def wsgi_app(self, environ, start_response):
self.host_framework.start_request(environ)
environ['paste.registry'].register(tw.framework, self.host_framework)
#XXX Do we really need to stuff these in environ?
environ['toscawidgets.prefix'] = self.prefix
environ.setdefault('toscawidgets.framework', self.host_framework)
environ.setdefault('toscawidgets.javascript.require_once',
self.require_once)
req = Request(environ)
try:
tw.framework.script_name = req.script_name
if self.serve_resources and req.path_info.startswith(self.prefix):
# Intercept request to possibly serve a static resource
req.path_info = req.path_info[len(self.prefix):]
req.script_name += self.prefix
resources_app = resources.registry
if req.path_info.startswith(resources_app.prefix):
req.path_info = req.path_info[len(resources_app.prefix):]
req.script_name += resources_app.prefix
resp = req.get_response(resources_app)
return resp(environ, start_response)
else:
# Pass request downstream
resp = req.get_response(self.application)
return resp(environ, start_response)
finally:
self.host_framework.end_request(environ)
def wsgi_app(self, environ, start_response):
self.host_framework.start_request(environ)
environ['paste.registry'].register(tw.framework, self.host_framework)
#XXX Do we really need to stuff these in environ?
environ['toscawidgets.prefix'] = self.prefix
environ.setdefault('toscawidgets.framework', self.host_framework)
environ.setdefault('toscawidgets.javascript.require_once', self.require_once)
req = Request(environ)
try:
tw.framework.script_name = req.script_name
if self.serve_resources and req.path_info.startswith(self.prefix):
# Intercept request to possibly serve a static resource
req.path_info = req.path_info[len(self.prefix):]
req.script_name += self.prefix
resources_app = resources.registry
if req.path_info.startswith(resources_app.prefix):
req.path_info = req.path_info[len(resources_app.prefix):]
req.script_name += resources_app.prefix
resp = req.get_response(resources_app)
return resp(environ, start_response)
else:
# Pass request downstream
resp = req.get_response(self.application)
return resp(environ, start_response)
finally:
self.host_framework.end_request(environ)
def __call__(self, environ, start_response):
request = Request(environ)
session = environ['beaker.session']
csrf_token = session.get('csrf')
if not csrf_token:
csrf_token = session['csrf'] = str(random.getrandbits(128))
session.save()
if request.method == 'POST':
# check to see if we want to process the post at all
if (self.unprotected_path is not None
and request.path_info.startswith(self.unprotected_path)):
resp = request.get_response(self.app)
resp.headers['X-Frame-Options'] = 'SAMEORIGIN'
resp.set_cookie('csrf', csrf_token, max_age=3600)
return resp(environ, start_response)
# check incoming token
try:
account_data = request.POST.get('account', None)
request_csrf_token = environ.get('HTTP_X_CSRF',
request.POST.get('csrftoken'))
if account_data is None and request_csrf_token != csrf_token:
resp = HTTPForbidden(_ERROR_MSG)
metrics.track(request, 'invalid-session')
resp.headers['X-Error'] = 'CSRF'
else:
resp = request.get_response(self.app)
except KeyError:
resp = HTTPForbidden(_ERROR_MSG)
resp.headers['X-Error'] = 'CSRF'
# if we're a get, we don't do any checking
else:
resp = request.get_response(self.app)
if resp.status_int != 200:
return resp(environ, start_response)
resp.headers['X-Frame-Options'] = 'SAMEORIGIN'
resp.set_cookie('csrf', csrf_token, max_age=3600)
if resp.content_type.split(';')[0] in _HTML_TYPES:
# ensure we don't add the 'id' attribute twice (HTML validity)
idattributes = itertools.chain(('id="csrfmiddlewaretoken"', ),
itertools.repeat(''))
def add_csrf_field(match):
"""Returns the matched <form> tag plus the added <input> element"""
return match.group() + '<div style="display:none;">' + \
'<input type="hidden" ' + idattributes.next() + \
' name="csrftoken" value="' + csrf_token + \
'" /></div>'
# Modify any POST forms and fix content-length
resp.body = _POST_FORM_RE.sub(add_csrf_field, resp.body)
return resp(environ, start_response)
def __call__(self, environ, start_response):
request = Request(environ)
session = environ['beaker.session']
csrf_token = session.get('csrf')
if not csrf_token:
csrf_token = session['csrf'] = str(random.getrandbits(128))
session.save()
if request.method == 'POST':
# check to see if we want to process the post at all
if (self.unprotected_path is not None
and request.path_info.startswith(self.unprotected_path)):
resp = request.get_response(self.app)
resp.headers['X-Frame-Options'] = 'SAMEORIGIN'
resp.set_cookie('csrf', csrf_token, max_age=3600)
