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2298 def _socket_op(self, call, *args, **kwargs): |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2299 """Execute socket-related operation, catch common network errors |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2300 |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2301 Parameters: |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2302 call: a callable to execute |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2303 args, kwargs: call arguments |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2304 |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2305 """ |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2306 try: |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2307 call(*args, **kwargs) |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
2308 except socket.error as err: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2309 err_errno = getattr(err, 'errno', None) |
|
3808
36eb9e8faf30
Real handling of network errors.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3807
diff
changeset
|
2310 if err_errno is None: |
|
36eb9e8faf30
Real handling of network errors.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3807
diff
changeset
|
2311 try: |
|
36eb9e8faf30
Real handling of network errors.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3807
diff
changeset
|
2312 err_errno = err[0] |
|
36eb9e8faf30
Real handling of network errors.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3807
diff
changeset
|
2313 except TypeError: |
|
36eb9e8faf30
Real handling of network errors.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3807
diff
changeset
|
2314 pass |
|
3807
c27aafab067d
Band-aid over handling of netework errors.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3800
diff
changeset
|
2315 if err_errno not in self.IGNORE_NET_ERRORS: |
|
3760
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2316 raise |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2317 except IOError: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2318 # Apache's mod_python will raise IOError -- without an |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2319 # accompanying errno -- when a write to the client fails. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2320 # A common case is that the client has closed the |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2321 # connection. There's no way to be certain that this is |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2322 # the situation that has occurred here, but that is the |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2323 # most likely case. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2324 pass |
|
3760
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2325 |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2326 def determine_content_encoding(self, list_all=False, precompressed=False): |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2327 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2328 encoding_list = [] |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2329 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2330 # FIXME: Should parse for q= values and properly order |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2331 # the request encodings. Also should handle identity coding. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2332 # Then return first acceptable by q value. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2333 # This code always uses order: zstd, br, gzip. It will send identity |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2334 # even if identity excluded rather than returning 406. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2335 accept_encoding = self.request.headers.get('accept-encoding') or [] |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2336 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2337 if accept_encoding: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2338 for enc in ['zstd', 'br', 'gzip']: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2339 if ((enc in self.compressors) or precompressed) and \ |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2340 (enc in accept_encoding): |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2341 if not list_all: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2342 return enc |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2343 else: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2344 encoding_list.append(enc) |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2345 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2346 # Return value must evaluate to false in boolean context if no |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2347 # acceptable encoding is found. If an (non-identity) encoding |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2348 # is found the Vary header will include accept-encoding. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2349 # What to return if the identity encoding is unacceptable? |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2350 # Maybe raise a 406 from here? |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2351 if not list_all: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2352 return None |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2353 else: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2354 return encoding_list |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2355 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2356 def setVary(self, header): |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2357 '''Vary header will include the new header. This will append |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2358 if Vary exists.''' |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2359 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2360 if ('Vary' in self.additional_headers): |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2361 self.additional_headers['Vary'] += ", %s" % header |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2362 else: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2363 self.additional_headers['Vary'] = header |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2364 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2365 def compress_encode(self, byte_content, quality=4): |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2366 |
|
6467
679ec82798e9
Fix typo referencing config.
