Mercurial > p > roundup > code

view roundup/cgi/exceptions.py @ 8575:b1024bf0d9f7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
feature: add nonceless/tokenless CSRF protection Add tokenless CSRF protection following: https://words.filippo.io/csrf/ Must be enabled using use_tokenless_csrf_protection in config.ini. By default it's off. If enabled the older csrf_* settings are ignored. The allowed_api_origins setting is still used for Origin comparisons. This should also improve performance as a nonce isn't required so generating random nonce and saving it to the otks database is eliminated. doc/admin_guide.txt, doc/reference.txt doc/upgrading.txt doc updates. roundup/configuration.py add use_tokenless_csrf_protection setting. move allowed_api_origins directly after use_tokenless_csrf_protection and before the older csrf_* settings. It's used by both of them. Rewrite description of allowed_api_origins as its applied to all URLs with tokenless protection, not just API URLs. roundup/anypy/urllib_.py import urlsplit, it is used in new code. urlparse() is less efficient and splits params out of the path component. Since Roundup doesn't require that params be split from the path. I expect future patch will replace urlparse() with urlsplit() globally and not need urlparse(). roundup/cgi/client.py add handle_csrf_tokenless() and call from handle_csrf() if use_tokenless_csrf_protection is enabled. refactor code that expires csrf tokens when used with the wrong methods (i.e. GET) into expire_exposed_keys(). Call same from handle_csrf and handle_csrf_tokenless. Also improve logging if this happens including both Referer and Origin headers if available. Arguably we dont care about CSRF tokens exposed via GET/HEAD/OPTIONS in the tokenless case, but this cleans them up in case the admin has to switch back. At some future date we can delete all the nonce based CSRF from 2018. Update handle_csrf() docstring about calling/returning handle_csrf_tokenless() when enabled. Call expire_exposed_keys(method) if token is supplied with wrong method. roundup/cgi/templating.py disable nonce generation/save and always return "0" when use_tokenless_csrf_protection enabled.
author John Rouillard <rouilj@ieee.org>
date Sun, 19 Apr 2026 20:50:07 -0400
parents ef1ea918b07a
children
line wrap: on
line source

"""Exceptions for use in Roundup's web interface.
"""

__docformat__ = 'restructuredtext'

from roundup.exceptions import LoginError, Unauthorised  # noqa: F401

from roundup.anypy.html import html_escape

from roundup.exceptions import RoundupException


class RoundupCGIException(RoundupException):
    pass


class Reauth(RoundupCGIException):
    """Raised by auditor, to trigger password verification before commit.

       Before committing changes to sensitive fields, triggers the
       following workflow:

         1. user is presented with a page to enter his/her password
         2. page is submitted to reauth action
         3. password is verified by LoginAction.verifyPassword
         4. change is committed to database.

         If 3 fails, restart at step 1.

         Client.reauth() method is used to handle step 1. Should be
         able to be overridden in interfaces.py. Step 2 is done by
         _generic.reauth.html. Steps 3 and 4 (and cycle back to 1) is
         done by cgi/actions.py:Reauth action.
    """
    pass


class HTTPException(RoundupCGIException):
    """Base exception for all HTTP error codes."""
    pass


class Redirect(HTTPException):
    """HTTP 302 status code"""
    pass


class NotModified(HTTPException):
    """HTTP 304 status code"""
    pass


class NotFound(HTTPException):
    """HTTP 404 status code unless self.response_code is set to
       400 prior to raising exception.
    """
    pass


class PreconditionFailed(HTTPException):
    """HTTP 412 status code"""
    pass


class RateLimitExceeded(HTTPException):
    """HTTP 429 error code"""
    pass


class DetectorError(RoundupException):
    """Raised when a detector throws an exception.
Contains details of the exception."""
    def __init__(self, subject, html, txt):
        self.subject = subject
        self.html = html
        self.txt = txt
        BaseException.__init__(self, subject + ' ' + txt)


class FormError(ValueError):
    """An 'expected' exception occurred during form parsing.

    That is, something we know can go wrong, and don't want to alarm the user
    with.

    We trap this at the user interface level and feed back a nice error to the
    user.

    """
    pass


class IndexerQueryError(RoundupException):
    """Raised to handle errors from FTS searches due to query
       syntax errors.
    """
    pass


class SendFile(RoundupException):
    """Send a file from the database."""


class SendStaticFile(RoundupException):
    """Send a static file from the instance html directory."""


class SeriousError(RoundupException):
    """Raised when we can't reasonably display an error message on a
    templated page.

    The exception value will be displayed in the error page, HTML
    escaped.
    """
    def __str__(self):
        return """
<html><head><title>Roundup issue tracker: An error has occurred</title>
 <link rel="stylesheet" type="text/css" href="@@file/style.css">
</head>
<body class="body" marginwidth="0" marginheight="0">
 <p class="error-message">%s</p>
</body></html>
""" % html_escape(self.args[0])

# vim: set filetype=python sts=4 sw=4 et si :
Roundup Issue Tracker: http://roundup-tracker.org/