def func(id=None): createLocalSession() if 'csrf' not in session: token = os.urandom(16) session['csrf'] = ''.join('%02x' % ord(c) for c in token) if method == 'POST' and \ ('csrf' not in request.form or request.form['csrf'] != session['csrf']): abort(403) if 'userId' in session and session['userId']: session.user = User.one(id=int(session['userId'])) else: session.user = None if (authed or admin) and session.user == None: return _redirect('/') elif admin and not session.user.admin: abort(403) params = request.form if method == 'POST' else request.args kwargs = {} for i, arg in enumerate(args): if i == 0 and arg == 'id' and not rpc: continue if arg in params: kwargs[arg] = params[arg] else: assert not rpc # RPC requires all arguments. try: if hasId and id != None: ret = ofunc(int(id), **kwargs) else: ret = ofunc(**kwargs) except RedirectException, r: return _redirect(r.url)
def login_required_response(error=DEFAULT_LOGIN_ERROR, redirect='users.login'): if not g.logged_in: flash(error) return _redirect(url_for(redirect)) if g.user.is_banned(): flash("You can't use this feature while banned.", 'error') return _redirect('/banned') return None
def decorated_function(*args, **kwargs): response = login_required_response() if response: return response if g.user.is_muted(): flash("You can't use this feature while muted.") return _redirect(url_for(self.redirect)) if not g.user.email_confirmed: flash("Please confirm your email before using this feature.") return _redirect(url_for(self.redirect)) return f(*args, **kwargs)
def func(id=None): if 'csrf' not in session: token = os.urandom(16) session['csrf'] = ''.join('%02x' % ord(c) for c in token) if not CSRFable and method == 'POST' and \ ('csrf' not in request.form or request.form['csrf'] != session['csrf']): abort(403) params = request.form if method == 'POST' else request.args kwargs = {} for i, arg in enumerate(args): if i == 0 and arg == 'id' and not rpc: continue if arg in params: kwargs[arg] = params[arg] elif arg in request.files: kwargs[arg] = request.files[arg] else: assert not rpc # RPC requires all arguments. try: if hasId and id != None: ret = ofunc(int(id), **kwargs) else: ret = ofunc(**kwargs) except RedirectException, r: return _redirect(r.url)
def redirect(location, code=302, Response=None, success=None, warning=None, error=None): session['SUCCESS'] = success session['WARNING'] = warning session['ERROR'] = error return _redirect(location, code=code, Response=Response)
def decorated_function(*args, **kwargs): response = login_required_response() if response: return response if not g.user.has_admin_access(): if self.redirect: flash("You don't have permission to use this feature.") return _redirect(url_for(self.redirect)) return render_template('403.html'), 403 return f(*args, **kwargs)
def func(id=None): createLocalSession() try: tpl = stpl if 'csrf' not in session: token = os.urandom(16) session['csrf'] = ''.join('%02x' % ord(c) for c in token) if not CSRFable and method == 'POST' and \ ('csrf' not in request.form or request.form['csrf'] != session['csrf']): abort(403) if 'userId' in session and session['userId']: session.user = User.one(id=int(session['userId'])) else: session.user = None if admin and (session.user == None or not session.user.admin): return abort(404) elif authed and session.user == None: return _redirect(handler.auth.get_index.url(error=0)) params = request.form if method == 'POST' else request.args kwargs = {} for i, arg in enumerate(args): if i == 0 and arg == 'id' and not rpc: continue if arg in params: kwargs[arg] = params[arg] elif arg in request.files: kwargs[arg] = request.files[arg] else: assert not rpc # RPC requires all arguments. try: if hasId and id != None: ret = ofunc(int(id), **kwargs) else: ret = ofunc(**kwargs) except RedirectException, r: return _redirect(r.url) except TemplateException, t: tpl = t.tpl ret = t.args
def wrapped(*args, **kwargs): if not is_active(feature): url = redirect_to if redirect: url = url_for(redirect) if url: log.debug(u'Feature {feature} is off, redirecting to {url}'.format(feature=feature, url=url)) return _redirect(url, code=302) else: log.debug(u'Feature {feature} is off, aborting request'.format(feature=feature)) abort(404) return func(*args, **kwargs)