John Rouillard <rouilj@ieee.org>
parents:
6458
diff
changeset
|
2367 if not self.instance.config.WEB_DYNAMIC_COMPRESSION: |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2368 # dynamic compression disabled. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2369 return byte_content |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2370 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2371 # don't compress small content |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2372 if len(byte_content) < 100: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2373 return byte_content |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2374 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2375 # abort if already encoded (e.g. served from |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2376 # precompressed file or cache on disk) |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2377 if ('Content-Encoding' in self.additional_headers): |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2378 return byte_content |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2379 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2380 # abort if file-type already compressed |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2381 if ('Content-Type' in self.additional_headers) and \ |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2382 (self.additional_headers['Content-Type'] in |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2383 self.precompressed_mime_types): |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2384 return byte_content |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2385 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2386 encoder = None |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2387 # return same content if unable to compress |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2388 new_content = byte_content |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2389 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2390 encoder = self.determine_content_encoding() |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2391 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2392 if encoder == 'zstd': |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2393 new_content = self.zstd.ZSTD_compress(byte_content, 3) |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2394 elif encoder == 'br': |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2395 # lgblock=0 sets value from quality |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2396 new_content = self.brotli.compress(byte_content, |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2397 quality=quality, |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2398 mode=1, |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2399 lgblock=0) |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2400 elif encoder == 'gzip': |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2401 try: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2402 new_content = self.gzip.compress(byte_content, compresslevel=5) |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2403 except AttributeError: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2404 try: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2405 from StringIO import cStringIO as IOBuff |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2406 except ImportError: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2407 # python 3 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2408 # however this code should not be needed under python3 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2409 # since py3 gzip library has compress() method. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2410 from io import BytesIO as IOBuff |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2411 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2412 out = IOBuff() |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2413 # handle under python2 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2414 f = self.gzip.GzipFile(fileobj=out, mode='w', compresslevel=5) |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2415 f.write(byte_content) |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2416 f.close() |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2417 new_content = out.getvalue() |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2418 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2419 if encoder: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2420 # we changed the data, change existing content-length header |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2421 # and add Content-Encoding and Vary header. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2422 self.additional_headers['Content-Length'] = str(len(new_content)) |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2423 self.additional_headers['Content-Encoding'] = encoder |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2424 self.setVary('Accept-Encoding') |
|
6539
f8df7fed18f6
issue2551175 - Make ETag content-encoding aware.
John Rouillard <rouilj@ieee.org>
parents:
6509
diff
changeset
|
2425 try: |
|
f8df7fed18f6
issue2551175 - Make ETag content-encoding aware.
John Rouillard <rouilj@ieee.org>
parents:
6509
diff
changeset
|
2426 current_etag = self.additional_headers['ETag'] |
|
f8df7fed18f6
issue2551175 - Make ETag content-encoding aware.
John Rouillard <rouilj@ieee.org>
parents:
6509
diff
changeset
|
2427 except KeyError: |
|
f8df7fed18f6
issue2551175 - Make ETag content-encoding aware.
John Rouillard <rouilj@ieee.org>
parents:
6509
diff
changeset
|
2428 pass # etag not set for non-rest endpoints |
|
f8df7fed18f6
issue2551175 - Make ETag content-encoding aware.
John Rouillard <rouilj@ieee.org>
parents:
6509
diff
changeset
|
2429 else: |
|
f8df7fed18f6
issue2551175 - Make ETag content-encoding aware.
John Rouillard <rouilj@ieee.org>
parents:
6509
diff
changeset
|
2430 etag_end = current_etag.rindex('"') |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2431 self.additional_headers['ETag'] = ( |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2432 current_etag[:etag_end] + |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2433 '-' + encoder + current_etag[etag_end:]) |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2434 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2435 return new_content |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2436 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2437 def write(self, content): |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2438 if not self.headers_done and self.env['REQUEST_METHOD'] != 'HEAD': |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2439 # compress_encode modifies headers, must run before self.header() |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2440 content = self.compress_encode(bs2b(content)) |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2441 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2442 if not self.headers_done: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2443 self.header() |
|
2592
5a8d9465827e
implement the HTTP HEAD command [SF#992544]
Richard Jones <richard@users.sourceforge.net>
parents:
2565
diff
changeset
|
2444 if self.env['REQUEST_METHOD'] != 'HEAD': |
|
3760
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2445 self._socket_op(self.request.wfile.write, content) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2446 |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
2447 def write_html(self, content): |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2448 if sys.version_info[0] > 2: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2449 # An action setting appropriate headers for a non-HTML |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2450 # response may return a bytes object directly. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2451 if not isinstance(content, bytes): |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2452 content = content.encode(self.charset, 'xmlcharrefreplace') |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2453 elif self.charset != self.STORAGE_CHARSET: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2454 # recode output |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2455 content = content.decode(self.STORAGE_CHARSET, 'replace') |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2456 content = content.encode(self.charset, 'xmlcharrefreplace') |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2457 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2458 if self.env['REQUEST_METHOD'] != 'HEAD' and not self.headers_done: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2459 # compress_encode modifies headers, must run before self.header() |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2460 content = self.compress_encode(bs2b(content)) |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2461 |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
2462 if not self.headers_done: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
2463 # at this point, we are sure about Content-Type |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
2464 if 'Content-Type' not in self.additional_headers: |
|
3867
2563ddf71cd7
Enabled over-riding of content-type in web interface (thanks John Mitchell)
Richard Jones <richard@users.sourceforge.net>
parents:
3808
diff
changeset
|
2465 self.additional_headers['Content-Type'] = \ |
|
2563ddf71cd7
Enabled over-riding of content-type in web interface (thanks John Mitchell)
Richard Jones <richard@users.sourceforge.net>
parents:
3808
diff
changeset
|
2466 'text/html; charset=%s' % self.charset |
|
6509
1fc765ef6379
Fix 204 responses, hangs and crashes with REST.