return resp(environ, start_response)
# check incoming token
try:
account_data = request.POST.get('account', None)
request_csrf_token = environ.get('HTTP_X_CSRF', request.POST.get('csrftoken'))
if account_data is None and request_csrf_token != csrf_token:
resp = HTTPForbidden(_ERROR_MSG)
metrics.track(request, 'invalid-session')
resp.headers['X-Error'] = 'CSRF'
else:
resp = request.get_response(self.app)
except KeyError:
resp = HTTPForbidden(_ERROR_MSG)
resp.headers['X-Error'] = 'CSRF'
# if we're a get, we don't do any checking
else:
resp = request.get_response(self.app)
if resp.status_int != 200:
return resp(environ, start_response)
resp.headers['X-Frame-Options'] = 'SAMEORIGIN'
resp.set_cookie('csrf', csrf_token, max_age=3600)
if resp.content_type.split(';')[0] in _HTML_TYPES:
# ensure we don't add the 'id' attribute twice (HTML validity)
idattributes = itertools.chain(('id="csrfmiddlewaretoken"',),
itertools.repeat(''))
def add_csrf_field(match):
"""Returns the matched <form> tag plus the added <input> element"""
return match.group() + '<div style="display:none;">' + \
'<input type="hidden" ' + idattributes.next() + \
' name="csrftoken" value="' + csrf_token + \
'" /></div>'
# Modify any POST forms and fix content-length
resp.body = _POST_FORM_RE.sub(add_csrf_field, resp.body)
return resp(environ, start_response)
def m(environ, start_response):
count = 1
request = Request(environ)
response = request.get_response(app)
while response.status_int in REDIR_STATUS and count < limit:
request = Request.blank(response.headers["Location"],
environ={k: v for k, v in request.environ.items() \
if k not in ENV_PATH_KEYS})
response = request.get_response(app)
count += 1
else:
return response(environ, start_response)
def m(environ, start_response):
count = 1
request = Request(environ)
response = request.get_response(app)
while response.status_int in REDIR_STATUS and count < limit:
request = Request.blank(response.headers["Location"],
environ={k: v for k, v in request.environ.items() \
if k not in ENV_PATH_KEYS})
response = request.get_response(app)
count += 1
else:
return response(environ, start_response)
def middleware(environ, start_response):
request = Request(environ).copy()
response = request.get_response(django)
if response.status_int != 305:
return response(environ, start_response)
data = json.loads(response.body)
proxy = RemoteProxy([data['base_url']], rewrite_links=True)
request.environ.pop("HTTP_ACCEPT_ENCODING", None)
request.environ['SCRIPT_NAME'] = str(data['script_name']).rstrip("/")
request.environ['PATH_INFO'] = "/" + str(data['path_info'].lstrip("/") )
from Cookie import SimpleCookie as Cookie
orig_cookie = cookie = request.environ.get('HTTP_COOKIE')
if cookie:
cookie = Cookie(cookie)
for key in data['cookie_blacklist']:
cookie.pop(key, None)
cookiestr = []
for key, value in cookie.items():
cookiestr.append(value.OutputString())
cookiestr = "; ".join(cookiestr)
request.environ['HTTP_COOKIE'] = cookiestr
request.environ['HTTP_X_THING_THEME'] = data['theme']
filter = deliverance(proxy)
def per_project_theme(environ):
return "%(wsgi.url_scheme)s://%(HTTP_HOST)s%(HTTP_X_THING_THEME)s" % environ
filter.default_theme = per_project_theme
filter.rule_getter = TemplateRuleGetter(data['deliverance_rules'])
filter.use_internal_subrequest = lambda *args, **kw: False
base_subrequest = filter.build_external_subrequest
def build_external_subrequest(url, orig_req, log):
subreq = base_subrequest(url, orig_req, log)
if url.endswith("/theme/") and orig_cookie:
subreq.environ['HTTP_COOKIE'] = orig_cookie
return subreq
filter.build_external_subrequest = build_external_subrequest
resp = request.get_response(filter)
return resp(request.environ, start_response)
def __call__(self, environ, start_response):
req = Request(environ)
path, response = req.path.rsplit('.', 1)
if response == 'das':
req.query_string = ''
projection, selection = parse_ce(req.query_string)
buffer_size = environ.get('pydap.buffer_size', BUFFER_SIZE)
try:
# build the dataset and pass it to the proper response, returning a
# WSGI app
dataset = self.parse(projection, selection, buffer_size)
app = self.responses[response](dataset)
app.close = self.close
# now build a Response and set additional headers
res = req.get_response(app)
for key, value in self.additional_headers:
res.headers.add(key, value)
# CORS for Javascript requests
if response in CORS_RESPONSES:
res.headers.add('Access-Control-Allow-Origin', '*')
res.headers.add(
'Access-Control-Allow-Headers',
'Origin, X-Requested-With, Content-Type')
return res(environ, start_response)
except:
# should the exception be catched?
if environ.get('x-wsgiorg.throw_errors'):
raise
else:
res = ErrorResponse(info=sys.exc_info())
return res(environ, start_response)
def PUT(self, env, start_response):
""" Handle Container update and create request """
# First check if the resource exists and if it is a directory
path = '/' + concat_parts('v1', self.account_name, self.container_name,
self.parent_name, self.object_name)
exists, headers, body = check_resource(env, 'HEAD', path,
self.logger, False)
if exists:
content_type = headers.get('content-type', '')
content_type = content_type.lower() if content_type else ''
if (content_type.find('application/directory') < 0 and
self.object_name):
return get_err_response('Conflict')
else:
res = self._check_parent(env, start_response)
if res:
return res
req = Request(env)
req.headers['content-type'] = 'application/directory'
req.headers['content-length'] = '0'
req.body = ''
res = req.get_response(self.app)
return res
def __call__(self, environ, start_response):
pretty = False
indent = 0
req = Request(environ)
if self.parm in req.GET:
pretty = True
try:
indent = int(req.GET.get(self.parm, 0))
except:
pass
# Rewrite the query_string removing parm.
parms = []
for parm in req.query_string.split('&'):
name = parm.split('=')[0]
if name != self.parm:
parms.append(parm)
req.query_string = '&'.join(parms)
resp = req.get_response(self.app)
if pretty:
resp.content_type = 'text/plain'
if indent > 0:
resp.body = json.dumps(json.loads(resp.body),
indent=indent,
sort_keys=True)
return resp(environ, start_response)
def __call__(self, environ, start_response):
req = Request(environ)
if self._no_redirect_re.match(environ['PATH_INFO']):
return req.get_response(self.app)(environ, start_response)
resp = None
try:
request_uri = req.url
request_uri.decode('ascii')
except UnicodeError:
resp = exc.HTTPNotFound()
secure = req.url.startswith('https://')
srv_path = req.url.split('://', 1)[-1]
# This SFUSER check is SourceForge-specific (to require all logged-in users to use https)
# BUT has the additional affect of not forcing SSL for regular Allura instances
# This is important for local development, at least. When we remove SFUSER (perhaps by requiring SSL everywhere),
# we can use `no_redirect.pattern = .` for local development to work without SSL
force_ssl = req.cookies.get('SFUSER') or self._force_ssl_re.match(
environ['PATH_INFO'])
if not secure and force_ssl:
resp = exc.HTTPFound(location='https://' + srv_path)
elif secure and not force_ssl:
resp = exc.HTTPFound(location='http://' + srv_path)
if not resp:
resp = self.app
return resp(environ, start_response)
def __call__(self, environ, start_response):
req = Request(environ)
# check if the browser has a cookie with a session_id
# load the session from the session_id
try:
session_id = environ["session"].session_id
except (KeyError, IOError):
session_id = 0
# for key in environ.keys():
# print '''%-30s %-30s''' % (key, environ[key])
log = LogEntry()
log.session_id = session_id
try:
log.request_uri = environ["PATH_INFO"]
log.ip_address = environ["REMOTE_ADDR"]
if req.params:
log.form_vars = str(req.params)
else:
log.form_vars = ""
log.save()
except KeyError:
pass
resp = req.get_response(self.application)
return resp(environ, start_response)
def __call__(self, environ, start_response):
request = Request(environ)
path = self.strip_script(environ, request.path)
if path.startswith('/moksha_extension_point'):
exttype = request.params.get('exttype')
if not exttype:
response = Response('')
else:
extensions_data = self.__extension_cache.get(exttype, "")
extensions_str = ','.join(extensions_data)
script = 'var moksha_loaded_extensions ='
script += extensions_data
script += ';'
# now run the deferred extensions queued up while the scripts
# were being downloaded
script += 'moksha.extensions._extension_cache["' + exttype + '"] = moksha_loaded_extensions;'
