Mercurial > p > roundup > code

changeset 6517:a22ea1a7e92c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix extension in url support Make error cases: .jon return errors in tests. I must not have tested the prior checkin. This limits length of extension to under 6 characters. This allows most mime types (including .vcard maybe for downloading a users record) likley to be specified for download. It also permits JWT though.
author John Rouillard <rouilj@ieee.org>
date Thu, 21 Oct 2021 10:40:15 -0400
parents df4f955544aa
children f4ed324c2ff8
files CHANGES.txt roundup/rest.py
diffstat 2 files changed, 8 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/CHANGES.txt	Wed Oct 20 23:21:46 2021 -0400
+++ b/CHANGES.txt	Thu Oct 21 10:40:15 2021 -0400
@@ -31,8 +31,8 @@
   encoded/compressed. (John Rouillard)
 - In REST interface do not raise UsageError for invalid api version.
   Return json error with proper message. Fixes crash. (John Rouillard)
-- In REST interface, only allow .json or .xml (if supported) as
-  extensions. All other paths with a . in then will be passed through
+- In REST interface, allow extensions on URI less than 6 characters in
+  length. All other paths with a . in then will be passed through
   without change. This allows items like a JWT to be passed as a path
   element. (John Rouillard)
 
--- a/roundup/rest.py	Wed Oct 20 23:21:46 2021 -0400
+++ b/roundup/rest.py	Thu Oct 21 10:40:15 2021 -0400
@@ -1961,9 +1961,12 @@
         #            default (application/json)
         ext_type = os.path.splitext(urlparse(uri).path)[1][1:]
 
-        # Use explicit list of extensions. Even if xml isn't supported
-        # recognize it as a valid directive.
-        if ext_type in ['json', 'xml']:
+        # Check to see if the length of the extension is less than 6.
+        # this allows use of .vcard for a future use in downloading
+        # user info. It also allows passing through larger items like
+        # JWT that has a final component > 6 items. This method also
+        # allow detection of mistyped types like jon for json.
+        if ext_type  and (len(ext_type) < 6):
             # strip extension so uri make sense
             # .../issue.json -> .../issue
             uri = uri[:-(len(ext_type) + 1)]
@@ -1976,11 +1979,6 @@
         # with invalid values.
         data_type = ext_type or accept_type or headers.get('Accept') or "invalid"
 
-        if (ext_type):
-            # strip extension so uri make sense
-            # .../issue.json -> .../issue
-            uri = uri[:-(len(ext_type) + 1)]
-
         # add access-control-allow-* to support CORS
         self.client.setHeader("Access-Control-Allow-Origin", "*")
         self.client.setHeader(
Roundup Issue Tracker: http://roundup-tracker.org/