John Rouillard <rouilj@ieee.org>
parents:
6504
diff
changeset
|
2467 if 'Content-Length' not in self.additional_headers: |
|
6550
15ae655c2014
header values should always be strings (at least "flup" cares)
Christof Meerwald <cmeerw@cmeerw.org>
parents:
6548
diff
changeset
|
2468 self.additional_headers['Content-Length'] = str(len(content)) |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
2469 self.header() |
|
2592
5a8d9465827e
implement the HTTP HEAD command [SF#992544]
Richard Jones <richard@users.sourceforge.net>
parents:
2565
diff
changeset
|
2470 |
|
5a8d9465827e
implement the HTTP HEAD command [SF#992544]
Richard Jones <richard@users.sourceforge.net>
parents:
2565
diff
changeset
|
2471 if self.env['REQUEST_METHOD'] == 'HEAD': |
|
5a8d9465827e
implement the HTTP HEAD command [SF#992544]
Richard Jones <richard@users.sourceforge.net>
parents:
2565
diff
changeset
|
2472 # client doesn't care about content |
|
5a8d9465827e
implement the HTTP HEAD command [SF#992544]
Richard Jones <richard@users.sourceforge.net>
parents:
2565
diff
changeset
|
2473 return |
|
5a8d9465827e
implement the HTTP HEAD command [SF#992544]
Richard Jones <richard@users.sourceforge.net>
parents:
2565
diff
changeset
|
2474 |
|
5a8d9465827e
implement the HTTP HEAD command [SF#992544]
Richard Jones <richard@users.sourceforge.net>
parents:
2565
diff
changeset
|
2475 # and write |
|
3760
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2476 self._socket_op(self.request.wfile.write, content) |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
2477 |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2478 def http_strip(self, content): |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2479 """Remove HTTP Linear White Space from 'content'. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2480 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2481 'content' -- A string. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2482 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2483 returns -- 'content', with all leading and trailing LWS |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2484 removed.""" |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2485 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2486 # RFC 2616 2.2: Basic Rules |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2487 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2488 # LWS = [CRLF] 1*( SP | HT ) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2489 return content.strip(" \r\n\t") |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2490 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2491 def http_split(self, content): |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2492 """Split an HTTP list. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2493 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2494 'content' -- A string, giving a list of items. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2495 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2496 returns -- A sequence of strings, containing the elements of |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2497 the list.""" |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2498 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2499 # RFC 2616 2.1: Augmented BNF |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2500 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2501 # Grammar productions of the form "#rule" indicate a |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2502 # comma-separated list of elements matching "rule". LWS |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2503 # is then removed from each element, and empty elements |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2504 # removed. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2505 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2506 # Split at commas. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2507 elements = content.split(",") |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2508 # Remove linear whitespace at either end of the string. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2509 elements = [self.http_strip(e) for e in elements] |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2510 # Remove any now-empty elements. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2511 return [e for e in elements if e] |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
2512 |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2513 def handle_range_header(self, length, etag): |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2514 """Handle the 'Range' and 'If-Range' headers. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2515 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2516 'length' -- the length of the content available for the |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2517 resource. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2518 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2519 'etag' -- the entity tag for this resources. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2520 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2521 returns -- If the request headers (including 'Range' and |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2522 'If-Range') indicate that only a portion of the entity should |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2523 be returned, then the return value is a pair '(offfset, |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2524 length)' indicating the first byte and number of bytes of the |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2525 content that should be returned to the client. In addition, |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2526 this method will set 'self.response_code' to indicate Partial |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2527 Content. In all other cases, the return value is 'None'. If |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2528 appropriate, 'self.response_code' will be |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2529 set to indicate 'REQUESTED_RANGE_NOT_SATISFIABLE'. In that |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2530 case, the caller should not send any data to the client.""" |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2531 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2532 # RFC 2616 14.35: Range |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2533 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2534 # See if the Range header is present. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2535 ranges_specifier = self.env.get("HTTP_RANGE") |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2536 if ranges_specifier is None: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2537 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2538 # RFC 2616 14.27: If-Range |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2539 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2540 # Check to see if there is an If-Range header. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2541 # Because the specification says: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2542 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2543 # The If-Range header ... MUST be ignored if the request |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2544 # does not include a Range header, we check for If-Range |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2545 # after checking for Range. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2546 if_range = self.env.get("HTTP_IF_RANGE") |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2547 if if_range: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2548 # The grammar for the If-Range header is: |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
2549 # |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2550 # If-Range = "If-Range" ":" ( entity-tag | HTTP-date ) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2551 # entity-tag = [ weak ] opaque-tag |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2552 # weak = "W/" |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2553 # opaque-tag = quoted-string |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2554 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2555 # We only support strong entity tags. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2556 if_range = self.http_strip(if_range) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2557 if (not if_range.startswith('"') |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2558 or not if_range.endswith('"')): |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2559 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2560 # If the condition doesn't match the entity tag, then we |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2561 # must send the client the entire file. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2562 if if_range != etag: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2563 return |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2564 # The grammar for the Range header value is: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2565 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2566 # ranges-specifier = byte-ranges-specifier |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2567 # byte-ranges-specifier = bytes-unit "=" byte-range-set |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2568 # byte-range-set = 1#( byte-range-spec | suffix-byte-range-spec ) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2569 # byte-range-spec = first-byte-pos "-" [last-byte-pos] |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2570 # first-byte-pos = 1*DIGIT |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2571 # last-byte-pos = 1*DIGIT |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2572 # suffix-byte-range-spec = "-" suffix-length |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2573 # suffix-length = 1*DIGIT |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2574 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2575 # Look for the "=" separating the units from the range set. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2576 specs = ranges_specifier.split("=", 1) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2577 if len(specs) != 2: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2578 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2579 # Check that the bytes-unit is in fact "bytes". If it is not, |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2580 # we do not know how to process this range. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2581 bytes_unit = self.http_strip(specs[0]) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2582 if bytes_unit != "bytes": |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2583 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2584 # Seperate the range-set into range-specs. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2585 byte_range_set = self.http_strip(specs[1]) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2586 byte_range_specs = self.http_split(byte_range_set) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2587 # We only handle exactly one range at this time. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2588 if len(byte_range_specs) != 1: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2589 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2590 # Parse the spec. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2591 byte_range_spec = byte_range_specs[0] |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2592 pos = byte_range_spec.split("-", 1) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2593 if len(pos) != 2: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2594 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2595 # Get the first and last bytes. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2596 first = self.http_strip(pos[0]) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2597 last = self.http_strip(pos[1]) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2598 # We do not handle suffix ranges. |
|
6977
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
2599 # Note this also captures atempts to make first |
|
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
2600 # element of range a negative number. |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2601 if not first: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2602 return None |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2603 # Convert the first and last positions to integers. |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2604 try: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2605 first = int(first) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2606 if last: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2607 last = int(last) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2608 else: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2609 last = length - 1 |