script += 'var deferred=moksha.extensions._extension_deferred["' + exttype + '"];'
script += 'var d=deferred.shift();'
script += 'while(d){'
script += 'moksha.extensions.run_extensions(moksha_loaded_extensions, d);'
script += 'd = deferred.shift();'
script += '}'
response = Response(script)
else:
response = request.get_response(self.application)
return response(environ, start_response)
def __call__(self, environ, start_response):
req = Request(environ)
res = req.get_response(self.app)
if res.status_int == 200 and res.content_type == "text/plain":
res.content_type = "text/html"
res.body = "<pre>%s</pre>" % cgi.escape(res.body)
return res(environ, start_response)
def PUT(self, env, start_response):
""" Handle Container update and create request """
# First check if the resource exists and if it is a directory
path = '/' + concat_parts('v1', self.account_name, self.container_name,
self.parent_name, self.object_name)
exists, headers, body = check_resource(env, 'GET', path, self.logger,
False)
if exists:
content_type = headers.get('content-type', '')
content_type = content_type.lower() if content_type else ''
if (content_type.find('application/directory') < 0
and self.object_name):
return get_err_response('Conflict')
else:
res = self._check_parent(env, start_response)
if res:
return res
req = Request(env)
req.headers['content-type'] = 'application/directory'
req.headers['content-length'] = '0'
req.body = ''
res = req.get_response(self.app)
return res
def _do_proxy_call(self, environ, orig_response, url, prefix):
# TODO: wrap it all into try/except and display main app page with
# traceback in it
log.debug('SSI proxy call to "%s"'%url)
proxy = WSGIProxyApp(url)
o = urlparse(url)
middleware = WSGIProxyMiddleware(proxy,
scheme=o.scheme, domain=o.hostname, port=(o.port or '80'))
# after parse includes process reads input restore file pointer so proxy
# can still read all post data
# environ['wsgi.input'].seek(0)
reqenv = environ.copy()
if reqenv['PATH_INFO'].startswith(prefix):
reqenv['PATH_INFO'] = reqenv['PATH_INFO'][len(prefix):]
reqenv['RAW_URI'] = reqenv['RAW_URI'][len(prefix):]
proxy_req = Request(reqenv)
# tweak proxy request headers a bit
self._copy_user_headers(orig_response, proxy_req)
self._purge_cache_headers(proxy_req)
proxy_resp = proxy_req.get_response(middleware)
# ignore redirects
# TODO: redirect only when location is within proxy_url
proxy_resp.location = None
return proxy_resp
def __call__(self, environ, start_response):
req = Request(environ)
if "deliv_notheme" in req.GET:
return self.app(environ, start_response)
req.environ["deliverance.base_url"] = req.application_url
## FIXME: copy_get?:
orig_req = Request(environ.copy())
if "deliverance.log" in req.environ:
log = req.environ["deliverance.log"]
else:
log = self.log_factory(req, self, **self.log_factory_kw)
## FIXME: should this be put in both the orig_req and this req?
req.environ["deliverance.log"] = log
def resource_fetcher(url, retry_inner_if_not_200=False):
"""
Return the Response object for the given URL
"""
return self.get_resource(url, orig_req, log, retry_inner_if_not_200)
if req.path_info_peek() == ".deliverance":
req.path_info_pop()
resp = self.internal_app(req, resource_fetcher)
return resp(environ, start_response)
rule_set = self.rule_getter(resource_fetcher, self.app, orig_req)
clientside = rule_set.check_clientside(req, log)
if clientside and req.url in self.known_html:
if req.cookies.get("jsEnabled"):
log.debug(self, "Responding to %s with a clientside theme" % req.url)
return self.clientside_response(req, rule_set, resource_fetcher, log)(environ, start_response)
else:
log.debug(self, "Not doing clientside theming because jsEnabled cookie not set")
resp = req.get_response(self.app)
