def forbidden_view(context, request):
msg = context.message
result = context.result
message = msg + '\n' + str(result)
resp = HTTPForbidden()
resp.body = bytes_(message)
return resp
def forbidden_view(context, request):
msg = context.message
result = context.result
message = msg + '\n' + str(result)
resp = HTTPForbidden()
resp.body = bytes_(message)
return resp
def call_app_with_subpath_as_path_info(request, app):
# Copy the request. Use the source request's subpath (if it exists) as
# the new request's PATH_INFO. Set the request copy's SCRIPT_NAME to the
# prefix before the subpath. Call the application with the new request
# and return a response.
#
# Postconditions:
# - SCRIPT_NAME and PATH_INFO are empty or start with /
# - At least one of SCRIPT_NAME or PATH_INFO are set.
# - SCRIPT_NAME is not '/' (it should be '', and PATH_INFO should
# be '/').
environ = request.environ
script_name = environ.get('SCRIPT_NAME', '')
path_info = environ.get('PATH_INFO', '/')
subpath = list(getattr(request, 'subpath', ()))
new_script_name = ''
# compute new_path_info
new_path_info = '/' + '/'.join(
[text_(x.encode('utf-8'), 'latin-1') for x in subpath]
)
if new_path_info != '/': # don't want a sole double-slash
if path_info != '/': # if orig path_info is '/', we're already done
if path_info.endswith('/'):
# readd trailing slash stripped by subpath (traversal)
# conversion
new_path_info += '/'
# compute new_script_name
workback = (script_name + path_info).split('/')
tmp = []
while workback:
if tmp == subpath:
break
el = workback.pop()
if el:
tmp.insert(0, text_(bytes_(el, 'latin-1'), 'utf-8'))
# strip all trailing slashes from workback to avoid appending undue slashes
# to end of script_name
while workback and (workback[-1] == ''):
workback = workback[:-1]
new_script_name = '/'.join(workback)
new_request = request.copy()
new_request.environ['SCRIPT_NAME'] = new_script_name
new_request.environ['PATH_INFO'] = new_path_info
return new_request.get_response(app)
def encode_ip_timestamp(ip, timestamp):
ip_chars = ''.join(map(chr, map(int, ip.split('.'))))
t = int(timestamp)
ts = (
(t & 0xFF000000) >> 24,
(t & 0xFF0000) >> 16,
(t & 0xFF00) >> 8,
t & 0xFF,
)
ts_chars = ''.join(map(chr, ts))
return bytes_(ip_chars + ts_chars)
def encode_ip_timestamp(ip, timestamp):
ip_chars = ''.join(map(chr, map(int, ip.split('.'))))
t = int(timestamp)
ts = (
(t & 0xFF000000) >> 24,
(t & 0xFF0000) >> 16,
(t & 0xFF00) >> 8,
t & 0xFF,
)
ts_chars = ''.join(map(chr, ts))
return bytes_(ip_chars + ts_chars)
def call_app_with_subpath_as_path_info(request, app):
