Ejemplo n.º 1
0
def get_zip(request, hashtag, filename):
    """
    Download zip (it has to be ready)
    """
    if not validator.is_valid("alphanum", hashtag):
        log.warning("[security] Wrong hashtag provided")
        return HttpResponseForbidden("{'error': 'Wrong hashtag'}")
    path = os.path.join(settings.XPI_TARGETDIR, "%s.zip" % hashtag)
    log.info("[zip:%s] Downloading Addon from %s" % (filename, path))

    tend = time.time()
    tkey = _get_zip_cache_key(request, hashtag)
    tqueued = cache.get(tkey)
    if tqueued:
        ttotal = (tend - tqueued) * 1000
        statsd.timing("zip.total", ttotal)
        total = "%dms" % ttotal
    else:
        total = "n/a"

    log.info("[zip:%s] Downloading Add-on (%s)" % (hashtag, total))

    response = serve(request, path, "/", show_indexes=False)
    response["Content-Disposition"] = "attachment; " 'filename="%s.zip"' % filename
    return response
Ejemplo n.º 2
0
def prepare_test(r, id_number, revision_number=None):
    """
    Test XPI from data saved in the database
    """
    revision = get_object_with_related_or_404(PackageRevision,
                        package__id_number=id_number, package__type='a',
                        revision_number=revision_number)
    hashtag = r.POST.get('hashtag')
    if not hashtag:
        log.warning('[security] No hashtag provided')
        return HttpResponseForbidden('{"error": "No hashtag"}')
    if not validator.is_valid('alphanum', hashtag):
        log.warning('[security] Wrong hashtag provided')
        return HttpResponseForbidden("{'error': 'Wrong hashtag'}")
    # prepare codes to be sent to the task
    mod_codes = {}
    att_codes = {}
    if r.POST.get('live_data_testing', False):
        for mod in revision.modules.all():
            if r.POST.get(mod.filename, False):
                code = r.POST.get(mod.filename, '')
                if mod.code != code:
                    mod_codes[str(mod.pk)] = code
        for att in revision.attachments.all():
            if r.POST.get(str(att.pk), False):
                code = r.POST.get(str(att.pk))
                att_codes[str(att.pk)] = code
    tasks.xpi_build_from_model.delay(revision.pk,
            mod_codes=mod_codes, att_codes=att_codes, hashtag=hashtag)
    return HttpResponse('{"delayed": true}')
Ejemplo n.º 3
0
def prepare_test(r, id_number, revision_number=None):
    """
    Test XPI from data saved in the database
    """
    revision = get_object_with_related_or_404(
        PackageRevision, package__id_number=id_number, package__type="a", revision_number=revision_number
    )
    hashtag = r.POST.get("hashtag")
    if not hashtag:
        log.warning("[security] No hashtag provided")
        return HttpResponseForbidden('{"error": "No hashtag"}')
    if not validator.is_valid("alphanum", hashtag):
        log.warning("[security] Wrong hashtag provided")
        return HttpResponseForbidden("{'error': 'Wrong hashtag'}")
    if r.POST.get("live_data_testing", False):
        modules = []
        for mod in revision.modules.all():
            if r.POST.get(mod.filename, False):
                code = r.POST.get(mod.filename, "")
                if mod.code != code:
                    mod.code = code
                    modules.append(mod)
        attachments = []
        for att in revision.attachments.all():
            if r.POST.get(str(att.pk), False):
                code = r.POST.get(str(att.pk))
                att.code = code
                attachments.append(att)
        response, rm_xpi_url = revision.build_xpi(modules, attachments, hashtag=hashtag)
    else:
        response, rm_xpi_url = revision.build_xpi(hashtag=hashtag)
    return HttpResponse('{"delayed": true, "rm_xpi_url": "%s"}' % rm_xpi_url)
Ejemplo n.º 4
0
def remove_xpi(r, sdk_name):
    " remove whole temporary SDK on request "
    # Validate sdk_name
    if not validator.is_valid("alphanum_plus", sdk_name):
        return HttpResponseForbidden("{'error': 'Wrong name'}")
    xpi_remove("%s-%s" % (settings.SDKDIR_PREFIX, sdk_name))
    return HttpResponse("{}", mimetype="application/json")
Ejemplo n.º 5
0
def _get_package_overrides(container, sdk_version=None):
    """
    Prepare package overrides (from POST)
    sdk_version is used to override the version if {sdk_version} provided in
    optional container['version']

