Mercurial > p > roundup > code
annotate roundup/cgi/wsgi_handler.py @ 5945:40f5b20d1e70
issue2551047: Fix crashes in DELETE, OPTIONS, PATCH
The wsgi handler parses the form data.
This is a partial patch that fixes some crashes and allows OPTIONS to
be passed through the system. Before it was rejected with a 501 error.
Other modes (cgi, roundup-server) use the code in the __init__method
of the Client class in client.py to parse the input form. The Client
code has been modified to parse and pass json input data. I think
these changes have to be included in the wsgi handler as well.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 22 Oct 2019 23:36:10 -0400 |
| parents | 883c9e90b403 |
| children | 82816000aef3 |
| rev | line source |
|---|---|
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1 # WSGI interface for Roundup Issue Tracker |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2 # |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
3 # This module is free software, you may redistribute it |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
4 # and/or modify under the same terms as Python. |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
5 # |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
6 |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
7 import os |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
8 import cgi |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
9 import weakref |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
10 |
|
5837
883c9e90b403
Fix problem with cgi.escape being depricated a different way. This way
John Rouillard <rouilj@ieee.org>
parents:
5823
diff
changeset
|
11 from roundup.anypy.html import html_escape |
|
5800
1a835db41674
Call cgi.escape only on python 2. Replace with html.escapeif it can be
John Rouillard <rouilj@ieee.org>
parents:
5664
diff
changeset
|
12 |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
13 import roundup.instance |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
14 from roundup.cgi import TranslationService |
|
5409
277e91bf7936
Python 3 preparation: update BaseHTTPServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5378
diff
changeset
|
15 from roundup.anypy import http_ |
|
5609
dccf9b7e5ee4
Fix CSV export with WSGI and Python 3 (issue2551019).
Tom Ekberg <tekberg@uw.edu>
parents:
5539
diff
changeset
|
16 from roundup.anypy.strings import s2b, bs2b |
|
5945
40f5b20d1e70
issue2551047: Fix crashes in DELETE, OPTIONS, PATCH
John Rouillard <rouilj@ieee.org>
parents:
5837
diff
changeset
|
17 |
|
40f5b20d1e70
issue2551047: Fix crashes in DELETE, OPTIONS, PATCH
John Rouillard <rouilj@ieee.org>
parents:
5837
diff
changeset
|
18 from roundup.cgi.client import BinaryFieldStorage |
|
40f5b20d1e70
issue2551047: Fix crashes in DELETE, OPTIONS, PATCH
John Rouillard <rouilj@ieee.org>
parents:
5837
diff
changeset
|
19 |
|
5409
277e91bf7936
Python 3 preparation: update BaseHTTPServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5378
diff
changeset
|
20 BaseHTTPRequestHandler = http_.server.BaseHTTPRequestHandler |
|
277e91bf7936
Python 3 preparation: update BaseHTTPServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5378
diff
changeset
|
21 DEFAULT_ERROR_MESSAGE = http_.server.DEFAULT_ERROR_MESSAGE |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
22 |
| 5821 | 23 class Headers(object): |
| 24 """ Idea more or less stolen from the 'apache.py' in same directory. | |
| 25 Except that wsgi stores http headers in environment. | |
| 26 """ | |
| 27 def __init__(self, environ): | |
| 28 self.environ = environ | |
| 29 | |
| 30 def mangle_name(self, name): | |
|
5823
edd9e2c67785
Make REST-API updates work with WSGI
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5821
diff
changeset
|
31 """ Content-Type is handled specially, it doesn't have a HTTP_ |
|
edd9e2c67785
Make REST-API updates work with WSGI
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5821
diff
changeset
|
32 prefix in cgi. |
|
edd9e2c67785
Make REST-API updates work with WSGI
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5821
diff
changeset
|
33 """ |
| 5821 | 34 n = name.replace('-', '_').upper() |
|
5823
edd9e2c67785
Make REST-API updates work with WSGI
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5821
diff
changeset
|
35 if n == 'CONTENT_TYPE': |
|
edd9e2c67785
Make REST-API updates work with WSGI
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5821
diff
changeset
|
36 return n |
| 5821 | 37 return 'HTTP_' + n |
| 38 | |
| 39 def get(self, name, default = None): | |
| 40 return self.environ.get(self.mangle_name(name), default) | |
| 41 getheader = get | |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
42 |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
43 class Writer(object): |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
44 '''Perform a start_response if need be when we start writing.''' |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
45 def __init__(self, request): |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
46 self.request = request #weakref.ref(request) |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
47 def write(self, data): |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
48 f = self.request.get_wfile() |
|
5609
dccf9b7e5ee4
Fix CSV export with WSGI and Python 3 (issue2551019).
