Mercurial > p > roundup > code
annotate roundup/cgi/client.py @ 8502:dfecb240bc34
chore: ruff whitespace fixes.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Mon, 22 Dec 2025 01:14:14 -0500 |
| parents | b03160d46e9d |
| children | 299edbd03ddf |
| rev | line source |
|---|---|
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1 """WWW request handler (also used in the stand-alone server). |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2 """ |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
3 __docformat__ = 'restructuredtext' |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
4 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
5 import base64 |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
6 import binascii |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
7 import codecs |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
8 import email.utils |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
9 import errno |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
10 import logging |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
11 import mimetypes |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
12 import os |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
13 import re |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
14 import socket |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
15 import stat |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
16 import sys |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
17 import time |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
18 from email.mime.multipart import MIMEMultipart |
|
4543
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
19 from traceback import format_exc |
|
7813
928c20d4344b
chore(ruff): sort imports; tuples for import not supported in python2.
John Rouillard <rouilj@ieee.org>
parents:
7809
diff
changeset
|
20 |
|
4638
1ebc5f16aeda
Ignore OpenSSL.SSL.SysCallError similar to IOError.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4623
diff
changeset
|
21 try: |
|
1ebc5f16aeda
Ignore OpenSSL.SSL.SysCallError similar to IOError.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4623
diff
changeset
|
22 from OpenSSL.SSL import SysCallError |
|
1ebc5f16aeda
Ignore OpenSSL.SSL.SysCallError similar to IOError.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4623
diff
changeset
|
23 except ImportError: |
|
5429
daa19de102a2
Python 3 preparation: make fallback SysCallError an actual exception class.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5422
diff
changeset
|
24 class SysCallError(Exception): |
|
daa19de102a2
Python 3 preparation: make fallback SysCallError an actual exception class.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5422
diff
changeset
|
25 pass |
|
4638
1ebc5f16aeda
Ignore OpenSSL.SSL.SysCallError similar to IOError.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4623
diff
changeset
|
26 |
|
6975
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
27 import roundup.anypy.email_ # noqa: F401 -- patches for email library code |
|
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
28 from roundup import hyperdb, rest, xmlrpc |
|
8104
0e01299414a8
chore(lint): format imports and add/remove blank lines.
John Rouillard <rouilj@ieee.org>
parents:
8062
diff
changeset
|
29 |
|
7813
928c20d4344b
chore(ruff): sort imports; tuples for import not supported in python2.
John Rouillard <rouilj@ieee.org>
parents:
7809
diff
changeset
|
30 # quality of random checked below |
|
928c20d4344b
chore(ruff): sort imports; tuples for import not supported in python2.
John Rouillard <rouilj@ieee.org>
parents:
7809
diff
changeset
|
31 from roundup.anypy import http_, random_, urllib_, xmlrpc_ |
|
928c20d4344b
chore(ruff): sort imports; tuples for import not supported in python2.
John Rouillard <rouilj@ieee.org>
parents:
7809
diff
changeset
|
32 from roundup.anypy.cgi_ import cgi |
|
928c20d4344b
chore(ruff): sort imports; tuples for import not supported in python2.
John Rouillard <rouilj@ieee.org>
parents:
7809
diff
changeset
|
33 from roundup.anypy.cookie_ import BaseCookie, CookieError, SimpleCookie, get_cookie_date |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
34 from roundup.anypy.html import html_escape |
|
7813
928c20d4344b
chore(ruff): sort imports; tuples for import not supported in python2.
John Rouillard <rouilj@ieee.org>
parents:
7809
diff
changeset
|
35 from roundup.anypy.strings import b2s, bs2b, is_us, s2b, uchr |
|
928c20d4344b
chore(ruff): sort imports; tuples for import not supported in python2.
John Rouillard <rouilj@ieee.org>
parents:
7809
diff
changeset
|
36 from roundup.cgi import TranslationService, accept_language, actions, cgitb, templating |
|
8104
0e01299414a8
chore(lint): format imports and add/remove blank lines.
John Rouillard <rouilj@ieee.org>
parents:
8062
diff
changeset
|
37 from roundup.cgi.exceptions import ( |
|
0e01299414a8
chore(lint): format imports and add/remove blank lines.
John Rouillard <rouilj@ieee.org>
parents:
8062
diff
changeset
|
38 DetectorError, |
|
0e01299414a8
chore(lint): format imports and add/remove blank lines.
John Rouillard <rouilj@ieee.org>
parents:
8062
diff
changeset
|
39 FormError, |
|
0e01299414a8
chore(lint): format imports and add/remove blank lines.
John Rouillard <rouilj@ieee.org>
parents:
8062
diff
changeset
|
40 IndexerQueryError, |
|
0e01299414a8
chore(lint): format imports and add/remove blank lines.
John Rouillard <rouilj@ieee.org>
parents:
8062
diff
changeset
|
41 NotFound, |
|
0e01299414a8
chore(lint): format imports and add/remove blank lines.
John Rouillard <rouilj@ieee.org>
parents:
8062
diff
changeset
|
42 NotModified, |
|
8408
e882a5d52ae5
refactor: move RateLimitExceeded to roundup.cgi.exceptions
John Rouillard <rouilj@ieee.org>
parents:
8386
diff
changeset
|
43 RateLimitExceeded, |
|
8411
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
44 Reauth, |
|
8104
0e01299414a8
chore(lint): format imports and add/remove blank lines.
John Rouillard <rouilj@ieee.org>
parents:
8062
diff
changeset
|
45 Redirect, |
|
0e01299414a8
chore(lint): format imports and add/remove blank lines.
John Rouillard <rouilj@ieee.org>
parents:
8062
diff
changeset
|
46 SendFile, |
|
0e01299414a8
chore(lint): format imports and add/remove blank lines.
John Rouillard <rouilj@ieee.org>
parents:
8062
diff
changeset
|
47 SendStaticFile, |
|
0e01299414a8
chore(lint): format imports and add/remove blank lines.
John Rouillard <rouilj@ieee.org>
parents:
8062
diff
changeset
|
48 SeriousError, |
|
0e01299414a8
chore(lint): format imports and add/remove blank lines.
John Rouillard <rouilj@ieee.org>
parents:
8062
diff
changeset
|
49 ) |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
50 from roundup.cgi.form_parser import FormParser |
|
8104
0e01299414a8
chore(lint): format imports and add/remove blank lines.
John Rouillard <rouilj@ieee.org>
parents:
8062
diff
changeset
|
51 from roundup.exceptions import ( |
|
0e01299414a8
chore(lint): format imports and add/remove blank lines.
John Rouillard <rouilj@ieee.org>
parents:
8062
diff
changeset
|
52 LoginError, |
|
0e01299414a8
chore(lint): format imports and add/remove blank lines.
John Rouillard <rouilj@ieee.org>
parents:
8062
diff
changeset
|
53 Reject, |
|
0e01299414a8
chore(lint): format imports and add/remove blank lines.
John Rouillard <rouilj@ieee.org>
parents:
8062
diff
changeset
|
54 RejectRaw, |
|
0e01299414a8
chore(lint): format imports and add/remove blank lines.
John Rouillard <rouilj@ieee.org>
parents:
8062
diff
changeset
|
55 Unauthorised, |
|
0e01299414a8
chore(lint): format imports and add/remove blank lines.
John Rouillard <rouilj@ieee.org>
parents:
8062
diff
changeset
|
56 UsageError, |
|
0e01299414a8
chore(lint): format imports and add/remove blank lines.
John Rouillard <rouilj@ieee.org>
parents:
8062
diff
changeset
|
57 ) |
|
8241
741ea8a86012
fix: issue2551374. Error handling for filter expressions.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
58 |
|
8446
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8412
diff
changeset
|
59 from roundup.logcontext import gen_trace_id, store_trace_reason |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8412
diff
changeset
|
60 from roundup.mailer import Mailer, MessageSendError |
|
8241
741ea8a86012
fix: issue2551374. Error handling for filter expressions.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
61 from roundup.mlink_expr import ExpressionError |
|
8500
b03160d46e9d
bug: don't reference vendored outside of anypy modules
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
62 from roundup.performance import report_object_use |
|
8241
741ea8a86012
fix: issue2551374. Error handling for filter expressions.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
63 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
64 logger = logging.getLogger('roundup') |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
65 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
66 if not random_.is_weak: |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
67 logger.debug("Importing good random generator") |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
68 else: |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
69 logger.warning("**SystemRandom not available. Using poor random generator") |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
70 |
|
8104
0e01299414a8
chore(lint): format imports and add/remove blank lines.
John Rouillard <rouilj@ieee.org>
parents:
8062
diff
changeset
|
71 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
72 def initialiseSecurity(security): |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
73 '''Create some Permissions and Roles on the security object |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
74 |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
75 This function is directly invoked by security.Security.__init__() |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
76 as a part of the Security object instantiation. |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
77 ''' |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
78 p = security.addPermission( |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
79 name="Web Access", |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
80 description="User may access the web interface") |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
81 security.addPermissionToRole('Admin', p) |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
82 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
83 p = security.addPermission( |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
84 name="Rest Access", |
|
5879
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
85 description="User may access the rest interface") |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
86 security.addPermissionToRole('Admin', p) |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
87 |
|
6975
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
88 p = security.addPermission( |
|
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
89 name="Xmlrpc Access", |
|
5879
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
90 description="User may access the xmlrpc interface") |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
91 security.addPermissionToRole('Admin', p) |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
92 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
93 # doing Role stuff through the web - make sure Admin can |
|
3276
3124e578db02
Email fixes:
Richard Jones <richard@users.sourceforge.net>
parents:
3069
diff
changeset
|
94 # TODO: deprecate this and use a property-based control |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
95 p = security.addPermission( |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
96 name="Web Roles", |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
97 description="User may manipulate user Roles through the web") |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
98 security.addPermissionToRole('Admin', p) |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
99 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
100 |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
101 def add_message(msg_list, msg, escape=True): |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
102 if escape: |
|
5804
8f50e00532e7
html.escape(string, quote=...) sets quote to True not False by
John Rouillard <rouilj@ieee.org>
parents:
5802
diff
changeset
|
103 msg = html_escape(msg, quote=False).replace('\n', '<br />\n') |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
104 else: |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
105 msg = msg.replace('\n', '<br />\n') |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
106 msg_list.append(msg) |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
107 return msg_list # for unittests |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
108 |
|
8502
dfecb240bc34
chore: ruff whitespace fixes.
John Rouillard <rouilj@ieee.org>
parents:
8500
diff
changeset
|
109 |
|
8237
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8209
diff
changeset
|
110 # if set to False via interfaces.py do not log a warning when |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8209
diff
changeset
|
111 # xmlrpc is used and defusedxml is not installed. |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8209
diff
changeset
|
112 WARN_FOR_MISSING_DEFUSEDXML = True |
|
3916
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
113 |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
114 default_err_msg = ''"""<html><head><title>An error has occurred</title></head> |
|
3554
5e70726a86dd
fixed schema migration problem when Class keys were removed
Richard Jones <richard@users.sourceforge.net>
parents:
3551
diff
changeset
|
115 <body><h1>An error has occurred</h1> |
|
3551
3c70ab03c917
translate error message shown instead of tracebacks, add page title
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3548
diff
changeset
|
116 <p>A problem was encountered processing your request. |
|
3c70ab03c917
translate error message shown instead of tracebacks, add page title
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3548
diff
changeset
|
117 The tracker maintainers have been notified of the problem.</p> |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
118 </body></html>""" |
|
3548
61d48244e7a8
login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents:
3494
diff
changeset
|
119 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
120 |
|
5356
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
121 def seed_pseudorandom(): |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
122 '''A function to seed the default pseudorandom random number generator |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
123 which is used to (at minimum): |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
124 * generate part of email message-id |
|
5356
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
125 * generate OTK for password reset |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
126 * generate the temp recovery password |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
127 |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
128 This function limits the scope of the 'import random' call |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
129 as the random identifier is used throughout the code and |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
130 can refer to SystemRandom. |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
131 ''' |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
132 import random |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
133 random.seed() |
|
3916
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
134 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
135 |
|
3916
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
136 class LiberalCookie(SimpleCookie): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
137 """ Python's SimpleCookie throws an exception if the cookie uses invalid |
|
3916
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
138 syntax. Other applications on the same server may have done precisely |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
139 this, preventing roundup from working through no fault of roundup. |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
140 Numerous other python apps have run into the same problem: |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
141 |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
142 trac: http://trac.edgewall.org/ticket/2256 |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
143 mailman: http://bugs.python.org/issue472646 |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
144 |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
145 This particular implementation comes from trac's solution to the |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
146 problem. Unfortunately it requires some hackery in SimpleCookie's |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
147 internals to provide a more liberal __set method. |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
148 """ |
|
3916
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
149 def load(self, rawdata, ignore_parse_errors=True): |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
150 if ignore_parse_errors: |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
151 self.bad_cookies = [] |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
152 self._BaseCookie__set = self._loose_set |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
153 SimpleCookie.load(self, rawdata) |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
154 if ignore_parse_errors: |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
155 self._BaseCookie__set = self._strict_set |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
156 for key in self.bad_cookies: |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
157 del self[key] |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
158 |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
159 _strict_set = BaseCookie._BaseCookie__set |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
160 |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
161 def _loose_set(self, key, real_value, coded_value): |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
162 try: |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
163 self._strict_set(key, real_value, coded_value) |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
164 except CookieError: |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
165 self.bad_cookies.append(key) |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
166 dict.__setitem__(self, key, None) |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
167 |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
168 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
169 class Session: |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
170 """ |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
171 Needs DB to be already opened by client |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
172 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
173 Session attributes at instantiation: |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
174 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
175 - "client" - reference to client for add_cookie function |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
176 - "session_db" - session DB manager |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
177 - "cookie_name" - name of the cookie with session id |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
178 - "_sid" - session id for current user |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
179 - "_data" - session data cache |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
180 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
181 session = Session(client) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
182 session.set(name=value) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
183 value = session.get(name) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
184 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
185 session.destroy() # delete current session |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
186 session.clean_up() # clean up session table |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
187 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
188 session.update(set_cookie=True, expire=3600*24*365) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
189 # refresh session expiration time, setting persistent |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
190 # cookie if needed to last for 'expire' seconds |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
191 |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
192 """ |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
193 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
194 def __init__(self, client): |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
195 self._data = {} |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
196 self._sid = None |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
197 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
198 self.client = client |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
199 self.session_db = client.db.getSessionManager() |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
200 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
201 # parse cookies for session id |
|
8168
3f0f4746dc7e
issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents:
8104
diff
changeset
|
202 if self.client.secure: |
|
3f0f4746dc7e
issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents:
8104
diff
changeset
|
203 cookie_template = '__Secure-roundup_session_%s' |
|
3f0f4746dc7e
issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents:
8104
diff
changeset
|
204 else: |
|
3f0f4746dc7e
issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents:
8104
diff
changeset
|
205 cookie_template = 'roundup_session_%s' |
|
3f0f4746dc7e
issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents:
8104
diff
changeset
|
206 self.cookie_name = cookie_template % \ |
|
3f0f4746dc7e
issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents:
8104
diff
changeset
|
207 re.sub('[^a-zA-Z]', '', client.instance.config.TRACKER_NAME) |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
208 cookies = LiberalCookie(client.env.get('HTTP_COOKIE', '')) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
209 if self.cookie_name in cookies: |
|
6813
6b636fb29740
Refactor client.py session cookie code. Remove session db access.
John Rouillard <rouilj@ieee.org>
parents:
6693
diff
changeset
|
210 try: |
|
6b636fb29740
Refactor client.py session cookie code. Remove session db access.
John Rouillard <rouilj@ieee.org>
parents:
6693
diff
changeset
|
211 self._sid = cookies[self.cookie_name].value |
|
6b636fb29740
Refactor client.py session cookie code. Remove session db access.
John Rouillard <rouilj@ieee.org>
parents:
6693
diff
changeset
|
212 self._data = self.session_db.getall(self._sid) |
|
6b636fb29740
Refactor client.py session cookie code. Remove session db access.
John Rouillard <rouilj@ieee.org>
parents:
6693
diff
changeset
|
213 except KeyError: |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
214 self._sid = None |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
215 # remove old cookie |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
216 self.client.add_cookie(self.cookie_name, None) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
217 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
218 def _gen_sid(self): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
219 """ generate a unique session key """ |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
220 while 1: |
|
6082
a3221c686736
changing the sid after checking for collisions defeats the purpose
Christof Meerwald <cmeerw@cmeerw.org>
parents:
6053
diff
changeset
|
221 s = b2s(binascii.b2a_base64(random_.token_bytes(32)).strip()).rstrip('=') |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
222 if not self.session_db.exists(s): |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
223 break |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
224 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
225 return s |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
226 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
227 def clean_up(self): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
228 """Remove expired sessions""" |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
229 self.session_db.clean() |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
230 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
231 def destroy(self): |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
232 self.client.add_cookie(self.cookie_name, None) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
233 self._data = {} |
|
6147
f35ca71c9f2e
fixed logout action when there is no session
Christof Meerwald <cmeerw@cmeerw.org>
parents:
6082
diff
changeset
|
234 if self._sid: |
|
f35ca71c9f2e
fixed logout action when there is no session
Christof Meerwald <cmeerw@cmeerw.org>
parents:
6082
diff
changeset
|
235 self.session_db.destroy(self._sid) |
|
f35ca71c9f2e
fixed logout action when there is no session
Christof Meerwald <cmeerw@cmeerw.org>
parents:
6082
diff
changeset
|
236 self.session_db.commit() |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
237 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
238 def get(self, name, default=None): |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
239 return self._data.get(name, default) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
240 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
241 def set(self, **kwargs): |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
242 self._data.update(kwargs) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
243 if not self._sid: |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
244 self._sid = self._gen_sid() |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
245 self.session_db.set(self._sid, **self._data) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
246 # add session cookie |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
247 self.update(set_cookie=True) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
248 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
249 # XXX added when patching 1.4.4 for backward compatibility |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
250 # XXX remove |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
251 self.client.session = self._sid |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
252 else: |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
253 self.session_db.set(self._sid, **self._data) |
|
5319
62de601bdf6f
Fix commits although a Reject exception is raised
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
254 self.session_db.commit() |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
255 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
256 def update(self, set_cookie=False, expire=None): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
257 """ update timestamp in db to avoid expiration |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
258 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
259 if 'set_cookie' is True, set cookie with 'expire' seconds lifetime |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
260 if 'expire' is None - session will be closed with the browser |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
261 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
262 XXX the session can be purged within a week even if a cookie |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
263 lifetime is longer |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
264 """ |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
265 self.session_db.updateTimestamp(self._sid) |
|
5319
62de601bdf6f
Fix commits although a Reject exception is raised
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
266 self.session_db.commit() |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
267 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
268 if set_cookie: |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
269 self.client.add_cookie(self.cookie_name, self._sid, expire=expire) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
270 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
271 |
|
5775
17e110426ad7
issue2551046: Attempts to attach file or create large message fail
John Rouillard <rouilj@ieee.org>
parents:
5696
diff
changeset
|
272 # import from object as well so it's a new style object and I can use super() |
|
17e110426ad7
issue2551046: Attempts to attach file or create large message fail
John Rouillard <rouilj@ieee.org>
parents:
5696
diff
changeset
|
273 class BinaryFieldStorage(cgi.FieldStorage, object): |
|
5656
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
274 '''This class works around the bug https://bugs.python.org/issue27777. |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
275 |
|
5656
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
276 cgi.FieldStorage must save all data as binary/bytes. This is |
|
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
277 needed for handling json and xml data blobs under python |
|
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
278 3. Under python 2, str and binary are interchangable, not so |
|
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
279 under 3. |
|
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
280 ''' |
|
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
281 def make_file(self, mode=None): |
|
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
282 ''' work around https://bugs.python.org/issue27777 ''' |
|
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
283 import tempfile |
|
5671
f60c44563c3a
Adjust make_file override to use binary files only when needed.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5666
diff
changeset
|
284 if self.length >= 0: |
|
f60c44563c3a
Adjust make_file override to use binary files only when needed.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5666
diff
changeset
|
285 return tempfile.TemporaryFile("wb+") |
|
5775
17e110426ad7
issue2551046: Attempts to attach file or create large message fail
John Rouillard <rouilj@ieee.org>
parents:
5696
diff
changeset
|
286 return super(BinaryFieldStorage, self).make_file() |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
287 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
288 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
289 class Client: |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
290 """Instantiate to handle one CGI request. |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
291 |
|
1244
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1236
diff
changeset
|
292 See inner_main for request processing. |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
293 |
|
1244
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1236
diff
changeset
|
294 Client attributes at instantiation: |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
295 |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
296 - "path" is the PATH_INFO inside the instance (with no leading '/') |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
297 - "base" is the base URL for the instance |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
298 - "form" is the cgi form, an instance of FieldStorage from the standard |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
299 cgi module |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
300 - "additional_headers" is a dictionary of additional HTTP headers that |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
301 should be sent to the client |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
302 - "response_code" is the HTTP response code to send to the client |
|
2557
ff02e9851592
translator object must be Roundup Translation Service...
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2514
diff
changeset
|
303 - "translator" is TranslationService instance |
|
8386
4e2ffa4151cb
doc: formatting fix. Don't trigger description list.
John Rouillard <rouilj@ieee.org>
parents:
8320
diff
changeset
|
304 - "clientnonce" is a unique value for this client connection. Can be |
|
4e2ffa4151cb
doc: formatting fix. Don't trigger description list.
John Rouillard <rouilj@ieee.org>
parents:
8320
diff
changeset
|
305 used as a nonce for CSP headers and to sign javascript code |
|
4e2ffa4151cb
doc: formatting fix. Don't trigger description list.
John Rouillard <rouilj@ieee.org>
parents:
8320
diff
changeset
|
306 presented to the browser. This is different from the CSRF nonces |
|
4e2ffa4151cb
doc: formatting fix. Don't trigger description list.
John Rouillard <rouilj@ieee.org>
parents:
8320
diff
changeset
|
307 and can not be used for anti-csrf measures. |
|
1244
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1236
diff
changeset
|
308 |
|
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1236
diff
changeset
|
309 During the processing of a request, the following attributes are used: |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
310 |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
311 - "db" |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
312 - "_error_message" holds a list of error messages |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
313 - "_ok_message" holds a list of OK messages |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
314 - "session" is deprecated in favor of session_api (XXX remove) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
315 - "session_api" is the interface to store data in session |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
316 - "user" is the current user's name |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
317 - "userid" is the current user's id |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
318 - "template" is the current :template context |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
319 - "classname" is the current class context name |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
320 - "nodeid" is the current context item id |
|
1244
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1236
diff
changeset
|
321 |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
322 Note: _error_message and _ok_message should not be modified |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
323 directly, use add_ok_message and add_error_message, these, by |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
324 default, escape the message added to avoid XSS security issues. |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
325 |
|
1244
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1236
diff
changeset
|
326 User Identification: |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
327 Users that are absent in session data are anonymous and are logged |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
328 in as that user. This typically gives them all Permissions assigned |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
329 to the Anonymous Role. |
|
1244
8dd4f736370b
merge from maintenance branch
Richard Jones <richard@users.sourceforge.net>
parents:
1236
diff
changeset
|
330 |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
331 Every user is assigned a session. "session_api" is the interface |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
332 to work with session data. |
|
1420
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
333 |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
334 Special form variables: |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
335 Note that in various places throughout this code, special form |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
336 variables of the form :<name> are used. The colon (":") part may |
|
1436
2f6647cf5345
bugger, dropping support for "+" special char
Richard Jones <richard@users.sourceforge.net>
parents:
1435
diff
changeset
|
337 actually be one of either ":" or "@". |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
338 """ |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
339 |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
340 # charset used for data storage and form templates |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
341 # Note: must be in lower case for comparisons! |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
342 # XXX take this from instance.config? |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
343 STORAGE_CHARSET = 'utf-8' |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
344 |
|
1421
90bb11eb40dc
oops, forgot the templating :)
Richard Jones <richard@users.sourceforge.net>
parents:
1420
diff
changeset
|
345 # |
|
1420
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
346 # special form variables |
|
1421
90bb11eb40dc
oops, forgot the templating :)
Richard Jones <richard@users.sourceforge.net>
parents:
1420
diff
changeset
|
347 # |
|
1436
2f6647cf5345
bugger, dropping support for "+" special char
Richard Jones <richard@users.sourceforge.net>
parents:
1435
diff
changeset
|
348 FV_TEMPLATE = re.compile(r'[@:]template') |
|
2f6647cf5345
bugger, dropping support for "+" special char
Richard Jones <richard@users.sourceforge.net>
parents:
1435
diff
changeset
|
349 FV_OK_MESSAGE = re.compile(r'[@:]ok_message') |
|
2f6647cf5345
bugger, dropping support for "+" special char
Richard Jones <richard@users.sourceforge.net>
parents:
1435
diff
changeset
|
350 FV_ERROR_MESSAGE = re.compile(r'[@:]error_message') |
|
1421
90bb11eb40dc
oops, forgot the templating :)
Richard Jones <richard@users.sourceforge.net>
parents:
1420
diff
changeset
|
351 |
|
90bb11eb40dc
oops, forgot the templating :)
Richard Jones <richard@users.sourceforge.net>
parents:
1420
diff
changeset
|
352 # Note: index page stuff doesn't appear here: |
|
90bb11eb40dc
oops, forgot the templating :)
Richard Jones <richard@users.sourceforge.net>
parents:
1420
diff
changeset
|
353 # columns, sort, sortdir, filter, group, groupdir, search_text, |
|
90bb11eb40dc
oops, forgot the templating :)
Richard Jones <richard@users.sourceforge.net>
parents:
1420
diff
changeset
|
354 # pagesize, startwith |
|
1420
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
355 |
|
3760
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
356 # list of network error codes that shouldn't be reported to tracker admin |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
357 # (error descriptions from FreeBSD intro(2)) |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
358 IGNORE_NET_ERRORS = ( |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
359 # A write on a pipe, socket or FIFO for which there is |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
360 # no process to read the data. |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
361 errno.EPIPE, |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
362 # A connection was forcibly closed by a peer. |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
363 # This normally results from a loss of the connection |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
364 # on the remote socket due to a timeout or a reboot. |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
365 errno.ECONNRESET, |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
366 # Software caused connection abort. A connection abort |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
367 # was caused internal to your host machine. |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
368 errno.ECONNABORTED, |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
369 # A connect or send request failed because the connected party |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
370 # did not properly respond after a period of time. |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
371 errno.ETIMEDOUT, |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
372 ) |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
373 |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
374 # Cache_Control[key] = Cache-Control header value |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
375 # Key can be explicitly file basename - value applied to just that file |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
376 # takes precedence over mime type. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
377 # Key can be mime type - all files of that mimetype will get the value |
|
6546
c58c7cd31243
issue2550991 - Some mechanism to set expiration header or max age for static resources
John Rouillard <rouilj@ieee.org>
parents:
6544
diff
changeset
|
378 Cache_Control = { |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
379 'application/javascript': "public, max-age=1209600", # 2 weeks |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
380 'text/javascript': "public, max-age=1209600", # 2 weeks |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
381 'text/css': "public, max-age=4838400", # 8 weeks/2 mnths |
|
6546
c58c7cd31243
issue2550991 - Some mechanism to set expiration header or max age for static resources
John Rouillard <rouilj@ieee.org>
parents:
6544
diff
changeset
|
382 } |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
383 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
384 # list of valid http compression (Content-Encoding) algorithms |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
385 # we have available |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
386 compressors = [] |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
387 try: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
388 # Only one provided by standard library |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
389 import gzip |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
390 compressors.append('gzip') |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
391 except ImportError: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
392 pass |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
393 try: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
394 import brotli |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
395 compressors.append('br') |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
396 except ImportError: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
397 pass |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
398 try: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
399 import zstd |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
400 compressors.append('zstd') |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
401 except ImportError: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
402 pass |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
403 |
|
8039
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
404 # everything not here is served as 'application/octet-stream' |
|
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
405 # Moved to class so it can be modified from interfaces.py |
|
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
406 # Adding: |
|
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
407 # from roundup.cgi.client import Client |
|
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
408 # Client.mime_type_allowlist.append('application/pdf') |
|
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
409 # will permit pdf files to be displayed in the browser rather than |
|
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
410 # downloaded to a file. |
|
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
411 |
|
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
412 mime_type_allowlist = [ |
|
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
413 'text/plain', |
|
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
414 'text/x-csrc', # .c |
|
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
415 'text/x-chdr', # .h |
|
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
416 'text/x-patch', # .patch and .diff |
|
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
417 'text/x-python', # .py |
|
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
418 'text/xml', |
|
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
419 'text/csv', |
|
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
420 'text/css', |
|
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
421 'image/gif', |
|
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
422 'image/jpeg', |
|
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
423 'image/png', |
|
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
424 'image/svg+xml', |
|
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
425 'image/webp', |
|
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
426 'audio/ogg', |
|
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
427 'video/webm', |
|
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
428 ] |
|
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
429 |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
430 # mime types of files that are already compressed and should not be |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
431 # compressed on the fly. Can be extended/reduced using interfaces.py. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
432 # This excludes types from being compressed. Should we have a list |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
433 # of mime types we should compress? write_html() calls compress_encode |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
434 # which uses this without a content-type so that's an issue. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
435 # Also for text based data, might have charset too so need to parse |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
436 # content-type. |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
437 precompressed_mime_types = ["image/png", "image/jpeg"] |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
438 |
|
8446
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8412
diff
changeset
|
439 @gen_trace_id() |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8412
diff
changeset
|
440 @store_trace_reason('client') |
|
2467
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
441 def __init__(self, instance, request, env, form=None, translator=None): |
|
5356
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
442 # re-seed the random number generator. Is this is an instance of |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
443 # random.SystemRandom it has no effect. |
|
5488
52cb53eedf77
reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5475
diff
changeset
|
444 random_.seed() |
|
5356
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
445 # So we also seed the pseudorandom random source obtained from |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
446 # import random |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
447 # to make sure that every forked copy of the client will return |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
448 # new random numbers. |
|
91954be46a66
A real fix for the problem where:
John Rouillard <rouilj@ieee.org>
parents:
5350
diff
changeset
|
449 seed_pseudorandom() |
|
2230
ca2664e095be
disable forking server when os.fork() not available [SF#938586]
Richard Jones <richard@users.sourceforge.net>
parents:
2183
diff
changeset
|
450 self.start = time.time() |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
451 self.instance = instance |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
452 self.request = request |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
453 self.env = env |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
454 if translator is not None: |
|
6658
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
455 self.setTranslator(translator) |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
456 # XXX we should set self.language to "translator"'s language, |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
457 # but how to get it ? |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
458 self.language = "" |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
459 else: |
|
6658
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
460 self.setTranslator(TranslationService.NullTranslationService()) |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
461 self.language = "" # as is the default from determine_language |
|
6658
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
462 |
|
1799
071ea6fc803f
Extracted duplicated mail-sending code...