| 6976 | 2610 except ValueError: |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2611 # The positions could not be parsed as integers. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2612 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2613 # Check that the range makes sense. |
|
6977
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
2614 # Note, if range is -1-10, first = '', so this code will never |
|
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
2615 # be reached. if range = 1--10, this code is reached. |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2616 if (first < 0 or last < 0 or last < first): |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2617 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2618 if last >= length: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2619 # RFC 2616 10.4.17: 416 Requested Range Not Satisfiable |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2620 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2621 # If there is an If-Range header, RFC 2616 says that we |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2622 # should just ignore the invalid Range header. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2623 if if_range: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2624 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2625 # Return code 416 with a Content-Range header giving the |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2626 # allowable range. |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
2627 self.response_code = http_.client.REQUESTED_RANGE_NOT_SATISFIABLE |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2628 self.setHeader("Content-Range", "bytes */%d" % length) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2629 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2630 # RFC 2616 10.2.7: 206 Partial Content |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2631 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2632 # Tell the client that we are honoring the Range request by |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2633 # indicating that we are providing partial content. |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
2634 self.response_code = http_.client.PARTIAL_CONTENT |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2635 # RFC 2616 14.16: Content-Range |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2636 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2637 # Tell the client what data we are providing. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2638 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2639 # content-range-spec = byte-content-range-spec |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2640 # byte-content-range-spec = bytes-unit SP |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2641 # byte-range-resp-spec "/" |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2642 # ( instance-length | "*" ) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2643 # byte-range-resp-spec = (first-byte-pos "-" last-byte-pos) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2644 # | "*" |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2645 # instance-length = 1 * DIGIT |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2646 self.setHeader("Content-Range", |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2647 "bytes %d-%d/%d" % (first, last, length)) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2648 return (first, last - first + 1) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2649 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2650 def write_file(self, filename): |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2651 """Send the contents of 'filename' to the user. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2652 Send an acceptable pre-compressed version of the |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2653 file if it is newer than the uncompressed version. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2654 """ |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2655 |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2656 # Assume we will return the entire file. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2657 offset = 0 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2658 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2659 # initalize length from uncompressed file |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2660 stat_info = os.stat(filename) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2661 length = stat_info[stat.ST_SIZE] |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2662 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2663 # Determine if we are sending a range. If so, compress |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2664 # on the fly. Otherwise see if we have a suitable |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2665 # pre-compressed/encoded file we can send. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2666 if not self.env.get("HTTP_RANGE"): |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2667 # no range, search for file in list ordered |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2668 # from best to worst alternative |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2669 encoding_list = self.determine_content_encoding(list_all=True, |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2670 precompressed=True) |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2671 if encoding_list and self.db.config.WEB_USE_PRECOMPRESSED_FILES: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2672 # do we need to search through list? If best is not |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2673 # precompressed, on the fly compress with best? |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2674 # by searching list we will respond with precompressed |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2675 # 2nd best or worse. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2676 for encoder in encoding_list: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2677 try: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2678 trial_filename = '%s.%s' % (filename, encoder) |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2679 trial_stat_info = os.stat(trial_filename) |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2680 if stat_info[stat.ST_MTIME] > \ |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2681 trial_stat_info[stat.ST_MTIME]: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2682 # compressed file is obsolete |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2683 # don't use it |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2684 logger.warning(self._( |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2685 "Cache failure: " |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2686 "compressed file %(compressed)s is " |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2687 "older than its source file " |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2688 "%(filename)s" % { |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2689 'filename': filename, |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2690 'compressed': trial_filename})) |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2691 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2692 continue |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2693 filename = trial_filename |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2694 length = trial_stat_info[stat.ST_SIZE] |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2695 self.setHeader('Content-Encoding', encoder) |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2696 self.setVary('Accept-Encoding') |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2697 break |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2698 # except FileNotFoundError: py2/py3 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2699 # compatible version |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2700 except EnvironmentError as e: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2701 if e.errno != errno.ENOENT: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2702 raise |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2703 |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
2704 # If the headers have not already been finalized, |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2705 if not self.headers_done: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2706 # RFC 2616 14.19: ETag |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2707 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2708 # Compute the entity tag, in a format similar to that |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2709 # used by Apache. |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2710 # |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2711 # Tag does *not* change with Content-Encoding. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2712 # Header 'Vary: Accept-Encoding' is returned with response. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2713 # RFC2616 section 13.32 discusses etag and references |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2714 # section 14.44 (Vary header) as being applicable to etag. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2715 # Hence the intermediate proxy should/must match |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2716 # Accept-Encoding and ETag to determine whether to return |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2717 # a 304 or report cache miss and fetch from origin server. |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2718 etag = '"%x-%x-%x"' % (stat_info[stat.ST_INO], |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2719 length, |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2720 stat_info[stat.ST_MTIME]) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2721 self.setHeader("ETag", etag) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2722 # RFC 2616 14.5: Accept-Ranges |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2723 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2724 # Let the client know that we will accept range requests. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2725 self.setHeader("Accept-Ranges", "bytes") |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2726 # RFC 2616 14.35: Range |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2727 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2728 # If there is a Range header, we may be able to avoid |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2729 # sending the entire file. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2730 content_range = self.handle_range_header(length, etag) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2731 if content_range: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2732 offset, length = content_range |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2733 # RFC 2616 14.13: Content-Length |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2734 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2735 # Tell the client how much data we are providing. |
| 4145 | 2736 self.setHeader("Content-Length", str(length)) |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2737 # If the client doesn't actually want the body, or if we are |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2738 # indicating an invalid range. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2739 if (self.env['REQUEST_METHOD'] == 'HEAD' |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2740 or self.response_code == |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2741 http_.client.REQUESTED_RANGE_NOT_SATISFIABLE): |
|
6656
b83b90d57846
Fix header value. needs to be string not integer.
John Rouillard <rouilj@ieee.org>
parents:
6649
diff
changeset
|
2742 self.setHeader("Content-Length", "0") |
|
6649
33616bc80baf
Fix hang in unsatisfyable range or HEAD request for static file
John Rouillard <rouilj@ieee.org>
parents:
6588
diff
changeset
|