    :attr: container (dict) list of overrides
    :attr: sdk_version (string)
    """
    version = container.get('version', None)
    if version and sdk_version:
        version = version.format(sdk_version=sdk_version)

    package_overrides = {
        'version': version,
        'type': container.get('type', None),
        'fullName': container.get('fullName', None),
        'url': container.get('url', None),
        'description': container.get('description', None),
        'author': container.get('author', None),
        'license': container.get('license', None),
        'lib': container.get('lib', None),
        'data': container.get('data', None),
        'tests': container.get('tests', None),
        'main': container.get('main', None)
    }
    if version and not validator.is_valid('alphanum_plus', version):
        log.error("Wrong version format provided (%s)" % version)
        raise BadManifestFieldException("Wrong version format")
    return package_overrides
Ejemplo n.º 6
0
def prepare_zip(request, revision_id):
    """
    Prepare download zip  This package is built asynchronously and we assume
    it works. It will be downloaded in %``get_zip``
    """
    revision = get_object_with_related_or_404(PackageRevision, pk=revision_id)
    if not revision.package.active and request.user != revision.package.author:
        # pretend package doesn't exist as it's private
        raise Http404()
    hashtag = request.POST.get("hashtag")
    if not hashtag:
        return HttpResponseForbidden(
            "Add-on Builder has been updated!"
            "We have updated this part of the application. Please "
            "empty your cache and reload to get changes."
        )
    if not validator.is_valid("alphanum", hashtag):
        log.warning("[security] Wrong hashtag provided")
        return HttpResponseBadRequest("{'error': 'Wrong hashtag'}")
    log.info("[zip:%s] Addon added to queue" % hashtag)
    # caching
    tqueued = time.time()
    tkey = _get_zip_cache_key(request, hashtag)
    cache.set(tkey, tqueued, 120)
    # create zip file
    zip_source(pk=revision.pk, hashtag=hashtag, tqueued=tqueued)
    return HttpResponse('{"delayed": true}')
Ejemplo n.º 7
0
def get_zip(request, hashtag, filename):
    """
    Download zip (it has to be ready)
    """
    if not validator.is_valid('alphanum', hashtag):
        log.warning('[security] Wrong hashtag provided')
        return HttpResponseForbidden("{'error': 'Wrong hashtag'}")
    path = os.path.join(settings.XPI_TARGETDIR, '%s.zip' % hashtag)
    log.info('[zip:%s] Downloading Addon from %s' % (filename, path))

    tend = time.time()
    tkey = _get_zip_cache_key(request, hashtag)
    tqueued = cache.get(tkey)
    if tqueued:
        ttotal = (tend - tqueued) * 1000
        statsd.timing('zip.total', ttotal)
        total = '%dms' % ttotal
    else:
        total = 'n/a'

    log.info('[zip:%s] Downloading Add-on (%s)' % (hashtag, total))

    response = serve(request, path, '/', show_indexes=False)
    response['Content-Disposition'] = ('attachment; '
                                       'filename="%s.zip"' % filename)
    return response
Ejemplo n.º 8
0
def get_download(r, hashtag, filename):
    """
    Download XPI (it has to be ready)
    """
    if not validator.is_valid('alphanum', hashtag):
        log.warning('[security] Wrong hashtag provided')
        return HttpResponseForbidden("{'error': 'Wrong hashtag'}")
    path = os.path.join(settings.XPI_TARGETDIR, '%s.xpi' % hashtag)
    log.info('[xpi:%s] Downloading Addon from %s' % (filename, path))

    tend = time.time()
    tkey = xpi_utils.get_queued_cache_key(hashtag, r)
    tqueued = cache.get(tkey)
    if tqueued:
        ttotal = (tend - tqueued) * 1000
        statsd.timing('xpi.build.total', ttotal)
        total = '%dms' % ttotal
    else:
        total = 'n/a'

    log.info('[xpi:%s] Downloading Add-on (%s)' % (hashtag, total))