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
1798
diff
changeset
|
463 self.mailer = Mailer(instance.config) |
|
5166
232c74973a56
issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5165
diff
changeset
|
464 # If True the form contents wins over the database contents when |
|
232c74973a56
issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5165
diff
changeset
|
465 # rendering html properties. This is set when an error occurs so |
|
232c74973a56
issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5165
diff
changeset
|
466 # that we don't lose submitted form contents. |
|
232c74973a56
issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5165
diff
changeset
|
467 self.form_wins = False |
|
1004
5f12d3259f31
logout works better now
Richard Jones <richard@users.sourceforge.net>
parents:
1003
diff
changeset
|
468 |
|
1157
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
469 # save off the path |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
470 self.path = env['PATH_INFO'] |
|
1004
5f12d3259f31
logout works better now
Richard Jones <richard@users.sourceforge.net>
parents:
1003
diff
changeset
|
471 |
|
1398
b3e1e9ab0500
fixed cookie path to use TRACKER_WEB [SF#667020]
Richard Jones <richard@users.sourceforge.net>
parents:
1393
diff
changeset
|
472 # this is the base URL for this tracker |
|
1157
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
473 self.base = self.instance.config.TRACKER_WEB |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
474 |
|
4586
b21bb66de6ff
Mark cookies HttpOnly and -- if https is used -- secure.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4578
diff
changeset
|
475 # should cookies be secure? |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
476 self.secure = self.base.startswith('https') |
|
4586
b21bb66de6ff
Mark cookies HttpOnly and -- if https is used -- secure.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4578
diff
changeset
|
477 |
|
6249
3b62c35e824d
client.py fix comment typo
John Rouillard <rouilj@ieee.org>
parents:
6211
diff
changeset
|
478 # check the tracker_web setting |
|
2183
ac24a9c74cca
be paranoid about TRACKER_WEB
Richard Jones <richard@users.sourceforge.net>
parents:
2137
diff
changeset
|
479 if not self.base.endswith('/'): |
|
ac24a9c74cca
be paranoid about TRACKER_WEB
Richard Jones <richard@users.sourceforge.net>
parents:
2137
diff
changeset
|
480 self.base = self.base + '/' |
|
ac24a9c74cca
be paranoid about TRACKER_WEB
Richard Jones <richard@users.sourceforge.net>
parents:
2137
diff
changeset
|
481 |
|
1398
b3e1e9ab0500
fixed cookie path to use TRACKER_WEB [SF#667020]
Richard Jones <richard@users.sourceforge.net>
parents:
1393
diff
changeset
|
482 # this is the "cookie path" for this tracker (ie. the path part of |
|
b3e1e9ab0500
fixed cookie path to use TRACKER_WEB [SF#667020]
Richard Jones <richard@users.sourceforge.net>
parents:
1393
diff
changeset
|
483 # the "base" url) |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
484 self.cookie_path = urllib_.urlparse(self.base)[2] |
|
2946
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
485 # cookies to set in http responce |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
486 # {(path, name): (value, expire)} |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
487 self._cookies = {} |
|
1398
b3e1e9ab0500
fixed cookie path to use TRACKER_WEB [SF#667020]
Richard Jones <richard@users.sourceforge.net>
parents:
1393
diff
changeset
|
488 |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
489 # define a unique nonce. Can be used for Content Security Policy |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
490 # nonces for scripts. |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
491 self.client_nonce = self._gen_nonce() |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
492 |
|
1157
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
493 # see if we need to re-parse the environment for the form (eg Zope) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
494 if form is None: |
|
5608
5df309febe49
Path to support OPTIONS verb when using rest interface via
John Rouillard <rouilj@ieee.org>
parents:
5603
diff
changeset
|
495 # cgi.FieldStorage doesn't special case OPTIONS, DELETE or |
|
5df309febe49
Path to support OPTIONS verb when using rest interface via
John Rouillard <rouilj@ieee.org>
parents:
5603
diff
changeset
|
496 # PATCH verbs. They are processed like POST. So FieldStorage |
|
5df309febe49
Path to support OPTIONS verb when using rest interface via
John Rouillard <rouilj@ieee.org>
parents:
5603
diff
changeset
|
497 # hangs on these verbs trying to read posted data that |
|
5df309febe49
Path to support OPTIONS verb when using rest interface via
John Rouillard <rouilj@ieee.org>
parents:
5603
diff
changeset
|
498 # will never arrive. |
|
5df309febe49
Path to support OPTIONS verb when using rest interface via
John Rouillard <rouilj@ieee.org>
parents:
5603
diff
changeset
|
499 # If not defined, set CONTENT_LENGTH to 0 so it doesn't |
|
5df309febe49
Path to support OPTIONS verb when using rest interface via
John Rouillard <rouilj@ieee.org>
parents:
5603
diff
changeset
|
500 # hang reading the data. |
|
7814
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
501 if self.env['REQUEST_METHOD'] in ['OPTIONS', 'DELETE', 'PATCH'] \ |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
502 and 'CONTENT_LENGTH' not in self.env: |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
503 self.env['CONTENT_LENGTH'] = 0 |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
504 logger.debug("Setting CONTENT_LENGTH to 0 for method: %s", |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
505 self.env['REQUEST_METHOD']) |
|
5608
5df309febe49
Path to support OPTIONS verb when using rest interface via
John Rouillard <rouilj@ieee.org>
parents:
5603
diff
changeset
|
506 |
|
5653
ba67e397f063
Fix string/bytes issues under python 3.
John Rouillard <rouilj@ieee.org>
parents:
5624
diff
changeset
|
507 # cgi.FieldStorage must save all data as |
|
5656
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
508 # binary/bytes. Subclass BinaryFieldStorage does this. |
|
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
509 # It's a workaround for a bug in cgi.FieldStorage. See class |
|
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
510 # def for details. |
|
d26d2590cd8c
Implement different workaround for https://bugs.python.org/issue27777
John Rouillard <rouilj@ieee.org>
parents:
5655
diff
changeset
|
511 self.form = BinaryFieldStorage(fp=request.rfile, environ=env) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
512 else: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
513 self.form = form |
|
1157
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
514 |
|
8268
05d8806b25ad
fix: issue2551387 - TypeError: not indexable.
John Rouillard <rouilj@ieee.org>
parents:
8267
diff
changeset
|
515 # When the CONTENT-TYPE is not 'application/x-www-form-urlencoded': |
|
05d8806b25ad
fix: issue2551387 - TypeError: not indexable.
John Rouillard <rouilj@ieee.org>
parents:
8267
diff
changeset
|
516 # or multipart/*, cgi.(Mini)FieldStorage sets the list property to |
|
05d8806b25ad
fix: issue2551387 - TypeError: not indexable.
John Rouillard <rouilj@ieee.org>
parents:
8267
diff
changeset
|
517 # None. Initialize an empty list property in this case so we can |
|
05d8806b25ad
fix: issue2551387 - TypeError: not indexable.
John Rouillard <rouilj@ieee.org>
parents:
8267
diff
changeset
|
518 # query the list in all cases. |
|
05d8806b25ad
fix: issue2551387 - TypeError: not indexable.
John Rouillard <rouilj@ieee.org>
parents:
8267
diff
changeset
|
519 try: |
|
05d8806b25ad
fix: issue2551387 - TypeError: not indexable.
John Rouillard <rouilj@ieee.org>
parents:
8267
diff
changeset
|
520 if (self.form.list is None): |
|
05d8806b25ad
fix: issue2551387 - TypeError: not indexable.
John Rouillard <rouilj@ieee.org>
parents:
8267
diff
changeset
|
521 self.form.list = [] |
|
05d8806b25ad
fix: issue2551387 - TypeError: not indexable.
John Rouillard <rouilj@ieee.org>
parents:
8267
diff
changeset
|
522 except AttributeError: |
|
05d8806b25ad
fix: issue2551387 - TypeError: not indexable.
John Rouillard <rouilj@ieee.org>
parents:
8267
diff
changeset
|
523 # self.form should always be some type of |
|
05d8806b25ad
fix: issue2551387 - TypeError: not indexable.
John Rouillard <rouilj@ieee.org>
parents:
8267
diff
changeset
|
524 # FieldStorage. If we get an AttributeError, |
|
05d8806b25ad
fix: issue2551387 - TypeError: not indexable.
John Rouillard <rouilj@ieee.org>
parents:
8267
diff
changeset
|
525 # print what the form is. |
|
05d8806b25ad
fix: issue2551387 - TypeError: not indexable.
John Rouillard <rouilj@ieee.org>
parents:
8267
diff
changeset
|
526 # FIXME: plan on removing this in 2028 to improve |
|
05d8806b25ad
fix: issue2551387 - TypeError: not indexable.
John Rouillard <rouilj@ieee.org>
parents:
8267
diff
changeset
|
527 # performance if there are no reports of it being triggered. |
|
05d8806b25ad
fix: issue2551387 - TypeError: not indexable.
John Rouillard <rouilj@ieee.org>
parents:
8267
diff
changeset
|
528 logger.error(("Invalid self.form found (please report " |
|
05d8806b25ad
fix: issue2551387 - TypeError: not indexable.
John Rouillard <rouilj@ieee.org>
parents:
8267
diff
changeset
|
529 "to the roundup-users mailing list): %s") % self.form) |
|
05d8806b25ad
fix: issue2551387 - TypeError: not indexable.
John Rouillard <rouilj@ieee.org>
parents:
8267
diff
changeset
|
530 raise |
|
05d8806b25ad
fix: issue2551387 - TypeError: not indexable.
John Rouillard <rouilj@ieee.org>
parents:
8267
diff
changeset
|
531 |
|
1157
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
532 # turn debugging on/off |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
533 try: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
534 self.debug = int(env.get("ROUNDUP_DEBUG", 0)) |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
535 except ValueError: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
536 # someone gave us a non-int debug level, turn it off |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
537 self.debug = 0 |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
538 |
|
1157
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
539 # flag to indicate that the HTTP headers have been sent |
|
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
540 self.headers_done = 0 |
|
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
541 |
|
7106
64e1058051f3
pylint: fix first reference to properties outside of __init__
John Rouillard <rouilj@ieee.org>
parents:
7079
diff
changeset
|
542 # record of headers sent for debugging |
|
64e1058051f3
pylint: fix first reference to properties outside of __init__
John Rouillard <rouilj@ieee.org>
parents:
7079
diff
changeset
|
543 self.headers_sent = [] |
|
64e1058051f3
pylint: fix first reference to properties outside of __init__
John Rouillard <rouilj@ieee.org>
parents:
7079
diff
changeset
|
544 |
|
1120
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
545 # additional headers to send with the request - must be registered |
|
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
546 # before the first write |
|
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
547 self.additional_headers = {} |
|
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
548 self.response_code = 200 |
|
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
549 |
|
2947
e611be5ee6c4
initialize self.charset early to enable html output for tracebacks...
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2946
diff
changeset
|
550 # default character set |
|
e611be5ee6c4
initialize self.charset early to enable html output for tracebacks...
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2946
diff
changeset
|
551 self.charset = self.STORAGE_CHARSET |
|
e611be5ee6c4
initialize self.charset early to enable html output for tracebacks...
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2946
diff
changeset
|
552 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
553 # parse cookies (used for charset lookups) |
|
3916
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
554 # use our own LiberalCookie to handle bad apps on the same |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
555 # server that have set cookies that are out of spec |
|
57ad3e2c2545
handle bad cookies
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3900
diff
changeset
|
556 self.cookie = LiberalCookie(self.env.get('HTTP_COOKIE', '')) |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
557 |
|
2928
81c99c857b57
applied patch [SF#1067690]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2923
diff
changeset
|
558 self.user = None |
|
81c99c857b57
applied patch [SF#1067690]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2923
diff
changeset
|
559 self.userid = None |
|
2948
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
560 self.nodeid = None |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
561 self.classname = None |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
562 self.template = None |
|
7106
64e1058051f3
pylint: fix first reference to properties outside of __init__
John Rouillard <rouilj@ieee.org>
parents:
7079
diff
changeset
|
563 self._ok_message = [] |
|
64e1058051f3
pylint: fix first reference to properties outside of __init__
John Rouillard <rouilj@ieee.org>
parents:
7079
diff
changeset
|
564 self._error_message = [] |
|
2928
81c99c857b57
applied patch [SF#1067690]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2923
diff
changeset
|
565 |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
566 def _gen_nonce(self): |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
567 """ generate a unique nonce """ |
|
7814
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
568 return b2s(base64.b32encode(random_.token_bytes(40))) |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
569 |
|
2467
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
570 def setTranslator(self, translator=None): |
|
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
571 """Replace the translation engine |
|
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
572 |
|
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
573 'translator' |
|
2557
ff02e9851592
translator object must be Roundup Translation Service...
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2514
diff
changeset
|
574 is TranslationService instance. |
|
ff02e9851592
translator object must be Roundup Translation Service...
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2514
diff
changeset
|
575 It must define methods 'translate' (TAL-compatible i18n), |
|
ff02e9851592
translator object must be Roundup Translation Service...
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2514
diff
changeset
|
576 'gettext' and 'ngettext' (gettext-compatible i18n). |
|
2467
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
577 |
|
2557
ff02e9851592
translator object must be Roundup Translation Service...
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2514
diff
changeset
|
578 If omitted, create default TranslationService. |
|
2467
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
579 """ |
|
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
580 if translator is None: |
|
2808
18c28d22b3b5
pass tracker home directory to get_translation()
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2800
diff
changeset
|
581 translator = TranslationService.get_translation( |
|
2923
29563959c026
language defaults to config option TRACKER_LANGUAGE
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2906
diff
changeset
|
582 language=self.instance.config["TRACKER_LANGUAGE"], |
|
2808
18c28d22b3b5
pass tracker home directory to get_translation()
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2800
diff
changeset
|
583 tracker_home=self.instance.config["TRACKER_HOME"]) |
|
2467
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
584 self.translator = translator |
|
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
585 self._ = self.gettext = translator.gettext |
|
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
586 self.ngettext = translator.ngettext |
|
76ead526113d
client instances may be used as translation engines.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2366
diff
changeset
|
587 |
|
8446
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8412
diff
changeset
|
588 @gen_trace_id() |
|
14c7c07b32d8
feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents:
8412
diff
changeset
|
589 @store_trace_reason('client_main') |
|
8500
b03160d46e9d
bug: don't reference vendored outside of anypy modules
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
590 @report_object_use(highest=20, pre_collect=False) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
591 def main(self): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
592 """ Wrap the real main in a try/finally so we always close off the db. |
|
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
593 """ |
|
5924
b40059d7036f
issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents:
5881
diff
changeset
|
594 |
|
b40059d7036f
issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents:
5881
diff
changeset
|
595 # strip HTTP_PROXY issue2550925 in case |
|
b40059d7036f
issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents:
5881
diff
changeset
|
596 # PROXY header is set. |
|
b40059d7036f
issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents:
5881
diff
changeset
|
597 if 'HTTP_PROXY' in self.env: |
|
7571
f8b07ffd0226
flake8: add space between return, del and (
John Rouillard <rouilj@ieee.org>
parents:
7556
diff
changeset
|
598 del (self.env['HTTP_PROXY']) |
|
5924
b40059d7036f
issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents:
5881
diff
changeset
|
599 if 'HTTP_PROXY' in os.environ: |
|
7571
f8b07ffd0226
flake8: add space between return, del and (
John Rouillard <rouilj@ieee.org>
parents:
7556
diff
changeset
|
600 del (os.environ['HTTP_PROXY']) |
|
5924
b40059d7036f
issue2550925 strip HTTP_PROXY environment variable
John Rouillard <rouilj@ieee.org>
parents:
5881
diff
changeset
|
601 |
|
5603
79da1ca2f94b
Make xmlrpc and rest APIs configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5568
diff
changeset
|
602 xmlrpc_enabled = self.instance.config.WEB_ENABLE_XMLRPC |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
603 rest_enabled = self.instance.config.WEB_ENABLE_REST |
|
1133
36ec30d286ea
Cleaned up CHANGES/TODO
Richard Jones <richard@users.sourceforge.net>
parents:
1130
diff
changeset
|
604 try: |
|
5603
79da1ca2f94b
Make xmlrpc and rest APIs configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5568
diff
changeset
|
605 if xmlrpc_enabled and self.path == 'xmlrpc': |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
606 self.handle_xmlrpc() |
|
5603
79da1ca2f94b
Make xmlrpc and rest APIs configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5568
diff
changeset
|
607 elif rest_enabled and (self.path == 'rest' or |
|
79da1ca2f94b
Make xmlrpc and rest APIs configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5568
diff
changeset
|
608 self.path[:5] == 'rest/'): |
|
5556
d75aa88c2a99
Added RestInstance and calling rest from client.py
Chau Nguyen <dangchau1991@yahoo.com>
parents:
5555
diff
changeset
|
609 self.handle_rest() |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
610 else: |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
611 self.inner_main() |
|
1133
36ec30d286ea
Cleaned up CHANGES/TODO
Richard Jones <richard@users.sourceforge.net>
parents:
1130
diff
changeset
|
612 finally: |
|
36ec30d286ea
Cleaned up CHANGES/TODO
Richard Jones <richard@users.sourceforge.net>
parents:
1130
diff
changeset
|
613 if hasattr(self, 'db'): |
|
36ec30d286ea
Cleaned up CHANGES/TODO
Richard Jones <richard@users.sourceforge.net>
parents:
1130
diff
changeset
|
614 self.db.close() |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
615 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
616 def handle_xmlrpc(self): |
|
4919
24209344b507
Link /xmlrpc to docs if accessed with browser
anatoly techtonik <techtonik@gmail.com>
parents:
4903
diff
changeset
|
617 if self.env.get('CONTENT_TYPE') != 'text/xml': |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
618 self.write( |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
|
|
5456
0fb04e717de0
fix encoding in handle_xmlrpc
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5441
diff
changeset
|
621 b"XML-RPC interface</a>.") |
|
4919
24209344b507
Link /xmlrpc to docs if accessed with browser
anatoly techtonik <techtonik@gmail.com>
parents:
4903
diff
changeset
|
622 return |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
623 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
624 # Pull the raw XML out of the form. The "value" attribute |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
625 # will be the raw content of the POST request. |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
626 assert self.form.file |
|
8187
5c506c778893
chore(ruff): new name for input variable which doesn't shadow builtin
John Rouillard <rouilj@ieee.org>
parents:
8186
diff
changeset
|
627 input_data = self.form.value |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
628 # So that the rest of Roundup can query the form in the |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
629 # usual way, we create an empty list of fields. |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
630 self.form.list = [] |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
631 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
632 # Set the charset and language, since other parts of |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
633 # Roundup may depend upon that. |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
634 self.determine_charset() |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
635 if self.instance.config["WEB_TRANSLATE_XMLRPC"]: |
|
6658
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
636 self.determine_language() |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
637 # Open the database as the correct user. |
|
5878
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
638 try: |
|
7556
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
639 self.determine_user(is_api="xmlrpc") |
|
5881
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
640 self.db.tx_Source = "xmlrpc" |
|
6658
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
641 self.db.i18n = self.translator |
|
5878
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
642 except LoginError as msg: |
|
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
643 output = xmlrpc_.client.dumps( |
|
5879
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
644 xmlrpc_.client.Fault(401, "%s" % msg), |
|
5878
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
645 allow_none=True) |
|
5879
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
646 self.setHeader("Content-Type", "text/xml") |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
647 self.setHeader("Content-Length", str(len(output))) |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
648 self.write(s2b(output)) |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
649 return |
|
7556
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
650 except RateLimitExceeded as msg: |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
651 output = xmlrpc_.client.dumps( |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
652 xmlrpc_.client.Fault(429, "%s" % msg), |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
653 allow_none=True) |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
654 self.setHeader("Content-Type", "text/xml") |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
655 self.setHeader("Content-Length", str(len(output))) |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
656 self.write(s2b(output)) |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
657 return |
|
5878
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
658 |
|
5879
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
659 if not self.db.security.hasPermission('Xmlrpc Access', self.userid): |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
660 output = xmlrpc_.client.dumps( |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
661 xmlrpc_.client.Fault(403, "Forbidden"), |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
662 allow_none=True) |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
663 self.setHeader("Content-Type", "text/xml") |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
664 self.setHeader("Content-Length", str(len(output))) |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
665 self.write(s2b(output)) |
|
94a7669677ae
add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents:
5878
diff
changeset
|
666 return |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
667 |
|
4327
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
668 self.check_anonymous_access() |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
669 |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
670 try: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
671 # coverting from function returning true/false to |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
672 # raising exceptions |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
673 # Call csrf with xmlrpc checks enabled. |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
674 # It will return True if everything is ok, |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
675 # raises exception on check failure. |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
676 csrf_ok = self.handle_csrf(api=True) |
|
6975
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
677 except (Unauthorised, UsageError): |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
678 # report exception back to server |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
679 exc_type, exc_value, exc_tb = sys.exc_info() |
|
5408
e46ce04d5bbc
Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5395
diff
changeset
|
680 output = xmlrpc_.client.dumps( |
|
e46ce04d5bbc
Python 3 preparation: update xmlrpclib / SimpleXMLRPCServer imports.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5395
diff
changeset
|
681 xmlrpc_.client.Fault(1, "%s:%s" % (exc_type, exc_value)), |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
682 allow_none=True) |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
683 csrf_ok = False # we had an error, failed check |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
684 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
685 if csrf_ok is True: |
|
8237
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8209
diff
changeset
|
686 if WARN_FOR_MISSING_DEFUSEDXML and (not xmlrpc_.client.defusedxml): |
|
57325fea9982
issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents:
8209
diff
changeset
|
687 logger.warning(self._("XMLRPC endpoint is not using defusedxml. Improve security by installing defusedxml.")) |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
688 handler = xmlrpc.RoundupDispatcher(self.db, |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
689 self.instance.actions, |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
690 self.translator, |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
691 allow_none=True) |
|
8187
5c506c778893
chore(ruff): new name for input variable which doesn't shadow builtin
John Rouillard <rouilj@ieee.org>
parents:
8186
diff
changeset
|
692 output = handler.dispatch(input_data) |
|
4079
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
693 |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
694 self.setHeader("Content-Type", "text/xml") |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
695 self.setHeader("Content-Length", str(len(output))) |
|
edf526c91412
* Refactor XMLRPC interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4077
diff
changeset
|
696 self.write(output) |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
697 |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
698 def is_cors_preflight(self): |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
699 return ( |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
700 self.env['REQUEST_METHOD'] == "OPTIONS" |
|
8265
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
701 and self.request.headers.get("Access-Control-Request-Method") |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
702 # technically Access-Control-Request-Headers (ACRH) is |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
703 # optional, but we require the header x-requested-with, |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
704 # so ACRH will be present. |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
705 and self.request.headers.get("Access-Control-Request-Headers") |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
706 and self.request.headers.get("Origin")) |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
707 |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
708 def handle_preflight(self): |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
709 # Call rest library to handle the pre-flight request |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
710 handler = rest.RestfulInstance(self, self.db) |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
711 output = handler.dispatch(self.env['REQUEST_METHOD'], |
|
7228
07ce4e4110f5
flake8 fixes: whitespace, remove unused imports
John Rouillard <rouilj@ieee.org>
parents:
7159
diff
changeset
|
712 self.path, self.form) |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
713 |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
714 if self.response_code == 204: |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
715 self.write("") |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
716 else: |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
717 self.setHeader("Content-Length", str(len(output))) |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
718 self.write(output) |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
719 |
|
7153
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
720 def reject_request(self, message, message_type="text/plain", |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
721 status=http_.client.UNAUTHORIZED): |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
722 self.response_code = status |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
723 self.setHeader("Content-Length", str(len(message))) |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
724 self.setHeader("Content-Type", message_type) |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
725 self.write(message) |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
726 |
|
5556
d75aa88c2a99
Added RestInstance and calling rest from client.py
Chau Nguyen <dangchau1991@yahoo.com>
parents:
5555
diff
changeset
|
727 def handle_rest(self): |
|
d75aa88c2a99
Added RestInstance and calling rest from client.py
Chau Nguyen <dangchau1991@yahoo.com>
parents:
5555
diff
changeset
|
728 # Set the charset and language |
|
d75aa88c2a99
Added RestInstance and calling rest from client.py
Chau Nguyen <dangchau1991@yahoo.com>
parents:
5555
diff
changeset
|
729 self.determine_charset() |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
730 if self.instance.config["WEB_TRANSLATE_REST"]: |
|
6658
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
731 self.determine_language() |
|
5556
d75aa88c2a99
Added RestInstance and calling rest from client.py
Chau Nguyen <dangchau1991@yahoo.com>
parents:
5555
diff
changeset
|
732 # Open the database as the correct user. |
|
d75aa88c2a99
Added RestInstance and calling rest from client.py
Chau Nguyen <dangchau1991@yahoo.com>
parents:
5555
diff
changeset
|
733 # TODO: add everything to RestfulDispatcher |
|
5666
d660d1c1ba63
Handle LoginError in rest code. Stop standard "an error occurred check
John Rouillard <rouilj@ieee.org>
parents:
5657
diff
changeset
|
734 try: |
|
7556
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
735 self.determine_user(is_api="rest") |
|
5881
9938c40e03bc
Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents:
5879
diff
changeset
|
736 self.db.tx_Source = "rest" |
|
6658
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
737 self.db.i18n = self.translator |
|
5666
d660d1c1ba63
Handle LoginError in rest code. Stop standard "an error occurred check
John Rouillard <rouilj@ieee.org>
parents:
5657
diff
changeset
|
738 except LoginError as err: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
739 output = s2b("Invalid Login - %s" % str(err)) |
|
7153
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
740 self.reject_request(output, status=http_.client.UNAUTHORIZED) |
|
5666
d660d1c1ba63
Handle LoginError in rest code. Stop standard "an error occurred check
John Rouillard <rouilj@ieee.org>
parents:
5657
diff
changeset
|
741 return |
|
7556
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
742 except RateLimitExceeded as err: |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
743 output = s2b("%s" % str(err)) |
|
8209
9d2ad7386627
chore(ruff): use names not magic numbers.
John Rouillard <rouilj@ieee.org>
parents:
8206
diff
changeset
|
744 self.reject_request(output, |
|
9d2ad7386627
chore(ruff): use names not magic numbers.