# Copy the request. Use the source request's subpath (if it exists) as
# the new request's PATH_INFO. Set the request copy's SCRIPT_NAME to the
# prefix before the subpath. Call the application with the new request
# and return a response.
#
# Postconditions:
# - SCRIPT_NAME and PATH_INFO are empty or start with /
# - At least one of SCRIPT_NAME or PATH_INFO are set.
# - SCRIPT_NAME is not '/' (it should be '', and PATH_INFO should
# be '/').
environ = request.environ
script_name = environ.get('SCRIPT_NAME', '')
path_info = environ.get('PATH_INFO', '/')
subpath = list(getattr(request, 'subpath', ()))
new_script_name = ''
# compute new_path_info
new_path_info = '/' + '/'.join(
[text_(x.encode('utf-8'), 'latin-1') for x in subpath]
)
if new_path_info != '/': # don't want a sole double-slash
if path_info != '/': # if orig path_info is '/', we're already done
if path_info.endswith('/'):
# readd trailing slash stripped by subpath (traversal)
# conversion
new_path_info += '/'
# compute new_script_name
workback = (script_name + path_info).split('/')
tmp = []
while workback:
if tmp == subpath:
break
el = workback.pop()
if el:
tmp.insert(0, text_(bytes_(el, 'latin-1'), 'utf-8'))
# strip all trailing slashes from workback to avoid appending undue slashes
# to end of script_name
while workback and (workback[-1] == ''):
workback = workback[:-1]
new_script_name = '/'.join(workback)
new_request = request.copy()
new_request.environ['SCRIPT_NAME'] = new_script_name
new_request.environ['PATH_INFO'] = new_path_info
return new_request.get_response(app)
def test_subpath_path_info_and_script_name_have_utf8(self):
encoded = text_(b'La Pe\xc3\xb1a')
decoded = text_(bytes_(encoded), 'utf-8')
request = DummyRequest(
{'PATH_INFO': '/' + encoded, 'SCRIPT_NAME': '/' + encoded}
)
request.subpath = (decoded,)
response = self._callFUT(request, 'app')
self.assertTrue(request.copied)
self.assertEqual(response, 'app')
self.assertEqual(request.environ['SCRIPT_NAME'], '/' + encoded)
self.assertEqual(request.environ['PATH_INFO'], '/' + encoded)
def calculate_digest(ip,
timestamp,
secret,
userid,
tokens,
user_data,
hashalg='md5'):
secret = bytes_(secret, 'utf-8')
userid = bytes_(userid, 'utf-8')
tokens = bytes_(tokens, 'utf-8')
user_data = bytes_(user_data, 'utf-8')
hash_obj = hashlib.new(hashalg)
# Check to see if this is an IPv6 address
if ':' in ip:
ip_timestamp = ip + str(int(timestamp))
ip_timestamp = bytes_(ip_timestamp)
else:
# encode_ip_timestamp not required, left in for backwards compatibility
ip_timestamp = encode_ip_timestamp(ip, timestamp)
hash_obj.update(ip_timestamp + secret + userid + b'\0' + tokens + b'\0' +
user_data)
digest = hash_obj.hexdigest()
hash_obj2 = hashlib.new(hashalg)
hash_obj2.update(bytes_(digest) + secret)
return hash_obj2.hexdigest()
def test_subpath_path_info_and_script_name_have_utf8(self):
encoded = text_(b'La Pe\xc3\xb1a')
decoded = text_(bytes_(encoded), 'utf-8')
request = DummyRequest({
'PATH_INFO': '/' + encoded,
'SCRIPT_NAME': '/' + encoded
})
request.subpath = (decoded, )
response = self._callFUT(request, 'app')
self.assertTrue(request.copied)
self.assertEqual(response, 'app')
self.assertEqual(request.environ['SCRIPT_NAME'], '/' + encoded)
self.assertEqual(request.environ['PATH_INFO'], '/' + encoded)
def _partial_application_url(self, scheme=None, host=None, port=None):
"""
Construct the URL defined by request.application_url, replacing any
of the default scheme, host, or port portions with user-supplied
variants.
If ``scheme`` is passed as ``https``, and the ``port`` is *not*
passed, the ``port`` value is assumed to ``443``. Likewise, if
``scheme`` is passed as ``http`` and ``port`` is not passed, the
``port`` value is assumed to be ``80``.
"""
e = self.environ
if scheme is None:
scheme = e['wsgi.url_scheme']
else:
if scheme == 'https':
if port is None:
port = '443'
if scheme == 'http':
if port is None:
port = '80'
if host is None:
host = e.get('HTTP_HOST')
if host is None:
host = e['SERVER_NAME']
if port is None:
if ':' in host:
host, port = host.split(':', 1)
else:
port = e['SERVER_PORT']
else:
port = str(port)
if ':' in host:
host, _ = host.split(':', 1)
if scheme == 'https':
if port == '443':
port = None
elif scheme == 'http':
if port == '80':
port = None
url = scheme + '://' + host
if port:
url += ':%s' % port
url_encoding = getattr(self, 'url_encoding', 'utf-8') # webob 1.2b3+
bscript_name = bytes_(self.script_name, url_encoding)
return url + url_quote(bscript_name, PATH_SAFE)
def _doit(self, content_type):
from pyramid.httpexceptions import status_map
L = []
self.assertTrue(status_map)