    response = serve(r, path, '/', show_indexes=False)
    response['Content-Disposition'] = ('attachment; '
            'filename="%s.xpi"' % filename)
    return response
Ejemplo n.º 9
0
def prepare_zip(request, revision_id):
    """
    Prepare download zip  This package is built asynchronously and we assume
    it works. It will be downloaded in %``get_zip``
    """
    revision = get_object_with_related_or_404(PackageRevision, pk=revision_id)
    if (not revision.package.active
            and request.user != revision.package.author):
        # pretend package doesn't exist as it's private
        raise Http404()
    hashtag = request.POST.get('hashtag')
    if not hashtag:
        return HttpResponseForbidden(
            'Add-on Builder has been updated!'
            'We have updated this part of the application. Please '
            'empty your cache and reload to get changes.')
    if not validator.is_valid('alphanum', hashtag):
        log.warning('[security] Wrong hashtag provided')
        return HttpResponseBadRequest("{'error': 'Wrong hashtag'}")
    log.info('[zip:%s] Addon added to queue' % hashtag)
    # caching
    tqueued = time.time()
    tkey = _get_zip_cache_key(request, hashtag)
    cache.set(tkey, tqueued, 120)
    # create zip file
    zip_source(pk=revision.pk, hashtag=hashtag, tqueued=tqueued)
    return HttpResponse('{"delayed": true}')
Ejemplo n.º 10
0
def prepare_test(r, revision_id):
    """
    Test XPI from data saved in the database
    """
    revision = _get_addon(r.user, revision_id)
    hashtag = r.POST.get('hashtag')
    if not hashtag:
        log.warning('[security] No hashtag provided')
        return HttpResponseBadRequest('{"error": "No hashtag"}')
    if not validator.is_valid('alphanum', hashtag):
        log.warning('[security] Wrong hashtag provided')
        return HttpResponseBadRequest("{'error': 'Wrong hashtag'}")
    # prepare codes to be sent to the task
    mod_codes = {}
    att_codes = {}
    if r.POST.get('live_data_testing', False):
        for mod in revision.modules.all():
            if r.POST.get(mod.filename, False):
                code = r.POST.get(mod.filename, '')
                if mod.code != code:
                    mod_codes[str(mod.pk)] = code
        for att in revision.attachments.all():
            if r.POST.get(str(att.pk), False):
                code = r.POST.get(str(att.pk))
                att_codes[str(att.pk)] = code
    if mod_codes or att_codes or not os.path.exists('%s.xpi' %
            os.path.join(settings.XPI_TARGETDIR, hashtag)):
        log.info('[xpi:%s] Addon added to queue' % hashtag)
        tqueued = time.time()
        tkey = xpi_utils.get_queued_cache_key(hashtag, r)
        cache.set(tkey, tqueued, 120)
        tasks.xpi_build_task(rev_pk=revision.pk,
                mod_codes=mod_codes, att_codes=att_codes,
                hashtag=hashtag, tqueued=tqueued)
    return HttpResponse('{"delayed": true}')
Ejemplo n.º 11
0
def _get_package_overrides(container, sdk_version=None):
    """
    Prepare package overrides (from POST)
    sdk_version is used to override the version if {sdk_version} provided in
    optional container['version']

    :attr: container (dict) list of overrides
    :attr: sdk_version (string)
    """
    version = container.get('version', None)
    if version and sdk_version:
        version = version.format(sdk_version=sdk_version)