2743 self.header() |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2744 return |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2745 # Use the optimized "sendfile" operation, if possible. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2746 if hasattr(self.request, "sendfile"): |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2747 self.header() |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2748 self._socket_op(self.request.sendfile, filename, offset, length) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2749 return |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2750 # Fallback to the "write" operation. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2751 f = open(filename, 'rb') |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2752 try: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2753 if offset: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2754 f.seek(offset) |
| 4077 | 2755 content = f.read(length) |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2756 finally: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2757 f.close() |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2758 self.write(content) |
|
4047
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
2759 |
|
2046
f913b6beac35
document and make easier the actions-returning-content idiom
Richard Jones <richard@users.sourceforge.net>
parents:
2045
diff
changeset
|
2760 def setHeader(self, header, value): |
|
6544
9aa8df0b4426
issue2551178 - fix Traceback in Apache WSGI
John Rouillard <rouilj@ieee.org>
parents:
6539
diff
changeset
|
2761 """Override or delete a header to be returned to the user's browser. |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
2762 """ |
|
6544
9aa8df0b4426
issue2551178 - fix Traceback in Apache WSGI
John Rouillard <rouilj@ieee.org>
parents:
6539
diff
changeset
|
2763 if value is None: |
|
9aa8df0b4426
issue2551178 - fix Traceback in Apache WSGI
John Rouillard <rouilj@ieee.org>
parents:
6539
diff
changeset
|
2764 try: |
|
7571
f8b07ffd0226
flake8: add space between return, del and (
John Rouillard <rouilj@ieee.org>
parents:
7556
diff
changeset
|
2765 del (self.additional_headers[header]) |
|
6544
9aa8df0b4426
issue2551178 - fix Traceback in Apache WSGI
John Rouillard <rouilj@ieee.org>
parents:
6539
diff
changeset
|
2766 except KeyError: |
|
9aa8df0b4426
issue2551178 - fix Traceback in Apache WSGI
John Rouillard <rouilj@ieee.org>
parents:
6539
diff
changeset
|
2767 pass |
|
9aa8df0b4426
issue2551178 - fix Traceback in Apache WSGI
John Rouillard <rouilj@ieee.org>
parents:
6539
diff
changeset
|
2768 else: |
|
9aa8df0b4426
issue2551178 - fix Traceback in Apache WSGI
John Rouillard <rouilj@ieee.org>
parents:
6539
diff
changeset
|
2769 self.additional_headers[header] = value |
|
2046
f913b6beac35
document and make easier the actions-returning-content idiom
Richard Jones <richard@users.sourceforge.net>
parents:
2045
diff
changeset
|
2770 |
|
1120
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
2771 def header(self, headers=None, response=None): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
2772 """Put up the appropriate header. |
|
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
2773 """ |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2774 if headers is None: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2775 headers = {'Content-Type': 'text/html; charset=utf-8'} |
|
1120
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
2776 if response is None: |
|
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
2777 response = self.response_code |
|
1130
89bd02ffe4af
tell clients/caches not to cache our dynamic bits
Richard Jones <richard@users.sourceforge.net>
parents:
1129
diff
changeset
|
2778 |
|
89bd02ffe4af
tell clients/caches not to cache our dynamic bits
Richard Jones <richard@users.sourceforge.net>
parents:
1129
diff
changeset
|
2779 # update with additional info |
|
1120
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
2780 headers.update(self.additional_headers) |
|
1130
89bd02ffe4af
tell clients/caches not to cache our dynamic bits
Richard Jones <richard@users.sourceforge.net>
parents:
1129
diff
changeset
|
2781 |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
2782 if headers.get('Content-Type', 'text/html') == 'text/html': |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
2783 headers['Content-Type'] = 'text/html; charset=utf-8' |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
2784 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2785 if response in [204, 304]: # has no body so no content-type |
|
7571
f8b07ffd0226
flake8: add space between return, del and (
John Rouillard <rouilj@ieee.org>
parents:
7556
diff
changeset
|
2786 del (headers['Content-Type']) |
|
6509
1fc765ef6379
Fix 204 responses, hangs and crashes with REST.
John Rouillard <rouilj@ieee.org>
parents:
6504
diff
changeset
|
2787 |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
2788 headers = list(headers.items()) |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
2789 |
|
5395
23b8e6067f7c
Python 3 preparation: update calls to dict methods.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5378
diff
changeset
|
2790 for ((path, name), (value, expire)) in self._cookies.items(): |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2791 cookie = "%s=%s; Path=%s;" % (name, value, path) |
|
3548
61d48244e7a8
login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents:
3494
diff
changeset
|
2792 if expire is not None: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2793 cookie += " expires=%s;" % get_cookie_date(expire) |
|
4586
b21bb66de6ff
Mark cookies HttpOnly and -- if https is used -- secure.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4578
diff
changeset
|
2794 # mark as secure if https, see issue2550689 |
|
b21bb66de6ff
Mark cookies HttpOnly and -- if https is used -- secure.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4578
diff
changeset
|
2795 if self.secure: |
|
b21bb66de6ff
Mark cookies HttpOnly and -- if https is used -- secure.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4578
diff
changeset
|
2796 cookie += " secure;" |
|
5212
d4cc71beb102
Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents:
5211
diff
changeset
|
2797 ssc = self.db.config['WEB_SAMESITE_COOKIE_SETTING'] |
|
d4cc71beb102
Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents:
5211
diff
changeset
|
2798 if ssc != "None": |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2799 cookie += " SameSite=%s;" % ssc |
|
4586
b21bb66de6ff
Mark cookies HttpOnly and -- if https is used -- secure.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4578
diff