John Rouillard <rouilj@ieee.org>
parents:
8206
diff
changeset
|
745 status=http_.client.TOO_MANY_REQUESTS) |
|
7556
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
746 return |
|
5666
d660d1c1ba63
Handle LoginError in rest code. Stop standard "an error occurred check
John Rouillard <rouilj@ieee.org>
parents:
5657
diff
changeset
|
747 |
|
8265
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
748 # Handle CORS preflight request. We know rest is enabled |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
749 # because handle_rest is called. Preflight requests |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
750 # are unauthenticated, so no need to check permissions. |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
751 if (self.is_cors_preflight()): |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
752 # Origin header must be defined to get here |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
753 if self.is_origin_header_ok(api=True): |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
754 self.handle_preflight() |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
755 else: |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
756 # origin is not authorized for REST |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
757 msg = self._("Client is not allowed to use Rest Interface.") |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
758 output = s2b( |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
759 '{ "error": { "status": 400, "msg": "%s" } }' % msg) |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
760 self.reject_request(output, |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
761 message_type="application/json", |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
762 status=400) |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
763 return |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
764 |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
765 if not self.db.security.hasPermission('Rest Access', self.userid): |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
766 output = s2b('{ "error": { "status": 403, "msg": "Forbidden." } }') |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
767 self.reject_request(output, |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
768 message_type="application/json", |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
769 status=403) |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
770 return |
|
35beff316883
fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents:
8261
diff
changeset
|
771 |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
772 # verify Origin is allowed on all requests including GET. |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
773 # If a GET, missing origin is allowed (i.e. same site GET request) |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
774 if not self.is_origin_header_ok(api=True): |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
775 if 'HTTP_ORIGIN' not in self.env: |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
776 msg = self._("Required Header Missing") |
|
8247
6747051fef79
feat: issue2551372 - REST-API CSRF protection should document mandatory Origin header
John Rouillard <rouilj@ieee.org>
parents:
8241
diff
changeset
|
777 err = "REST request missing 'Origin' header by user %(user)s." |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
778 else: |
|
6693
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
779 msg = self._("Client is not allowed to use Rest Interface.") |
|
8247
6747051fef79
feat: issue2551372 - REST-API CSRF protection should document mandatory Origin header
John Rouillard <rouilj@ieee.org>
parents:
8241
diff
changeset
|
780 err = "REST request 'Origin' (%(origin)s) unauthorized by user %(user)s." |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
781 |
|
7153
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
782 # Use code 400. Codes 401 and 403 imply that authentication |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
783 # is needed or authenticated person is not authorized. |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
784 output = s2b( |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
785 '{ "error": { "status": 400, "msg": "%s" } }' % msg) |
|
7153
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
786 self.reject_request(output, |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
787 message_type="application/json", |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
788 status=400) |
|
8247
6747051fef79
feat: issue2551372 - REST-API CSRF protection should document mandatory Origin header
John Rouillard <rouilj@ieee.org>
parents:
8241
diff
changeset
|
789 # Would be nice to log the original source address here to |
|
6747051fef79
feat: issue2551372 - REST-API CSRF protection should document mandatory Origin header
John Rouillard <rouilj@ieee.org>
parents:
8241
diff
changeset
|
790 # allow firewalling in case of abuse/attack. Especially if |
|
6747051fef79
feat: issue2551372 - REST-API CSRF protection should document mandatory Origin header
John Rouillard <rouilj@ieee.org>
parents:
8241
diff
changeset
|
791 # anonymous is allowed REST access. However, |
|
6747051fef79
feat: issue2551372 - REST-API CSRF protection should document mandatory Origin header
John Rouillard <rouilj@ieee.org>
parents:
8241
diff
changeset
|
792 # self.request.connection.getpeername() |
|
6747051fef79
feat: issue2551372 - REST-API CSRF protection should document mandatory Origin header
John Rouillard <rouilj@ieee.org>
parents:
8241
diff
changeset
|
793 # only gets us 127.0.0.1 when a proxy is used. I think the |
|
6747051fef79
feat: issue2551372 - REST-API CSRF protection should document mandatory Origin header
John Rouillard <rouilj@ieee.org>
parents:
8241
diff
changeset
|
794 # same is true of wsgi mode (but it might be a UNIX domain |
|
6747051fef79
feat: issue2551372 - REST-API CSRF protection should document mandatory Origin header
John Rouillard <rouilj@ieee.org>
parents:
8241
diff
changeset
|
795 # socket address). The upstream server needs to supply the |
|
6747051fef79
feat: issue2551372 - REST-API CSRF protection should document mandatory Origin header
John Rouillard <rouilj@ieee.org>
parents:
8241
diff
changeset
|
796 # real IP as it sees it and we need to consume it. There |
|
6747051fef79
feat: issue2551372 - REST-API CSRF protection should document mandatory Origin header
John Rouillard <rouilj@ieee.org>
parents:
8241
diff
changeset
|
797 # is no method for this that handles all the ways roundup |
|
6747051fef79
feat: issue2551372 - REST-API CSRF protection should document mandatory Origin header
John Rouillard <rouilj@ieee.org>
parents:
8241
diff
changeset
|
798 # can be run AFAIK. So no IP address, just user. |
|
6747051fef79
feat: issue2551372 - REST-API CSRF protection should document mandatory Origin header
John Rouillard <rouilj@ieee.org>
parents:
8241
diff
changeset
|
799 logger.error(err, {"user": self.user, |
|
6747051fef79
feat: issue2551372 - REST-API CSRF protection should document mandatory Origin header
John Rouillard <rouilj@ieee.org>
parents:
8241
diff
changeset
|
800 "origin": self.env.get('HTTP_ORIGIN', None)}) |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
801 return |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
802 |
|
5556
d75aa88c2a99
Added RestInstance and calling rest from client.py
Chau Nguyen <dangchau1991@yahoo.com>
parents:
5555
diff
changeset
|
803 self.check_anonymous_access() |
|
d75aa88c2a99
Added RestInstance and calling rest from client.py
Chau Nguyen <dangchau1991@yahoo.com>
parents:
5555
diff
changeset
|
804 |
|
5696
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
805 try: |
|
6681
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
806 # Call csrf with api (xmlrpc, rest) checks enabled. |
|
5696
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
807 # It will return True if everything is ok, |
|
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
808 # raises exception on check failure. |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
809 # Note this returns true for a GET request. |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
810 # Must check supplied Origin header for bad value first. |
|
6681
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
811 csrf_ok = self.handle_csrf(api=True) |
|
5696
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
812 except (Unauthorised, UsageError) as msg: |
|
7153
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
813 # FIXME should format return value according to |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
814 # client's accept header, so application/xml, text/plain etc.. |
|
6975
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
815 output = s2b('{ "error": { "status": 400, "msg": "%s"}}' % |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
816 str(msg)) |
|
7153
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
817 self.reject_request(output, |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
818 message_type="application/json", |
|
1181157d7cec
Refactor rejecting requests; update tests, xfail test
John Rouillard <rouilj@ieee.org>
parents:
7150
diff
changeset
|
819 status=400) |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
820 csrf_ok = False # we had an error, failed check |
|
5696
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
821 return |
|
5556
d75aa88c2a99
Added RestInstance and calling rest from client.py
Chau Nguyen <dangchau1991@yahoo.com>
parents:
5555
diff
changeset
|
822 |
|
5696
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
823 # With the return above the if will never be false, |
|
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
824 # Keeping the if so we can remove return to pass |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
825 # output though and format output according to accept |
|
5696
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
826 # header. |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
827 if csrf_ok is True: |
|
5696
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
828 # Call rest library to handle the request |
|
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
829 handler = rest.RestfulInstance(self, self.db) |
|
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
830 output = handler.dispatch(self.env['REQUEST_METHOD'], |
|
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
831 self.path, self.form) |
|
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
832 |
|
b67636bc87d0
Add CSRF protection to rest code path. Follow same model as for
John Rouillard <rouilj@ieee.org>
parents:
5671
diff
changeset
|
833 # type header set by rest handler |
|
5556
d75aa88c2a99
Added RestInstance and calling rest from client.py
Chau Nguyen <dangchau1991@yahoo.com>
parents:
5555
diff
changeset
|
834 # self.setHeader("Content-Type", "text/xml") |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
835 if self.response_code == 204: # no body with 204 |
|
6509
1fc765ef6379
Fix 204 responses, hangs and crashes with REST.
John Rouillard <rouilj@ieee.org>
parents:
6504
diff
changeset
|
836 self.write("") |
|
1fc765ef6379
Fix 204 responses, hangs and crashes with REST.
John Rouillard <rouilj@ieee.org>
parents:
6504
diff
changeset
|
837 else: |
|
1fc765ef6379
Fix 204 responses, hangs and crashes with REST.
John Rouillard <rouilj@ieee.org>
parents:
6504
diff
changeset
|
838 self.setHeader("Content-Length", str(len(output))) |
|
1fc765ef6379
Fix 204 responses, hangs and crashes with REST.
John Rouillard <rouilj@ieee.org>
parents:
6504
diff
changeset
|
839 self.write(output) |
|
5556
d75aa88c2a99
Added RestInstance and calling rest from client.py
Chau Nguyen <dangchau1991@yahoo.com>
parents:
5555
diff
changeset
|
840 |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
841 def add_ok_message(self, msg, escape=True): |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
842 add_message(self._ok_message, msg, escape) |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
843 |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
844 def add_error_message(self, msg, escape=True): |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
845 add_message(self._error_message, msg, escape) |
|
5166
232c74973a56
issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5165
diff
changeset
|
846 # Want to interpret form values when rendering when an error |
|
232c74973a56
issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5165
diff
changeset
|
847 # occurred: |
|
232c74973a56
issue1408570: fix that form values are lost
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5165
diff
changeset
|
848 self.form_wins = True |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
849 |
|
1133
36ec30d286ea
Cleaned up CHANGES/TODO
Richard Jones <richard@users.sourceforge.net>
parents:
1130
diff
changeset
|
850 def inner_main(self): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
851 """Process a request. |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
852 |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
853 The most common requests are handled like so: |
|
1054
3d8ea16347aa
more explanatory docstring
Richard Jones <richard@users.sourceforge.net>
parents:
1053
diff
changeset
|
854 |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
855 1. look for charset and language preferences, set up user locale |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
856 see determine_charset, determine_language |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
857 2. figure out who we are, defaulting to the "anonymous" user |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
858 see determine_user |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
859 3. figure out what the request is for - the context |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
860 see determine_context |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
861 4. handle any requested action (item edit, search, ...) |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
862 see handle_action |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
863 5. render a template, resulting in HTML output |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
864 |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
865 In some situations, exceptions occur: |
|
1054
3d8ea16347aa
more explanatory docstring
Richard Jones <richard@users.sourceforge.net>
parents:
1053
diff
changeset
|
866 |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
867 - HTTP Redirect (generally raised by an action) |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
868 - SendFile (generally raised by determine_context) |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
869 serve up a FileClass "content" property |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
870 - SendStaticFile (generally raised by determine_context) |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
871 serve up a file from the tracker "html" directory |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
872 - Unauthorised (generally raised by an action) |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
873 the action is cancelled, the request is rendered and an error |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
874 message is displayed indicating that permission was not |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
875 granted for the action to take place |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
876 - templating.Unauthorised (templating action not permitted) |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
877 raised by an attempted rendering of a template when the user |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
878 doesn't have permission |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
879 - NotFound (raised wherever it needs to be) |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
880 percolates up to the CGI interface that called the client |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
881 """ |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
882 self._ok_message = [] |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
883 self._error_message = [] |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
884 try: |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
885 self.determine_charset() |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
886 |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
887 try: |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
888 # make sure we're identified (even anonymously) |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
889 self.determine_user() |
|
2938
463902a0fbbb
determine user before context:
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2937
diff
changeset
|
890 |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
891 # figure out the context and desired content template |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
892 self.determine_context() |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
893 |
|
6658
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
894 self.determine_language() |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
895 self.db.i18n = self.translator |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
896 |
|
4326
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
897 # if we've made it this far the context is to a bit of |
|
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
898 # Roundup's real web interface (not a file being served up) |
| 7079 | 899 # so do the Anonymous Web Access check now |
|
4327
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
900 self.check_anonymous_access() |
|
4326
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
901 |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
902 # check for a valid csrf token identifying the right user |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
903 csrf_ok = True |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
904 try: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
905 # coverting from function returning true/false to |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
906 # raising exceptions |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
907 csrf_ok = self.handle_csrf() |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
908 except (UsageError, Unauthorised) as msg: |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
909 csrf_ok = False |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
910 self.form_wins = True |
|
8062
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8039
diff
changeset
|
911 self.add_error_message(' '.join(msg.args)) |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
912 |
|
7814
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
913 # If csrf checks pass. Run actions etc. |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
914 # handle_action() may handle a form submit action. |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
915 # It can change self.classname and self.template, |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
916 # and may also append error/ok_messages. |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
917 html = self.handle_action() if csrf_ok else None |
|
1697
c9f67f2f7ba7
don't open the database for static files
Richard Jones <richard@users.sourceforge.net>
parents:
1692
diff
changeset
|
918 |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
919 if html: |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
920 self.write_html(html) |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
921 return |
|
2045
d124af927369
Forward-porting of fixes from the maintenance branch.
Richard Jones <richard@users.sourceforge.net>
parents:
2032
diff
changeset
|
922 |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
923 # now render the page |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
924 # we don't want clients caching our dynamic pages |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
925 self.additional_headers['Cache-Control'] = 'no-cache' |
|
1579
07a6b8587bc2
removed Pragma: no-cache...
Richard Jones <richard@users.sourceforge.net>
parents:
1562
diff
changeset
|
926 |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
927 # pages with messages added expire right now |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
928 # simple views may be cached for a small amount of time |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
929 # TODO? make page expire time configurable |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
930 # <rj> always expire pages, as IE just doesn't seem to do the |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
931 # right thing here :( |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
932 date = time.time() - 1 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
933 # if self._error_message or self._ok_message: |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
934 # date = time.time() - 1 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
935 # else: |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
936 # date = time.time() + 5 |
|
4980
13f8f88ad984
Replace rfc822 imports with email package (issue2550870)
John Kristensen <john@jerrykan.com>
parents:
4979
diff
changeset
|
937 self.additional_headers['Expires'] = \ |
|
13f8f88ad984
Replace rfc822 imports with email package (issue2550870)
John Kristensen <john@jerrykan.com>
parents:
4979
diff
changeset
|
938 email.utils.formatdate(date, usegmt=True) |
| 1552 | 939 |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
940 # render the content |
|
3896
fca0365521fc
ignore client shutdown exceptions when sending responses
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3867
diff
changeset
|
941 self.write_html(self.renderContext()) |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
942 except SendFile as designator: |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
943 # The call to serve_file may result in an Unauthorised |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
944 # exception or a NotModified exception. Those |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
945 # exceptions will be handled by the outermost set of |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
946 # exception handlers. |
|
6658
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
947 self.determine_language() |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
948 self.db.i18n = self.translator |
|
8062
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8039
diff
changeset
|
949 # prevent application/octet-stream mime type in header |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8039
diff
changeset
|
950 # from being changed to some other type by the browser |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8039
diff
changeset
|
951 # when mime sniffing. |
|
7159
765222ef4cec
- issue2551257: add 'X-Content-Type-Options: nosniff' header for file download
John Rouillard <rouilj@ieee.org>
parents:
7155
diff
changeset
|
952 self.setHeader("X-Content-Type-Options", "nosniff") |
|
8062
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8039
diff
changeset
|
953 # prevent script execution in downloaded SVG, XML files |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8039
diff
changeset
|
954 # (or HTML files if enabled). |
|
28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents:
8039
diff
changeset
|
955 self.setHeader("Content-Security-Policy", "script-src 'none'") |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
956 self.serve_file(designator) |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
957 except SendStaticFile as file: |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
958 self.serve_static_file(str(file)) |
|
3896
fca0365521fc
ignore client shutdown exceptions when sending responses
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3867
diff
changeset
|
959 except IOError: |
|
3900
182ba3207899
wrap comment to less than 75 chars
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3898
diff
changeset
|
960 # IOErrors here are due to the client disconnecting before |
|
4638
1ebc5f16aeda
Ignore OpenSSL.SSL.SysCallError similar to IOError.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4623
diff
changeset
|
961 # receiving the reply. |
|
1ebc5f16aeda
Ignore OpenSSL.SSL.SysCallError similar to IOError.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4623
diff
changeset
|
962 pass |
|
1ebc5f16aeda
Ignore OpenSSL.SSL.SysCallError similar to IOError.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4623
diff
changeset
|
963 except SysCallError: |
|
1ebc5f16aeda
Ignore OpenSSL.SSL.SysCallError similar to IOError.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4623
diff
changeset
|
964 # OpenSSL.SSL.SysCallError is similar to IOError above |
|
3896
fca0365521fc
ignore client shutdown exceptions when sending responses
Justus Pendleton <jpend@users.sourceforge.net>
parents:
3867
diff
changeset
|
965 pass |
|
7556
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
966 except RateLimitExceeded: |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
967 raise |
|
2230
ca2664e095be
disable forking server when os.fork() not available [SF#938586]
Richard Jones <richard@users.sourceforge.net>
parents:
2183
diff
changeset
|
968 |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
969 except SeriousError as message: |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
970 self.write_html(str(message)) |
|
8411
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
971 except Reauth as e: |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
972 self.reauth(e) |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
973 except Redirect as url: |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
974 # let's redirect - if the url isn't None, then we need to do |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
975 # the headers, otherwise the headers have been set before the |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
976 # exception was raised |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
977 if url: |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
978 self.additional_headers['Location'] = str(url) |
|
1120
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
979 self.response_code = 302 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
980 self.write_html('Redirecting to <a href="%s">%s</a>' % (url, url)) |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
981 except LoginError as message: |
|
4265
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
982 # The user tried to log in, but did not provide a valid |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
983 # username and password. If we support HTTP |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
984 # authorization, send back a response that will cause the |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
985 # browser to prompt the user again. |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
986 if self.instance.config.WEB_HTTP_AUTH: |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
987 self.response_code = http_.client.UNAUTHORIZED |
|
4265
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
988 realm = self.instance.config.TRACKER_NAME |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
989 self.setHeader("WWW-Authenticate", |
|
7814
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
990 'Basic realm="%s"' % realm) |
|
4265
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
991 else: |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
992 self.response_code = http_.client.FORBIDDEN |
|
4898
850551a1568b
Fix issue2550843 (AttributeError: 'Unauthorised' object has no attribute 'replace')
Thomas Arendsen Hein <thomas@intevation.de>
parents:
4880
diff
changeset
|
993 self.renderFrontPage(str(message)) |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
994 except Unauthorised as message: |
|
1977
f96592a7c357
changes to support the new templating Unauthorised exception.
Richard Jones <richard@users.sourceforge.net>
parents:
1973
diff
changeset
|
995 # users may always see the front page |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
996 self.response_code = 403 |
|
4898
850551a1568b
Fix issue2550843 (AttributeError: 'Unauthorised' object has no attribute 'replace')
Thomas Arendsen Hein <thomas@intevation.de>
parents:
4880
diff
changeset
|
997 self.renderFrontPage(str(message)) |
|
4109
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
998 except NotModified: |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
999 # send the 304 response |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
1000 self.response_code = 304 |
|
3f3f44e3534c
Address issue2550528.
Stefan Seefeld <stefan@seefeld.name>
parents:
4088
diff
changeset
|
1001 self.header() |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
1002 except NotFound as e: |
|
5165
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
1003 if self.response_code == 400: |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
1004 # We can't find a parameter (e.g. property name |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
1005 # incorrect). Tell the user what was raised. |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
1006 # Do not change to the 404 template since the |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
1007 # base url is valid just query args are not. |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
1008 # copy the page format from SeriousError _str_ exception. |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
1009 error_page = """ |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
1010 <html><head><title>Roundup issue tracker: An error has occurred</title> |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
1011 <link rel="stylesheet" type="text/css" href="@@file/style.css"> |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
1012 </head> |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
1013 <body class="body" marginwidth="0" marginheight="0"> |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
1014 <p class="error-message">%s</p> |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
1015 </body></html> |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
1016 """ |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1017 self.write_html(error_page % str(e)) |
|
5165
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
1018 else: |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
1019 self.response_code = 404 |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
1020 self.template = '404' |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
1021 try: |
|
6975
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
1022 # generates keyerror if class does not exist |
|
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
1023 self.db.getclass(self.classname) |
|
5165
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
1024 self.write_html(self.renderContext()) |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
1025 except KeyError: |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
1026 # we can't map the URL to a class we know about |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
1027 # reraise the NotFound and let roundup_server |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
1028 # handle it |
|
a86860224d80
issue2550755: exceptions.NotFound(msg) msg is not reported to user in cgi.
John Rouillard <rouilj@ieee.org>
parents:
5154
diff
changeset
|
1029 raise NotFound(e) |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
1030 except FormError as e: |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
1031 self.add_error_message(self._('Form Error: ') + str(e)) |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1032 self.write_html(self.renderContext()) |
|
7556
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
1033 except RateLimitExceeded as e: |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
1034 self.add_error_message(str(e)) |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
1035 self.write_html(self.renderContext()) |
|
4640
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
1036 except IOError: |
|
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
1037 # IOErrors here are due to the client disconnecting before |
|
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
1038 # receiving the reply. |
|
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
1039 # may happen during write_html and serve_file, too. |
|
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
1040 pass |
|
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
1041 except SysCallError: |
|
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
1042 # OpenSSL.SSL.SysCallError is similar to IOError above |
|
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
1043 # may happen during write_html and serve_file, too. |
|
70b1cb9034c3
Ignore IOError and SysCallError also in outer try/except.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4638
diff
changeset
|
1044 pass |
|
5079
65fef7858606
issue2550826 IOError in detector causes apache 'premature end of script headers' error
John Rouillard <rouilj@ieee.org>
parents:
5073
diff
changeset
|
1045 except DetectorError as e: |
|
65fef7858606
issue2550826 IOError in detector causes apache 'premature end of script headers' error
John Rouillard <rouilj@ieee.org>
parents:
5073
diff
changeset
|
1046 if not self.instance.config.WEB_DEBUG: |
|
65fef7858606
issue2550826 IOError in detector causes apache 'premature end of script headers' error
John Rouillard <rouilj@ieee.org>
parents:
5073
diff
changeset
|
1047 # run when we are not in debug mode, so errors |
|
65fef7858606
issue2550826 IOError in detector causes apache 'premature end of script headers' error
John Rouillard <rouilj@ieee.org>
parents:
5073
diff
changeset
|
1048 # go to admin too. |
|
65fef7858606
issue2550826 IOError in detector causes apache 'premature end of script headers' error
John Rouillard <rouilj@ieee.org>
parents:
5073
diff
changeset
|
1049 self.send_error_to_admin(e.subject, e.html, e.txt) |
|
65fef7858606
issue2550826 IOError in detector causes apache 'premature end of script headers' error
John Rouillard <rouilj@ieee.org>
parents:
5073
diff
changeset
|
1050 self.write_html(e.html) |
|
65fef7858606
issue2550826 IOError in detector causes apache 'premature end of script headers' error
John Rouillard <rouilj@ieee.org>
parents:
5073
diff
changeset
|
1051 else: |
|
65fef7858606
issue2550826 IOError in detector causes apache 'premature end of script headers' error
John Rouillard <rouilj@ieee.org>
parents:
5073
diff
changeset
|
1052 # in debug mode, only write error to screen. |
|
65fef7858606
issue2550826 IOError in detector causes apache 'premature end of script headers' error
John Rouillard <rouilj@ieee.org>
parents:
5073
diff
changeset
|
1053 self.write_html(e.html) |
|
6975
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
1054 except Exception as e: # noqa: F841 |
|
4264
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
1055 # Something has gone badly wrong. Therefore, we should |
|
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
1056 # make sure that the response code indicates failure. |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1057 if self.response_code == http_.client.OK: |
|
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1058 self.response_code = http_.client.INTERNAL_SERVER_ERROR |
|
4264
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
1059 # Help the administrator work out what went wrong. |
|
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
1060 html = ("<h1>Traceback</h1>" |
|
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
1061 + cgitb.html(i18n=self.translator) |
|
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
1062 + ("<h1>Environment Variables</h1><table>%s</table>" |
|
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
1063 % cgitb.niceDict("", self.env))) |
|
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
1064 if not self.instance.config.WEB_DEBUG: |
|
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
1065 exc_info = sys.exc_info() |
|
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
1066 subject = "Error: %s" % exc_info[1] |
|
4543
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
1067 self.send_error_to_admin(subject, html, format_exc()) |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
1068 self.write_html(self._(default_err_msg)) |
|
3548
61d48244e7a8
login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents:
3494
diff
changeset
|
1069 else: |
|
4264
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
1070 self.write_html(html) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1071 |
|
1372
3931614b1cce
cleaning old unused sessions only once per hour, not on every cgi request
Andrey Lebedev <kedder@users.sourceforge.net>
parents:
1358
diff
changeset
|
1072 def clean_sessions(self): |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1073 """Deprecated |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1074 XXX remove |
|
1937
4c850112895b
Some reformatting and fixing docstrings for emacs.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
1936
diff
changeset
|
1075 """ |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1076 self.clean_up() |
|
1372
3931614b1cce
cleaning old unused sessions only once per hour, not on every cgi request
Andrey Lebedev <kedder@users.sourceforge.net>
parents:
1358
diff
changeset
|
1077 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1078 def clean_up(self): |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1079 """Remove expired sessions and One Time Keys. |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1080 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1081 Do it only once an hour. |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1082 """ |
|
8189
04c10e2189a5
chore(ruff): whatespace fixes/silence linting
John Rouillard <rouilj@ieee.org>
parents:
8187
diff
changeset
|
1083 hour = 60 * 60 |
|
1372
3931614b1cce
cleaning old unused sessions only once per hour, not on every cgi request
Andrey Lebedev <kedder@users.sourceforge.net>
parents:
1358
diff
changeset
|
1084 now = time.time() |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1085 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1086 # XXX: hack - use OTK table to store last_clean time information |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1087 # 'last_clean' string is used instead of otk key |
|
5319
62de601bdf6f
Fix commits although a Reject exception is raised
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
1088 otks = self.db.getOTKManager() |
|
62de601bdf6f
Fix commits although a Reject exception is raised
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
1089 last_clean = otks.get('last_clean', 'last_use', 0) |
|
2046
f913b6beac35
document and make easier the actions-returning-content idiom
Richard Jones <richard@users.sourceforge.net>
parents:
2045
diff
changeset
|
1090 if now - last_clean < hour: |
|
f913b6beac35
document and make easier the actions-returning-content idiom
Richard Jones <richard@users.sourceforge.net>
parents:
2045
diff
changeset
|
1091 return |
|
f913b6beac35
document and make easier the actions-returning-content idiom
Richard Jones <richard@users.sourceforge.net>
parents:
2045
diff
changeset
|
1092 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1093 self.session_api.clean_up() |
|
5319
62de601bdf6f
Fix commits although a Reject exception is raised
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
1094 otks.clean() |
|
62de601bdf6f
Fix commits although a Reject exception is raised
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
1095 otks.set('last_clean', last_use=now) |
|
62de601bdf6f
Fix commits although a Reject exception is raised
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
1096 otks.commit() |
|
1372
3931614b1cce
cleaning old unused sessions only once per hour, not on every cgi request
Andrey Lebedev <kedder@users.sourceforge.net>
parents:
1358
diff
changeset
|
1097 |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1098 def determine_charset(self): |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1099 """Look for client charset in the form parameters or browser cookie. |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1100 |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1101 If no charset requested by client, use storage charset (utf-8). |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1102 |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1103 If the charset is found, and differs from the storage charset, |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1104 recode all form fields of type 'text/plain' |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1105 """ |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1106 # look for client charset |
|
2946
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1107 charset_parameter = 0 |
|
4799
b474adb17fda
Fix case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
1108 # Python 2.6 form may raise a TypeError if list in form is None |
|
b474adb17fda
Fix case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
1109 charset = None |
|
4800
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1110 try: |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1111 charset = self.form['@charset'].value |
|
2946
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1112 if charset.lower() == "none": |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1113 charset = "" |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1114 charset_parameter = 1 |
|
4799
b474adb17fda
Fix case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
1115 except (KeyError, TypeError): |
|
b474adb17fda
Fix case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
1116 pass |
|
b474adb17fda
Fix case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4781
diff
changeset
|
1117 if charset is None and 'roundup_charset' in self.cookie: |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1118 charset = self.cookie['roundup_charset'].value |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1119 if charset: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1120 # make sure the charset is recognized |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1121 try: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1122 codecs.lookup(charset) |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1123 except LookupError: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1124 self.add_error_message(self._('Unrecognized charset: %r') % |
|
6975
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
1125 charset) |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1126 |
|
2946
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1127 charset_parameter = 0 |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1128 else: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1129 self.charset = charset.lower() |
|
2946
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1130 # If we've got a character set in request parameters, |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1131 # set the browser cookie to keep the preference. |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1132 # This is done after codecs.lookup to make sure |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1133 # that we aren't keeping a wrong value. |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1134 if charset_parameter: |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
1135 self.add_cookie('roundup_charset', charset) |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1136 |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1137 # if client charset is different from the storage charset, |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1138 # recode form fields |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1139 # XXX this requires FieldStorage from Python library. |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1140 # mod_python FieldStorage is not supported! |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1141 if self.charset != self.STORAGE_CHARSET: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1142 decoder = codecs.getdecoder(self.charset) |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1143 encoder = codecs.getencoder(self.STORAGE_CHARSET) |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1144 re_charref = re.compile('&#([0-9]+|x[0-9a-f]+);', re.IGNORECASE) |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1145 |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1146 def _decode_charref(matchobj): |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1147 num = matchobj.group(1) |
|
7814
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1148 uc = int(num[1:], 16) if num[0].lower() == 'x' else int(num) |
|
5417
c749d6795bc2
Python 3 preparation: unichr.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5408
diff
changeset
|
1149 return uchr(uc) |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1150 |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1151 for field_name in self.form: |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1152 field = self.form[field_name] |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1153 if (field.type == 'text/plain') and not field.filename: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1154 try: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1155 value = decoder(field.value)[0] |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1156 except UnicodeError: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1157 continue |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1158 value = re_charref.sub(_decode_charref, value) |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1159 field.value = encoder(value)[0] |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
1160 |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1161 def determine_language(self): |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1162 """Determine the language""" |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1163 # look for language parameter |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1164 # then for language cookie |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1165 # last for the Accept-Language header |
|
4800
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1166 # Python 2.6 form may raise a TypeError if list in form is None |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1167 language = None |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1168 try: |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1169 language = self.form["@language"].value |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1170 if language.lower() == "none": |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1171 language = "" |
|
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1172 self.add_cookie("roundup_language", language) |
|
4800
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1173 except (KeyError, TypeError): |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1174 pass |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1175 if language is None: |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1176 if "roundup_language" in self.cookie: |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1177 language = self.cookie["roundup_language"].value |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1178 elif self.instance.config["WEB_USE_BROWSER_LANGUAGE"]: |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1179 hal = self.env.get('HTTP_ACCEPT_LANGUAGE') |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1180 language = accept_language.parse(hal) |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1181 else: |
|
3961b2b91568
2nd case where querying form returns a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4799
diff
changeset
|
1182 language = "" |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1183 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1184 if not language: |
|
6658
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
1185 # default to tracker language |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
1186 language = self.instance.config["TRACKER_LANGUAGE"] |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
1187 |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
1188 # this maybe is not correct, as get_translation could not |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
1189 # find desired locale and switch back to "en" but we set |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
1190 # self.language to the desired language ! |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1191 self.language = language |
|
6658
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
1192 |
|
8500
b03160d46e9d
bug: don't reference vendored outside of anypy modules
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
1193 try: |
|
b03160d46e9d
bug: don't reference vendored outside of anypy modules
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
1194 self.setTranslator(TranslationService.get_translation( |
|
6658
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
1195 language, |
|
408fd477761f
Add i18n object to roundupdb.Database
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6656
diff
changeset
|
1196 tracker_home=self.instance.config["TRACKER_HOME"])) |
|
8500
b03160d46e9d
bug: don't reference vendored outside of anypy modules
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
1197 except IOError as e: |
|
b03160d46e9d
bug: don't reference vendored outside of anypy modules
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
1198 logger.error(str(e), extra={"requested_language": language}) |
|
b03160d46e9d
bug: don't reference vendored outside of anypy modules
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
1199 # failed to set the requested/TRACKER_LANGUAGE language. |
|
b03160d46e9d
bug: don't reference vendored outside of anypy modules
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
1200 # Set to en. |
|
b03160d46e9d
bug: don't reference vendored outside of anypy modules
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
1201 self.language = "" |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1202 |
|
5934
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1203 def authenticate_bearer_token(self, challenge): |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1204 ''' authenticate the bearer token. Refactored from determine_user() |
|
7474
1cf1ffa65522
Fix mispellings in comments.