    package_overrides = {
        'version': version,
        'type': container.get('type', None),
        'fullName': container.get('fullName', None),
        'url': container.get('url', None),
        'description': container.get('description', None),
        'author': container.get('author', None),
        'license': container.get('license', None),
        'lib': container.get('lib', None),
        'data': container.get('data', None),
        'tests': container.get('tests', None),
        'main': container.get('main', None)
    }
    if version and not validator.is_valid('alphanum_plus', version):
        log.error("Wrong version format provided (%s)" % version)
        raise BadManifestFieldException("Wrong version format")
    return package_overrides
Ejemplo n.º 12
0
def clean(r, path):
    " remove whole temporary SDK on request "
    # Validate sdk_name
    if not validator.is_valid('alphanum', path):
        log.warning('[security] Wrong hashtag provided')
        return HttpResponseForbidden("{'error': 'Wrong hashtag'}")
    xpi_utils.remove(os.path.join(settings.XPI_TARGETDIR, '%s.xpi' % path))
    return HttpResponse('{"success": true}', mimetype='application/json')
Ejemplo n.º 13
0
def clean(r, path):
    " remove whole temporary SDK on request "
    # Validate sdk_name
    if not validator.is_valid('alphanum', path):
        log.warning('[security] Wrong hashtag provided')
        return HttpResponseForbidden("{'error': 'Wrong hashtag'}")
    xpi_utils.remove(os.path.join(settings.XPI_TARGETDIR, '%s.xpi' % path))
    return HttpResponse('{"success": true}', mimetype='application/json')
Ejemplo n.º 14
0
def check_zip(r, hashtag):
    """Check if zip file is prepared."""
    if not validator.is_valid("alphanum", hashtag):
        log.warning("[security] Wrong hashtag provided")
        return HttpResponseForbidden("{'error': 'Wrong hashtag'}")
    path = os.path.join(settings.XPI_TARGETDIR, "%s.zip" % hashtag)
    # Check file if it exists
    if os.path.isfile(path):
        return HttpResponse('{"ready": true}')
    return HttpResponse('{"ready": false}')
Ejemplo n.º 15
0
def check_zip(r, hashtag):
    """Check if zip file is prepared."""
    if not validator.is_valid('alphanum', hashtag):
        log.warning('[security] Wrong hashtag provided')
        return HttpResponseForbidden("{'error': 'Wrong hashtag'}")
    path = os.path.join(settings.XPI_TARGETDIR, '%s.zip' % hashtag)
    # Check file if it exists
    if os.path.isfile(path):
        return HttpResponse('{"ready": true}')
    return HttpResponse('{"ready": false}')
Ejemplo n.º 16
0
def check_download(r, hashtag):
    """Check if XPI file is prepared."""
    if not validator.is_valid('alphanum', hashtag):
        log.warning('[security] Wrong hashtag provided')
        return HttpResponseForbidden("{'error': 'Wrong hashtag'}")
    path = os.path.join(settings.XPI_TARGETDIR, '%s.xpi' % hashtag)
    # Check file if it exists
    if os.path.isfile(path):
        return HttpResponse('{"ready": true}')
    return HttpResponse('{"ready": false}')
Ejemplo n.º 17
0
def get_download(r, hashtag, filename):
    """
    Download XPI (it has to be ready)
    """
    if not validator.is_valid("alphanum", hashtag):
        log.warning("[security] Wrong hashtag provided")
        return HttpResponseForbidden("{'error': 'Wrong hashtag'}")
    path = os.path.join(settings.XPI_TARGETDIR, "%s.xpi" % hashtag)
    log.info("Downloading %s.xpi from %s" % (filename, path))
    response = serve(r, path, "/", show_indexes=False)
    response["Content-Disposition"] = "attachment; " 'filename="%s.xpi"' % filename
    return response
Ejemplo n.º 18
0
def get_download(r, hashtag, filename):
    """
    Download XPI (it has to be ready)
    """
    if not validator.is_valid('alphanum', hashtag):
        log.warning('[security] Wrong hashtag provided')
        return HttpResponseForbidden("{'error': 'Wrong hashtag'}")
    path = os.path.join(settings.XPI_TARGETDIR, '%s.xpi' % hashtag)
    log.info('Downloading %s.xpi from %s' % (filename, path))
    response = serve(r, path, '/', show_indexes=False)
    response['Content-Disposition'] = ('attachment; '
            'filename="%s.xpi"' % filename)
    return response
Ejemplo n.º 19
0
def get_test(r, hashtag):
    """
    return XPI file for testing
    """
    if not validator.is_valid('alphanum', hashtag):
        log.warning('[security] Wrong hashtag provided')
        return HttpResponseForbidden("{'error': 'Wrong hashtag'}")
    path = os.path.join(settings.XPI_TARGETDIR, '%s.xpi' % hashtag)
    mimetype = 'text/plain; charset=x-user-defined'
    try:
        xpi = codecs.open(path, mode='rb').read()
    except Exception, err:
        log.debug('Add-on not yet created: %s' % str(err))
        return HttpResponse('')
Ejemplo n.º 20
0
def prepare_download(r, id_number, revision_number=None):
    """
    Prepare download XPI.  This package is built asynchronously and we assume
    it works. It will be downloaded in ``get_download``
    """
    revision = get_object_with_related_or_404(PackageRevision,
                        package__id_number=id_number, package__type='a',
                        revision_number=revision_number)
    hashtag = r.POST.get('hashtag')
    if not hashtag:
        return HttpResponseForbidden('Add-on Builder has been updated!'
                'We have updated this part of the application. Please '
                'empty your cache and reload to get changes.')
    if not validator.is_valid('alphanum', hashtag):
        log.warning('[security] Wrong hashtag provided')
        return HttpResponseForbidden("{'error': 'Wrong hashtag'}")
    tasks.xpi_build_from_model.delay(revision.pk, hashtag=hashtag)
    return HttpResponse('{"delayed": true}')
Ejemplo n.º 21
0
def prepare_download(r, id_number, revision_number=None):
    """
    Prepare download XPI.  This package is built asynchronously and we assume
    it works. It will be downloaded in ``get_download``
    """
    revision = get_object_with_related_or_404(
        PackageRevision, package__id_number=id_number, package__type="a", revision_number=revision_number
    )
    hashtag = r.POST.get("hashtag")
    if not hashtag:
        return HttpResponseForbidden(
            "Add-on Builder has been updated!"
            "We have updated this part of the pplication, please "
            "empty your cache and reload to get changes."
        )
    if not validator.is_valid("alphanum", hashtag):
        log.warning("[security] Wrong hashtag provided")
        return HttpResponseForbidden("{'error': 'Wrong hashtag'}")
    revision.build_xpi(hashtag=hashtag)
    return HttpResponse('{"delayed": true}')
Ejemplo n.º 22
0
def prepare_download(r, revision_id):
    """
    Prepare download XPI.  This package is built asynchronously and we assume
    it works. It will be downloaded in %``get_download``
    """
    revision = _get_addon(r.user, revision_id)
    hashtag = r.POST.get('hashtag')
    if not hashtag:
        return HttpResponseForbidden(
            'Add-on Builder has been updated!'
            'We have updated this part of the application. Please '
            'empty your cache and reload to get changes.')
    if not validator.is_valid('alphanum', hashtag):
        log.warning('[security] Wrong hashtag provided')
        return HttpResponseBadRequest("{'error': 'Wrong hashtag'}")
    log.info('[xpi:%s] Addon added to queue' % hashtag)
    tqueued = time.time()
    tkey = xpi_utils.get_queued_cache_key(hashtag, r)
    cache.set(tkey, tqueued, 120)
    tasks.xpi_build_task(rev_pk=revision.pk, hashtag=hashtag, tqueued=tqueued)
    return HttpResponse('{"delayed": true}')
Ejemplo n.º 23
0
def prepare_download(r, revision_id):
    """
    Prepare download XPI.  This package is built asynchronously and we assume
    it works. It will be downloaded in %``get_download``
    """
    revision = _get_addon(r.user, revision_id)
    hashtag = r.POST.get('hashtag')
    if not hashtag:
        return HttpResponseForbidden('Add-on Builder has been updated!'
                'We have updated this part of the application. Please '
                'empty your cache and reload to get changes.')
    if not validator.is_valid('alphanum', hashtag):
        log.warning('[security] Wrong hashtag provided')
        return HttpResponseBadRequest("{'error': 'Wrong hashtag'}")
    log.info('[xpi:%s] Addon added to queue' % hashtag)
    tqueued = time.time()
    tkey = xpi_utils.get_queued_cache_key(hashtag, r)
    cache.set(tkey, tqueued, 120)
    tasks.xpi_build_task(rev_pk=revision.pk,
            hashtag=hashtag, tqueued=tqueued)
    return HttpResponse('{"delayed": true}')
Ejemplo n.º 24
0
def _get_package_overrides(container, sdk_version=None):
    version = container.get('version', None)
    if version and sdk_version:
        version = version.format(sdk_version=sdk_version)