Tom Ekberg <tekberg@uw.edu>
parents:
5539
diff
changeset
|
49 self.write = lambda data: f(bs2b(data)) |
|
dccf9b7e5ee4
Fix CSV export with WSGI and Python 3 (issue2551019).
Tom Ekberg <tekberg@uw.edu>
parents:
5539
diff
changeset
|
50 return self.write(data) |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
51 |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
52 class RequestDispatcher(object): |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
53 def __init__(self, home, debug=False, timing=False, lang=None): |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
54 assert os.path.isdir(home), '%r is not a directory'%(home,) |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
55 self.home = home |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
56 self.debug = debug |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
57 self.timing = timing |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
58 if lang: |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
59 self.translator = TranslationService.get_translation(lang, |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
60 tracker_home=home) |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
61 else: |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
62 self.translator = None |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
63 |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
64 def __call__(self, environ, start_response): |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
65 """Initialize with `apache.Request` object""" |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
66 self.environ = environ |
|
3990
0728808fdf5c
make WSGI threadsafe
Richard Jones <richard@users.sourceforge.net>
parents:
3736
diff
changeset
|
67 request = RequestDispatcher(self.home, self.debug, self.timing) |
|
0728808fdf5c
make WSGI threadsafe
Richard Jones <richard@users.sourceforge.net>
parents:
3736
diff
changeset
|
68 request.__start_response = start_response |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
69 |
|
3990
0728808fdf5c
make WSGI threadsafe
Richard Jones <richard@users.sourceforge.net>
parents:
3736
diff
changeset
|
70 request.wfile = Writer(request) |
|
0728808fdf5c
make WSGI threadsafe
Richard Jones <richard@users.sourceforge.net>
parents:
3736
diff
changeset
|
71 request.__wfile = None |
| 5821 | 72 request.headers = Headers(environ) |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
73 |
|
4292
859ab007829f
Handle OPTIONS http request method in wsgi handler, fixes issue2550587.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3990
diff
changeset
|
74 if environ ['REQUEST_METHOD'] == 'OPTIONS': |
|
5945
40f5b20d1e70
issue2551047: Fix crashes in DELETE, OPTIONS, PATCH
John Rouillard <rouilj@ieee.org>
parents:
5837
diff
changeset
|
75 if environ["PATH_INFO"][:5] == "/rest": |
|
40f5b20d1e70
issue2551047: Fix crashes in DELETE, OPTIONS, PATCH
John Rouillard <rouilj@ieee.org>
parents:
5837
diff
changeset
|
76 # rest does support options |
|
40f5b20d1e70
issue2551047: Fix crashes in DELETE, OPTIONS, PATCH
John Rouillard <rouilj@ieee.org>
parents:
5837
diff
changeset
|
77 # This I hope will result in self.form=None |
|
40f5b20d1e70
issue2551047: Fix crashes in DELETE, OPTIONS, PATCH
John Rouillard <rouilj@ieee.org>
parents:
5837
diff
changeset
|
78 environ['CONTENT_LENGTH'] = 0 |
|
40f5b20d1e70
issue2551047: Fix crashes in DELETE, OPTIONS, PATCH
John Rouillard <rouilj@ieee.org>
parents:
5837
diff
changeset
|
79 else: |
|
40f5b20d1e70
issue2551047: Fix crashes in DELETE, OPTIONS, PATCH
John Rouillard <rouilj@ieee.org>
parents:
5837
diff
changeset
|
80 code = 501 |
|
40f5b20d1e70
issue2551047: Fix crashes in DELETE, OPTIONS, PATCH
John Rouillard <rouilj@ieee.org>
parents:
5837
diff
changeset
|
81 message, explain = BaseHTTPRequestHandler.responses[code] |
|
40f5b20d1e70
issue2551047: Fix crashes in DELETE, OPTIONS, PATCH
John Rouillard <rouilj@ieee.org>
parents:
5837
diff
changeset
|
82 request.start_response([('Content-Type', 'text/html'), |
|
40f5b20d1e70
issue2551047: Fix crashes in DELETE, OPTIONS, PATCH
John Rouillard <rouilj@ieee.org>
parents:
5837
diff
changeset
|
83 ('Connection', 'close')], code) |
|
40f5b20d1e70
issue2551047: Fix crashes in DELETE, OPTIONS, PATCH
John Rouillard <rouilj@ieee.org>
parents:
5837
diff
changeset
|
84 request.wfile.write(s2b(DEFAULT_ERROR_MESSAGE % locals())) |
|
40f5b20d1e70
issue2551047: Fix crashes in DELETE, OPTIONS, PATCH
John Rouillard <rouilj@ieee.org>
parents:
5837
diff
changeset
|
85 return [] |
|
40f5b20d1e70
issue2551047: Fix crashes in DELETE, OPTIONS, PATCH
John Rouillard <rouilj@ieee.org>
parents:
5837
diff
changeset
|