John Rouillard <rouilj@ieee.org>
parents:
7258
diff
changeset
|
1205 to allow it to be overridden if needed. |
|
5934
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1206 ''' |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1207 try: # will jwt import? |
|
5934
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1208 import jwt |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1209 except ImportError: |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1210 # no support for jwt, this is fine. |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1211 self.setHeader("WWW-Authenticate", "Basic") |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1212 raise LoginError('Support for jwt disabled.') |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1213 |
|
7809
be6cb2e0d471
feat: add support for rotating jwt keys
John Rouillard <rouilj@ieee.org>
parents:
7805
diff
changeset
|
1214 # If first ',' separated token is < 32, jwt is disabled. |
|
be6cb2e0d471
feat: add support for rotating jwt keys
John Rouillard <rouilj@ieee.org>
parents:
7805
diff
changeset
|
1215 # If second or later tokens are < 32 chars, the config system |
|
be6cb2e0d471
feat: add support for rotating jwt keys
John Rouillard <rouilj@ieee.org>
parents:
7805
diff
changeset
|
1216 # stops the tracker from starting so insecure tokens can not |
|
be6cb2e0d471
feat: add support for rotating jwt keys
John Rouillard <rouilj@ieee.org>
parents:
7805
diff
changeset
|
1217 # be used. |
|
8209
9d2ad7386627
chore(ruff): use names not magic numbers.
John Rouillard <rouilj@ieee.org>
parents:
8206
diff
changeset
|
1218 CHARS_FOR_256_BIT_KEY = 32 |
|
9d2ad7386627
chore(ruff): use names not magic numbers.
John Rouillard <rouilj@ieee.org>
parents:
8206
diff
changeset
|
1219 if len(self.db.config.WEB_JWT_SECRET[0]) < CHARS_FOR_256_BIT_KEY: |
|
5934
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1220 # no support for jwt, this is fine. |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1221 self.setHeader("WWW-Authenticate", "Basic") |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1222 raise LoginError('Support for jwt disabled by admin.') |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1223 |
|
7809
be6cb2e0d471
feat: add support for rotating jwt keys
John Rouillard <rouilj@ieee.org>
parents:
7805
diff
changeset
|
1224 last_error = "Unknown error validating bearer token." |
|
be6cb2e0d471
feat: add support for rotating jwt keys
John Rouillard <rouilj@ieee.org>
parents:
7805
diff
changeset
|
1225 |
|
be6cb2e0d471
feat: add support for rotating jwt keys
John Rouillard <rouilj@ieee.org>
parents:
7805
diff
changeset
|
1226 for secret in self.db.config.WEB_JWT_SECRET: |
|
be6cb2e0d471
feat: add support for rotating jwt keys
John Rouillard <rouilj@ieee.org>
parents:
7805
diff
changeset
|
1227 try: # handle jwt exceptions |
|
8202
276164647db5
chore(ruff): clean trailing whitespace
John Rouillard <rouilj@ieee.org>
parents:
8200
diff
changeset
|
1228 return jwt.decode(challenge, secret, |
|
276164647db5
chore(ruff): clean trailing whitespace
John Rouillard <rouilj@ieee.org>
parents:
8200
diff
changeset
|
1229 algorithms=['HS256'], |
|
276164647db5
chore(ruff): clean trailing whitespace
John Rouillard <rouilj@ieee.org>
parents:
8200
diff
changeset
|
1230 audience=self.db.config.TRACKER_WEB, |
|
276164647db5
chore(ruff): clean trailing whitespace
John Rouillard <rouilj@ieee.org>
parents:
8200
diff
changeset
|
1231 issuer=self.db.config.TRACKER_WEB) |
|
7809
be6cb2e0d471
feat: add support for rotating jwt keys
John Rouillard <rouilj@ieee.org>
parents:
7805
diff
changeset
|
1232 |
|
be6cb2e0d471
feat: add support for rotating jwt keys
John Rouillard <rouilj@ieee.org>
parents:
7805
diff
changeset
|
1233 except jwt.exceptions.InvalidSignatureError as err: |
|
be6cb2e0d471
feat: add support for rotating jwt keys
John Rouillard <rouilj@ieee.org>
parents:
7805
diff
changeset
|
1234 # Try more signatures. |
|
be6cb2e0d471
feat: add support for rotating jwt keys
John Rouillard <rouilj@ieee.org>
parents:
7805
diff
changeset
|
1235 # If all signatures generate InvalidSignatureError, |
|
be6cb2e0d471
feat: add support for rotating jwt keys
John Rouillard <rouilj@ieee.org>
parents:
7805
diff
changeset
|
1236 # we exhaust the loop and last_error is used to |
|
be6cb2e0d471
feat: add support for rotating jwt keys
John Rouillard <rouilj@ieee.org>
parents:
7805
diff
changeset
|
1237 # report the final (but not only) InvalidSignatureError |
|
be6cb2e0d471
feat: add support for rotating jwt keys
John Rouillard <rouilj@ieee.org>
parents:
7805
diff
changeset
|
1238 last_error = str(err) # preserve for end of loop |
|
be6cb2e0d471
feat: add support for rotating jwt keys
John Rouillard <rouilj@ieee.org>
parents:
7805
diff
changeset
|
1239 except jwt.exceptions.InvalidTokenError as err: |
|
be6cb2e0d471
feat: add support for rotating jwt keys
John Rouillard <rouilj@ieee.org>
parents:
7805
diff
changeset
|
1240 self.setHeader("WWW-Authenticate", "Basic, Bearer") |
|
be6cb2e0d471
feat: add support for rotating jwt keys
John Rouillard <rouilj@ieee.org>
parents:
7805
diff
changeset
|
1241 self.make_user_anonymous() |
|
be6cb2e0d471
feat: add support for rotating jwt keys
John Rouillard <rouilj@ieee.org>
parents:
7805
diff
changeset
|
1242 raise LoginError(str(err)) |
|
be6cb2e0d471
feat: add support for rotating jwt keys
John Rouillard <rouilj@ieee.org>
parents:
7805
diff
changeset
|
1243 |
|
be6cb2e0d471
feat: add support for rotating jwt keys
John Rouillard <rouilj@ieee.org>
parents:
7805
diff
changeset
|
1244 # reach here only if no valid signature was found |
|
be6cb2e0d471
feat: add support for rotating jwt keys
John Rouillard <rouilj@ieee.org>
parents:
7805
diff
changeset
|
1245 self.setHeader("WWW-Authenticate", "Basic, Bearer") |
|
be6cb2e0d471
feat: add support for rotating jwt keys
John Rouillard <rouilj@ieee.org>
parents:
7805
diff
changeset
|
1246 self.make_user_anonymous() |
|
be6cb2e0d471
feat: add support for rotating jwt keys
John Rouillard <rouilj@ieee.org>
parents:
7805
diff
changeset
|
1247 raise LoginError(last_error) |
|
be6cb2e0d471
feat: add support for rotating jwt keys
John Rouillard <rouilj@ieee.org>
parents:
7805
diff
changeset
|
1248 |
|
7556
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
1249 def determine_user(self, is_api=False): |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1250 """Determine who the user is""" |
|
1724
bc4f0aec594e
oops, we really do need a database
Richard Jones <richard@users.sourceforge.net>
parents:
1719
diff
changeset
|
1251 self.opendb('admin') |
|
bc4f0aec594e
oops, we really do need a database
Richard Jones <richard@users.sourceforge.net>
parents:
1719
diff
changeset
|
1252 |
|
5878
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1253 # if we get a jwt, it includes the roles to be used for this session |
|
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1254 # so we define a new function to encpsulate and return the jwt roles |
|
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1255 # and not take the roles from the database. |
|
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1256 override_get_roles = None |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1257 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1258 # get session data from db |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1259 # XXX: rename |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1260 self.session_api = Session(self) |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1261 |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1262 # take the opportunity to cleanup expired sessions and otks |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1263 self.clean_up() |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1264 |
|
3453
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
1265 user = None |
|
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
1266 # first up, try http authorization if enabled |
|
6053
380dec305c28
Add config option 'http_auth_convert_realm_to_lowercase'
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6014
diff
changeset
|
1267 cfg = self.instance.config |
|
6436
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6382
diff
changeset
|
1268 remote_user_header = cfg.WEB_HTTP_AUTH_HEADER or 'REMOTE_USER' |
|
6211
50960479f627
New config-option 'cookie_takes_precedence'
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6147
diff
changeset
|
1269 if cfg.WEB_COOKIE_TAKES_PRECEDENCE: |
|
50960479f627
New config-option 'cookie_takes_precedence'
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6147
diff
changeset
|
1270 user = self.session_api.get('user') |
|
50960479f627
New config-option 'cookie_takes_precedence'
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6147
diff
changeset
|
1271 if user: |
|
50960479f627
New config-option 'cookie_takes_precedence'
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6147
diff
changeset
|
1272 # update session lifetime datestamp |
|
50960479f627
New config-option 'cookie_takes_precedence'
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6147
diff
changeset
|
1273 self.session_api.update() |
|
6436
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6382
diff
changeset
|
1274 if remote_user_header in self.env: |
|
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6382
diff
changeset
|
1275 del self.env[remote_user_header] |
|
6211
50960479f627
New config-option 'cookie_takes_precedence'
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6147
diff
changeset
|
1276 if not user and cfg.WEB_HTTP_AUTH: |
|
6436
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6382
diff
changeset
|
1277 if remote_user_header in self.env: |
|
3453
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
1278 # we have external auth (e.g. by Apache) |
|
6436
1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents:
6382
diff
changeset
|
1279 user = self.env[remote_user_header] |
|
6053
380dec305c28
Add config option 'http_auth_convert_realm_to_lowercase'
Ralf Schlatterbeck <rsc@runtux.com>
parents:
6014
diff
changeset
|
1280 if cfg.WEB_HTTP_AUTH_CONVERT_REALM_TO_LOWERCASE and '@' in user: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1281 u, d = user.split('@', 1) |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1282 user = '@'.join((u, d.lower())) |
|
3356
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
1283 elif self.env.get('HTTP_AUTHORIZATION', ''): |
|
3453
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
1284 # try handling Basic Auth ourselves |
|
3356
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
1285 auth = self.env['HTTP_AUTHORIZATION'] |
|
5549
901d7ba146ad
Avoid errors from invalid Authorization headers (issue2550992).
Joseph Myers <jsm@polyomino.org.uk>
parents:
5524
diff
changeset
|
1286 try: |
|
901d7ba146ad
Avoid errors from invalid Authorization headers (issue2550992).
Joseph Myers <jsm@polyomino.org.uk>
parents:
5524
diff
changeset
|
1287 scheme, challenge = auth.split(' ', 1) |
|
901d7ba146ad
Avoid errors from invalid Authorization headers (issue2550992).
Joseph Myers <jsm@polyomino.org.uk>
parents:
5524
diff
changeset
|
1288 except ValueError: |
|
901d7ba146ad
Avoid errors from invalid Authorization headers (issue2550992).
Joseph Myers <jsm@polyomino.org.uk>
parents:
5524
diff
changeset
|
1289 # Invalid header. |
|
901d7ba146ad
Avoid errors from invalid Authorization headers (issue2550992).
Joseph Myers <jsm@polyomino.org.uk>
parents:
5524
diff
changeset
|
1290 scheme = '' |
|
901d7ba146ad
Avoid errors from invalid Authorization headers (issue2550992).
Joseph Myers <jsm@polyomino.org.uk>
parents:
5524
diff
changeset
|
1291 challenge = '' |
|
3356
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
1292 if scheme.lower() == 'basic': |
|
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
1293 try: |
| 5474 | 1294 decoded = b2s(base64.b64decode(challenge)) |
|
3356
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
1295 except TypeError: |
|
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
1296 # invalid challenge |
| 5474 | 1297 decoded = '' |
|
5549
901d7ba146ad
Avoid errors from invalid Authorization headers (issue2550992).
Joseph Myers <jsm@polyomino.org.uk>
parents:
5524
diff
changeset
|
1298 try: |
|
901d7ba146ad
Avoid errors from invalid Authorization headers (issue2550992).
Joseph Myers <jsm@polyomino.org.uk>
parents:
5524
diff
changeset
|
1299 username, password = decoded.split(':', 1) |
|
901d7ba146ad
Avoid errors from invalid Authorization headers (issue2550992).
Joseph Myers <jsm@polyomino.org.uk>
parents:
5524
diff
changeset
|
1300 except ValueError: |
|
901d7ba146ad
Avoid errors from invalid Authorization headers (issue2550992).
Joseph Myers <jsm@polyomino.org.uk>
parents:
5524
diff
changeset
|
1301 # Invalid challenge. |
|
901d7ba146ad
Avoid errors from invalid Authorization headers (issue2550992).
Joseph Myers <jsm@polyomino.org.uk>
parents:
5524
diff
changeset
|
1302 username = '' |
|
901d7ba146ad
Avoid errors from invalid Authorization headers (issue2550992).
Joseph Myers <jsm@polyomino.org.uk>
parents:
5524
diff
changeset
|
1303 password = '' |
|
3356
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
1304 try: |
|
4669
d7ac6c7bc371
Fix basic authentication.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4649
diff
changeset
|
1305 # Current user may not be None, otherwise |
|
d7ac6c7bc371
Fix basic authentication.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4649
diff
changeset
|
1306 # instatiation of the login action will fail. |
|
d7ac6c7bc371
Fix basic authentication.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4649
diff
changeset
|
1307 # So we set the user to anonymous first. |
|
d7ac6c7bc371
Fix basic authentication.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4649
diff
changeset
|
1308 self.make_user_anonymous() |
|
3356
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
1309 login = self.get_action_class('login')(self) |
|
7556
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
1310 login.verifyLogin(username, password, is_api=is_api) |
|
273c8c2b5042
fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents:
7474
diff
changeset
|
1311 except (LoginError, RateLimitExceeded): |
|
3356
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
1312 self.make_user_anonymous() |
|
4265
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
1313 raise |
|
3356
2913b42c0810
enabled disabling of REMOTE_USER for when it's not a valid username
Richard Jones <richard@users.sourceforge.net>
parents:
3276
diff
changeset
|
1314 user = username |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1315 # try to seed with something harder to guess than |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1316 # just the time. If random is SystemRandom, |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1317 # this is a no-op. |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1318 random_.seed("%s%s" % (password, time.time())) |
|
5878
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1319 elif scheme.lower() == 'bearer': |
|
5934
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1320 token = self.authenticate_bearer_token(challenge) |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1321 |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1322 from roundup.hyperdb import iter_roles |
|
5878
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1323 |
|
5934
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1324 # if we got here token is valid, use the role |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1325 # and sub claims. |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1326 try: |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1327 # make sure to str(token['sub']) the |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1328 # subject. As decoded by json, it is unicode |
|
7474
1cf1ffa65522
Fix mispellings in comments.
John Rouillard <rouilj@ieee.org>
parents:
7258
diff
changeset
|
1329 # which throws an error when used with 'nodeid |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1330 # in db' down the call chain. |
|
5934
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1331 user = self.db.user.get(str(token['sub']), 'username') |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1332 except IndexError: |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1333 raise LoginError("Token subject is invalid.") |
|
5878
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1334 |
|
5934
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1335 # validate roles |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1336 all_rolenames = [role[0] for role in self.db.security.role.items()] |
|
5934
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1337 for r in token['roles']: |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1338 if r.lower() not in all_rolenames: |
|
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1339 raise LoginError("Token roles are invalid.") |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1340 |
|
5934
db9bd45d50ad
Refactor jwt auth into authenticate_bearer_token() method on Client
John Rouillard <rouilj@ieee.org>
parents:
5924
diff
changeset
|
1341 # will be used later to override the get_roles method |
|
6977
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1342 # having it defined as truthy allows it to be used. |
|
7814
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1343 override_get_roles = lambda self: iter_roles( # noqa: ARG005 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1344 ','.join(token['roles'])) |
|
2928
81c99c857b57
applied patch [SF#1067690]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2923
diff
changeset
|
1345 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1346 # if user was not set by http authorization, try session lookup |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1347 if not user: |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1348 user = self.session_api.get('user') |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1349 if user: |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1350 # update session lifetime datestamp |
|
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1351 self.session_api.update() |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1352 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
1353 # if no user name set by http authorization or session lookup |
|
3453
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
1354 # the user is anonymous |
|
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
1355 if not user: |
|
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
1356 user = 'anonymous' |
|
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
1357 |
|
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
1358 # sanity check on the user still being valid, |
|
8e3c0b88afad
prefer http authorization over cookie sessions [SF#1396134]
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3427
diff
changeset
|
1359 # getting the userid at the same time |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1360 try: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1361 self.userid = self.db.user.lookup(user) |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1362 except (KeyError, TypeError): |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1363 user = 'anonymous' |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1364 |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1365 # make sure the anonymous user is valid if we're using it |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1366 if user == 'anonymous': |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1367 self.make_user_anonymous() |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1368 else: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1369 self.user = user |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1370 |
|
1003
f89b8d32291b
Hack hack hack...
Richard Jones <richard@users.sourceforge.net>
parents:
1002
diff
changeset
|
1371 # reopen the database as the correct user |
|
f89b8d32291b
Hack hack hack...
Richard Jones <richard@users.sourceforge.net>
parents:
1002
diff
changeset
|
1372 self.opendb(self.user) |
|
5878
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1373 if override_get_roles: |
|
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1374 # opendb destroys and re-opens the db if instance.optimize |
|
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1375 # is not true. This deletes an override of get_roles. So |
|
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1376 # assign get_roles override from the jwt if needed at this |
|
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1377 # point. |
|
1b57d8f3eb97
Add rudimentery experiment JSON Web Token (jwt) support
John Rouillard <rouilj@ieee.org>
parents:
5847
diff
changeset
|
1378 self.db.user.get_roles = override_get_roles |
|
1003
f89b8d32291b
Hack hack hack...
Richard Jones <richard@users.sourceforge.net>
parents:
1002
diff
changeset
|
1379 |
|
4327
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
1380 def check_anonymous_access(self): |
|
4326
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
1381 """Check that the Anonymous user is actually allowed to use the web |
|
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
1382 interface and short-circuit all further processing if they're not. |
|
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
1383 """ |
|
4327
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
1384 # allow Anonymous to use the "login" and "register" actions (noting |
|
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
1385 # that "register" has its own "Register" permission check) |
|
4367
fa5587802af9
Handle multiple @action values from broken trackers
Richard Jones <richard@users.sourceforge.net>
parents:
4362
diff
changeset
|
1386 |
|
4802
e1ffab417c28
Yet another instance of a TypeError fixed
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4801
diff
changeset
|
1387 action = '' |
|
e1ffab417c28
Yet another instance of a TypeError fixed
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4801
diff
changeset
|
1388 try: |
|
e1ffab417c28
Yet another instance of a TypeError fixed
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4801
diff
changeset
|
1389 if ':action' in self.form: |
|
e1ffab417c28
Yet another instance of a TypeError fixed
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4801
diff
changeset
|
1390 action = self.form[':action'] |
|
e1ffab417c28
Yet another instance of a TypeError fixed
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4801
diff
changeset
|
1391 elif '@action' in self.form: |
|
e1ffab417c28
Yet another instance of a TypeError fixed
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4801
diff
changeset
|
1392 action = self.form['@action'] |
|
e1ffab417c28
Yet another instance of a TypeError fixed
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4801
diff
changeset
|
1393 except TypeError: |
|
e1ffab417c28
Yet another instance of a TypeError fixed
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4801
diff
changeset
|
1394 pass |
|
4367
fa5587802af9
Handle multiple @action values from broken trackers
Richard Jones <richard@users.sourceforge.net>
parents:
4362
diff
changeset
|
1395 if isinstance(action, list): |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1396 raise SeriousError( |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1397 self._('broken form: multiple @action values submitted')) |
|
8203
ef1333b153e3
chore(ruff): changes to else/elif and nested ifs to reduce nesting
John Rouillard <rouilj@ieee.org>
parents:
8202
diff
changeset
|
1398 if action != '': |
|
7814
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1399 # '' is value when no action parameter was found so run |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1400 # this to extract action string value when action found. |
|
4367
fa5587802af9
Handle multiple @action values from broken trackers
Richard Jones <richard@users.sourceforge.net>
parents:
4362
diff
changeset
|
1401 action = action.value.lower() |
|
4327
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
1402 if action in ('login', 'register'): |
|
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
1403 return |
|
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
1404 |
|
4329
58b7ba47af87
fixes to make registration work again
Richard Jones <richard@users.sourceforge.net>
parents:
4327
diff
changeset
|
1405 # allow Anonymous to view the "user" "register" template if they're |
|
58b7ba47af87
fixes to make registration work again
Richard Jones <richard@users.sourceforge.net>
parents:
4327
diff
changeset
|
1406 # allowed to register |
|
58b7ba47af87
fixes to make registration work again
Richard Jones <richard@users.sourceforge.net>
parents:
4327
diff
changeset
|
1407 if (self.db.security.hasPermission('Register', self.userid, 'user') |
|
58b7ba47af87
fixes to make registration work again
Richard Jones <richard@users.sourceforge.net>
parents:
4327
diff
changeset
|
1408 and self.classname == 'user' and self.template == 'register'): |
|
58b7ba47af87
fixes to make registration work again
Richard Jones <richard@users.sourceforge.net>
parents:
4327
diff
changeset
|
1409 return |
|
58b7ba47af87
fixes to make registration work again
Richard Jones <richard@users.sourceforge.net>
parents:
4327
diff
changeset
|
1410 |
|
4327
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
1411 # otherwise for everything else |
|
7814
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1412 if self.user == 'anonymous' and \ |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1413 not self.db.security.hasPermission('Web Access', self.userid): |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1414 raise Unauthorised(self._("Anonymous users are not " |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1415 "allowed to use the web interface")) |
|
4326
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
1416 |
|
7155
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1417 def is_origin_header_ok(self, api=False, credentials=False): |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
1418 """Determine if origin is valid for the context |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
1419 |
|
7155
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1420 Header is ok (return True) if ORIGIN is missing and it is a GET. |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1421 Header is ok if ORIGIN matches the base url. |
|
8412
0663a7bcef6c
feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents:
8411
diff
changeset
|
1422 If this is an API call: |
|
0663a7bcef6c
feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents:
8411
diff
changeset
|
1423 |
|
0663a7bcef6c
feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents:
8411
diff
changeset
|
1424 * Header is ok if ORIGIN matches an element of allowed_api_origins. |
|
0663a7bcef6c
feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents:
8411
diff
changeset
|
1425 * Header is ok if allowed_api_origins includes '*' as first |
|
0663a7bcef6c
feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents:
8411
diff
changeset
|
1426 element and credentials is False. |
|
0663a7bcef6c
feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents:
8411
diff
changeset
|
1427 |
|
7155
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1428 Otherwise header is not ok. |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1429 |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1430 In a credentials context, if we match * we will return |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1431 header is not ok. All credentialed requests must be |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1432 explicitly matched. |
|
7150
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
1433 """ |
|
72a54826ff4f
better rest Origin check; refactor CORS preflight code.
John Rouillard <rouilj@ieee.org>
parents:
7113
diff
changeset
|
1434 |
|
7113
5c6dd791d638
bug: handle exception when origin header is missing
John Rouillard <rouilj@ieee.org>
parents:
7106
diff
changeset
|
1435 try: |
|
5c6dd791d638
bug: handle exception when origin header is missing
John Rouillard <rouilj@ieee.org>
parents:
7106
diff
changeset
|
1436 origin = self.env['HTTP_ORIGIN'] |
|
5c6dd791d638
bug: handle exception when origin header is missing
John Rouillard <rouilj@ieee.org>
parents:
7106
diff
changeset
|
1437 except KeyError: |
|
7814
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1438 return self.env['REQUEST_METHOD'] == 'GET' |
|
7113
5c6dd791d638
bug: handle exception when origin header is missing
John Rouillard <rouilj@ieee.org>
parents:
7106
diff
changeset
|
1439 |
|
6681
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1440 # note base https://host/... ends host with with a /, |
|
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1441 # so add it to origin. |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1442 foundat = self.base.find(origin + '/') |
|
6681
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1443 if foundat == 0: |
|
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1444 return True |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1445 |
|
6681
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1446 if not api: |
|
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1447 return False |
|
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1448 |
|
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1449 allowed_origins = self.db.config['WEB_ALLOWED_API_ORIGINS'] |
|
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1450 # find a match for other possible origins |
|
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1451 # Original spec says origin is case sensitive match. |
|
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1452 # Living spec doesn't address Origin value's case or |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1453 # how to compare it. So implement case sensitive.... |
|
7155
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1454 if origin in allowed_origins: |
|
7228
07ce4e4110f5
flake8 fixes: whitespace, remove unused imports
John Rouillard <rouilj@ieee.org>
parents:
7159
diff
changeset
|
1455 return True |
|
7155
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1456 # Block use of * when origin match is used for |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1457 # allowing credentials. See: |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1458 # https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS |
|
89a59e46b3af
improve REST interface security
John Rouillard <rouilj@ieee.org>
parents:
7153
diff
changeset
|
1459 # under Credentials Requests and Wildcards |
|
8192
b4d7f9358ba6
chore(ruff): return/suppress boolen directly
John Rouillard <rouilj@ieee.org>
parents:
8189
diff
changeset
|
1460 return (allowed_origins and allowed_origins[0] == '*' |
|
b4d7f9358ba6
chore(ruff): return/suppress boolen directly
John Rouillard <rouilj@ieee.org>
parents:
8189
diff
changeset
|
1461 and not credentials) |
|
6693
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1462 |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1463 def is_referer_header_ok(self, api=False): |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1464 referer = self.env['HTTP_REFERER'] |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1465 # parse referer and create an origin |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1466 referer_comp = urllib_.urlparse(referer) |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1467 |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1468 # self.base always has trailing /, so add trailing / to referer_origin |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1469 referer_origin = "%s://%s/" % (referer_comp[0], referer_comp[1]) |
|
6693
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1470 foundat = self.base.find(referer_origin) |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1471 if foundat == 0: |
|
6681
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1472 return True |
|
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1473 |
|
6693
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1474 if not api: |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1475 return False |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1476 |
|
6693
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1477 allowed_origins = self.db.config['WEB_ALLOWED_API_ORIGINS'] |
|
7074
ec8be5bd8bd6
bug: fix crash unguarded reference allowed_origins[0]
John Rouillard <rouilj@ieee.org>
parents:
7068
diff
changeset
|
1478 if allowed_origins and allowed_origins[0] == '*': |
|
6693
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1479 return True |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1480 |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1481 # For referer, loop over allowed_api_origins and |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1482 # see if any of them are a prefix to referer, case sensitive. |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1483 # Append / to each origin so that: |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1484 # an allowed_origin of https://my.host does not match |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1485 # a referer of https://my.host.com/my/path |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1486 for allowed_origin in allowed_origins: |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1487 foundat = referer_origin.find(allowed_origin + '/') |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1488 if foundat == 0: |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1489 return True |
|
6681
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1490 return False |
|
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1491 |
|
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1492 def handle_csrf(self, api=False): |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1493 '''Handle csrf token lookup and validate current user and session |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1494 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1495 This implements (or tries to implement) the |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1496 Session-Dependent Nonce from |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1497 https://seclab.stanford.edu/websec/csrf/csrf.pdf. |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1498 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1499 Changing this to an HMAC(sessionid,secret) will |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1500 remove the need for saving a fair amount of |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1501 state on the server (one nonce per form per |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1502 page). If you have multiple forms/page this can |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1503 lead to abandoned csrf tokens that have to time |
|
5946
1b50c2c5619a
Fix crash bug where looking for @csrf in a form failed.