def func(id=None): tpl = stpl params = request.form if method == 'POST' else request.args if rpc: params = loads(params['args']) kwargs = {} for i, arg in enumerate(args): if i == 0 and arg == 'id' and not rpc: continue if arg in params: kwargs[arg] = params[arg] elif arg in request.files: kwargs[arg] = request.files[arg] else: print args, params assert not rpc # RPC requires all arguments. try: if hasId and id != None: ret = ofunc(int(id), **kwargs) else: ret = ofunc(**kwargs) except RedirectException, r: return _redirect(r.url)
def redirect(*args, **kwargs): __redirect = _redirect(*args, **kwargs) __redirect.autocorrect_location_header = False return __redirect
def redirect(location: str, code: int = 302) -> Response: """flask's redirect but always passes the Response class""" return _redirect(location, code, Response)
def wm_INTERNAL_redir (self, path): self.wm_debug_log ("--- redirect received ---") self.wm_debug_log ("checking hostname") hostname = get_url_hostname (_request.base_url) self.wm_debug_log ("target hostname is {}".format (hostname)) found_app = False for appid in self.wm_enableds.keys (): if hostname in self.wm_config["apps"][appid]["hostnames"]: found_app = True app = self.wm_enableds[appid] self.wm_debug_log ("hostname {0} matches app {1}".format (hostname, app)) break if not found_app: self.wm_debug_log ("hostname {} doesn't match any app!".format (hostname)) ret = self.wm_config["not_found_response"] return ret base_path = self.wm_config["apps"][appid]["base_path"] old_abspath = getcwd () self.wm_debug_log ("changing cwd to {}".format (base_path)) chdir (base_path) self.wm_debug_log ("cwd is now {}".format (getcwd ())) old_path = relpath (old_abspath) if app["first_request"]: app["first_request"] = False for before_first_request_func in app["app"].before_first_request_funcs: before_first_request_func () # TODO add blueprint support for blueprint, before_request_func_list in app["app"].before_request_funcs.items (): for before_request_func in before_request_func_list: before_request_func () self.wm_debug_log ("done calling before functions") # print (print_object (app.url_map)) # set the module's request object to the actual request object # so the route function can access the actual request information app["module"].request = _request self.wm_debug_log ("bound to actual request") # bind the app's url map to the actual request urls = app["app"].url_map.bind_to_environ (_request) self.wm_debug_log ("bound to real environment") # get the endpoint and arguments for the actual request self.wm_debug_log ("matching") error = False try: endpoint, args = urls.match () except NotFound: print_exc () error = True ret = "Not Found", 404 endpoint, args = None, None except MethodNotAllowed: print_exc () error = True ret = "Method Not Allowed", 405 endpoint, args = None, None except RequestRedirect as redir: print_exc () error = True ret = _redirect (redir.new_url) endpoint, args = None, None except: print_exc () error = True endpoint, args = None, None if error: self.wm_debug_log ("error return value is {}".format (ret)) self.wm_debug_log ("matched") print ("### ENDPOINT: {0}, ARGS: {1}".format (endpoint, args)) if not error: for function_name, view_function in app["app"].view_functions.items (): if function_name == endpoint: self.wm_debug_log ("calling {}".format (function_name)) try: ret = _make_response (view_function (**args)) except HTTPException as exc: print_exc () self.wm_debug_log ( "error when calling view function -- code: {0}, desc: {1}, name: {2}, response: {3} ###".format ( exc.code, exc.description, exc.name, exc.response) ) ret = exc.get_response (environ = _request) # WARNING: any other non-abort () exceptions will be raised # and will call the Flask debugger without calling the below code! else: self.wm_debug_log ("not calling view function {}".format (function_name)) # TODO also add blueprint support for blueprint, after_request_func_list in app["app"].after_request_funcs.items (): for after_request_func in after_request_func_list: self.wm_debug_log ("Response before calling {0}: {1}".format (after_request_func.__name__, ret)) after_request_ret = after_request_func (_make_response (ret)) self.wm_debug_log ("Response after calling {0}: {1}".format (after_request_func.__name__, after_request_ret)) ret = after_request_ret self.wm_debug_log ("changing dir back to {}".format (old_path)) chdir (old_path) self.wm_debug_log ("--- redirect completed, returning ---") return ret
def redirect(url): return _redirect(DONAME + url)