86 |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
87 tracker = roundup.instance.open(self.home, not self.debug) |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
88 |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
89 # need to strip the leading '/' |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
90 environ["PATH_INFO"] = environ["PATH_INFO"][1:] |
|
3990
0728808fdf5c
make WSGI threadsafe
Richard Jones <richard@users.sourceforge.net>
parents:
3736
diff
changeset
|
91 if request.timing: |
|
0728808fdf5c
make WSGI threadsafe
Richard Jones <richard@users.sourceforge.net>
parents:
3736
diff
changeset
|
92 environ["CGI_SHOW_TIMING"] = request.timing |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
93 |
|
5945
40f5b20d1e70
issue2551047: Fix crashes in DELETE, OPTIONS, PATCH
John Rouillard <rouilj@ieee.org>
parents:
5837
diff
changeset
|
94 form = BinaryFieldStorage(fp=environ['wsgi.input'], environ=environ) |
|
40f5b20d1e70
issue2551047: Fix crashes in DELETE, OPTIONS, PATCH
John Rouillard <rouilj@ieee.org>
parents:
5837
diff
changeset
|
95 |
|
40f5b20d1e70
issue2551047: Fix crashes in DELETE, OPTIONS, PATCH
John Rouillard <rouilj@ieee.org>
parents:
5837
diff
changeset
|
96 if environ ['REQUEST_METHOD'] in ("OPTIONS", "DELETE"): |
|
40f5b20d1e70
issue2551047: Fix crashes in DELETE, OPTIONS, PATCH
John Rouillard <rouilj@ieee.org>
parents:
5837
diff
changeset
|
97 # these methods have no data. When we init tracker.Client |
|
40f5b20d1e70
issue2551047: Fix crashes in DELETE, OPTIONS, PATCH
John Rouillard <rouilj@ieee.org>
parents:
5837
diff
changeset
|
98 # set form to None and request.rfile to None to get a |
|
40f5b20d1e70
issue2551047: Fix crashes in DELETE, OPTIONS, PATCH
John Rouillard <rouilj@ieee.org>
parents:
5837
diff
changeset
|
99 # properly initialized empty form. |
|
40f5b20d1e70
issue2551047: Fix crashes in DELETE, OPTIONS, PATCH
John Rouillard <rouilj@ieee.org>
parents:
5837
diff
changeset
|
100 form = None |
|
40f5b20d1e70
issue2551047: Fix crashes in DELETE, OPTIONS, PATCH
John Rouillard <rouilj@ieee.org>
parents:
5837
diff
changeset
|
101 request.rfile = None |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
102 |
|
3990
0728808fdf5c
make WSGI threadsafe
Richard Jones <richard@users.sourceforge.net>
parents:
3736
diff
changeset
|
103 client = tracker.Client(tracker, request, environ, form, |
|
0728808fdf5c
make WSGI threadsafe
Richard Jones <richard@users.sourceforge.net>
parents:
3736
diff
changeset
|
104 request.translator) |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
105 try: |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
106 client.main() |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
107 except roundup.cgi.client.NotFound: |
|
3990
0728808fdf5c
make WSGI threadsafe
Richard Jones <richard@users.sourceforge.net>
parents:
3736
diff
changeset
|
108 request.start_response([('Content-Type', 'text/html')], 404) |
|
5800
1a835db41674
Call cgi.escape only on python 2. Replace with html.escapeif it can be
John Rouillard <rouilj@ieee.org>
parents:
5664
diff
changeset
|
109 request.wfile.write(s2b('Not found: %s'%html_escape(client.path))) |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
110 |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
111 # all body data has been written using wfile |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
112 return [] |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
113 |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
114 def start_response(self, headers, response_code): |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
115 """Set HTTP response code""" |
|
4303
7aa72c31464d
Fix WSGI response code (thanks Peter Pöml)
Richard Jones <richard@users.sourceforge.net>
parents:
4292
diff
changeset
|
116 message, explain = BaseHTTPRequestHandler.responses[response_code] |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
117 self.__wfile = self.__start_response('%d %s'%(response_code, |
|
4303
7aa72c31464d
Fix WSGI response code (thanks Peter Pöml)
Richard Jones <richard@users.sourceforge.net>
parents:
4292
diff
changeset
|
118 message), headers) |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
119 |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
120 def get_wfile(self): |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
121 if self.__wfile is None: |
|
5378
35ea9b1efc14
Python 3 preparation: "raise" syntax.
Joseph Myers <jsm@polyomino.org.uk>
parents:
4303
diff
changeset
|
122 raise ValueError('start_response() not called') |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
123 return self.__wfile |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
124 |