John Rouillard <rouilj@ieee.org>
parents:
5934
diff
changeset
|
1504 out and get cleaned up. But you lose per form |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1505 tokens which may be an advantage. Also the HMAC |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1506 is constant for the session, so provides more |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1507 occasions for it to be exposed. |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1508 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1509 This only runs on post (or put and delete for |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1510 future use). Nobody should be changing data |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1511 with a get. |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1512 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1513 A session token lifetime is settable in |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1514 config.ini. A future enhancement to the |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1515 creation routines should allow for the requester |
|
5946
1b50c2c5619a
Fix crash bug where looking for @csrf in a form failed.
John Rouillard <rouilj@ieee.org>
parents:
5934
diff
changeset
|
1516 of the token to set the lifetime. |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1517 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1518 The unique session key and user id is stored |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1519 with the token. The token is valid if the stored |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1520 values match the current client's userid and |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1521 session. |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1522 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1523 If a user logs out, the csrf keys are |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1524 invalidated since no other connection should |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1525 have the same session id. |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1526 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1527 At least to start I am reporting anti-csrf to |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1528 the user. If it's an attacker who can see the |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1529 site, they can see the @csrf fields and can |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1530 probably figure out that he needs to supply |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1531 valid headers. Or they can just read this code |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1532 8-). So hiding it doesn't seem to help but it |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1533 does arguably show the enforcement settings, but |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1534 given the newness of this code notifying the |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1535 user and having them notify the admins for |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1536 debugging seems to be an advantage. |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1537 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1538 ''' |
|
5210
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1539 # Create the otks handle here as we need it almost immediately. |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1540 # If this is perf issue, set to None here and check below |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1541 # once all header checks have passed if it needs to be opened. |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1542 otks = self.db.getOTKManager() |
|
5210
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1543 |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1544 # Assume: never allow changes via GET |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1545 if self.env['REQUEST_METHOD'] not in ['POST', 'PUT', 'DELETE']: |
|
5946
1b50c2c5619a
Fix crash bug where looking for @csrf in a form failed.
John Rouillard <rouilj@ieee.org>
parents:
5934
diff
changeset
|
1546 if (self.form.list is not None) and ("@csrf" in self.form): |
|
5210
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1547 # We have a nonce being used with a method it should |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1548 # not be. If the nonce exists, report to admin so they |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1549 # can fix the nonce leakage and destroy it. (nonces |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1550 # used in a get are more exposed than those used in a |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1551 # post.) Note, I don't attempt to validate here since |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1552 # existence here is the sign of a failure. If nonce |
|
5210
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1553 # exists try to report the referer header to try to |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1554 # find where this comes from so it can be fixed. If |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1555 # nonce doesn't exist just ignore it. Maybe we should |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1556 # report, but somebody could spam us with a ton of |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1557 # invalid keys and fill up the logs. |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1558 if 'HTTP_REFERER' in self.env: |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1559 referer = self.env['HTTP_REFERER'] |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1560 else: |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1561 referer = self._("Referer header not available.") |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1562 key = self.form['@csrf'].value |
|
5210
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1563 if otks.exists(key): |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1564 logger.error( |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1565 self._("csrf key used with wrong method from: %s"), |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1566 referer) |
|
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1567 otks.destroy(key) |
|
5319
62de601bdf6f
Fix commits although a Reject exception is raised
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
1568 otks.commit() |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1569 # do return here. Keys have been obsoleted. |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1570 # we didn't do a expire cycle of session keys, |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1571 # but that's ok. |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1572 return True |
|
5210
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1573 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1574 config = self.instance.config |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1575 current_user = self.db.getuid() |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1576 |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1577 # List HTTP headers we check. Note that the xmlrpc header is |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1578 # missing. Its enforcement is different (yes/required are the |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1579 # same for example) so we don't include here. |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1580 header_names = [ |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1581 "ORIGIN", |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1582 "REFERER", |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1583 "X-FORWARDED-HOST", |
|
7814
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1584 "HOST", |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1585 ] |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1586 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1587 header_pass = 0 # count of passing header checks |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1588 |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1589 # If required headers are missing, raise an error |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1590 for header in header_names: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1591 if (config["WEB_CSRF_ENFORCE_HEADER_%s" % header] == 'required' |
|
5624
b3618882f906
issue2551023: Fix CSRF headers for use with wsgi and cgi. The
John Rouillard <rouilj@ieee.org>
parents:
5615
diff
changeset
|
1592 and "HTTP_%s" % header.replace('-', '_') not in self.env): |
|
7058
7259ce224d65
Fix internationalized strings with multiple unlabeled % replacements.
John Rouillard <rouilj@ieee.org>
parents:
6977
diff
changeset
|
1593 logger.error(self._( |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1594 ''"csrf header %(header)s required but missing " |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1595 ''"for user%(userid)s.") % { |
|
7058
7259ce224d65
Fix internationalized strings with multiple unlabeled % replacements.
John Rouillard <rouilj@ieee.org>
parents:
6977
diff
changeset
|
1596 'header': header, |
|
7259ce224d65
Fix internationalized strings with multiple unlabeled % replacements.
John Rouillard <rouilj@ieee.org>
parents:
6977
diff
changeset
|
1597 'userid': current_user}) |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1598 raise Unauthorised(self._("Missing header: %s") % header) |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1599 |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1600 # self.base always matches: ^https?://hostname |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1601 enforce = config['WEB_CSRF_ENFORCE_HEADER_REFERER'] |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1602 if 'HTTP_REFERER' in self.env and enforce != "no": |
|
6693
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1603 if not self.is_referer_header_ok(api=api): |
|
9a1f5e496e6c
issue2551203 - Add support for CORS preflight request
John Rouillard <rouilj@ieee.org>
parents:
6681
diff
changeset
|
1604 referer = self.env['HTTP_REFERER'] |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1605 logmsg = self._( |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1606 ''"csrf Referer header check failed for user%(userid)s. " |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1607 ''"Value=%(referer)s") % {'userid': current_user, |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1608 'referer': referer} |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1609 if enforce in ('required', 'yes'): |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1610 logger.error(logmsg) |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1611 raise Unauthorised(self._("Invalid Referer: %s") % ( |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1612 referer)) |
|
8203
ef1333b153e3
chore(ruff): changes to else/elif and nested ifs to reduce nesting
John Rouillard <rouilj@ieee.org>
parents:
8202
diff
changeset
|
1613 if enforce == 'logfailure': |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1614 logger.warning(logmsg) |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1615 else: |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1616 header_pass += 1 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1617 |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1618 # if you change these make sure to consider what |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1619 # happens if header variable exists but is empty. |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1620 # self.base.find("") returns 0 for example not -1 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1621 enforce = config['WEB_CSRF_ENFORCE_HEADER_ORIGIN'] |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1622 if 'HTTP_ORIGIN' in self.env and enforce != "no": |
|
6681
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1623 if not self.is_origin_header_ok(api=api): |
|
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1624 origin = self.env['HTTP_ORIGIN'] |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1625 logmsg = self._( |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1626 ''"csrf Origin header check failed for user%(userid)s. " |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1627 ''"Value=%(origin)s") % { |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1628 'userid': current_user, 'origin': origin} |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1629 if enforce in ('required', 'yes'): |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1630 logger.error(logmsg) |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1631 raise Unauthorised(self._("Invalid Origin %s" % origin)) |
|
8203
ef1333b153e3
chore(ruff): changes to else/elif and nested ifs to reduce nesting
John Rouillard <rouilj@ieee.org>
parents:
8202
diff
changeset
|
1632 if enforce == 'logfailure': |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1633 logger.warning(logmsg) |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1634 else: |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1635 header_pass += 1 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1636 |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1637 enforce = config['WEB_CSRF_ENFORCE_HEADER_X-FORWARDED-HOST'] |
|
5624
b3618882f906
issue2551023: Fix CSRF headers for use with wsgi and cgi. The
John Rouillard <rouilj@ieee.org>
parents:
5615
diff
changeset
|
1638 if 'HTTP_X_FORWARDED_HOST' in self.env: |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1639 if enforce != "no": |
|
5624
b3618882f906
issue2551023: Fix CSRF headers for use with wsgi and cgi. The
John Rouillard <rouilj@ieee.org>
parents:
5615
diff
changeset
|
1640 host = self.env['HTTP_X_FORWARDED_HOST'] |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1641 foundat = self.base.find('://' + host + '/') |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1642 # 4 means self.base has http:/ prefix, 5 means https:/ prefix |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1643 if foundat not in [4, 5]: |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1644 logmsg = self._( |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1645 ''"csrf X-FORWARDED-HOST header check failed " |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1646 ''"for user%(userid)s. Value=%(host)s") % { |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1647 'userid': current_user, 'host': host} |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1648 if enforce in ('required', 'yes'): |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1649 logger.error(logmsg) |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1650 raise Unauthorised(self._( |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1651 "Invalid X-FORWARDED-HOST %s") % host) |
|
8203
ef1333b153e3
chore(ruff): changes to else/elif and nested ifs to reduce nesting
John Rouillard <rouilj@ieee.org>
parents:
8202
diff
changeset
|
1652 if enforce == 'logfailure': |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1653 logger.warning(logmsg) |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1654 else: |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1655 header_pass += 1 |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1656 else: |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1657 # https://seclab.stanford.edu/websec/csrf/csrf.pdf |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1658 # recommends checking HTTP HOST header as well. |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1659 # If there is an X-FORWARDED-HOST header, check |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1660 # that only. The proxy setting X-F-H has probably set |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1661 # the host header to a local hostname that is |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1662 # internal name of system not name supplied by user. |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1663 enforce = config['WEB_CSRF_ENFORCE_HEADER_HOST'] |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1664 if 'HTTP_HOST' in self.env and enforce != "no": |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1665 host = self.env['HTTP_HOST'] |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1666 foundat = self.base.find('://' + host + '/') |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1667 # 4 means http:// prefix, 5 means https:// prefix |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1668 if foundat not in [4, 5]: |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1669 logmsg = self._( |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1670 ''"csrf HOST header check failed for " |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1671 ''"user%(userid)s. Value=%(host)s") % { |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1672 'userid': current_user, 'host': host} |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1673 if enforce in ('required', 'yes'): |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1674 logger.error(logmsg) |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1675 raise Unauthorised(self._("Invalid HOST %s") % host) |
|
8203
ef1333b153e3
chore(ruff): changes to else/elif and nested ifs to reduce nesting
John Rouillard <rouilj@ieee.org>
parents:
8202
diff
changeset
|
1676 if enforce == 'logfailure': |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1677 logger.warning(logmsg) |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1678 else: |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1679 header_pass += 1 |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1680 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1681 enforce = config['WEB_CSRF_HEADER_MIN_COUNT'] |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1682 if header_pass < enforce: |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1683 logger.error(self._("Csrf: unable to verify sufficient headers")) |
|
5378
35ea9b1efc14
Python 3 preparation: "raise" syntax.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5356
diff
changeset
|
1684 raise UsageError(self._("Unable to verify sufficient headers")) |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1685 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1686 enforce = config['WEB_CSRF_ENFORCE_HEADER_X-REQUESTED-WITH'] |
|
7814
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1687 if api and enforce in ['required', 'yes']: |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1688 # if we get here we have usually passed at least one |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1689 # header check. We check for presence of this custom |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1690 # header for xmlrpc/rest calls only. |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1691 # E.G. X-Requested-With: XMLHttpRequest |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1692 # Note we do not use CSRF nonces for xmlrpc/rest requests. |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1693 # |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1694 # see: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Protecting_REST_Services:_Use_of_Custom_Request_Headers |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1695 if 'HTTP_X_REQUESTED_WITH' not in self.env: |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1696 logger.error(self._( |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1697 ''"csrf X-REQUESTED-WITH xmlrpc required header " |
|
8279
80105cd30368
refactor: translator hint that 'user%s' should not be 'user %s'
John Rouillard <rouilj@ieee.org>
parents:
8268
diff
changeset
|
1698 ''"check failed for user%(userid)s."), |
|
80105cd30368
refactor: translator hint that 'user%s' should not be 'user %s'
John Rouillard <rouilj@ieee.org>
parents:
8268
diff
changeset
|
1699 {"userid": current_user}) |
|
7814
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1700 raise UsageError(self._("Required Header Missing")) |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1701 |
|
5211
f4b6a2a3e605
Fix expiration dates and expire csrf tokens properly
John Rouillard <rouilj@ieee.org>
parents:
5210
diff
changeset
|
1702 # Expire old csrf tokens now so we don't use them. These will |
|
f4b6a2a3e605
Fix expiration dates and expire csrf tokens properly
John Rouillard <rouilj@ieee.org>
parents:
5210
diff
changeset
|
1703 # be committed after the otks.destroy below. Note that the |
|
f4b6a2a3e605
Fix expiration dates and expire csrf tokens properly
John Rouillard <rouilj@ieee.org>
parents:
5210
diff
changeset
|
1704 # self.clean_up run as part of determine_user() will run only |
|
f4b6a2a3e605
Fix expiration dates and expire csrf tokens properly
John Rouillard <rouilj@ieee.org>
parents:
5210
diff
changeset
|
1705 # once an hour. If we have short lived (e.g. 5 minute) keys |
|
f4b6a2a3e605
Fix expiration dates and expire csrf tokens properly
John Rouillard <rouilj@ieee.org>
parents:
5210
diff
changeset
|
1706 # they will live too long if we depend on clean_up. So we do |
|
f4b6a2a3e605
Fix expiration dates and expire csrf tokens properly
John Rouillard <rouilj@ieee.org>
parents:
5210
diff
changeset
|
1707 # our own. |
|
f4b6a2a3e605
Fix expiration dates and expire csrf tokens properly
John Rouillard <rouilj@ieee.org>
parents:
5210
diff
changeset
|
1708 otks.clean() |
|
f4b6a2a3e605
Fix expiration dates and expire csrf tokens properly
John Rouillard <rouilj@ieee.org>
parents:
5210
diff
changeset
|
1709 |
|
6681
ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
John Rouillard <rouilj@ieee.org>
parents:
6658
diff
changeset
|
1710 if api: |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1711 # Save removal of expired keys from database. |
|
5319
62de601bdf6f
Fix commits although a Reject exception is raised
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
1712 otks.commit() |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1713 # Return from here since we have done housekeeping |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1714 # and don't use csrf tokens for xmlrpc. |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1715 return True |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1716 |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1717 # process @csrf tokens past this point. |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1718 key = None |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1719 nonce_user = None |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1720 nonce_session = None |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1721 |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1722 if '@csrf' in self.form: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1723 key = self.form['@csrf'].value |
|
5210
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1724 |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1725 nonce_user = otks.get(key, 'uid', default=None) |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1726 nonce_session = otks.get(key, 'sid', default=None) |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1727 # The key has been used or compromised. |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1728 # Delete it to prevent replay. |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1729 otks.destroy(key) |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1730 |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1731 # commit the deletion/expiration of all keys |
|
5319
62de601bdf6f
Fix commits although a Reject exception is raised
Ralf Schlatterbeck <rsc@runtux.com>
parents:
5248
diff
changeset
|
1732 otks.commit() |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1733 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1734 enforce = config['WEB_CSRF_ENFORCE_TOKEN'] |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1735 if key is None: # we do not have an @csrf token |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1736 if enforce == 'required': |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1737 logger.error(self._( |
|
8279
80105cd30368
refactor: translator hint that 'user%s' should not be 'user %s'
John Rouillard <rouilj@ieee.org>
parents:
8268
diff
changeset
|
1738 "Required csrf field missing for user%(userid)s"), |
|
80105cd30368
refactor: translator hint that 'user%s' should not be 'user %s'
John Rouillard <rouilj@ieee.org>
parents:
8268
diff
changeset
|
1739 {"userid": current_user}) |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1740 raise UsageError(self._( |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1741 ''"We can't validate your session (csrf failure). " |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1742 ''"Re-enter any unsaved data and try again.")) |
|
8203
ef1333b153e3
chore(ruff): changes to else/elif and nested ifs to reduce nesting
John Rouillard <rouilj@ieee.org>
parents:
8202
diff
changeset
|
1743 if enforce == 'logfailure': |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1744 # FIXME include url |
|
8279
80105cd30368
refactor: translator hint that 'user%s' should not be 'user %s'
John Rouillard <rouilj@ieee.org>
parents:
8268
diff
changeset
|
1745 logger.warning(self._( |
|
80105cd30368
refactor: translator hint that 'user%s' should not be 'user %s'
John Rouillard <rouilj@ieee.org>
parents:
8268
diff
changeset
|
1746 "csrf field not supplied by user%(userid)s"), |
|
80105cd30368
refactor: translator hint that 'user%s' should not be 'user %s'
John Rouillard <rouilj@ieee.org>
parents:
8268
diff
changeset
|
1747 {"userid": current_user}) |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1748 else: |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1749 # enforce is either yes or no. Both permit change if token is |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1750 # missing |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1751 return True |
|
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1752 |
|
5211
f4b6a2a3e605
Fix expiration dates and expire csrf tokens properly
John Rouillard <rouilj@ieee.org>
parents:
5210
diff
changeset
|
1753 current_session = self.session_api._sid |
|
f4b6a2a3e605
Fix expiration dates and expire csrf tokens properly
John Rouillard <rouilj@ieee.org>
parents:
5210
diff
changeset
|
1754 |
|
5210
7da56980754d
Remove csrf keys used with get
John Rouillard <rouilj@ieee.org>
parents:
5202
diff
changeset
|
1755 # validate against user and session |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1756 if current_user != nonce_user: |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1757 logmsg = self._( |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1758 ''"Csrf mismatch user: current user %(user)s != stored " |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1759 ''"user %(stored)s, current session, stored session: " |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1760 ''"%(cur_sess)s,%(stor_sess)s for key %(key)s.") % { |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1761 'user': current_user, |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1762 'stored': nonce_user, |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1763 'cur_sess': current_session, |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1764 'stor_sess': nonce_session, |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1765 'key': key} |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1766 if enforce in ('required', 'yes'): |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1767 logger.error(logmsg) |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1768 raise UsageError(self._( |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1769 ''"We can't validate your session (csrf failure). " |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1770 ''"Re-enter any unsaved data and try again.")) |
|
8203
ef1333b153e3
chore(ruff): changes to else/elif and nested ifs to reduce nesting
John Rouillard <rouilj@ieee.org>
parents:
8202
diff
changeset
|
1771 if enforce == 'logfailure': |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1772 logger.warning(logmsg) |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1773 |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1774 if current_session != nonce_session: |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1775 logmsg = self._( |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1776 ''"Csrf mismatch user: current session %(curr_sess)s " |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1777 ''"!= stored session %(stor_sess)s, current user/stored " |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1778 ''"user is: %(user)s for key %(key)s.") % { |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1779 'curr_sess': current_session, |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1780 'stor_sess': nonce_session, |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1781 'user': current_user, |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1782 'key': key} |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1783 if enforce in ('required', 'yes'): |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1784 logger.error(logmsg) |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1785 raise UsageError(self._( |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1786 ''"We can't validate your session (csrf failure). " |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1787 ''"Re-enter any unsaved data and try again.")) |
|
8203
ef1333b153e3
chore(ruff): changes to else/elif and nested ifs to reduce nesting
John Rouillard <rouilj@ieee.org>
parents:
8202
diff
changeset
|
1788 if enforce == 'logfailure': |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
1789 logger.warning(logmsg) |
|
7058
7259ce224d65
Fix internationalized strings with multiple unlabeled % replacements.
John Rouillard <rouilj@ieee.org>
parents:
6977
diff
changeset
|
1790 |
|
5220
14d8f61e6ef2
Reimplemented anti-csrf measures by raising exceptions rather than
John Rouillard <rouilj@ieee.org>
parents:
5218
diff
changeset
|
1791 # we are done and the change can occur. |
|
5201
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1792 return True |
|
a9ace22e0a2f
issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents:
5188
diff
changeset
|
1793 |
|
2940
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1794 def opendb(self, username): |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1795 """Open the database and set the current user. |
|
2940
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1796 |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1797 Opens a database once. On subsequent calls only the user is set on |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1798 the database object the instance.optimize is set. If we are in |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1799 "Development Mode" (cf. roundup_server) then the database is always |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1800 re-opened. |
|
3427
198fe87b0254
add language detection (patch [SF#1360321])
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3396
diff
changeset
|
1801 """ |
|
2940
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1802 # don't do anything if the db is open and the user has not changed |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1803 if hasattr(self, 'db') and self.db.isCurrentUser(username): |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1804 return |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1805 |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1806 # open the database or only set the user |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1807 if not hasattr(self, 'db'): |
|
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1808 self.db = self.instance.open(username) |
|
7814
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1809 elif self.instance.optimize: |
|
2940
00f609d53a8c
tweaks to last patch
Richard Jones <richard@users.sourceforge.net>
parents:
2938
diff
changeset
|
1810 self.db.setCurrentUser(username) |
|
7814
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1811 else: |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1812 self.db.close() |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1813 self.db = self.instance.open(username) |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1814 # The old session API refers to the closed database; |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1815 # we can no longer use it. |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1816 self.session_api = Session(self) |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
1817 |
|
7815
f11c982f01c8
chore(refactor): extract setting of db.tx_source out of if tree
John Rouillard <rouilj@ieee.org>
parents:
7814
diff
changeset
|
1818 self.db.tx_Source = "web" |
|
f11c982f01c8
chore(refactor): extract setting of db.tx_source out of if tree
John Rouillard <rouilj@ieee.org>
parents:
7814
diff
changeset
|
1819 |
|
6977
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1820 # match designator in URL stripping leading 0's. So: |
|
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1821 # https://issues.roundup-tracker.org/issue002551190 is the same as |
|
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1822 # https://issues.roundup-tracker.org/issue2551190 |
|
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1823 # Note: id's are strings not numbers so "02" != "2" but 02 == 2 |
|
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1824 dre_url = re.compile(r'([^\d]+)0*(\d+)') |
|
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1825 |
|
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1826 def determine_context(self, dre=dre_url): |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1827 """Determine the context of this page from the URL: |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1828 |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1829 The URL path after the instance identifier is examined. The path |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1830 is generally only one entry long. |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1831 |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1832 - if there is no path, then we are in the "home" context. |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1833 - if the path is "_file", then the additional path entry |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1834 specifies the filename of a static file we're to serve up |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1835 from the instance "html" directory. Raises a SendStaticFile |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1836 exception.(*) |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1837 - if there is something in the path (eg "issue"), it identifies |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1838 the tracker class we're to display. |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1839 - if the path is an item designator (eg "issue123"), then we're |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1840 to display a specific item. |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1841 - if the path starts with an item designator and is longer than |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1842 one entry, then we're assumed to be handling an item of a |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1843 FileClass, and the extra path information gives the filename |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1844 that the client is going to label the download with (ie |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1845 "file123/image.png" is nicer to download than "file123"). This |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1846 raises a SendFile exception.(*) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1847 |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1848 Both of the "*" types of contexts stop before we bother to |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1849 determine the template we're going to use. That's because they |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1850 don't actually use templates. |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1851 |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1852 The template used is specified by the :template CGI variable, |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1853 which defaults to: |
|
1053
b28393def972
more explanatory docsting
Richard Jones <richard@users.sourceforge.net>
parents:
1051
diff
changeset
|
1854 |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1855 - only classname suplied: "index" |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1856 - full item designator supplied: "item" |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1857 |
|
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1858 We set: |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1859 |
|
1041
c28603c9f831
Class help and generic class editing done.
Richard Jones <richard@users.sourceforge.net>
parents:
1029
diff
changeset
|
1860 self.classname - the class to display, can be None |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1861 |
|
1041
c28603c9f831
Class help and generic class editing done.
Richard Jones <richard@users.sourceforge.net>
parents:
1029
diff
changeset
|
1862 self.template - the template to render the current context with |
|
2005
fc52d57c6c3e
documentation cleanup
Richard Jones <richard@users.sourceforge.net>
parents:
2004
diff
changeset
|
1863 |
|
1041
c28603c9f831
Class help and generic class editing done.
Richard Jones <richard@users.sourceforge.net>
parents:
1029
diff
changeset
|
1864 self.nodeid - the nodeid of the class we're displaying |
|
1937
4c850112895b
Some reformatting and fixing docstrings for emacs.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
1936
diff
changeset
|
1865 """ |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1866 # default the optional variables |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1867 self.classname = None |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1868 self.nodeid = None |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1869 |
|
1420
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1870 # see if a template or messages are specified |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1871 template_override = ok_message = error_message = None |
|
4801
bff9e4145f70
Fix another instance of a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4800
diff
changeset
|
1872 try: |
|
bff9e4145f70
Fix another instance of a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4800
diff
changeset
|
1873 keys = self.form.keys() |
|
bff9e4145f70
Fix another instance of a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4800
diff
changeset
|
1874 except TypeError: |
|
bff9e4145f70
Fix another instance of a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4800
diff
changeset
|
1875 keys = () |
|
bff9e4145f70
Fix another instance of a TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4800
diff
changeset
|
1876 for key in keys: |
|
1420
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1877 if self.FV_TEMPLATE.match(key): |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1878 template_override = self.form[key].value |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1879 elif self.FV_OK_MESSAGE.match(key): |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1880 ok_message = self.form[key].value |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1881 elif self.FV_ERROR_MESSAGE.match(key): |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1882 error_message = self.form[key].value |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1883 |
|
1977
f96592a7c357
changes to support the new templating Unauthorised exception.
Richard Jones <richard@users.sourceforge.net>
parents:
1973
diff
changeset
|
1884 # see if we were passed in a message |
|
f96592a7c357
changes to support the new templating Unauthorised exception.
Richard Jones <richard@users.sourceforge.net>
parents:
1973
diff
changeset
|
1885 if ok_message: |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
1886 self.add_ok_message(ok_message) |
|
1977
f96592a7c357
changes to support the new templating Unauthorised exception.
Richard Jones <richard@users.sourceforge.net>
parents:
1973
diff
changeset
|
1887 if error_message: |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
1888 self.add_error_message(error_message) |
|
1977
f96592a7c357
changes to support the new templating Unauthorised exception.
Richard Jones <richard@users.sourceforge.net>
parents:
1973
diff
changeset
|
1889 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1890 # determine the classname and possibly nodeid |
|
1157
26c8cb2162d7
fixed various URL / base URL issues
Richard Jones <richard@users.sourceforge.net>
parents:
1153
diff
changeset
|
1891 path = self.path.split('/') |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1892 if not path or path[0] in ('', 'home', 'index'): |
|
1420
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1893 if template_override is not None: |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1894 self.template = template_override |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1895 else: |
|
1041
c28603c9f831
Class help and generic class editing done.
Richard Jones <richard@users.sourceforge.net>
parents:
1029
diff
changeset
|
1896 self.template = '' |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1897 return |
|
7814
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
1898 if path[0] in ('_file', '@@file'): |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1899 raise SendStaticFile(os.path.join(*path[1:])) |
|
8203
ef1333b153e3
chore(ruff): changes to else/elif and nested ifs to reduce nesting
John Rouillard <rouilj@ieee.org>
parents:
8202
diff
changeset
|
1900 |
|
ef1333b153e3
chore(ruff): changes to else/elif and nested ifs to reduce nesting
John Rouillard <rouilj@ieee.org>
parents:
8202
diff
changeset
|
1901 self.classname = path[0] |
|
ef1333b153e3
chore(ruff): changes to else/elif and nested ifs to reduce nesting
John Rouillard <rouilj@ieee.org>
parents:
8202
diff
changeset
|
1902 if len(path) > 1: |
|
ef1333b153e3
chore(ruff): changes to else/elif and nested ifs to reduce nesting
John Rouillard <rouilj@ieee.org>
parents:
8202
diff
changeset
|
1903 # send the file identified by the designator in path[0] |
|
ef1333b153e3
chore(ruff): changes to else/elif and nested ifs to reduce nesting
John Rouillard <rouilj@ieee.org>
parents:
8202
diff
changeset
|
1904 raise SendFile(path[0]) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1905 |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1906 # see if we got a designator |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1907 m = dre.match(self.classname) |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1908 if m: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1909 self.classname = m.group(1) |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1910 self.nodeid = m.group(2) |
|
3494
5a56abcf1b22
catch bad classname in URL (related to [SF#1240541])
Richard Jones <richard@users.sourceforge.net>
parents:
3453
diff
changeset
|
1911 try: |
|
5a56abcf1b22
catch bad classname in URL (related to [SF#1240541])
Richard Jones <richard@users.sourceforge.net>
parents:
3453
diff
changeset
|
1912 klass = self.db.getclass(self.classname) |
|
5a56abcf1b22
catch bad classname in URL (related to [SF#1240541])
Richard Jones <richard@users.sourceforge.net>
parents:
3453
diff
changeset
|
1913 except KeyError: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1914 raise NotFound('%s/%s' % (self.classname, self.nodeid)) |
|
5555
7b663b588292
Don't pass huge itemids into the backend.
martin.v.loewis <martin.v.loewis>
parents:
5554
diff
changeset
|
1915 if int(self.nodeid) > 2**31: |
|
7b663b588292
Don't pass huge itemids into the backend.
martin.v.loewis <martin.v.loewis>
parents:
5554
diff
changeset
|
1916 # Postgres will complain with a ProgrammingError |
|
7b663b588292
Don't pass huge itemids into the backend.
martin.v.loewis <martin.v.loewis>
parents:
5554
diff
changeset
|
1917 # if we try to pass in numbers that are too large |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1918 raise NotFound('%s/%s' % (self.classname, self.nodeid)) |
|
3494
5a56abcf1b22
catch bad classname in URL (related to [SF#1240541])
Richard Jones <richard@users.sourceforge.net>
parents:
3453
diff
changeset
|
1919 if not klass.hasnode(self.nodeid): |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
1920 raise NotFound('%s/%s' % (self.classname, self.nodeid)) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1921 # with a designator, we default to item view |
|
1041
c28603c9f831
Class help and generic class editing done.
