def test_quote(self):
self.assertEqual(http.quote('abc'), 'abc')
self.assertEqual(http.quote('a bc'), 'a%20bc')
self.assertEqual(http.quote('a/bc'), 'a/bc')
self.assertEqual(http.quote(u'a\u00B6bc'), 'a%C2%B6bc')
def listing(self, path, env, start_response):
if not path.startswith(self.serve_path + '/'):
return http.HTTPForbidden()(env, start_response)
rpath = '/' + self.path + '/' + path[len(self.serve_path) + 1:]
epath = escape(rpath)
body = (
'<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 '
'Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">\n'
'<html>\n'
' <head>\n'
' <title>Listing of %s</title>\n'
' <style type="text/css">\n'
' h1 {font-size: 1em; font-weight: bold;}\n'
' th {text-align: left; padding: 0px 1em 0px 1em;}\n'
' td {padding: 0px 1em 0px 1em;}\n'
' a {text-decoration: none;}\n'
' .colsize {text-align: right;}\n'
' </style>\n'
' </head>\n'
' <body>\n'
' <h1 id="title">Listing of %s</h1>\n'
' <table id="listing">\n'
' <tr id="heading">\n'
' <th class="colname">Name</th>\n'
' <th class="colsize">Size</th>\n'
' <th class="coldate">Date</th>\n'
' </tr>\n' % (epath, epath))
if env['PATH_INFO'].count('/') > 1:
body += (
' <tr id="parent" class="item">\n'
' <td class="colname"><a href="../">../</a></td>\n'
' <td class="colsize"> </td>\n'
' <td class="coldate"> </td>\n'
' </tr>\n')
listing = sorted(os.listdir(path))
for item in listing:
itempath = os.path.join(path, item)
if os.path.isdir(itempath):
body += (
' <tr class="item subdir">\n'
' <td class="colname"><a href="%s">%s</a></td>\n'
' <td class="colsize"> </td>\n'
' <td class="coldate"> </td>\n'
' </tr>\n' % (http.quote(item), escape(item)))
for item in listing:
itempath = os.path.join(path, item)
if os.path.isfile(itempath):
ext = os.path.splitext(item)[1].lstrip('.')
size = os.path.getsize(itempath)
mtime = os.path.getmtime(itempath)
body += (
' <tr class="item %s">\n'
' <td class="colname"><a href="%s">%s</a></td>\n'
' <td class="colsize">'
'<script type="text/javascript">'
'document.write(new Number(%s).toLocaleString());'
'</script></td>\n'
' <td class="coldate">'
'<script type="text/javascript">'
'document.write(new Date(%s * 1000).toLocaleString());'
'</script></td>\n'
' </tr>\n' %
('ext' + ext, http.quote(item), escape(item), size, mtime))
body += (
' </table>\n'
' </body>\n'
'</html>\n')
start_response('200 OK', {
'content-type': 'text/html; charset=UTF-8',
'content-length': str(len(body))}.items())
return [body]
def _check_username_password(self, env, username, password):
memcache = env.get('memcache')
if not memcache and time() >= self.next_time_to_log_no_memcache:
self.next_time_to_log_no_memcache = \
time() + self.no_memcache_log_interval
env['brim.logger'].warning(
"Authorization with no memcache['env'] will slow down every "
"request")
key = '/wsgi_basic_auth/%s/%s' % (
quote(username, safe=''), sha1(password).hexdigest())
if memcache:
try:
memcached_value = memcache.get(key)
except Exception as err:
env['brim.logger'].warning(
'Authorization problem accessing memcache for username '
'%r: %s' % (username, err))
else:
if memcached_value:
try:
memcached_username, memcached_mtime = memcached_value
except (TypeError, ValueError) as err:
env['brim.logger'].warning(
'Authorization invalid memcache value %r for '
'username %r: %s' %
(memcached_value.encode('utf8'), username, err))
else:
if time() >= self.next_time_to_check_auth_path_mtime:
self.auth_path_last_mtime = getmtime(
self.auth_path)
self.next_time_to_check_auth_path_mtime = \
time() + self.auth_path_check_mtime_interval
env['brim.logger'].debug(
'Authorization read mtime %s for %r' %
(self.auth_path_last_mtime, self.auth_path))
if memcached_username == username:
if memcached_mtime == self.auth_path_last_mtime:
env['REMOTE_USER'] = username
del env['HTTP_AUTHORIZATION']
env['brim.logger'].debug(
'Authorization for username %r validated '
'by memcache' % username)
else:
env['brim.logger'].debug(
'Authorization memcached value was from '
'different mtime: %s != %s' % (
memcached_mtime,
self.auth_path_last_mtime))
else:
env['brim.logger'].debug(
'Authorization memcached value was for '
'different username: %r != %r' %
(memcached_username, username))
if not env.get('REMOTE_USER'):
with open(self.auth_path, 'r') as fp:
for line in fp:
line = line.split(None, 1)
if len(line) == 2 and line[0] == username:
bcrypted = line[1].strip()
if hashpw(password, bcrypted) == bcrypted:
env['REMOTE_USER'] = username
del env['HTTP_AUTHORIZATION']
env['brim.logger'].debug(
'Authorization for username %r validated by '
'%r' % (username, self.auth_path))
if memcache:
memcached_value = (
username, self.auth_path_last_mtime)
memcache.set(key, memcached_value)
env['brim.logger'].debug(
'Authorization memcached %r' %
(memcached_value,))
else:
env['brim.logger'].debug(
'Authorization failure for %r' % username)
break
else:
env['brim.logger'].debug(
'Authorization unknown username %r' % username)