## FIXME: also XHTML?
if resp.content_type != "text/html":
## FIXME: remove from known_html?
return resp(environ, start_response)
# XXX: Not clear why such responses would have a content type, but
# they sometimes do (from Zope/Plone, at least) and that then breaks
# when trying to apply a theme.
if resp.status_int in (301, 302, 304):
return resp(environ, start_response)
if resp.content_length == 0:
return resp(environ, start_response)
if clientside and req.url not in self.known_html:
log.debug(
self, "%s would have been a clientside check; in future will be since we know it is HTML" % req.url
)
self.known_titles[req.url] = self._get_title(resp.body)
self.known_html.add(req.url)
resp = rule_set.apply_rules(req, resp, resource_fetcher, log, default_theme=self.default_theme)
if clientside:
resp.decode_content()
resp.body = self._substitute_jsenable(resp.body)
resp = log.finish_request(req, resp)
return resp(environ, start_response)
def __call__(self, environ, start_response):
req = Request(environ)
if self._no_redirect_re.match(environ['PATH_INFO']):
return req.get_response(self.app)(environ, start_response)
resp = None
try:
request_uri = req.url
request_uri.decode('ascii')
except UnicodeError:
resp = exc.HTTPBadRequest()
secure = req.url.startswith('https://')
srv_path = req.url.split('://', 1)[-1]
# allura-loggedin is a non-secure cookie as a flag to know that the user has a session over on https
force_ssl = (self._force_ssl_logged_in and req.cookies.get('allura-loggedin')) \
or self._force_ssl_re.match(environ['PATH_INFO'])
if req.environ.get('tg.original_request'):
# if an error occurs, then /error/document is fetched (denoted by tg.original_request)
# and we don't want to do any redirects within that sub-request
pass
elif not secure and force_ssl:
resp = exc.HTTPFound(location='https://' + srv_path)
elif secure and not force_ssl:
resp = exc.HTTPFound(location='http://' + srv_path)
if not resp:
resp = self.app
return resp(environ, start_response)
def _read_root(self, env, start_response):
req = Request(env)
req.headers['Accept'] = Consts.APP_JSON
res = req.get_response(self.app)
body = {}
# Setup required attributes for response body
body['objectType'] = Consts.CDMI_APP_CONTAINER
body['objectName'] = self.account_name + '/'
body['parentURI'] = '/'.join(['', self.cdmi_root, ''])
body['capabilitiesURI'] = '/'.join(['', self.cdmi_root,
self.account_name,
self.cdmi_capability_id,
'rootcontainer/'])
body['metadata'] = {}
body['children'] = []
if res.status_int == 200:
children = json.loads(res.body)
for child in children:
body['children'].append(child['name'] + '/')
if body['children'] == []:
body['childrenRange'] = ''
else:
body['childrenRange'] = '0-' + str(len(body['children']) - 1)
res.body = json.dumps(body, indent=2)
return res
def __call__(self, environ, start_response):
"""Dispatcher to processBefore, processAfter, no-op, etc."""