for v in status_map.values():
environ = _makeEnviron()
start_response = DummyStartResponse()
exc = v()
exc.content_type = content_type
result = list(exc(environ, start_response))[0]
if exc.empty_body:
self.assertEqual(result, b'')
else:
self.assertTrue(bytes_(exc.status) in result)
L.append(result)
self.assertEqual(len(L), len(status_map))
def _doit(self, content_type):
from pyramid.httpexceptions import status_map
L = []
self.assertTrue(status_map)
for v in status_map.values():
environ = _makeEnviron()
start_response = DummyStartResponse()
exc = v()
exc.content_type = content_type
result = list(exc(environ, start_response))[0]
if exc.empty_body:
self.assertEqual(result, b'')
else:
self.assertTrue(bytes_(exc.status) in result)
L.append(result)
self.assertEqual(len(L), len(status_map))
def __init__(self, request):
self.request = request
now = time.time()
created = renewed = now
new = True
value = None
state = {}
cookieval = request.cookies.get(self._cookie_name)
if cookieval is not None:
try:
value = serializer.loads(bytes_(cookieval))
except ValueError:
# the cookie failed to deserialize, dropped
value = None
if value is not None:
try:
# since the value is not necessarily signed, we have
# to unpack it a little carefully
rval, cval, sval = value
renewed = float(rval)
created = float(cval)
state = sval
new = False
except (TypeError, ValueError):
# value failed to unpack properly or renewed was not
# a numeric type so we'll fail deserialization here
state = {}
if self._timeout is not None:
if now - renewed > self._timeout:
# expire the session because it was not renewed
# before the timeout threshold
state = {}
self.created = created
self.accessed = renewed
self.renewed = renewed
self.new = new
dict.__init__(self, state)
def __init__(self, request):
self.request = request
now = time.time()
created = renewed = now
new = True
value = None
state = {}
cookieval = request.cookies.get(self._cookie_name)
if cookieval is not None:
try:
value = serializer.loads(bytes_(cookieval))
except ValueError:
# the cookie failed to deserialize, dropped
value = None
if value is not None:
try:
# since the value is not necessarily signed, we have
# to unpack it a little carefully
rval, cval, sval = value
renewed = float(rval)
created = float(cval)
state = sval
new = False
except (TypeError, ValueError):
# value failed to unpack properly or renewed was not
# a numeric type so we'll fail deserialization here
state = {}
if self._timeout is not None:
if now - renewed > self._timeout:
# expire the session because it was not renewed
# before the timeout threshold
state = {}
self.created = created
self.accessed = renewed
self.renewed = renewed
self.new = new
dict.__init__(self, state)
def calculate_digest(
ip, timestamp, secret, userid, tokens, user_data, hashalg='md5'
):
secret = bytes_(secret, 'utf-8')
userid = bytes_(userid, 'utf-8')
tokens = bytes_(tokens, 'utf-8')
user_data = bytes_(user_data, 'utf-8')
hash_obj = hashlib.new(hashalg)
# Check to see if this is an IPv6 address
if ':' in ip:
ip_timestamp = ip + str(int(timestamp))
ip_timestamp = bytes_(ip_timestamp)
else:
# encode_ip_timestamp not required, left in for backwards compatibility
ip_timestamp = encode_ip_timestamp(ip, timestamp)
hash_obj.update(
ip_timestamp + secret + userid + b'\0' + tokens + b'\0' + user_data
)
digest = hash_obj.hexdigest()
hash_obj2 = hashlib.new(hashalg)
hash_obj2.update(bytes_(digest) + secret)
return hash_obj2.hexdigest()
def b64decode(v):
return base64.b64decode(bytes_(v))
def b64encode(v):
return base64.b64encode(bytes_(v)).strip().replace(b'\n', b'')
def make(self, config, **kw):
# Given a configurator and a list of keywords, a predicate list is
# computed. Elsewhere in the code, we evaluate predicates using a
# generator expression. All predicates associated with a view or
# route must evaluate true for the view or route to "match" during a
# request. The fastest predicate should be evaluated first, then the
# next fastest, and so on, as if one returns false, the remainder of
# the predicates won't need to be evaluated.
#
# While we compute predicates, we also compute a predicate hash (aka
# phash) that can be used by a caller to identify identical predicate
# lists.
ordered = self.sorter.sorted()
phash = md5()
weights = []
preds = []
info = PredicateInfo(
package=config.package,
registry=config.registry,
settings=config.get_settings(),
maybe_dotted=config.maybe_dotted,
)
for n, (name, predicate_factory) in enumerate(ordered):
vals = kw.pop(name, None)
if vals is None: # XXX should this be a sentinel other than None?