Richard Jones <richard@users.sourceforge.net>
parents:
1029
diff
changeset
|
1922 self.template = 'item' |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1923 else: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1924 # with only a class, we default to index view |
|
1041
c28603c9f831
Class help and generic class editing done.
Richard Jones <richard@users.sourceforge.net>
parents:
1029
diff
changeset
|
1925 self.template = 'index' |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1926 |
|
1288
ad8de51d7cd5
handle "classname" URL path errors cleaner (generate a 404)
Richard Jones <richard@users.sourceforge.net>
parents:
1277
diff
changeset
|
1927 # make sure the classname is valid |
|
ad8de51d7cd5
handle "classname" URL path errors cleaner (generate a 404)
Richard Jones <richard@users.sourceforge.net>
parents:
1277
diff
changeset
|
1928 try: |
|
ad8de51d7cd5
handle "classname" URL path errors cleaner (generate a 404)
Richard Jones <richard@users.sourceforge.net>
parents:
1277
diff
changeset
|
1929 self.db.getclass(self.classname) |
|
ad8de51d7cd5
handle "classname" URL path errors cleaner (generate a 404)
Richard Jones <richard@users.sourceforge.net>
parents:
1277
diff
changeset
|
1930 except KeyError: |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1931 raise NotFound(self.classname) |
|
1288
ad8de51d7cd5
handle "classname" URL path errors cleaner (generate a 404)
Richard Jones <richard@users.sourceforge.net>
parents:
1277
diff
changeset
|
1932 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1933 # see if we have a template override |
|
1420
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1934 if template_override is not None: |
|
3ac43c62a250
implemented extension to form parsing...
Richard Jones <richard@users.sourceforge.net>
parents:
1417
diff
changeset
|
1935 self.template = template_override |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1936 |
|
8411
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1937 def reauth(self, exception): |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1938 """Processing for a Reauth exception raised from an auditor. |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1939 |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1940 Can be overridden by code in tracker's interfaces.py. |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1941 """ |
|
8502
dfecb240bc34
chore: ruff whitespace fixes.
John Rouillard <rouilj@ieee.org>
parents:
8500
diff
changeset
|
1942 |
|
8500
b03160d46e9d
bug: don't reference vendored outside of anypy modules
John Rouillard <rouilj@ieee.org>
parents:
8446
diff
changeset
|
1943 from roundup.anypy.cgi_ import MiniFieldStorage |
|
8411
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1944 |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1945 original_action = self.form['@action'].value if '@action' \ |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1946 in self.form else "" |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1947 original_template = self.template |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1948 |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1949 self.template = 'reauth' |
|
8502
dfecb240bc34
chore: ruff whitespace fixes.
John Rouillard <rouilj@ieee.org>
parents:
8500
diff
changeset
|
1950 self.form.list = [x for x in self.form.list |
|
dfecb240bc34
chore: ruff whitespace fixes.
John Rouillard <rouilj@ieee.org>
parents:
8500
diff
changeset
|
1951 if x.name not in ('@action', |
|
dfecb240bc34
chore: ruff whitespace fixes.
John Rouillard <rouilj@ieee.org>
parents:
8500
diff
changeset
|
1952 '@csrf', |
|
dfecb240bc34
chore: ruff whitespace fixes.
John Rouillard <rouilj@ieee.org>
parents:
8500
diff
changeset
|
1953 '@template' |
|
dfecb240bc34
chore: ruff whitespace fixes.
John Rouillard <rouilj@ieee.org>
parents:
8500
diff
changeset
|
1954 )] |
|
8411
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1955 |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1956 # save the action and template used when the Reauth as |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1957 # triggered. Will be used to resolve the change by the reauth |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1958 # action when when reauth password verified. |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1959 if '@next_action' not in self.form.list: |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1960 self.form.list.append(MiniFieldStorage('@next_action', |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1961 original_action)) |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1962 if '@next_template' not in self.form.list: |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1963 self.form.list.append(MiniFieldStorage('@next_template', |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1964 original_template)) |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1965 |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1966 if exception.args and "@reauth_message" not in self.form.list: |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1967 self.form.list.append( |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1968 MiniFieldStorage('@reauth_message', |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1969 html_escape(exception.args[0]) |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1970 ) |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1971 ) |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1972 |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1973 self.write_html(self.renderContext()) |
|
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
1974 |
|
6977
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1975 # re for splitting designator, see also dre_url above this one |
|
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1976 # doesn't strip leading 0's from the id. Why not?? |
|
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1977 dre = re.compile(r'([^\d]+)(\d+)') |
|
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1978 |
|
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
1979 def serve_file(self, designator, dre=dre): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
1980 """ Serve the file from the content property of the designated item. |
|
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
1981 """ |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1982 m = dre.match(str(designator)) |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1983 if not m: |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1984 raise NotFound(str(designator)) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1985 classname, nodeid = m.group(1), m.group(2) |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
1986 |
|
4263
bd000a1e9a57
Robustify web interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4224
diff
changeset
|
1987 try: |
|
bd000a1e9a57
Robustify web interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4224
diff
changeset
|
1988 klass = self.db.getclass(classname) |
|
bd000a1e9a57
Robustify web interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4224
diff
changeset
|
1989 except KeyError: |
|
bd000a1e9a57
Robustify web interface.
Stefan Seefeld <stefan@seefeld.name>
parents:
4224
diff
changeset
|
1990 # The classname was not valid. |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1991 raise NotFound(str(designator)) |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
1992 |
|
4326
d51a9c498dc4
Fix "Web Access" permission check to allow serving of static files to Anonymous again
Richard Jones <richard@users.sourceforge.net>
parents:
4291
diff
changeset
|
1993 # perform the Anonymous user access check |
|
4327
095d92109cc7
allow Anonymous users to log in, and register
Richard Jones <richard@users.sourceforge.net>
parents:
4326
diff
changeset
|
1994 self.check_anonymous_access() |
|
1946
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
1995 |
|
1967
d30cd44321f2
commit old file-serving bugfix, and new pt content-type fix
Richard Jones <richard@users.sourceforge.net>
parents:
1946
diff
changeset
|
1996 # make sure we have the appropriate properties |
|
d30cd44321f2
commit old file-serving bugfix, and new pt content-type fix
Richard Jones <richard@users.sourceforge.net>
parents:
1946
diff
changeset
|
1997 props = klass.getprops() |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1998 if 'type' not in props: |
|
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
1999 raise NotFound(designator) |
|
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
2000 if 'content' not in props: |
|
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
2001 raise NotFound(designator) |
|
1967
d30cd44321f2
commit old file-serving bugfix, and new pt content-type fix
Richard Jones <richard@users.sourceforge.net>
parents:
1946
diff
changeset
|
2002 |
|
2870
795cdba40c05
enforce View Permission when serving file content [SF#1050470]
Richard Jones <richard@users.sourceforge.net>
parents:
2864
diff
changeset
|
2003 # make sure we have permission |
|
795cdba40c05
enforce View Permission when serving file content [SF#1050470]
Richard Jones <richard@users.sourceforge.net>
parents:
2864
diff
changeset
|
2004 if not self.db.security.hasPermission('View', self.userid, |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2005 classname, 'content', nodeid): |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
2006 raise Unauthorised(self._("You are not allowed to view " |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2007 "this file.")) |
|
4962
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
2008 |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
2009 # --- mime-type security |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
2010 # mime type detection is performed in cgi.form_parser |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
2011 |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
2012 if self.instance.config['WEB_ALLOW_HTML_FILE']: |
|
8039
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
2013 self.mime_type_allowlist.append('text/html') |
|
4962
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
2014 |
|
4530
c1c395058dee
issue2550715: IndexError when requesting non-existing file via http.
Bernhard Reiter <Bernhard.Reiter@intevation.de>
parents:
4523
diff
changeset
|
2015 try: |
|
c1c395058dee
issue2550715: IndexError when requesting non-existing file via http.
Bernhard Reiter <Bernhard.Reiter@intevation.de>
parents:
4523
diff
changeset
|
2016 mime_type = klass.get(nodeid, 'type') |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
2017 except IndexError as e: |
|
4530
c1c395058dee
issue2550715: IndexError when requesting non-existing file via http.
Bernhard Reiter <Bernhard.Reiter@intevation.de>
parents:
4523
diff
changeset
|
2018 raise NotFound(e) |
|
4291
b1772fdb09d0
Fix traceback on .../msgN/ url...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4265
diff
changeset
|
2019 # Can happen for msg class: |
|
b1772fdb09d0
Fix traceback on .../msgN/ url...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4265
diff
changeset
|
2020 if not mime_type: |
|
b1772fdb09d0
Fix traceback on .../msgN/ url...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4265
diff
changeset
|
2021 mime_type = 'text/plain' |
|
4047
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
2022 |
|
8039
e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
John Rouillard <rouilj@ieee.org>
parents:
8021
diff
changeset
|
2023 if mime_type not in self.mime_type_allowlist: |
|
4962
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
2024 mime_type = 'application/octet-stream' |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
2025 |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
2026 # --/ mime-type security |
|
63c31b18b955
Fix issue 2550848: HTML attachments should not be served as text/html
anatoly techtonik <techtonik@gmail.com>
parents:
4919
diff
changeset
|
2027 |
|
4047
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
2028 # If this object is a file (i.e., an instance of FileClass), |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
2029 # see if we can find it in the filesystem. If so, we may be |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
2030 # able to use the more-efficient request.sendfile method of |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
2031 # sending the file. If not, just get the "content" property |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
2032 # in the usual way, and use that. |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
2033 content = None |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
2034 filename = None |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
2035 if isinstance(klass, hyperdb.FileClass): |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
2036 try: |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
2037 filename = self.db.filename(classname, nodeid) |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
2038 except AttributeError: |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
2039 # The database doesn't store files in the filesystem |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
2040 # and therefore doesn't provide the "filename" method. |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
2041 pass |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
2042 except IOError: |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
2043 # The file does not exist. |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
2044 pass |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
2045 if not filename: |
|
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
2046 content = klass.get(nodeid, 'content') |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
2047 |
|
1967
d30cd44321f2
commit old file-serving bugfix, and new pt content-type fix
Richard Jones <richard@users.sourceforge.net>
parents:
1946
diff
changeset
|
2048 lmt = klass.get(nodeid, 'activity').timestamp() |
|
1946
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
2049 |
|
8185
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2050 self._serve_file(lmt, None, mime_type, content, filename) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2051 |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2052 def serve_static_file(self, file): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
2053 """ Serve up the file named from the templates dir |
|
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
2054 """ |
|
2864
930e780c751f
support STATIC_FILES directory in addition to TEMPLATES
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2853
diff
changeset
|
2055 # figure the filename - try STATIC_FILES, then TEMPLATES dir |
|
930e780c751f
support STATIC_FILES directory in addition to TEMPLATES
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2853
diff
changeset
|
2056 for dir_option in ('STATIC_FILES', 'TEMPLATES'): |
|
930e780c751f
support STATIC_FILES directory in addition to TEMPLATES
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2853
diff
changeset
|
2057 prefix = self.instance.config[dir_option] |
|
930e780c751f
support STATIC_FILES directory in addition to TEMPLATES
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2853
diff
changeset
|
2058 if not prefix: |
|
930e780c751f
support STATIC_FILES directory in addition to TEMPLATES
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2853
diff
changeset
|
2059 continue |
|
5613
0a8f0fddc2ae
Support non-ASCII prefixes in instance config for finding static files (issue2551022).
Cédric Krier <cedric.krier@b2ck.com>
parents:
5608
diff
changeset
|
2060 if is_us(prefix): |
|
5231
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
2061 # prefix can be a string or list depending on |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
2062 # option. Make it a list to iterate over. |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2063 prefix = [prefix] |
|
5231
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
2064 |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
2065 for p in prefix: |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
2066 # if last element of STATIC_FILES ends with '/-', |
|
7905
f47b186a2ad9
fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents:
7815
diff
changeset
|
2067 # or \- on windows, we failed to find the file |
|
f47b186a2ad9
fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents:
7815
diff
changeset
|
2068 # and should not look in TEMPLATES. So raise exception. |
|
f47b186a2ad9
fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents:
7815
diff
changeset
|
2069 if (dir_option == 'STATIC_FILES' and p[-1:] == '-' and |
|
f47b186a2ad9
fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents:
7815
diff
changeset
|
2070 p[-2:-1] in ('/', '\\')): |
|
5231
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
2071 raise NotFound(file) |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
2072 |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
2073 # ensure the load doesn't try to poke outside |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
2074 # of the static files directory |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
2075 p = os.path.normpath(p) |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
2076 filename = os.path.normpath(os.path.join(p, file)) |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
2077 if os.path.isfile(filename) and filename.startswith(p): |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2078 break # inner loop over list of directories |
|
8203
ef1333b153e3
chore(ruff): changes to else/elif and nested ifs to reduce nesting
John Rouillard <rouilj@ieee.org>
parents:
8202
diff
changeset
|
2079 |
|
ef1333b153e3
chore(ruff): changes to else/elif and nested ifs to reduce nesting
John Rouillard <rouilj@ieee.org>
parents:
8202
diff
changeset
|
2080 # reset filename to None as sentinel for use below. |
|
ef1333b153e3
chore(ruff): changes to else/elif and nested ifs to reduce nesting
John Rouillard <rouilj@ieee.org>
parents:
8202
diff
changeset
|
2081 filename = None |
|
5231
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
2082 |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
2083 # break out of outer loop over options |
|
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
2084 if filename: |
|
2864
930e780c751f
support STATIC_FILES directory in addition to TEMPLATES
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2853
diff
changeset
|
2085 break |
|
5231
8743b7226dc7
Fix issue with retreiving raw template files using the @@file mechanism.
John Rouillard <rouilj@ieee.org>
parents:
5220
diff
changeset
|
2086 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2087 if filename is None: # we didn't find a filename |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
2088 raise NotFound(file) |
|
1946
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
2089 |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
2090 # detemine meta-type |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
2091 file = str(file) |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
2092 mime_type = mimetypes.guess_type(file)[0] |
|
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
2093 if not mime_type: |
|
7814
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
2094 mime_type = 'text/css' if file.endswith('.css') else 'text/plain' |
|
1946
c538a64b94a7
Refactored CGI file serving so that FileClass contents are...
Richard Jones <richard@users.sourceforge.net>
parents:
1937
diff
changeset
|
2095 |
|
5980
54d0080769f9
Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents:
5946
diff
changeset
|
2096 # get filename: given a/b/c.js extract c.js |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2097 fn = file.rpartition("/")[2] |
|
5980
54d0080769f9
Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents:
5946
diff
changeset
|
2098 if fn in self.Cache_Control: |
|
54d0080769f9
Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents:
5946
diff
changeset
|
2099 # if filename matches, don't use cache control |
|
54d0080769f9
Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents:
5946
diff
changeset
|
2100 # for mime type. |
|
54d0080769f9
Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents:
5946
diff
changeset
|
2101 self.additional_headers['Cache-Control'] = \ |
|
54d0080769f9
Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents:
5946
diff
changeset
|
2102 self.Cache_Control[fn] |
|
54d0080769f9
Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents:
5946
diff
changeset
|
2103 elif mime_type in self.Cache_Control: |
|
54d0080769f9
Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents:
5946
diff
changeset
|
2104 self.additional_headers['Cache-Control'] = \ |
|
54d0080769f9
Support setting cache-control headers for static files
John Rouillard <rouilj@ieee.org>
parents:
5946
diff
changeset
|
2105 self.Cache_Control[mime_type] |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2106 |
|
8185
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2107 self._serve_file(None, None, mime_type, '', filename) |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2108 |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2109 def _serve_file(self, lmt, etag, mime_type, content=None, filename=None): |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2110 """guts of serve_file() and serve_static_file() |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2111 |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2112 if lmt or etag are None, derive them from file filename. |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2113 |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2114 Handles if-modified-since and if-none-match etag |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2115 conditional gets. |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2116 |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2117 It produces an raw etag header without encoding suffix. |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2118 But it adds Accept-Encoding to the vary header. |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2119 |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
2120 """ |
|
8185
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2121 if filename: |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2122 stat_info = os.stat(filename) |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2123 |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2124 if lmt is None: |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2125 # last-modified time |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2126 lmt = stat_info[stat.ST_MTIME] |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2127 if etag is None: |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2128 # FIXME: maybe etag should depend on encoding. |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2129 # it is an apache compatible etag without encoding. |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2130 etag = '"%x-%x-%x"' % (stat_info[stat.ST_INO], |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2131 stat_info[stat.ST_SIZE], |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2132 stat_info[stat.ST_MTIME]) |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2133 |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2134 # spit out headers for conditional request |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2135 self.setHeader("ETag", etag) |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2136 self.additional_headers['Last-Modified'] = \ |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2137 email.utils.formatdate(lmt, usegmt=True) |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2138 |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2139 inm = None |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2140 # ETag is a more strict check than modified date. Use etag |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2141 # check if available. Skip testing modified data. |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2142 if hasattr(self.request, 'headers'): |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2143 inm = self.request.headers.get('if-none-match') |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2144 elif 'HTTP_IF_NONE_MATCH' in self.env: |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2145 # maybe the cgi will put the header in the env var |
|
8186
b938fd5223ae
fix(web): issue2551356. Add etag header ... fix env variable name
John Rouillard <rouilj@ieee.org>
parents:
8185
diff
changeset
|
2146 inm = self.env['HTTP_IF_NONE_MATCH'] |
|
8185
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2147 if inm and etag == inm: |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2148 # because we can compress, always set Accept-Encoding |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2149 # value. Otherwise caches can serve up the wrong info |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2150 # if their cached copy has no compression. |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2151 self.setVary("Accept-Encoding") |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2152 ''' |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2153 to solve issue2551356 I may need to determine |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2154 the content encoding. |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2155 if (self.determine_content_encoding()): |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2156 ''' |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2157 raise NotModified |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2158 |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2159 if self.if_not_modified_since(lmt): |
|
8021
98429efb80cb
fix: Send vary header for if-modified-since conditional returning 304
John Rouillard <rouilj@ieee.org>
parents:
8020
diff
changeset
|
2160 # because we can compress, always set Accept-Encoding |
|
98429efb80cb
fix: Send vary header for if-modified-since conditional returning 304
John Rouillard <rouilj@ieee.org>
parents:
8020
diff
changeset
|
2161 # value. Otherwise caches can serve up the wrong info |
|
98429efb80cb
fix: Send vary header for if-modified-since conditional returning 304
John Rouillard <rouilj@ieee.org>
parents:
8020
diff
changeset
|
2162 # if their cached copy has no compression. |
|
98429efb80cb
fix: Send vary header for if-modified-since conditional returning 304
John Rouillard <rouilj@ieee.org>
parents:
8020
diff
changeset
|
2163 self.setVary("Accept-Encoding") |
|
98429efb80cb
fix: Send vary header for if-modified-since conditional returning 304
John Rouillard <rouilj@ieee.org>
parents:
8020
diff
changeset
|
2164 ''' |
|
98429efb80cb
fix: Send vary header for if-modified-since conditional returning 304
John Rouillard <rouilj@ieee.org>
parents:
8020
diff
changeset
|
2165 to solve issue2551356 I may need to determine |
|
98429efb80cb
fix: Send vary header for if-modified-since conditional returning 304
John Rouillard <rouilj@ieee.org>
parents:
8020
diff
changeset
|
2166 the content encoding. |
|
98429efb80cb
fix: Send vary header for if-modified-since conditional returning 304
John Rouillard <rouilj@ieee.org>
parents:
8020
diff
changeset
|
2167 if (self.determine_content_encoding()): |
|
98429efb80cb
fix: Send vary header for if-modified-since conditional returning 304
John Rouillard <rouilj@ieee.org>
parents:
8020
diff
changeset
|
2168 ''' |
|
1469
79d8956de3f5
implemented last-modified and if-modified-since support
Richard Jones <richard@users.sourceforge.net>
parents:
1468
diff
changeset
|
2169 raise NotModified |
|
79d8956de3f5
implemented last-modified and if-modified-since support
Richard Jones <richard@users.sourceforge.net>
parents:
1468
diff
changeset
|
2170 |
|
6548
de5f5f9c02f2
Fix spurious content-ty on 304; xfail css Cache-Control
John Rouillard <rouilj@ieee.org>
parents:
6546
diff
changeset
|
2171 # don't set until we are sure we are sending a response body. |
|
de5f5f9c02f2
Fix spurious content-ty on 304; xfail css Cache-Control
John Rouillard <rouilj@ieee.org>
parents:
6546
diff
changeset
|
2172 self.additional_headers['Content-Type'] = mime_type |
|
de5f5f9c02f2
Fix spurious content-ty on 304; xfail css Cache-Control
John Rouillard <rouilj@ieee.org>
parents:
6546
diff
changeset
|
2173 |
|
4047
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
2174 if filename: |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2175 self.write_file(filename) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2176 else: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2177 self.additional_headers['Content-Length'] = str(len(content)) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2178 self.write(content) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2179 |
|
8185
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2180 def if_not_modified_since(self, lmt): |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2181 ims = None |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2182 # see if there's an if-modified-since... |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2183 if hasattr(self.request, 'headers'): |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2184 ims = self.request.headers.get('if-modified-since') |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2185 elif 'HTTP_IF_MODIFIED_SINCE' in self.env: |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2186 # cgi will put the header in the env var |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2187 ims = self.env['HTTP_IF_MODIFIED_SINCE'] |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2188 |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2189 if ims: |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2190 datestamp = email.utils.parsedate(ims) |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2191 if datestamp is not None: |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2192 ims = datestamp[:6] |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2193 else: |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2194 # set to beginning of time so whole file will be sent |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2195 ims = (0, 0, 0, 0, 0, 0) |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2196 lmtt = time.gmtime(lmt)[:6] |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2197 return lmtt <= ims |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2198 |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2199 return False |
|
e84d4585b16d
fix(web): issue2551356. Add etag header for not-modified (304) request.
John Rouillard <rouilj@ieee.org>
parents:
8175
diff
changeset
|
2200 |
|
4543
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
2201 def send_error_to_admin(self, subject, html, txt): |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
2202 """Send traceback information to admin via email. |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
2203 We send both, the formatted html (with more information) and |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
2204 the text version of the traceback. We use |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
2205 multipart/alternative so the receiver can chose which version |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
2206 to display. |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
2207 """ |
|
4264
b1e614c6759f
Improve error reporting.
Stefan Seefeld <stefan@seefeld.name>
parents:
4263
diff
changeset
|
2208 to = [self.mailer.config.ADMIN_EMAIL] |
|
4543
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
2209 message = MIMEMultipart('alternative') |
|
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
2210 self.mailer.set_message_attributes(message, to, subject) |
|
5518
db3a95f28b3c
fixed typos in send_error_to_admin
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5493
diff
changeset
|
2211 part = self.mailer.get_text_message('utf-8', 'html') |
|
5493
725266c03eab
updated mailgw to no longer use mimetools based on jerrykan's patch
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5488
diff
changeset
|
2212 part.set_payload(html, part.get_charset()) |
|
4543
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
2213 message.attach(part) |
|
5518
db3a95f28b3c
fixed typos in send_error_to_admin
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5493
diff
changeset
|
2214 part = self.mailer.get_text_message() |
|
db3a95f28b3c
fixed typos in send_error_to_admin
Christof Meerwald <cmeerw@cmeerw.org>
parents:
5493
diff
changeset
|
2215 part.set_payload(txt, part.get_charset()) |
|
4543
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
2216 message.attach(part) |
|
4523
a03646a02f68
Fix issue2550691 where a Unix From-Header was sometimes inserted...
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4384
diff
changeset
|
2217 self.mailer.smtp_send(to, message.as_string()) |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
2218 |
|
4265
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
2219 def renderFrontPage(self, message): |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
2220 """Return the front page of the tracker.""" |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
2221 |
|
4265
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
2222 self.classname = self.nodeid = None |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
2223 self.template = '' |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
2224 self.add_error_message(message) |
|
4265
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
2225 self.write_html(self.renderContext()) |
|
e24a6ca34448
Improve login failure response.
Stefan Seefeld <stefan@seefeld.name>
parents:
4264
diff
changeset
|
2226 |
|
4740
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2227 def selectTemplate(self, name, view): |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
2228 """ Choose existing template for the given combination of |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
2229 classname (name parameter) and template request variable |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
2230 (view parameter) and return its name. |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
2231 |
|
5185
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2232 View can be a single template or two templates separated |
|
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2233 by a vbar '|' character. If the Client object has a |
|
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2234 non-empty _error_message attribute, the right hand |
|
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2235 template (error template) will be used. If the |
|
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2236 _error_message is empty, the left hand template (ok |
|
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2237 template) will be used. |
|
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2238 |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
2239 In most cases the name will be "classname.view", but |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
2240 if "view" is None, then template name "classname" will |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
2241 be returned. |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
2242 |
|
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
2243 If "classname.view" template doesn't exist, the |
|
4740
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2244 "_generic.view" is used as a fallback. |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2245 |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2246 [ ] cover with tests |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2247 """ |
|
5185
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2248 |
|
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2249 # determine if view is oktmpl|errortmpl. If so assign the |
|
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2250 # right one to the view parameter. If we don't have alternate |
|
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2251 # templates, just leave view alone. |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2252 if (view and view.find('|') != -1): |
|
5185
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2253 # we have alternate templates, parse them apart. |
|
8320
b07165add61b
fix(web): issue2551406 - dont crash when handed invalid @template=a|b|c
John Rouillard <rouilj@ieee.org>
parents:
8279
diff
changeset
|
2254 (oktmpl, errortmpl) = view.split("|", 1) |
|
7814
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
2255 |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
2256 # Choose the right template |
|
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
2257 view = errortmpl if self._error_message else oktmpl |
|
5185
349bef975367
Make @template support two alternate templates for error and ok cases.
John Rouillard <rouilj@ieee.org>
parents:
5166
diff
changeset
|
2258 |
|
4739
94be76e04140
templating: Move template selection logic from the template loaders
anatoly techtonik <techtonik@gmail.com>
parents:
4728
diff
changeset
|
2259 loader = self.instance.templates |
|
94be76e04140
templating: Move template selection logic from the template loaders
anatoly techtonik <techtonik@gmail.com>
parents:
4728
diff
changeset
|
2260 |
|
94be76e04140
templating: Move template selection logic from the template loaders
anatoly techtonik <techtonik@gmail.com>
parents:
4728
diff
changeset
|
2261 # if classname is not set, use "home" template |
|
94be76e04140
templating: Move template selection logic from the template loaders
anatoly techtonik <techtonik@gmail.com>
parents:
4728
diff
changeset
|
2262 if name is None: |
|
94be76e04140
templating: Move template selection logic from the template loaders
anatoly techtonik <techtonik@gmail.com>
parents:
4728
diff
changeset
|
2263 name = 'home' |
|
94be76e04140
templating: Move template selection logic from the template loaders
anatoly techtonik <techtonik@gmail.com>
parents:
4728
diff
changeset
|
2264 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2265 tplname = name |
|
4740
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2266 if view: |
|
5154
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2267 # Support subdirectories for templates. Value is path/to/VIEW |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2268 # or just VIEW if the template is in the html directory of |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2269 # the tracker. |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2270 slash_loc = view.rfind("/") |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2271 if slash_loc == -1: |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2272 # try plain class.view |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2273 tplname = '%s.%s' % (name, view) |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2274 else: |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2275 # try path/class.view |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2276 tplname = '%s/%s.%s' % ( |
|
8189
04c10e2189a5
chore(ruff): whatespace fixes/silence linting
John Rouillard <rouilj@ieee.org>
parents:
8187
diff
changeset
|
2277 view[:slash_loc], name, view[slash_loc + 1:]) |
|
4740
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2278 |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2279 if loader.check(tplname): |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2280 return tplname |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2281 |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2282 # rendering class/context with generic template for this view. |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2283 # with no view it's impossible to choose which generic template to use |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2284 if not view: |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2285 raise templating.NoTemplate('Template "%s" doesn\'t exist' % name) |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2286 |
|
5154
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2287 if slash_loc == -1: |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2288 generic = '_generic.%s' % view |
|
f608eeecf638
issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents:
5119
diff
changeset
|
2289 else: |
|
8189
04c10e2189a5
chore(ruff): whatespace fixes/silence linting
John Rouillard <rouilj@ieee.org>
parents:
8187
diff
changeset
|
2290 generic = '%s/_generic.%s' % (view[:slash_loc], view[slash_loc + 1:]) |
|
4740
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2291 if loader.check(generic): |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2292 return generic |
|
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2293 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2294 raise templating.NoTemplate( |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2295 'No template file exists for templating ' |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2296 '"%s" with template "%s" (neither "%s" nor "%s")' % ( |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2297 name, view, tplname, generic)) |
|
4739
94be76e04140
templating: Move template selection logic from the template loaders
anatoly techtonik <techtonik@gmail.com>
parents:
4728
diff
changeset
|
2298 |
|
1204
b862bbf2067a
Replaced the content() callback ickiness with Page Template macro usage
Richard Jones <richard@users.sourceforge.net>
parents:
1196
diff
changeset
|
2299 def renderContext(self): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
2300 """ Return a PageTemplate for the named page |
|
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
2301 """ |
|
6382
b35a50d02890
Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents:
6267
diff
changeset
|
2302 try: |
|
b35a50d02890
Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents:
6267
diff
changeset
|
2303 tplname = self.selectTemplate(self.classname, self.template) |
|
1204
b862bbf2067a
Replaced the content() callback ickiness with Page Template macro usage
Richard Jones <richard@users.sourceforge.net>
parents:
1196
diff
changeset
|
2304 |
|
6382
b35a50d02890
Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents:
6267
diff
changeset
|
2305 # catch errors so we can handle PT rendering errors more nicely |
|
b35a50d02890
Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents:
6267
diff
changeset
|
2306 args = { |
|
b35a50d02890
Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents:
6267
diff
changeset
|
2307 'ok_message': self._ok_message, |
|
7814
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
2308 'error_message': self._error_message, |
|
6382
b35a50d02890
Fix issue2551129 - Template not found return 500 and traceback
John Rouillard <rouilj@ieee.org>
parents:
6267
diff
changeset
|
2309 } |
|
4740
fe9568a6cbd6
Untangle template selection logic from template loading functionality.
anatoly techtonik <techtonik@gmail.com>
parents:
4739
diff
changeset
|
2310 pt = self.instance.templates.load(tplname) |
|
1016
d6c13142e7b9
Keep a cache of compiled PageTemplates.