req = Request(environ)
# Mark the start time
start = time.time()
# Generate the response. If text/html, print elapsed
resp = req.get_response(self.app)
if resp.content_type == "text/html":
elapsed = str(1 / (time.time() - start))[0:5]
first_result = resp.body
before = 'id="header-user-menu">'
scoreboard = """
<div style="float:left">Requests per second: %s</div>
"""
after = before + scoreboard % elapsed
body = first_result.replace(before, after, 1)
if isinstance(body, unicode):
resp.charset = 'UTF-8'
resp.unicode_body = body
else:
resp.body = body
return resp(environ, start_response)
def __call__(self, environ, start_response):
start = datetime.now()
req = Request(environ)
resp = req.get_response(self.app)
end = datetime.now()
username = req.remote_user
#try to overwrite username with username from beaker
if 'beaker.session' in environ:
session = environ['beaker.session']
if 'username' in session:
username = session['username']
log = {'remote_addr': req.remote_addr,
'username': username,
'user_agent': req.user_agent,
'request_method': req.method,
'full_url': req.url,
'path': req.path,
'query_string': req.query_string,
'response_status': resp.status,
'response_time': (end - start).microseconds,
'response_length': resp.content_length,
}
self.queue.put(log)
return resp(environ, start_response)
def __call__(self, environ, start_response):
req = Request(environ)
if self.cookie_name in req.cookies:
vid = self.get_visitor_id(req)
fresh = False
else:
vid = nonce()
fresh = True
site_id = self.host_map.get(req.host.split(':', 1)[0], 0)
req.environ['manhattan.visitor'] = visitor = Visitor(
vid, self.log, site_id, self.buffer_writes)
if self.pixel_path and req.path_info == self.pixel_path:
resp = self.handle_pixel(visitor, fresh)
else:
resp = req.get_response(self.app)
if self.count_page(req):
visitor.page(req)
if fresh:
resp.set_cookie(self.cookie_name, self.signer.sign(visitor.id),
httponly=True)
if self.pixel_path and resp.content_type == 'text/html':
self.inject_pixel(resp)
visitor.flush()
return resp(environ, start_response)
def _read_root(self, env, start_response):
req = Request(env)
req.headers['Accept'] = Consts.APP_JSON
res = req.get_response(self.app)
body = {}
# Setup required attributes for response body
body['objectType'] = Consts.CDMI_APP_CONTAINER
body['objectName'] = self.account_name + '/'
body['parentURI'] = '/'.join(['', self.cdmi_root, ''])
body['capabilitiesURI'] = '/'.join([
'', self.cdmi_root, self.account_name, self.cdmi_capability_id,
'rootcontainer/'
])
body['metadata'] = {}
body['children'] = []
if res.status_int == 200:
children = json.loads(res.body)
for child in children:
body['children'].append(child['name'] + '/')
if body['children'] == []:
body['childrenRange'] = ''
else:
body['childrenRange'] = '0-' + str(len(body['children']) - 1)
res.body = json.dumps(body, indent=2)
return res
def __call__(self, environ, start_response):
req = Request(environ)
if self._no_redirect_re.match(environ['PATH_INFO']):
return req.get_response(self.app)(environ, start_response)
resp = None
try:
request_uri = req.url
request_uri.decode('ascii')
except UnicodeError:
resp = exc.HTTPNotFound()
secure = req.url.startswith('https://')
srv_path = req.url.split('://', 1)[-1]
# allura-loggedin is a non-secure cookie as a flag to know that the user has a session over on https
force_ssl = (self._force_ssl_logged_in and req.cookies.get('allura-loggedin')) \
or self._force_ssl_re.match(environ['PATH_INFO'])
if req.environ.get('pylons.original_request'):
# if an error occurs, then /error/document is fetched (denoted by pylons.original_request)
# and we don't want to do any redirects within that sub-request
pass
elif not secure and force_ssl:
resp = exc.HTTPFound(location='https://' + srv_path)
elif secure and not force_ssl:
resp = exc.HTTPFound(location='http://' + srv_path)
if not resp:
resp = self.app
return resp(environ, start_response)
def DELETE(self, env, start_response):
"""
Handle DELETE both container and data object removal.
"""
path = "/v1/" + self.account_name + "/" + self.container_name
query_string = "delimiter=/"
if self.object_name:
query_string += "&prefix=" + concat_parts(self.parent_name, self.object_name) + "/"
exists, dummy, body = check_resource(env, "GET", path, self.logger, True, query_string)
# Not even the top container exist, so there is no such resource.
if not exists:
return get_err_response("NoSuchKey")
# Top container exists, check if there is anything under.
else:
try:
children = json.loads(body)
# there are some children under
if len(children) > 0:
return get_err_response("ContainerNotEmpty")
except ValueError:
return get_err_response("InconsistantState")
# Create a new WebOb Request object according to the current request
req = Request(env)