continue
if not isinstance(vals, predvalseq):
vals = (vals,)
for val in vals:
realval = val
notted = False
if isinstance(val, not_):
realval = val.value
notted = True
pred = predicate_factory(realval, info)
if notted:
pred = Notted(pred)
hashes = pred.phash()
if not is_nonstr_iter(hashes):
hashes = [hashes]
for h in hashes:
phash.update(bytes_(h))
weights.append(1 << n + 1)
preds.append(pred)
if kw:
from difflib import get_close_matches
closest = []
names = [name for name, _ in ordered]
for name in kw:
closest.extend(get_close_matches(name, names, 3))
raise ConfigurationError(
'Unknown predicate values: %r (did you mean %s)'
% (kw, ','.join(closest))
)
# A "order" is computed for the predicate list. An order is
# a scoring.
#
# Each predicate is associated with a weight value. The weight of a
# predicate symbolizes the relative potential "importance" of the
# predicate to all other predicates. A larger weight indicates
# greater importance.
#
# All weights for a given predicate list are bitwise ORed together
# to create a "score"; this score is then subtracted from
# MAX_ORDER and divided by an integer representing the number of
# predicates+1 to determine the order.
#
# For views, the order represents the ordering in which a "multiview"
# ( a collection of views that share the same context/request/name
# triad but differ in other ways via predicates) will attempt to call
# its set of views. Views with lower orders will be tried first.
# The intent is to a) ensure that views with more predicates are
# always evaluated before views with fewer predicates and b) to
# ensure a stable call ordering of views that share the same number
# of predicates. Views which do not have any predicates get an order
# of MAX_ORDER, meaning that they will be tried very last.
score = 0
for bit in weights:
score = score | bit
order = (MAX_ORDER - score) / (len(preds) + 1)
return order, preds, phash.hexdigest()
def test_dumps(self):
inst = self._makeOne()
self.assertEqual(inst.dumps('abc'), bytes_('abc'))
def b64encode(v):
return base64.b64encode(bytes_(v)).strip().replace(b'\n', b'')
def make(self, config, **kw):
# Given a configurator and a list of keywords, a predicate list is
# computed. Elsewhere in the code, we evaluate predicates using a
# generator expression. All predicates associated with a view or
# route must evaluate true for the view or route to "match" during a
# request. The fastest predicate should be evaluated first, then the
# next fastest, and so on, as if one returns false, the remainder of
# the predicates won't need to be evaluated.
#
# While we compute predicates, we also compute a predicate hash (aka
# phash) that can be used by a caller to identify identical predicate
# lists.
ordered = self.sorter.sorted()
phash = md5()
weights = []
preds = []
for n, (name, predicate_factory) in enumerate(ordered):
vals = kw.pop(name, None)
if vals is None: # XXX should this be a sentinel other than None?
continue
if not isinstance(vals, predvalseq):
vals = (vals,)
for val in vals:
realval = val
notted = False
if isinstance(val, not_):
realval = val.value
notted = True
pred = predicate_factory(realval, config)
if notted:
pred = Notted(pred)
hashes = pred.phash()
if not is_nonstr_iter(hashes):
hashes = [hashes]
for h in hashes:
phash.update(bytes_(h))
weights.append(1 << n + 1)
preds.append(pred)
if kw:
from difflib import get_close_matches
closest = []
names = [name for name, _ in ordered]
for name in kw:
closest.extend(get_close_matches(name, names, 3))
raise ConfigurationError(
'Unknown predicate values: %r (did you mean %s)'
% (kw, ','.join(closest))
)
# A "order" is computed for the predicate list. An order is
# a scoring.
#
# Each predicate is associated with a weight value. The weight of a
# predicate symbolizes the relative potential "importance" of the
# predicate to all other predicates. A larger weight indicates
# greater importance.
#
# All weights for a given predicate list are bitwise ORed together
# to create a "score"; this score is then subtracted from
# MAX_ORDER and divided by an integer representing the number of
# predicates+1 to determine the order.
#
# For views, the order represents the ordering in which a "multiview"
# ( a collection of views that share the same context/request/name
# triad but differ in other ways via predicates) will attempt to call
# its set of views. Views with lower orders will be tried first.
# The intent is to a) ensure that views with more predicates are
# always evaluated before views with fewer predicates and b) to
# ensure a stable call ordering of views that share the same number
# of predicates. Views which do not have any predicates get an order
# of MAX_ORDER, meaning that they will be tried very last.
score = 0
for bit in weights:
score = score | bit
order = (MAX_ORDER - score) / (len(preds) + 1)
return order, preds, phash.hexdigest()
def b64decode(v):
return base64.b64decode(bytes_(v))
def check_csrf_token(self, request, supplied_token):
""" Returns ``True`` if the ``supplied_token`` is valid."""
expected_token = self.get_csrf_token(request)
return not strings_differ(bytes_(expected_token),
bytes_(supplied_token))
def check_csrf_token(self, request, supplied_token):
""" Returns ``True`` if the ``supplied_token`` is valid."""
expected_token = self.get_csrf_token(request)
return not strings_differ(
bytes_(expected_token), bytes_(supplied_token)
)