Richard Jones <richard@users.sourceforge.net>
parents:
1008
diff
changeset
|
2311 # let the template render figure stuff out |
|
6588
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2312 try: |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2313 result = pt.render(self, None, None, **args) |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2314 except IndexerQueryError as e: |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2315 result = self.renderError(e.args[0]) |
|
8241
741ea8a86012
fix: issue2551374. Error handling for filter expressions.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
2316 except ExpressionError as e: |
|
741ea8a86012
fix: issue2551374. Error handling for filter expressions.
John Rouillard <rouilj@ieee.org>
parents:
8237
diff
changeset
|
2317 self.add_error_message(str(e)) |
|
8253
cae1bbf2536b
fix: issue2551374 - Add error handling for filter expressions. Fix UI
John Rouillard <rouilj@ieee.org>
parents:
8247
diff
changeset
|
2318 self.template = "search" |
|
8261
28c5030757d3
fix: cae1bbf2536b - expression errors not setting result properly
John Rouillard <rouilj@ieee.org>
parents:
8253
diff
changeset
|
2319 result = self.renderContext() |
|
6588
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2320 |
|
7805
cc4b11ab2f22
fix: if Content-Type header defined, don't overwrite with default
John Rouillard <rouilj@ieee.org>
parents:
7614
diff
changeset
|
2321 if 'Content-Type' not in self.additional_headers: |
|
cc4b11ab2f22
fix: if Content-Type header defined, don't overwrite with default
John Rouillard <rouilj@ieee.org>
parents:
7614
diff
changeset
|
2322 self.additional_headers['Content-Type'] = pt.content_type |
|
2942
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
2323 if self.env.get('CGI_SHOW_TIMING', ''): |
|
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
2324 if self.env['CGI_SHOW_TIMING'].upper() == 'COMMENT': |
|
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
2325 timings = {'starttag': '<!-- ', 'endtag': ' -->'} |
|
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
2326 else: |
|
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
2327 timings = {'starttag': '<p>', 'endtag': '</p>'} |
|
8189
04c10e2189a5
chore(ruff): whatespace fixes/silence linting
John Rouillard <rouilj@ieee.org>
parents:
8187
diff
changeset
|
2328 timings['seconds'] = time.time() - self.start |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2329 s = self._( |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2330 '%(starttag)sTime elapsed: %(seconds)fs%(endtag)s\n' |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2331 ) % timings |
|
2237
f624fc20f8fe
added capturing of stats
Richard Jones <richard@users.sourceforge.net>
parents:
2233
diff
changeset
|
2332 if hasattr(self.db, 'stats'): |
|
2942
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
2333 timings.update(self.db.stats) |
|
a50e4f7c9276
look for CGI_SHOW_TIMING in self.env instead of os.environ;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2940
diff
changeset
|
2334 s += self._("%(starttag)sCache hits: %(cache_hits)d," |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2335 " misses %(cache_misses)d." |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2336 " Loading items: %(get_items)f secs." |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2337 " Filtering: %(filtering)f secs." |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2338 "%(endtag)s\n") % timings |
|
2237
f624fc20f8fe
added capturing of stats
Richard Jones <richard@users.sourceforge.net>
parents:
2233
diff
changeset
|
2339 s += '</body>' |
|
2230
ca2664e095be
disable forking server when os.fork() not available [SF#938586]
Richard Jones <richard@users.sourceforge.net>
parents:
2183
diff
changeset
|
2340 result = result.replace('</body>', s) |
|
1967
d30cd44321f2
commit old file-serving bugfix, and new pt content-type fix
Richard Jones <richard@users.sourceforge.net>
parents:
1946
diff
changeset
|
2341 return result |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
2342 except templating.NoTemplate as message: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2343 self.response_code = 400 |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2344 return '<strong>%s</strong>' % html_escape(str(message)) |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
2345 except templating.Unauthorised as message: |
|
5802
0e6d45413e88
catching last couple of cgi.escape references.
John Rouillard <rouilj@ieee.org>
parents:
5775
diff
changeset
|
2346 raise Unauthorised(html_escape(str(message))) |
| 6976 | 2347 except Exception: |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2348 # everything else |
|
4045
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
2349 if self.instance.config.WEB_DEBUG: |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
2350 return cgitb.pt_html(i18n=self.translator) |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
2351 exc_info = sys.exc_info() |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
2352 try: |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
2353 # If possible, send the HTML page template traceback |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
2354 # to the administrator. |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
2355 subject = "Templating Error: %s" % exc_info[1] |
|
4543
d16d9bf655d8
- fix handling of traceback mails to the roundup admin
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
4530
diff
changeset
|
2356 self.send_error_to_admin(subject, cgitb.pt_html(), format_exc()) |
|
4045
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
2357 # Now report the error to the user. |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
2358 return self._(default_err_msg) |
| 6976 | 2359 except Exception: |
|
4045
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
2360 # Reraise the original exception. The user will |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
2361 # receive an error message, and the adminstrator will |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
2362 # receive a traceback, albeit with less information |
|
82213b1971b4
Only feed back traceback to web users if config.WEB_DEBUG is True
Stefan Seefeld <stefan@seefeld.name>
parents:
4027
diff
changeset
|
2363 # than the one we tried to generate above. |
|
5378
35ea9b1efc14
Python 3 preparation: "raise" syntax.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5356
diff
changeset
|
2364 if sys.version_info[0] > 2: |
|
35ea9b1efc14
Python 3 preparation: "raise" syntax.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5356
diff
changeset
|
2365 raise exc_info[0](exc_info[1]).with_traceback(exc_info[2]) |
|
7814
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
2366 exec('raise exc_info[0], exc_info[1], exc_info[2]') # nosec |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2367 |
|
6588
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2368 def renderError(self, error, response_code=400, use_template=True): |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2369 self.response_code = response_code |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2370 |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2371 # see if error message already logged add if not |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2372 if error not in self._error_message: |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2373 self.add_error_message(error, escape=True) |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2374 |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2375 # allow use of template for a specific code |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2376 trial_templates = [] |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2377 if use_template: |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2378 if response_code == 400: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2379 trial_templates = ["400"] |
|
6588
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2380 else: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2381 trial_templates = [str(response_code), "400"] |
|
6588
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2382 |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2383 tplname = None |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2384 for rcode in trial_templates: |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2385 try: |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2386 tplname = self.selectTemplate(self.classname, rcode) |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2387 break |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2388 except templating.NoTemplate: |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2389 pass |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2390 |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2391 if not tplname: |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2392 # call string of serious error to get basic html |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2393 # response. |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2394 return str(SeriousError(error)) |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2395 |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2396 args = { |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2397 'ok_message': self._ok_message, |
|
7814
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
2398 'error_message': self._error_message, |
|
6588
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2399 } |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2400 |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2401 try: |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2402 pt = self.instance.templates.load(tplname) |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2403 return pt.render(self, None, None, **args) |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2404 except Exception: |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2405 # report original error |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2406 return str(SeriousError(error)) |
|
91ab3e0ffcd0
Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents:
6550
diff
changeset
|
2407 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2408 # these are the actions that are available |
| 2904 | 2409 actions = ( |
|
8189
04c10e2189a5
chore(ruff): whatespace fixes/silence linting
John Rouillard <rouilj@ieee.org>
parents:
8187
diff
changeset
|
2410 ('edit', actions.EditItemAction), # noqa: E241 |
|
04c10e2189a5
chore(ruff): whatespace fixes/silence linting
John Rouillard <rouilj@ieee.org>
parents:
8187
diff
changeset
|
2411 ('editcsv', actions.EditCSVAction), # noqa: E241 |
|
04c10e2189a5
chore(ruff): whatespace fixes/silence linting
John Rouillard <rouilj@ieee.org>
parents:
8187
diff
changeset
|
2412 ('new', actions.NewItemAction), # noqa: E241 |
|
04c10e2189a5
chore(ruff): whatespace fixes/silence linting
John Rouillard <rouilj@ieee.org>
parents:
8187
diff
changeset
|
2413 ('register', actions.RegisterAction), # noqa: E241 |
|
04c10e2189a5
chore(ruff): whatespace fixes/silence linting
John Rouillard <rouilj@ieee.org>
parents:
8187
diff
changeset
|
2414 ('confrego', actions.ConfRegoAction), # noqa: E241 |
|
04c10e2189a5
chore(ruff): whatespace fixes/silence linting
John Rouillard <rouilj@ieee.org>
parents:
8187
diff
changeset
|
2415 ('passrst', actions.PassResetAction), # noqa: E241 |
|
04c10e2189a5
chore(ruff): whatespace fixes/silence linting
John Rouillard <rouilj@ieee.org>
parents:
8187
diff
changeset
|
2416 ('login', actions.LoginAction), # noqa: E241 |
|
04c10e2189a5
chore(ruff): whatespace fixes/silence linting
John Rouillard <rouilj@ieee.org>
parents:
8187
diff
changeset
|
2417 ('logout', actions.LogoutAction), # noqa: E241 |
|
04c10e2189a5
chore(ruff): whatespace fixes/silence linting
John Rouillard <rouilj@ieee.org>
parents:
8187
diff
changeset
|
2418 ('search', actions.SearchAction), # noqa: E241 |
|
04c10e2189a5
chore(ruff): whatespace fixes/silence linting
John Rouillard <rouilj@ieee.org>
parents:
8187
diff
changeset
|
2419 ('restore', actions.RestoreAction), # noqa: E241 |
|
04c10e2189a5
chore(ruff): whatespace fixes/silence linting
John Rouillard <rouilj@ieee.org>
parents:
8187
diff
changeset
|
2420 ('retire', actions.RetireAction), # noqa: E241 |
|
04c10e2189a5
chore(ruff): whatespace fixes/silence linting
John Rouillard <rouilj@ieee.org>
parents:
8187
diff
changeset
|
2421 ('show', actions.ShowAction), # noqa: E241 |
|
04c10e2189a5
chore(ruff): whatespace fixes/silence linting
John Rouillard <rouilj@ieee.org>
parents:
8187
diff
changeset
|
2422 ('export_csv', actions.ExportCSVAction), # noqa: E241 |
|
04c10e2189a5
chore(ruff): whatespace fixes/silence linting
John Rouillard <rouilj@ieee.org>
parents:
8187
diff
changeset
|
2423 ('export_csv_id', actions.ExportCSVWithIdAction), # noqa: E241 |
|
8411
ef1ea918b07a
feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents:
8408
diff
changeset
|
2424 ('reauth', actions.ReauthAction), # noqa: E241 |
| 2904 | 2425 ) |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2426 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2427 def handle_action(self): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
2428 """ Determine whether there should be an Action called. |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2429 |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2430 The action is defined by the form variable :action which |
|
1477
ed725179953d
Added password reset facility for forgotten passwords.
Richard Jones <richard@users.sourceforge.net>
parents:
1472
diff
changeset
|
2431 identifies the method on this object to call. The actions |
| 2904 | 2432 are defined in the "actions" sequence on this class. |
|
2045
d124af927369
Forward-porting of fixes from the maintenance branch.
Richard Jones <richard@users.sourceforge.net>
parents:
2032
diff
changeset
|
2433 |
|
d124af927369
Forward-porting of fixes from the maintenance branch.
Richard Jones <richard@users.sourceforge.net>
parents:
2032
diff
changeset
|
2434 Actions may return a page (by default HTML) to return to the |
|
d124af927369
Forward-porting of fixes from the maintenance branch.
Richard Jones <richard@users.sourceforge.net>
parents:
2032
diff
changeset
|
2435 user, bypassing the usual template rendering. |
|
3388
0c66acaea802
present Reject exception messages to web users [SF#1237685]
Richard Jones <richard@users.sourceforge.net>
parents:
3356
diff
changeset
|
2436 |
|
0c66acaea802
present Reject exception messages to web users [SF#1237685]
Richard Jones <richard@users.sourceforge.net>
parents:
3356
diff
changeset
|
2437 We explicitly catch Reject and ValueError exceptions and |
|
0c66acaea802
present Reject exception messages to web users [SF#1237685]
Richard Jones <richard@users.sourceforge.net>
parents:
3356
diff
changeset
|
2438 present their messages to the user. |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
2439 """ |
|
4804
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
2440 action = None |
|
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
2441 try: |
|
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
2442 if ':action' in self.form: |
|
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
2443 action = self.form[':action'] |
|
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
2444 elif '@action' in self.form: |
|
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
2445 action = self.form['@action'] |
|
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
2446 except TypeError: |
|
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
2447 pass |
|
bc4144417861
More fixes for form TypeError
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4802
diff
changeset
|
2448 if action is None: |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2449 return None |
|
2638
18e86941c950
Load up extensions in the tracker "extensions" directory.
Richard Jones <richard@users.sourceforge.net>
parents:
2592
diff
changeset
|
2450 |
|
4367
fa5587802af9
Handle multiple @action values from broken trackers
Richard Jones <richard@users.sourceforge.net>
parents:
4362
diff
changeset
|
2451 if isinstance(action, list): |
|
7067
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
2452 raise SeriousError( |
|
da58c2b28802
refactor: consolidate sets of identical log messages, flake8 fixes
John Rouillard <rouilj@ieee.org>
parents:
7059
diff
changeset
|
2453 self._('broken form: multiple @action values submitted')) |
|
8206
8656bd1cf1f1
chore(ruff): clean whitespace and remove unrecognized noqa directive.
John Rouillard <rouilj@ieee.org>
parents:
8203
diff
changeset
|
2454 |
|
8203
ef1333b153e3
chore(ruff): changes to else/elif and nested ifs to reduce nesting
John Rouillard <rouilj@ieee.org>
parents:
8202
diff
changeset
|
2455 action = action.value.lower() |
|
4367
fa5587802af9
Handle multiple @action values from broken trackers
Richard Jones <richard@users.sourceforge.net>
parents:
4362
diff
changeset
|
2456 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2457 try: |
|
2948
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
2458 action_klass = self.get_action_class(action) |
|
2019
8fab5d394f22
Call actions in a different way so we won't hide any bad TypeErrors.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
2018
diff
changeset
|
2459 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2460 # call the mapped action |
|
2019
8fab5d394f22
Call actions in a different way so we won't hide any bad TypeErrors.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
2018
diff
changeset
|
2461 if isinstance(action_klass, type('')): |
|
8fab5d394f22
Call actions in a different way so we won't hide any bad TypeErrors.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
2018
diff
changeset
|
2462 # old way of specifying actions |
|
2045
d124af927369
Forward-porting of fixes from the maintenance branch.
Richard Jones <richard@users.sourceforge.net>
parents:
2032
diff
changeset
|
2463 return getattr(self, action_klass)() |
|
8203
ef1333b153e3
chore(ruff): changes to else/elif and nested ifs to reduce nesting
John Rouillard <rouilj@ieee.org>
parents:
8202
diff
changeset
|
2464 |
|
ef1333b153e3
chore(ruff): changes to else/elif and nested ifs to reduce nesting
John Rouillard <rouilj@ieee.org>
parents:
8202
diff
changeset
|
2465 return action_klass(self).execute() |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
2466 except (ValueError, Reject) as err: |
|
5004
494d255043c9
Display errors containing HTML with RejectRaw (issue2550847)
John Kristensen <john@jerrykan.com>
parents:
4980
diff
changeset
|
2467 escape = not isinstance(err, RejectRaw) |
|
494d255043c9
Display errors containing HTML with RejectRaw (issue2550847)
John Kristensen <john@jerrykan.com>
parents:
4980
diff
changeset
|
2468 self.add_error_message(str(err), escape=escape) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2469 |
|
2948
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
2470 def get_action_class(self, action_name): |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
2471 if (hasattr(self.instance, 'cgi_actions') and |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
2472 action_name in self.instance.cgi_actions): |
|
2948
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
2473 # tracker-defined action |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
2474 action_klass = self.instance.cgi_actions[action_name] |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
2475 else: |
|
6975
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
2476 # go with a default, action_klass used after end of loop |
|
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
2477 for name, action_klass in self.actions: # noqa: B007 |
|
2948
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
2478 if name == action_name: |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
2479 break |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
2480 else: |
|
6975
fe4a6ba98bfe
flake8 - remove unused imports, unused vars, whitespace fixes
John Rouillard <rouilj@ieee.org>
parents:
6974
diff
changeset
|
2481 raise ValueError('No such action "%s"' % |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2482 html_escape(action_name)) |
|
2948
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
2483 return action_klass |
|
deda13909085
factor out get_action_class so it may be called from other places
Richard Jones <richard@users.sourceforge.net>
parents:
2947
diff
changeset
|
2484 |
|
3760
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2485 def _socket_op(self, call, *args, **kwargs): |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2486 """Execute socket-related operation, catch common network errors |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2487 |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2488 Parameters: |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2489 call: a callable to execute |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2490 args, kwargs: call arguments |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2491 |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2492 """ |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2493 try: |
|
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2494 call(*args, **kwargs) |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
2495 except socket.error as err: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2496 err_errno = getattr(err, 'errno', None) |
|
3808
36eb9e8faf30
Real handling of network errors.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3807
diff
changeset
|
2497 if err_errno is None: |
|
36eb9e8faf30
Real handling of network errors.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3807
diff
changeset
|
2498 try: |
|
36eb9e8faf30
Real handling of network errors.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3807
diff
changeset
|
2499 err_errno = err[0] |
|
36eb9e8faf30
Real handling of network errors.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3807
diff
changeset
|
2500 except TypeError: |
|
36eb9e8faf30
Real handling of network errors.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3807
diff
changeset
|
2501 pass |
|
3807
c27aafab067d
Band-aid over handling of netework errors.
Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
parents:
3800
diff
changeset
|
2502 if err_errno not in self.IGNORE_NET_ERRORS: |
|
3760
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2503 raise |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2504 except IOError: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2505 # Apache's mod_python will raise IOError -- without an |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2506 # accompanying errno -- when a write to the client fails. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2507 # A common case is that the client has closed the |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2508 # connection. There's no way to be certain that this is |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2509 # the situation that has occurred here, but that is the |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2510 # most likely case. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2511 pass |
|
3760
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2512 |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2513 def determine_content_encoding(self, list_all=False, precompressed=False): |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2514 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2515 encoding_list = [] |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2516 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2517 # FIXME: Should parse for q= values and properly order |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2518 # the request encodings. Also should handle identity coding. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2519 # Then return first acceptable by q value. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2520 # This code always uses order: zstd, br, gzip. It will send identity |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2521 # even if identity excluded rather than returning 406. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2522 accept_encoding = self.request.headers.get('accept-encoding') or [] |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2523 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2524 if accept_encoding: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2525 for enc in ['zstd', 'br', 'gzip']: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2526 if ((enc in self.compressors) or precompressed) and \ |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2527 (enc in accept_encoding): |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2528 if not list_all: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2529 return enc |
|
8203
ef1333b153e3
chore(ruff): changes to else/elif and nested ifs to reduce nesting
John Rouillard <rouilj@ieee.org>
parents:
8202
diff
changeset
|
2530 |
|
ef1333b153e3
chore(ruff): changes to else/elif and nested ifs to reduce nesting
John Rouillard <rouilj@ieee.org>
parents:
8202
diff
changeset
|
2531 encoding_list.append(enc) |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2532 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2533 # Return value must evaluate to false in boolean context if no |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2534 # acceptable encoding is found. If an (non-identity) encoding |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2535 # is found the Vary header will include accept-encoding. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2536 # What to return if the identity encoding is unacceptable? |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2537 # Maybe raise a 406 from here? |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2538 if not list_all: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2539 return None |
|
8203
ef1333b153e3
chore(ruff): changes to else/elif and nested ifs to reduce nesting
John Rouillard <rouilj@ieee.org>
parents:
8202
diff
changeset
|
2540 return encoding_list |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2541 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2542 def setVary(self, header): |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2543 '''Vary header will include the new header. This will append |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2544 if Vary exists.''' |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2545 |
|
8202
276164647db5
chore(ruff): clean trailing whitespace
John Rouillard <rouilj@ieee.org>
parents:
8200
diff
changeset
|
2546 if ('Vary' in self.additional_headers and |
|
8019
16cc72cd9c17
fix: Send Vary: Accept-Encoding on any data that could be compressed
John Rouillard <rouilj@ieee.org>
parents:
8018
diff
changeset
|
2547 header not in self.additional_headers['Vary']): |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2548 self.additional_headers['Vary'] += ", %s" % header |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2549 else: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2550 self.additional_headers['Vary'] = header |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2551 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2552 def compress_encode(self, byte_content, quality=4): |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2553 |
|
6467
679ec82798e9
Fix typo referencing config.
John Rouillard <rouilj@ieee.org>
parents:
6458
diff
changeset
|
2554 if not self.instance.config.WEB_DYNAMIC_COMPRESSION: |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2555 # dynamic compression disabled. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2556 return byte_content |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2557 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2558 # don't compress small content |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2559 if len(byte_content) < 100: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2560 return byte_content |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2561 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2562 # abort if already encoded (e.g. served from |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2563 # precompressed file or cache on disk) |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2564 if ('Content-Encoding' in self.additional_headers): |
|
8019
16cc72cd9c17
fix: Send Vary: Accept-Encoding on any data that could be compressed
John Rouillard <rouilj@ieee.org>
parents:
8018
diff
changeset
|
2565 # Vary: 'Accept-Encoding' is set when Content-encoding set |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2566 return byte_content |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2567 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2568 # abort if file-type already compressed |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2569 if ('Content-Type' in self.additional_headers) and \ |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2570 (self.additional_headers['Content-Type'] in |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2571 self.precompressed_mime_types): |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2572 return byte_content |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2573 |
|
8019
16cc72cd9c17
fix: Send Vary: Accept-Encoding on any data that could be compressed
John Rouillard <rouilj@ieee.org>
parents:
8018
diff
changeset
|
2574 self.setVary('Accept-Encoding') |
|
16cc72cd9c17
fix: Send Vary: Accept-Encoding on any data that could be compressed
John Rouillard <rouilj@ieee.org>
parents:
8018
diff
changeset
|
2575 |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2576 encoder = None |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2577 # return same content if unable to compress |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2578 new_content = byte_content |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2579 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2580 encoder = self.determine_content_encoding() |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2581 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2582 if encoder == 'zstd': |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2583 new_content = self.zstd.ZSTD_compress(byte_content, 3) |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2584 elif encoder == 'br': |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2585 # lgblock=0 sets value from quality |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2586 new_content = self.brotli.compress(byte_content, |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2587 quality=quality, |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2588 mode=1, |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2589 lgblock=0) |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2590 elif encoder == 'gzip': |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2591 try: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2592 new_content = self.gzip.compress(byte_content, compresslevel=5) |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2593 except AttributeError: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2594 try: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2595 from StringIO import cStringIO as IOBuff |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2596 except ImportError: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2597 # python 3 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2598 # however this code should not be needed under python3 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2599 # since py3 gzip library has compress() method. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2600 from io import BytesIO as IOBuff |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2601 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2602 out = IOBuff() |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2603 # handle under python2 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2604 f = self.gzip.GzipFile(fileobj=out, mode='w', compresslevel=5) |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2605 f.write(byte_content) |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2606 f.close() |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2607 new_content = out.getvalue() |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2608 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2609 if encoder: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2610 # we changed the data, change existing content-length header |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2611 # and add Content-Encoding and Vary header. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2612 self.additional_headers['Content-Length'] = str(len(new_content)) |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2613 self.additional_headers['Content-Encoding'] = encoder |
|
6539
f8df7fed18f6
issue2551175 - Make ETag content-encoding aware.
John Rouillard <rouilj@ieee.org>
parents:
6509
diff
changeset
|
2614 try: |
|
f8df7fed18f6
issue2551175 - Make ETag content-encoding aware.
John Rouillard <rouilj@ieee.org>
parents:
6509
diff
changeset
|
2615 current_etag = self.additional_headers['ETag'] |
|
f8df7fed18f6
issue2551175 - Make ETag content-encoding aware.
John Rouillard <rouilj@ieee.org>
parents:
6509
diff
changeset
|
2616 except KeyError: |
|
f8df7fed18f6
issue2551175 - Make ETag content-encoding aware.
John Rouillard <rouilj@ieee.org>
parents:
6509
diff
changeset
|
2617 pass # etag not set for non-rest endpoints |
|
f8df7fed18f6
issue2551175 - Make ETag content-encoding aware.
John Rouillard <rouilj@ieee.org>
parents:
6509
diff
changeset
|
2618 else: |
|
f8df7fed18f6
issue2551175 - Make ETag content-encoding aware.
John Rouillard <rouilj@ieee.org>
parents:
6509
diff
changeset
|
2619 etag_end = current_etag.rindex('"') |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2620 self.additional_headers['ETag'] = ( |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2621 current_etag[:etag_end] + |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2622 '-' + encoder + current_etag[etag_end:]) |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2623 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2624 return new_content |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2625 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2626 def write(self, content): |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2627 if not self.headers_done and self.env['REQUEST_METHOD'] != 'HEAD': |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2628 # compress_encode modifies headers, must run before self.header() |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2629 content = self.compress_encode(bs2b(content)) |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2630 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2631 if not self.headers_done: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2632 self.header() |
|
2592
5a8d9465827e
implement the HTTP HEAD command [SF#992544]
Richard Jones <richard@users.sourceforge.net>
parents:
2565
diff
changeset
|
2633 if self.env['REQUEST_METHOD'] != 'HEAD': |
|
3760
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2634 self._socket_op(self.request.wfile.write, content) |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2635 |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
2636 def write_html(self, content): |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2637 if sys.version_info[0] > 2: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2638 # An action setting appropriate headers for a non-HTML |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2639 # response may return a bytes object directly. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2640 if not isinstance(content, bytes): |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2641 content = content.encode(self.charset, 'xmlcharrefreplace') |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2642 elif self.charset != self.STORAGE_CHARSET: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2643 # recode output |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2644 content = content.decode(self.STORAGE_CHARSET, 'replace') |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2645 content = content.encode(self.charset, 'xmlcharrefreplace') |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2646 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2647 if self.env['REQUEST_METHOD'] != 'HEAD' and not self.headers_done: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2648 # compress_encode modifies headers, must run before self.header() |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2649 content = self.compress_encode(bs2b(content)) |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2650 |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
2651 if not self.headers_done: |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
2652 # at this point, we are sure about Content-Type |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
2653 if 'Content-Type' not in self.additional_headers: |
|
3867
2563ddf71cd7
Enabled over-riding of content-type in web interface (thanks John Mitchell)
Richard Jones <richard@users.sourceforge.net>
parents:
3808
diff
changeset
|
2654 self.additional_headers['Content-Type'] = \ |
|
2563ddf71cd7
Enabled over-riding of content-type in web interface (thanks John Mitchell)
Richard Jones <richard@users.sourceforge.net>
parents:
3808
diff
changeset
|
2655 'text/html; charset=%s' % self.charset |
|
6509
1fc765ef6379
Fix 204 responses, hangs and crashes with REST.