changeset
|
2800 # prevent theft of session cookie, see issue2550689 |
|
b21bb66de6ff
Mark cookies HttpOnly and -- if https is used -- secure.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4578
diff
changeset
|
2801 cookie += " HttpOnly;" |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
2802 headers.append(('Set-Cookie', cookie)) |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
2803 |
|
3760
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2804 self._socket_op(self.request.start_response, headers, response) |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
2805 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2806 self.headers_done = 1 |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2807 if self.debug: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2808 self.headers_sent = headers |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2809 |
|
2946
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
2810 def add_cookie(self, name, value, expire=86400*365, path=None): |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
2811 """Set a cookie value to be sent in HTTP headers |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
2812 |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
2813 Parameters: |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
2814 name: |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
2815 cookie name |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
2816 value: |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
2817 cookie value |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
2818 expire: |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
2819 cookie expiration time (seconds). |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
2820 If value is empty (meaning "delete cookie"), |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
2821 expiration time is forced in the past |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
2822 and this argument is ignored. |
|
3548
61d48244e7a8
login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents:
3494
diff
changeset
|
2823 If None, the cookie will expire at end-of-session. |
|
2946
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
2824 If omitted, the cookie will be kept for a year. |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
2825 path: |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
2826 cookie path (optional) |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
2827 |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
2828 """ |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
2829 if path is None: |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
2830 path = self.cookie_path |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
2831 if not value: |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
2832 expire = -1 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
2833 self._cookies[(path, name)] = (value, expire) |
|
2946
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
2834 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2835 def make_user_anonymous(self): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
2836 """ Make us anonymous |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2837 |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2838 This method used to handle non-existence of the 'anonymous' |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2839 user, but that user is mandatory now. |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
2840 """ |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2841 self.userid = self.db.user.lookup('anonymous') |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2842 self.user = 'anonymous' |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2843 |
|
1801
9f9d35f3d8f7
Change the message asking for confirmation of registration...
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
1799
diff
changeset
|
2844 def standard_message(self, to, subject, body, author=None): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
2845 """Send a standard email message from Roundup. |
|
2248
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
2846 |
|
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
2847 "to" - recipients list |
|
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
2848 "subject" - Subject |
|
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
2849 "body" - Message |
|
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
2850 "author" - (name, address) tuple or None for admin email |
|
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
2851 |
|
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
2852 Arguments are passed to the Mailer.standard_message code. |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
2853 """ |
|
1799
071ea6fc803f
Extracted duplicated mail-sending code...
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
1798
diff
changeset
|
2854 try: |
|
1801
9f9d35f3d8f7
Change the message asking for confirmation of registration...
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
1799
diff
changeset
|
2855 self.mailer.standard_message(to, subject, body, author) |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
2856 except MessageSendError as e: |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
2857 self.add_error_message(str(e)) |
|
2248
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
2858 return 0 |
|
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
2859 return 1 |
|
1467
378081f066cc
registration is now a two-step process with confirmation from the
Richard Jones <richard@users.sourceforge.net>
parents:
1456
diff
changeset
|
2860 |
|
2107
b7404a96b58a
minor pre-release / test fixes
Richard Jones <richard@users.sourceforge.net>
parents:
2082
diff
changeset
|
2861 def parsePropsFromForm(self, create=0): |
|
2010
1b11ffd8015e
forward-porting of fixed edit action / parsePropsFromForm...
Richard Jones <richard@users.sourceforge.net>
parents:
2005
diff
changeset
|
2862 return FormParser(self).parse(create=create) |
|
1b11ffd8015e
forward-porting of fixed edit action / parsePropsFromForm...
Richard Jones <richard@users.sourceforge.net>
parents:
2005
diff
changeset
|
2863 |
|
2799
9605965569b0
disallow caching of pages with error and/or ok messages.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2724
diff
changeset
|
2864 # vim: set et sts=4 sw=4 : |