    package_overrides = {
        'version': version,
        'type': container.get('type', None),
        'fullName': container.get('fullName', None),
        'url': container.get('url', None),
        'description': container.get('description', None),
        'author': container.get('author', None),
        'license': container.get('license', None),
        'lib': container.get('lib', None),
        'data': container.get('data', None),
        'tests': container.get('tests', None),
        'main': container.get('main', None)
    }
    if version and not validator.is_valid('alphanum_plus', version):
        log.error("Wrong version format provided (%s)" % version)
        raise BadManifestFieldException("Wrong version format")
    return package_overrides
Ejemplo n.º 25
0
def get_test(r, hashtag):
    """
    return XPI file for testing
    """
    if not validator.is_valid('alphanum', hashtag):
        log.warning('[security] Wrong hashtag provided')
        return HttpResponseForbidden("{'error': 'Wrong hashtag'}")
    base = os.path.join(settings.XPI_TARGETDIR, hashtag)
    mimetype = 'text/plain; charset=x-user-defined'
    tfile = time.time()
    try:
        xpi = codecs.open('%s.xpi' % base, mode='rb').read()
    except Exception, err:
        if os.path.exists('%s.json' % base):
            with open('%s.json' % base) as error_file:
                error_json = simplejson.loads(error_file.read())
            os.remove('%s.json' % base)
            if error_json['status'] == 'error':
                log.warning('Error creating xpi (%s)' % error_json['message'])
                return HttpResponseNotFound(error_json['message'])