John Rouillard <rouilj@ieee.org>
parents:
6504
diff
changeset
|
2656 if 'Content-Length' not in self.additional_headers: |
|
6550
15ae655c2014
header values should always be strings (at least "flup" cares)
Christof Meerwald <cmeerw@cmeerw.org>
parents:
6548
diff
changeset
|
2657 self.additional_headers['Content-Length'] = str(len(content)) |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
2658 self.header() |
|
2592
5a8d9465827e
implement the HTTP HEAD command [SF#992544]
Richard Jones <richard@users.sourceforge.net>
parents:
2565
diff
changeset
|
2659 |
|
5a8d9465827e
implement the HTTP HEAD command [SF#992544]
Richard Jones <richard@users.sourceforge.net>
parents:
2565
diff
changeset
|
2660 if self.env['REQUEST_METHOD'] == 'HEAD': |
|
5a8d9465827e
implement the HTTP HEAD command [SF#992544]
Richard Jones <richard@users.sourceforge.net>
parents:
2565
diff
changeset
|
2661 # client doesn't care about content |
|
5a8d9465827e
implement the HTTP HEAD command [SF#992544]
Richard Jones <richard@users.sourceforge.net>
parents:
2565
diff
changeset
|
2662 return |
|
5a8d9465827e
implement the HTTP HEAD command [SF#992544]
Richard Jones <richard@users.sourceforge.net>
parents:
2565
diff
changeset
|
2663 |
|
5a8d9465827e
implement the HTTP HEAD command [SF#992544]
Richard Jones <richard@users.sourceforge.net>
parents:
2565
diff
changeset
|
2664 # and write |
|
3760
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
2665 self._socket_op(self.request.wfile.write, content) |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
2666 |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2667 def http_strip(self, content): |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2668 """Remove HTTP Linear White Space from 'content'. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2669 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2670 'content' -- A string. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2671 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2672 returns -- 'content', with all leading and trailing LWS |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2673 removed.""" |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2674 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2675 # RFC 2616 2.2: Basic Rules |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2676 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2677 # LWS = [CRLF] 1*( SP | HT ) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2678 return content.strip(" \r\n\t") |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2679 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2680 def http_split(self, content): |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2681 """Split an HTTP list. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2682 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2683 'content' -- A string, giving a list of items. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2684 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2685 returns -- A sequence of strings, containing the elements of |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2686 the list.""" |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2687 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2688 # RFC 2616 2.1: Augmented BNF |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2689 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2690 # Grammar productions of the form "#rule" indicate a |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2691 # comma-separated list of elements matching "rule". LWS |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2692 # is then removed from each element, and empty elements |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2693 # removed. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2694 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2695 # Split at commas. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2696 elements = content.split(",") |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2697 # Remove linear whitespace at either end of the string. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2698 elements = [self.http_strip(e) for e in elements] |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2699 # Remove any now-empty elements. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2700 return [e for e in elements if e] |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
2701 |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2702 def handle_range_header(self, length, etag): |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2703 """Handle the 'Range' and 'If-Range' headers. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2704 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2705 'length' -- the length of the content available for the |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2706 resource. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2707 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2708 'etag' -- the entity tag for this resources. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2709 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2710 returns -- If the request headers (including 'Range' and |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2711 'If-Range') indicate that only a portion of the entity should |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2712 be returned, then the return value is a pair '(offfset, |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2713 length)' indicating the first byte and number of bytes of the |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2714 content that should be returned to the client. In addition, |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2715 this method will set 'self.response_code' to indicate Partial |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2716 Content. In all other cases, the return value is 'None'. If |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2717 appropriate, 'self.response_code' will be |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2718 set to indicate 'REQUESTED_RANGE_NOT_SATISFIABLE'. In that |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2719 case, the caller should not send any data to the client.""" |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2720 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2721 # RFC 2616 14.35: Range |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2722 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2723 # See if the Range header is present. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2724 ranges_specifier = self.env.get("HTTP_RANGE") |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2725 if ranges_specifier is None: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2726 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2727 # RFC 2616 14.27: If-Range |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2728 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2729 # Check to see if there is an If-Range header. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2730 # Because the specification says: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2731 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2732 # The If-Range header ... MUST be ignored if the request |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2733 # does not include a Range header, we check for If-Range |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2734 # after checking for Range. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2735 if_range = self.env.get("HTTP_IF_RANGE") |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2736 if if_range: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2737 # The grammar for the If-Range header is: |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
2738 # |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2739 # If-Range = "If-Range" ":" ( entity-tag | HTTP-date ) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2740 # entity-tag = [ weak ] opaque-tag |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2741 # weak = "W/" |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2742 # opaque-tag = quoted-string |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2743 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2744 # We only support strong entity tags. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2745 if_range = self.http_strip(if_range) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2746 if (not if_range.startswith('"') |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2747 or not if_range.endswith('"')): |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2748 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2749 # If the condition doesn't match the entity tag, then we |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2750 # must send the client the entire file. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2751 if if_range != etag: |
|
7814
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
2752 return None |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2753 # The grammar for the Range header value is: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2754 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2755 # ranges-specifier = byte-ranges-specifier |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2756 # byte-ranges-specifier = bytes-unit "=" byte-range-set |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2757 # byte-range-set = 1#( byte-range-spec | suffix-byte-range-spec ) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2758 # byte-range-spec = first-byte-pos "-" [last-byte-pos] |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2759 # first-byte-pos = 1*DIGIT |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2760 # last-byte-pos = 1*DIGIT |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2761 # suffix-byte-range-spec = "-" suffix-length |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2762 # suffix-length = 1*DIGIT |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2763 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2764 # Look for the "=" separating the units from the range set. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2765 specs = ranges_specifier.split("=", 1) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2766 if len(specs) != 2: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2767 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2768 # Check that the bytes-unit is in fact "bytes". If it is not, |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2769 # we do not know how to process this range. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2770 bytes_unit = self.http_strip(specs[0]) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2771 if bytes_unit != "bytes": |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2772 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2773 # Seperate the range-set into range-specs. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2774 byte_range_set = self.http_strip(specs[1]) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2775 byte_range_specs = self.http_split(byte_range_set) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2776 # We only handle exactly one range at this time. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2777 if len(byte_range_specs) != 1: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2778 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2779 # Parse the spec. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2780 byte_range_spec = byte_range_specs[0] |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2781 pos = byte_range_spec.split("-", 1) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2782 if len(pos) != 2: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2783 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2784 # Get the first and last bytes. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2785 first = self.http_strip(pos[0]) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2786 last = self.http_strip(pos[1]) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2787 # We do not handle suffix ranges. |
|
6977
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
2788 # Note this also captures atempts to make first |
|
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
2789 # element of range a negative number. |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2790 if not first: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2791 return None |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2792 # Convert the first and last positions to integers. |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2793 try: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2794 first = int(first) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2795 if last: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2796 last = int(last) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2797 else: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2798 last = length - 1 |
| 6976 | 2799 except ValueError: |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2800 # The positions could not be parsed as integers. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2801 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2802 # Check that the range makes sense. |
|
6977
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
2803 # Note, if range is -1-10, first = '', so this code will never |
|
ff2c8b430738
flake8 - remove re.compile from method arg + test + doc
John Rouillard <rouilj@ieee.org>
parents:
6976
diff
changeset
|
2804 # be reached. if range = 1--10, this code is reached. |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2805 if (first < 0 or last < 0 or last < first): |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2806 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2807 if last >= length: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2808 # RFC 2616 10.4.17: 416 Requested Range Not Satisfiable |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2809 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2810 # If there is an If-Range header, RFC 2616 says that we |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2811 # should just ignore the invalid Range header. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2812 if if_range: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2813 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2814 # Return code 416 with a Content-Range header giving the |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2815 # allowable range. |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
2816 self.response_code = http_.client.REQUESTED_RANGE_NOT_SATISFIABLE |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2817 self.setHeader("Content-Range", "bytes */%d" % length) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2818 return None |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2819 # RFC 2616 10.2.7: 206 Partial Content |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2820 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2821 # Tell the client that we are honoring the Range request by |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2822 # indicating that we are providing partial content. |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
2823 self.response_code = http_.client.PARTIAL_CONTENT |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2824 # RFC 2616 14.16: Content-Range |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2825 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2826 # Tell the client what data we are providing. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2827 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2828 # content-range-spec = byte-content-range-spec |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2829 # byte-content-range-spec = bytes-unit SP |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2830 # byte-range-resp-spec "/" |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2831 # ( instance-length | "*" ) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2832 # byte-range-resp-spec = (first-byte-pos "-" last-byte-pos) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2833 # | "*" |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2834 # instance-length = 1 * DIGIT |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2835 self.setHeader("Content-Range", |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2836 "bytes %d-%d/%d" % (first, last, length)) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2837 return (first, last - first + 1) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2838 |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2839 def write_file(self, filename): |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2840 """Send the contents of 'filename' to the user. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2841 Send an acceptable pre-compressed version of the |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2842 file if it is newer than the uncompressed version. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2843 """ |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2844 |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2845 # Assume we will return the entire file. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2846 offset = 0 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2847 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2848 # initalize length from uncompressed file |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2849 stat_info = os.stat(filename) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2850 length = stat_info[stat.ST_SIZE] |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2851 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2852 # Determine if we are sending a range. If so, compress |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2853 # on the fly. Otherwise see if we have a suitable |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2854 # pre-compressed/encoded file we can send. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2855 if not self.env.get("HTTP_RANGE"): |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2856 # no range, search for file in list ordered |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2857 # from best to worst alternative |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2858 encoding_list = self.determine_content_encoding(list_all=True, |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2859 precompressed=True) |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2860 if encoding_list and self.db.config.WEB_USE_PRECOMPRESSED_FILES: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2861 # do we need to search through list? If best is not |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2862 # precompressed, on the fly compress with best? |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2863 # by searching list we will respond with precompressed |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2864 # 2nd best or worse. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2865 for encoder in encoding_list: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2866 try: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2867 trial_filename = '%s.%s' % (filename, encoder) |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2868 trial_stat_info = os.stat(trial_filename) |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2869 if stat_info[stat.ST_MTIME] > \ |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2870 trial_stat_info[stat.ST_MTIME]: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2871 # compressed file is obsolete |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2872 # don't use it |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2873 logger.warning(self._( |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2874 "Cache failure: " |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2875 "compressed file %(compressed)s is " |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2876 "older than its source file " |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2877 "%(filename)s" % { |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2878 'filename': filename, |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2879 'compressed': trial_filename})) |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2880 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2881 continue |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2882 filename = trial_filename |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2883 length = trial_stat_info[stat.ST_SIZE] |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2884 self.setHeader('Content-Encoding', encoder) |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2885 self.setVary('Accept-Encoding') |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2886 break |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2887 # except FileNotFoundError: py2/py3 |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2888 # compatible version |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2889 except EnvironmentError as e: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2890 if e.errno != errno.ENOENT: |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2891 raise |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2892 |
|
4648
e645820e8556
Clean up whitespace in client.py
Ezio Melotti <ezio.melotti@gmail.com>
parents:
4640
diff
changeset
|
2893 # If the headers have not already been finalized, |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2894 if not self.headers_done: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2895 # RFC 2616 14.19: ETag |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2896 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2897 # Compute the entity tag, in a format similar to that |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2898 # used by Apache. |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2899 # |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2900 # Tag does *not* change with Content-Encoding. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2901 # Header 'Vary: Accept-Encoding' is returned with response. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2902 # RFC2616 section 13.32 discusses etag and references |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2903 # section 14.44 (Vary header) as being applicable to etag. |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2904 # Hence the intermediate proxy should/must match |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2905 # Accept-Encoding and ETag to determine whether to return |
|
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2906 # a 304 or report cache miss and fetch from origin server. |
|
8020
60c98a8a23bd
fix: make If-None-Match work for static file (@@file) case
John Rouillard <rouilj@ieee.org>
parents:
8019
diff
changeset
|
2907 # |
|
60c98a8a23bd
fix: make If-None-Match work for static file (@@file) case
John Rouillard <rouilj@ieee.org>
parents:
8019
diff
changeset
|
2908 # RFC 9110 8.8.3.3 shows a different strong entity tag |
|
60c98a8a23bd
fix: make If-None-Match work for static file (@@file) case
John Rouillard <rouilj@ieee.org>
parents:
8019
diff
changeset
|
2909 # generated for gzip and non gzip replies. |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2910 etag = '"%x-%x-%x"' % (stat_info[stat.ST_INO], |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2911 length, |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2912 stat_info[stat.ST_MTIME]) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2913 self.setHeader("ETag", etag) |
|
8020
60c98a8a23bd
fix: make If-None-Match work for static file (@@file) case
John Rouillard <rouilj@ieee.org>
parents:
8019
diff
changeset
|
2914 |
|
60c98a8a23bd
fix: make If-None-Match work for static file (@@file) case
John Rouillard <rouilj@ieee.org>
parents:
8019
diff
changeset
|
2915 inm = self.request.headers.get('If-None-Match') |
|
60c98a8a23bd
fix: make If-None-Match work for static file (@@file) case
John Rouillard <rouilj@ieee.org>
parents:
8019
diff
changeset
|
2916 if (inm): |
|
60c98a8a23bd
fix: make If-None-Match work for static file (@@file) case
John Rouillard <rouilj@ieee.org>
parents:
8019
diff
changeset
|
2917 inm_etags = inm.split(',') |
|
60c98a8a23bd
fix: make If-None-Match work for static file (@@file) case
John Rouillard <rouilj@ieee.org>
parents:
8019
diff
changeset
|
2918 inm_etags = [tag.strip() for tag in inm_etags] |
|
60c98a8a23bd
fix: make If-None-Match work for static file (@@file) case
John Rouillard <rouilj@ieee.org>
parents:
8019
diff
changeset
|
2919 if etag in inm_etags: |
|
60c98a8a23bd
fix: make If-None-Match work for static file (@@file) case
John Rouillard <rouilj@ieee.org>
parents:
8019
diff
changeset
|
2920 self.setHeader('ETag', etag) |
|
60c98a8a23bd
fix: make If-None-Match work for static file (@@file) case
John Rouillard <rouilj@ieee.org>
parents:
8019
diff
changeset
|
2921 self.setVary('Accept-Encoding') |
|
60c98a8a23bd
fix: make If-None-Match work for static file (@@file) case
John Rouillard <rouilj@ieee.org>
parents:
8019
diff
changeset
|
2922 raise NotModified |
|
60c98a8a23bd
fix: make If-None-Match work for static file (@@file) case
John Rouillard <rouilj@ieee.org>
parents:
8019
diff
changeset
|
2923 |
|
60c98a8a23bd
fix: make If-None-Match work for static file (@@file) case
John Rouillard <rouilj@ieee.org>
parents:
8019
diff
changeset
|
2924 # need to check for etag-compression_code: |
|
60c98a8a23bd
fix: make If-None-Match work for static file (@@file) case
John Rouillard <rouilj@ieee.org>
parents:
8019
diff
changeset
|
2925 # a41932-8b5-664ce93d-zstd or a41932-8b5-664ce93d-gzip |
|
60c98a8a23bd
fix: make If-None-Match work for static file (@@file) case
John Rouillard <rouilj@ieee.org>
parents:
8019
diff
changeset
|
2926 tag_prefix = etag[:-1] + '-' |
|
60c98a8a23bd
fix: make If-None-Match work for static file (@@file) case
John Rouillard <rouilj@ieee.org>
parents:
8019
diff
changeset
|
2927 for inm_etag in inm_etags: |
|
60c98a8a23bd
fix: make If-None-Match work for static file (@@file) case
John Rouillard <rouilj@ieee.org>
parents:
8019
diff
changeset
|
2928 if inm_etag.startswith(tag_prefix): |
|
60c98a8a23bd
fix: make If-None-Match work for static file (@@file) case
John Rouillard <rouilj@ieee.org>
parents:
8019
diff
changeset
|
2929 self.setHeader('ETag', inm_etag) |
|
60c98a8a23bd
fix: make If-None-Match work for static file (@@file) case
John Rouillard <rouilj@ieee.org>
parents:
8019
diff
changeset
|
2930 self.setVary('Accept-Encoding') |
|
60c98a8a23bd
fix: make If-None-Match work for static file (@@file) case
John Rouillard <rouilj@ieee.org>
parents:
8019
diff
changeset
|
2931 raise NotModified |
|
60c98a8a23bd
fix: make If-None-Match work for static file (@@file) case
John Rouillard <rouilj@ieee.org>
parents:
8019
diff
changeset
|
2932 |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2933 # RFC 2616 14.5: Accept-Ranges |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2934 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2935 # Let the client know that we will accept range requests. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2936 self.setHeader("Accept-Ranges", "bytes") |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2937 # RFC 2616 14.35: Range |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2938 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2939 # If there is a Range header, we may be able to avoid |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2940 # sending the entire file. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2941 content_range = self.handle_range_header(length, etag) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2942 if content_range: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2943 offset, length = content_range |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2944 # RFC 2616 14.13: Content-Length |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2945 # |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2946 # Tell the client how much data we are providing. |
| 4145 | 2947 self.setHeader("Content-Length", str(length)) |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2948 # If the client doesn't actually want the body, or if we are |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2949 # indicating an invalid range. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2950 if (self.env['REQUEST_METHOD'] == 'HEAD' |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2951 or self.response_code == |
|
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2952 http_.client.REQUESTED_RANGE_NOT_SATISFIABLE): |
|
6656
b83b90d57846
Fix header value. needs to be string not integer.
John Rouillard <rouilj@ieee.org>
parents:
6649
diff
changeset
|
2953 self.setHeader("Content-Length", "0") |
|
6649
33616bc80baf
Fix hang in unsatisfyable range or HEAD request for static file
John Rouillard <rouilj@ieee.org>
parents:
6588
diff
changeset
|
2954 self.header() |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2955 return |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2956 # Use the optimized "sendfile" operation, if possible. |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2957 if hasattr(self.request, "sendfile"): |
|
6458
8f1b91756457
issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents:
6447
diff
changeset
|
2958 self.header() |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2959 self._socket_op(self.request.sendfile, filename, offset, length) |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2960 return |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2961 # Fallback to the "write" operation. |
|
7814
9adf37c63b56
chore(refactor): use with open, consolidate/un-nest if ...
John Rouillard <rouilj@ieee.org>
parents:
7813
diff
changeset
|
2962 with open(filename, 'rb') as f: |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2963 if offset: |
|
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2964 f.seek(offset) |
| 4077 | 2965 content = f.read(length) |
|
4064
662cd78df973
Add support for resuming (file) downloads.
Stefan Seefeld <stefan@seefeld.name>
parents:
4047
diff
changeset
|
2966 self.write(content) |
|
4047
e70643990e9c
Support the use of sendfile() for file transfer, if available.
Stefan Seefeld <stefan@seefeld.name>
parents:
4046
diff
changeset
|
2967 |
|
2046
f913b6beac35
document and make easier the actions-returning-content idiom
Richard Jones <richard@users.sourceforge.net>
parents:
2045
diff
changeset
|
2968 def setHeader(self, header, value): |
|
6544
9aa8df0b4426
issue2551178 - fix Traceback in Apache WSGI
John Rouillard <rouilj@ieee.org>
parents:
6539
diff
changeset
|
2969 """Override or delete a header to be returned to the user's browser. |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
2970 """ |
|
6544
9aa8df0b4426
issue2551178 - fix Traceback in Apache WSGI
John Rouillard <rouilj@ieee.org>
parents:
6539
diff
changeset
|
2971 if value is None: |
|
9aa8df0b4426
issue2551178 - fix Traceback in Apache WSGI
John Rouillard <rouilj@ieee.org>
parents:
6539
diff
changeset
|
2972 try: |
|
7571
f8b07ffd0226
flake8: add space between return, del and (
John Rouillard <rouilj@ieee.org>
parents:
7556
diff
changeset
|
2973 del (self.additional_headers[header]) |
|
6544
9aa8df0b4426
issue2551178 - fix Traceback in Apache WSGI
John Rouillard <rouilj@ieee.org>
parents:
6539
diff
changeset
|
2974 except KeyError: |
|
9aa8df0b4426
issue2551178 - fix Traceback in Apache WSGI
John Rouillard <rouilj@ieee.org>
parents:
6539
diff
changeset
|
2975 pass |
|
9aa8df0b4426
issue2551178 - fix Traceback in Apache WSGI
John Rouillard <rouilj@ieee.org>
parents:
6539
diff
changeset
|
2976 else: |
|
9aa8df0b4426
issue2551178 - fix Traceback in Apache WSGI
John Rouillard <rouilj@ieee.org>
parents:
6539
diff
changeset
|
2977 self.additional_headers[header] = value |
|
2046
f913b6beac35
document and make easier the actions-returning-content idiom
Richard Jones <richard@users.sourceforge.net>
parents:
2045
diff
changeset
|
2978 |
|
1120
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
2979 def header(self, headers=None, response=None): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
2980 """Put up the appropriate header. |
|
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
2981 """ |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
2982 if headers is None: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2983 headers = {'Content-Type': 'text/html; charset=utf-8'} |
|
1120
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
2984 if response is None: |
|
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
2985 response = self.response_code |
|
1130
89bd02ffe4af
tell clients/caches not to cache our dynamic bits
Richard Jones <richard@users.sourceforge.net>
parents:
1129
diff
changeset
|
2986 |
|
89bd02ffe4af
tell clients/caches not to cache our dynamic bits
Richard Jones <richard@users.sourceforge.net>
parents:
1129
diff
changeset
|
2987 # update with additional info |
|
1120
c26471971d18
Exposed the Batch mechanism through the top-level "utils" variable.
Richard Jones <richard@users.sourceforge.net>
parents:
1103
diff
changeset
|
2988 headers.update(self.additional_headers) |
|
1130
89bd02ffe4af
tell clients/caches not to cache our dynamic bits
Richard Jones <richard@users.sourceforge.net>
parents:
1129
diff
changeset
|
2989 |
|
2279
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
2990 if headers.get('Content-Type', 'text/html') == 'text/html': |
|
297e46e22e04
implemented HTTP charset negotiation.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2248
diff
changeset
|
2991 headers['Content-Type'] = 'text/html; charset=utf-8' |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
2992 |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2993 if response in [204, 304]: # has no body so no content-type |
|
7571
f8b07ffd0226
flake8: add space between return, del and (
John Rouillard <rouilj@ieee.org>
parents:
7556
diff
changeset
|
2994 del (headers['Content-Type']) |
|
6509
1fc765ef6379
Fix 204 responses, hangs and crashes with REST.
John Rouillard <rouilj@ieee.org>
parents:
6504
diff
changeset
|
2995 |
|
4362
74476eaac38a
more modernisation
Richard Jones <richard@users.sourceforge.net>
parents:
4344
diff
changeset
|
2996 headers = list(headers.items()) |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
2997 |
|
5395
23b8e6067f7c
Python 3 preparation: update calls to dict methods.
Joseph Myers <jsm@polyomino.org.uk>
parents:
5378
diff
changeset
|
2998 for ((path, name), (value, expire)) in self._cookies.items(): |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
2999 cookie = "%s=%s; Path=%s;" % (name, value, path) |
|
3548
61d48244e7a8
login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents:
3494
diff
changeset
|
3000 if expire is not None: |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
3001 cookie += " expires=%s;" % get_cookie_date(expire) |
|
4586
b21bb66de6ff
Mark cookies HttpOnly and -- if https is used -- secure.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4578
diff
changeset
|
3002 # mark as secure if https, see issue2550689 |
|
b21bb66de6ff
Mark cookies HttpOnly and -- if https is used -- secure.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4578
diff
changeset
|
3003 if self.secure: |
|
b21bb66de6ff
Mark cookies HttpOnly and -- if https is used -- secure.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4578
diff
changeset
|
3004 cookie += " secure;" |
|
5212
d4cc71beb102
Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents:
5211
diff
changeset
|
3005 ssc = self.db.config['WEB_SAMESITE_COOKIE_SETTING'] |
|
d4cc71beb102
Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents:
5211
diff
changeset
|
3006 if ssc != "None": |
|
6974
178c80c77ca4
flake8 whitespace fixes plus X == True -> X is True
John Rouillard <rouilj@ieee.org>
parents:
6897
diff
changeset
|
3007 cookie += " SameSite=%s;" % ssc |
|
4586
b21bb66de6ff
Mark cookies HttpOnly and -- if https is used -- secure.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4578
diff
changeset
|
3008 # prevent theft of session cookie, see issue2550689 |
|
b21bb66de6ff
Mark cookies HttpOnly and -- if https is used -- secure.
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4578
diff
changeset
|
3009 cookie += " HttpOnly;" |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
3010 headers.append(('Set-Cookie', cookie)) |
|
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
3011 |
|
3760
b8f52d030f1a
ignore common network errors, like "Connection reset by peer"
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
3736
diff
changeset
|
3012 self._socket_op(self.request.start_response, headers, response) |
|
3736
a2d22d0de0bc
WSGI support via roundup.cgi.wsgi_handler
Richard Jones <richard@users.sourceforge.net>
parents:
3687
diff
changeset
|
3013 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
3014 self.headers_done = 1 |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
3015 if self.debug: |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
3016 self.headers_sent = headers |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
3017 |
|
8189
04c10e2189a5
chore(ruff): whatespace fixes/silence linting
John Rouillard <rouilj@ieee.org>
parents:
8187
diff
changeset
|
3018 def add_cookie(self, name, value, expire=86400 * 365, path=None): |
|
2946
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
3019 """Set a cookie value to be sent in HTTP headers |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
3020 |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
3021 Parameters: |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
3022 name: |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
3023 cookie name |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
3024 value: |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
3025 cookie value |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
3026 expire: |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
3027 cookie expiration time (seconds). |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
3028 If value is empty (meaning "delete cookie"), |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
3029 expiration time is forced in the past |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
3030 and this argument is ignored. |
|
3548
61d48244e7a8
login may now be for a single session
Richard Jones <richard@users.sourceforge.net>
parents:
3494
diff
changeset
|
3031 If None, the cookie will expire at end-of-session. |
|
2946
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
3032 If omitted, the cookie will be kept for a year. |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
3033 path: |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
3034 cookie path (optional) |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
3035 |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
3036 """ |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
3037 if path is None: |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
3038 path = self.cookie_path |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
3039 if not value: |
|
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
3040 expire = -1 |
|
3989
0112e9e1d068
improvements to session management
Richard Jones <richard@users.sourceforge.net>
parents:
3916
diff
changeset
|
3041 self._cookies[(path, name)] = (value, expire) |
|
2946
661028d24cd2
support for multiple cookie headers in single http response;
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2942
diff
changeset
|
3042 |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
3043 def make_user_anonymous(self): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
3044 """ Make us anonymous |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
3045 |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
3046 This method used to handle non-existence of the 'anonymous' |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
3047 user, but that user is mandatory now. |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
3048 """ |
|
985
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
3049 self.userid = self.db.user.lookup('anonymous') |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
3050 self.user = 'anonymous' |
|
55ab0c5b49f9
New CGI interface support
Richard Jones <richard@users.sourceforge.net>
parents:
diff
changeset
|
3051 |
|
1801
9f9d35f3d8f7
Change the message asking for confirmation of registration...
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
1799
diff
changeset
|
3052 def standard_message(self, to, subject, body, author=None): |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
3053 """Send a standard email message from Roundup. |
|
2248
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
3054 |
|
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
3055 "to" - recipients list |
|
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
3056 "subject" - Subject |
|
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
3057 "body" - Message |
|
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
3058 "author" - (name, address) tuple or None for admin email |
|
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
3059 |
|
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
3060 Arguments are passed to the Mailer.standard_message code. |
|
4065
1e28d58c6d1c
Uniformly use """...""" instead of '''...''' for comments.
Stefan Seefeld <stefan@seefeld.name>
parents:
4064
diff
changeset
|
3061 """ |
|
1799
071ea6fc803f
Extracted duplicated mail-sending code...
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
1798
diff
changeset
|
3062 try: |
|
1801
9f9d35f3d8f7
Change the message asking for confirmation of registration...
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents:
1799
diff
changeset
|
3063 self.mailer.standard_message(to, subject, body, author) |
|
5248
198b6e810c67
Use Python-3-compatible 'as' syntax for except statements
Eric S. Raymond <esr@thyrsus.com>
parents:
5231
diff
changeset
|
3064 except MessageSendError as e: |
|
4880
ca692423e401
Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents:
4851
diff
changeset
|
3065 self.add_error_message(str(e)) |
|
2248
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
3066 return 0 |
|
cd7e6d6288c6
fixed rego from email address [SF#947414]
Richard Jones <richard@users.sourceforge.net>
parents:
2246
diff
changeset
|
3067 return 1 |
|
1467
378081f066cc
registration is now a two-step process with confirmation from the
Richard Jones <richard@users.sourceforge.net>
parents:
1456
diff
changeset
|
3068 |
|
2107
b7404a96b58a
minor pre-release / test fixes
Richard Jones <richard@users.sourceforge.net>
parents:
2082
diff
changeset
|
3069 def parsePropsFromForm(self, create=0): |
|
2010
1b11ffd8015e
forward-porting of fixed edit action / parsePropsFromForm...
Richard Jones <richard@users.sourceforge.net>
parents:
2005
diff
changeset
|
3070 return FormParser(self).parse(create=create) |
|
1b11ffd8015e
forward-porting of fixed edit action / parsePropsFromForm...
Richard Jones <richard@users.sourceforge.net>
parents:
2005
diff
changeset
|
3071 |
|
2799
9605965569b0
disallow caching of pages with error and/or ok messages.
Alexander Smishlajev <a1s@users.sourceforge.net>
parents:
2724
diff
changeset
|
3072 # vim: set et sts=4 sw=4 : |