        log.debug('[xpi:%s] Add-on not yet created: %s' % (hashtag, str(err)))
        return HttpResponse('')
Ejemplo n.º 26
0
def prepare_test(r, revision_id):
    """
    Test XPI from data saved in the database
    """
    revision = _get_addon(r.user, revision_id)
    hashtag = r.POST.get('hashtag')
    if not hashtag:
        log.warning('[security] No hashtag provided')
        return HttpResponseBadRequest('{"error": "No hashtag"}')
    if not validator.is_valid('alphanum', hashtag):
        log.warning('[security] Wrong hashtag provided')
        return HttpResponseBadRequest("{'error': 'Wrong hashtag'}")
    # prepare codes to be sent to the task
    mod_codes = {}
    att_codes = {}
    if r.POST.get('live_data_testing', False):
        for mod in revision.modules.all():
            if r.POST.get(mod.filename, False):
                code = r.POST.get(mod.filename, '')
                if mod.code != code:
                    mod_codes[str(mod.pk)] = code
        for att in revision.attachments.all():
            if r.POST.get(str(att.pk), False):
                code = r.POST.get(str(att.pk))
                att_codes[str(att.pk)] = code
    if mod_codes or att_codes or not os.path.exists(
            '%s.xpi' % os.path.join(settings.XPI_TARGETDIR, hashtag)):
        log.info('[xpi:%s] Addon added to queue' % hashtag)
        tqueued = time.time()
        tkey = xpi_utils.get_queued_cache_key(hashtag, r)
        cache.set(tkey, tqueued, 120)
        tasks.xpi_build_task(rev_pk=revision.pk,
                             mod_codes=mod_codes,
                             att_codes=att_codes,
                             hashtag=hashtag,
                             tqueued=tqueued)
    return HttpResponse('{"delayed": true}')
Ejemplo n.º 27
0
def get_test(r, hashtag):
    """
    return XPI file for testing
    """
    if not validator.is_valid('alphanum', hashtag):
        log.warning('[security] Wrong hashtag provided')
        return HttpResponseForbidden("{'error': 'Wrong hashtag'}")
    base = os.path.join(settings.XPI_TARGETDIR, hashtag)
    mimetype = 'text/plain; charset=x-user-defined'
    tfile = time.time()
    try:
        xpi = codecs.open('%s.xpi' % base, mode='rb').read()
    except Exception, err:
        if os.path.exists('%s.json' % base):
            with open('%s.json' % base) as error_file:
                error_json = simplejson.loads(error_file.read())
            os.remove('%s.json' % base)
            if error_json['status'] == 'error':
                log.warning('Error creating xpi (%s)'
                        % error_json['message'] )
                return HttpResponseNotFound(error_json['message'])

        log.debug('[xpi:%s] Add-on not yet created: %s' % (hashtag, str(err)))
        return HttpResponse('')
Ejemplo n.º 28
0
def save(request, revision_id, type_id=None):
    """
    Save package and modules
    @TODO: check how dynamic module loading affects save
    """

    revision = get_object_with_related_or_404(PackageRevision, pk=revision_id)
    if request.user.pk != revision.author.pk:
        log_msg = ("[security] Attempt to save package (%s) by "
                   "non-owner (%s)" % (revision.pk,
                       request.user))
        log.warning(log_msg)
        return HttpResponseForbidden('You are not the author of this Package')

    save_revision = False
    save_package = False
    start_version_name = revision.version_name
    start_revision_message = revision.message

    response_data = {}

    package_full_name = request.POST.get('full_name', False)
    jid = request.POST.get('jid', None)
    version_name = request.POST.get('version_name', False)

    if jid and not validator.is_valid(
        'alphanum_plus', jid):
        return HttpResponseForbidden(escape(
            validator.get_validation_message('alphanum_plus')))

    # validate package_full_name and version_name
    if version_name and not validator.is_valid(
        'alphanum_plus', version_name):
        return HttpResponseForbidden(escape(
            validator.get_validation_message('alphanum_plus')))

    # here we're checking if the *current* full_name is different than the
    # revision's full_name
    if package_full_name and package_full_name != revision.package.full_name:
        try:
            revision.set_full_name(package_full_name)
        except ValidationError:
            return HttpResponseForbidden(escape(
                validator.get_validation_message('alphanum_plus_space')))
        except IntegrityError:
            return HttpResponseForbidden(
                'You already have a %s with that name' % escape(
                    revision.package.get_type_name())
                )
        else:
            save_package = True
            save_revision = True
            response_data['full_name'] = package_full_name

    package_description = request.POST.get('package_description', False)
    if package_description:
        save_package = True
        revision.package.description = package_description
        response_data['package_description'] = package_description

    extra_json = request.POST.get('package_extra_json')
    if extra_json is not None:
        # None means it wasn't submitted. We want to accept blank strings.
        save_revision = True
        try:
            revision.set_extra_json(extra_json, save=False)
        except JSONDecodeError:
            return HttpResponseBadRequest(
                    'Extra package properties were invalid JSON.')
        except IllegalFilenameException, e:
            return HttpResponseBadRequest(str(e))
        response_data['package_extra_json'] = extra_json
Ejemplo n.º 29
0
 def test_cached_hashtag(self):
     assert validator.is_valid('alphanum',
             self.addon.latest.get_cache_hashtag())
Ejemplo n.º 30
0
def package_save(r, id_number, type_id, revision_number=None,
                 version_name=None):
    """
    Save package and modules
    @TODO: check how dynamic module loading affects save
    """
    revision = get_package_revision(id_number, type_id, revision_number,
                                    version_name)
    if r.user.pk != revision.author.pk:
        log_msg = ("[security] Attempt to save package (%s) by "
                   "non-owner (%s)" % (id_number, r.user))
        log.warning(log_msg)
        return HttpResponseForbidden('You are not the author of this Package')

    save_revision = False
    save_package = False
    start_version_name = revision.version_name
    start_revision_message = revision.message

    response_data = {}

    package_full_name = r.POST.get('full_name', False)
    version_name = r.POST.get('version_name', False)

    # validate package_full_name and version_name
    if package_full_name and not validator.is_valid(
        'alphanum_plus_space', package_full_name):
        return HttpResponseNotAllowed(escape(
            validator.get_validation_message('alphanum_plus_space')))

    if version_name and not validator.is_valid(
        'alphanum_plus', version_name):
        return HttpResponseNotAllowed(escape(
            validator.get_validation_message('alphanum_plus')))

    if package_full_name and package_full_name != revision.package.full_name:
        revision.package.full_name = package_full_name
        # in FlightDeck, libraries can have the same name, by different authors
        try:
            Package.objects.get(author=revision.package.author,
                                name=revision.package.make_name())
            return HttpResponseForbidden(
                'You already have a %s with that name' % escape(
                    revision.package.get_type_name())
                )
        except Package.DoesNotExist:
            save_package = True
            response_data['full_name'] = package_full_name

    package_description = r.POST.get('package_description', False)
    if package_description:
        save_package = True
        revision.package.description = package_description
        response_data['package_description'] = package_description

    changes = []
    for mod in revision.modules.all():
        if r.POST.get(mod.filename, False):
            code = r.POST[mod.filename]
            if mod.code != code:
                mod.code = code
                changes.append(mod)

    for att in revision.attachments.all():
        uid = str(att.pk)
        if r.POST.get(uid):
            att.data = r.POST[uid]
            if att.changed():
                changes.append(att)

    attachments_changed = {}
    if save_revision or changes:
        revision.save()

    if changes:
        attachments_changed = simplejson.dumps(
                revision.updates(changes, save=False))

    revision_message = r.POST.get('revision_message', False)
    if revision_message and revision_message != start_revision_message:
        revision.message = revision_message
        # save revision message without changeing the revision
        super(PackageRevision, revision).save()
        response_data['revision_message'] = revision_message

    if version_name and version_name != start_version_name \
        and version_name != revision.package.version_name:
        save_package = False
        try:
            revision.set_version(version_name)
        except Exception, err:
            return HttpResponseForbidden(escape(err.__str__()))
Ejemplo n.º 31
0
def save(request, id_number, type_id, revision_number=None,
                 version_name=None):
    """
    Save package and modules
    @TODO: check how dynamic module loading affects save
    """
    revision = get_package_revision(id_number, type_id, revision_number,
                                    version_name)
    if request.user.pk != revision.author.pk:
        log_msg = ("[security] Attempt to save package (%s) by "
                   "non-owner (%s)" % (id_number, request.user))
        log.warning(log_msg)
        return HttpResponseForbidden('You are not the author of this Package')

    save_revision = False
    save_package = False
    start_version_name = revision.version_name
    start_revision_message = revision.message

    response_data = {}

    package_full_name = request.POST.get('full_name', False)
    version_name = request.POST.get('version_name', False)

    # validate package_full_name and version_name

    if version_name and not validator.is_valid(
        'alphanum_plus', version_name):
        return HttpResponseNotAllowed(escape(
            validator.get_validation_message('alphanum_plus')))

    # here we're checking if the *current* full_name is different than the
    # revision's full_name
    if package_full_name and package_full_name != revision.package.full_name:
        try:
            revision.set_full_name(package_full_name)
        except ValidationError:
            return HttpResponseNotAllowed(escape(
                validator.get_validation_message('alphanum_plus_space')))
        except IntegrityError:
            return HttpResponseForbidden(
                'You already have a %s with that name' % escape(
                    revision.package.get_type_name())
                )
        else:
            save_package = True
            save_revision = True
            response_data['full_name'] = package_full_name

    package_description = request.POST.get('package_description', False)
    if package_description:
        save_package = True
        revision.package.description = package_description
        response_data['package_description'] = package_description

    changes = []
    for mod in revision.modules.all():
        if request.POST.get(mod.filename, False):
            code = request.POST[mod.filename]
            if mod.code != code:
                mod.code = code
                changes.append(mod)

    for att in revision.attachments.all():
        uid = str(att.pk)
        if request.POST.get(uid):
            att.data = request.POST[uid]
            if att.changed():
                changes.append(att)

    attachments_changed = {}
    if save_revision or changes:
        try:
            revision.save()
        except ValidationError, err:
            return HttpResponseForbidden(escape(err.__str__()))
Ejemplo n.º 32
0
def save(request, revision_id, type_id=None):
    """
    Save package and modules
    @TODO: check how dynamic module loading affects save
    """

    revision = get_object_with_related_or_404(PackageRevision, pk=revision_id)
    if request.user.pk != revision.author.pk:
        log_msg = ("[security] Attempt to save package (%s) by "
                   "non-owner (%s)" % (revision.pk, request.user))
        log.warning(log_msg)
        return HttpResponseForbidden('You are not the author of this Package')

    save_revision = False
    save_package = False
    start_version_name = revision.version_name
    start_revision_message = revision.message

    response_data = {}

    package_full_name = request.POST.get('full_name', False)
    jid = request.POST.get('jid', None)
    version_name = request.POST.get('version_name', False)

    if jid and not validator.is_valid('alphanum_plus', jid):
        return HttpResponseForbidden(
            escape(validator.get_validation_message('alphanum_plus')))

    # validate package_full_name and version_name
    if version_name and not validator.is_valid('alphanum_plus', version_name):
        return HttpResponseForbidden(
            escape(validator.get_validation_message('alphanum_plus')))

    # here we're checking if the *current* full_name is different than the
    # revision's full_name
    if package_full_name and package_full_name != revision.package.full_name:
        try:
            revision.set_full_name(package_full_name)
        except ValidationError:
            return HttpResponseForbidden(
                escape(
                    validator.get_validation_message('alphanum_plus_space')))
        except IntegrityError:
            return HttpResponseForbidden(
                'You already have a %s with that name' %
                escape(revision.package.get_type_name()))
        else:
            save_package = True
            save_revision = True
            response_data['full_name'] = package_full_name

    package_description = request.POST.get('package_description', False)
    if package_description:
        save_package = True
        revision.package.description = package_description
        response_data['package_description'] = package_description

    extra_json = request.POST.get('package_extra_json')
    if extra_json is not None:
        # None means it wasn't submitted. We want to accept blank strings.
        save_revision = True
        try:
            revision.set_extra_json(extra_json, save=False)
        except JSONDecodeError:
            return HttpResponseBadRequest(
                'Extra package properties were invalid JSON.')
        except IllegalFilenameException, e:
            return HttpResponseBadRequest(str(e))
        except KeyNotAllowed, e:
            return HttpResponseForbidden(str(e))
Ejemplo n.º 33
0
def package_save(r, id_number, type_id, revision_number=None, version_name=None):
    """
    Save package and modules
    @TODO: check how dynamic module loading affects save
    """
    revision = get_package_revision(id_number, type_id, revision_number, version_name)
    if r.user.pk != revision.author.pk:
        log_msg = "Unauthorised attempt to save package. user: %s, package: %s." % (r.user, id_number)
        log = commonware.log.getLogger("f.jetpack")
        log.debug(log_msg)
        return HttpResponseForbidden("You are not the author of this Package")

    should_reload = False
    save_revision = False
    save_package = False
    start_version_name = revision.version_name
    start_revision_message = revision.message
    start_revision_number = revision.revision_number

    response_data = {}

    package_full_name = r.POST.get("full_name", False)
    version_name = r.POST.get("version_name", False)

    # validate package_full_name and version_name
    if package_full_name and not validator.is_valid("alphanum_plus_space", package_full_name):
        return HttpResponseNotAllowed(escape(validator.get_validation_message("alphanum_plus_space")))

    if version_name and not validator.is_valid("alphanum_plus", version_name):
        return HttpResponseNotAllowed(escape(validator.get_validation_message("alphanum_plus")))

    if package_full_name and package_full_name != revision.package.full_name:
        try:
            # it was erroring as pk=package.pk
            # I changed it to pk=revision.package.pk
            # TODO: Check if not redundant as it is in model as well
            package = Package.objects.exclude(pk=revision.package.pk).get(
                full_name=package_full_name, type=revision.package.type, author__username=r.user.username
            )
            return HttpResponseForbidden(
                "You already have a %s with that name" % escape(revision.package.get_type_name())
            )
        except:
            save_package = True
            should_reload = True
            revision.package.full_name = package_full_name
            revision.package.name = None

    package_description = r.POST.get("package_description", False)
    if package_description:
        save_package = True
        revision.package.description = package_description
        response_data["package_description"] = package_description

    modules = []
    for mod in revision.modules.all():
        if r.POST.get(mod.filename, False):
            code = r.POST[mod.filename]
            if mod.code != code:
                mod.code = code
                modules.append(mod)

    if modules:
        revision.modules_update(modules)
        save_revision = False

    if save_revision:
        revision.save()

    revision_message = r.POST.get("revision_message", False)
    if revision_message and revision_message != start_revision_message:
        revision.message = revision_message
        # save revision message without changeing the revision
        super(PackageRevision, revision).save()
        response_data["revision_message"] = revision_message

    if version_name and version_name != start_version_name and version_name != revision.package.version_name:
        save_package = False
        try:
            revision.set_version(version_name)
        except Exception, err:
            return HttpResponseForbidden(escape(err.__str__()))