# Now send the request over.
return req.get_response(self.app)
def __call__(self, environ, start_response):
session = environ["beaker.session"]
req = Request(environ)
client = session.get(CLIENT_SESSION_ID, None)
if not client:
client = OAuth2Service(
name='example',
consumer_key = CLIENT_ID,
consumer_secret = CLIENT_SECRET,
access_token_url = ACCESS_TOKEN_URL,
authorize_url = AUTHORIZE_URL)
session[CLIENT_SESSION_ID] = client
session.save()
auth_url = client.get_authorize_url(redirect_uri=CALLBACK_URL, response_type='code')
resp = HTTPTemporaryRedirect(location=auth_url)
elif (req.path == CALLBACK_PATH):
code = req.GET["code"]
data = dict(code=code,
grant_type='authorization_code',
redirect_uri=CALLBACK_URL)
token = client.get_access_token('POST', data=data).content[u'access_token']
session['token'] = token
session.save()
resp = HTTPTemporaryRedirect(location=TARGET_URL)
elif 'token' in session:
resp = req.get_response(self.app)
else:
resp = HTTPUnauthorized()
return resp(environ, start_response)
def __call__(self, env, start_response):
print "in call"
req = Request(env)
version, account, container, obj = split_path(req.path, 1, 4, True)
d = dict(version=version, account_name=account, container_name=container, object_name=obj)
if obj and container and account:
iterable = req.environ["wsgi.input"]
gpg = gpgIter(iterable)
print "DEDUG: Encryption handle_request method %s and the path has a obj, cont, and account path: %s" % (
req.method,
req.path,
)
resp = req.get_response(self.app)
resp.app_iter
print "after response %s", type(resp)
req.environ["wsgi.input"].read = gpg.next
return resp(env, start_response)
# print resp
def start_encryption(status, response_headers, exc_info=None):
write = start_response(status, response_headers, exc_info)
return write
return self.app(env, start_response)
def __call__(self, environ, start_response):
req = Request(environ)
req.remove_conditional_headers()
resp = req.get_response(self.app)
if resp.content_type == 'text/html':
resp.body = jumble_words(resp.body)
return resp(environ, start_response)
def __call__(self, environ, start_response):
request = Request(environ)
path_info = request.path_info
route_match = routing.mapping.match(path_info)
if route_match is None:
# If there's an equivalent URL that ends with /, redirect
# to that.
if not path_info.endswith('/') \
and request.method == 'GET' \
and routing.mapping.match(path_info + '/'):
new_path_info = path_info + '/'
if request.GET:
new_path_info = '%s?%s' % (new_path_info,
urllib.urlencode(request.GET))
redirect = exc.HTTPFound(location=new_path_info)
return request.get_response(redirect)(environ, start_response)
# Return a 404
response = util.generate_404_response(request, routing, environ,
self.staticdirector)
return response(environ, start_response)
controller = load_controller(route_match['controller'])
request.start_response = start_response
request.matchdict = route_match
request.urlgen = routes.URLGenerator(routing.mapping, environ)
request.staticdirect = self.staticdirector
return controller(request)(environ, start_response)
def __call__(self, environ, start_response):
"""Dispatcher to processBefore, processAfter, no-op, etc."""
req = Request(environ)
# Mark the start time
start = time.time()
# Generate the response. If text/html, print elapsed
resp = req.get_response(self.app)
if resp.content_type == "text/html":
#elapsed = str(1 / (time.time() - start))[0:5]
elapsed = str(time.time() - start)[0:5]
first_result = resp.body
before = 'id="portal-copyright">'
scoreboard = """
<style>
.timeit {font-size: 0.7em; color:white}
.timeit:hover {color: gray}
</style>
<div class="timeit">%s - Elapsed: %s sec</div>
"""
after = before + scoreboard % (self.hostname, elapsed)
body = first_result.replace(before, after, 1)
if isinstance(body, unicode):
resp.charset = 'UTF-8'
resp.unicode_body = body
else:
resp.body = body
return resp(environ, start_response)
def __call__(self, environ, start_response):
req = Request(environ)
path, response = req.path.rsplit('.', 1)
if response == 'das':
req.query_string = ''
projection, selection = parse_ce(req.query_string)
buffer_size = environ.get('pydap.buffer_size', BUFFER_SIZE)
try:
# build the dataset and pass it to the proper response, returning a
# WSGI app
dataset = self.parse(projection, selection, buffer_size)
app = self.responses[response](dataset)
app.close = self.close
# now build a Response and set additional headers
res = req.get_response(app)
for key, value in self.additional_headers:
res.headers.add(key, value)
# CORS for Javascript requests
if response in CORS_RESPONSES:
res.headers.add('Access-Control-Allow-Origin', '*')
res.headers.add('Access-Control-Allow-Headers',
'Origin, X-Requested-With, Content-Type')
return res(environ, start_response)
except:
# should the exception be catched?
if environ.get('x-wsgiorg.throw_errors'):
raise
else:
res = ErrorResponse(info=sys.exc_info())
return res(environ, start_response)
def get_wordpress_content(cls, environ, path):
from plugin import WordpresserException
# grab the WP page -- we always need it for the nav, at least,
# and optionally for content when we get a 404 from CKAN.
proxy_host = config.get('wordpresser.proxy_host')
#del environ['CONTENT_TYPE']
#del environ['HTTP_ACCEPT_CHARSET']
req = Request(environ)
req.remove_conditional_headers(remove_encoding=True)
follow = True
proxy_url = proxy_host
while follow:
# deal with redirects internal to Wordpress
try:
wp_resp = req.get_response(paste.proxy.Proxy(proxy_url))
except gaierror,e:
msg = "Address-related error: %s (%s)" % (str(e),proxy_host)
raise WordpresserException(msg)
follow = wp_resp.status_int == 301 \
and proxy_host in wp_resp.location
environ['PATH_INFO'] = '/'
proxy_url = wp_resp.location
req = Request(environ)
def __call__(self, environ, start_response):
request = Request(environ)
path_info = request.path_info
route_match = routing.mapping.match(path_info)
if route_match is None:
# If there's an equivalent URL that ends with /, redirect
# to that.
if not path_info.endswith('/') \
and request.method == 'GET' \
and routing.mapping.match(path_info + '/'):
new_path_info = path_info + '/'
if request.GET:
new_path_info = '%s?%s' % (
new_path_info, urllib.urlencode(request.GET))
redirect = exc.HTTPFound(location=new_path_info)
return request.get_response(redirect)(environ, start_response)
# Return a 404
response = util.generate_404_response(
request, routing, environ, self.staticdirector)
return response(environ, start_response)
controller = load_controller(route_match['controller'])
request.start_response = start_response
request.matchdict = route_match
request.urlgen = routes.URLGenerator(routing.mapping, environ)
request.staticdirect = self.staticdirector
return controller(request)(environ, start_response)
def DELETE(self, env, start_response):
"""
Handle DELETE both container and data object removal.
"""
path = '/v1/' + self.account_name + '/' + self.container_name
query_string = 'delimiter=/'
if self.object_name:
query_string += '&prefix=' + concat_parts(self.parent_name,
self.object_name) + '/'
exists, dummy, body = check_resource(env, 'GET', path, self.logger,
True, query_string)
# Not even the top container exist, so there is no such resource.
if not exists:
return get_err_response('NoSuchKey')
# Top container exists, check if there is anything under.
else:
try:
children = json.loads(body)
#there are some children under
if len(children) > 0:
return get_err_response('ContainerNotEmpty')
except ValueError:
return get_err_response('InconsistantState')
# Create a new WebOb Request object according to the current request
req = Request(env)
# Now send the request over.
return req.get_response(self.app)
def _read_root(self, env, start_response):
req = Request(env)
req.headers['Accept'] = Consts.APP_JSON
res = req.get_response(self.app)
body = {}
# Setup required attributes for response body
body['objectType'] = Consts.CDMI_APP_CONTAINER
body['mimetype'] = Consts.CDMI_APP_CONTAINER
body['objectName'] = self.account_name
body['parentURI'] = ''
body['capabilitiesURI'] = \
concat_parts(self.cdmi_capability_id, self.account_name) + '/'
body['metadata'] = {}
body['children'] = []
if res.status_int == 200:
children = json.loads(res.body)
for child in children:
body['children'].append(child['name'] + '/')
res.body = json.dumps(body, indent=2)
return res
def __call__(self, environ, start_response):
req = Request(environ)
sess = self.session_factory(req)
req.environ[self.environ_key] = sess
resp = req.get_response(self.app)
sess.write_callback(req, resp)
return resp(environ, start_response)
def __call__(self, environ, start_response):
request = Request(environ)
path = self.strip_script(environ, request.path)
if path.startswith('/moksha_extension_point'):
exttype = request.params.get('exttype')
if not exttype:
response = Response('')
else:
extensions_data = self.__extension_cache.get(exttype, "")
extensions_str = ','.join(extensions_data)
script = 'var moksha_loaded_extensions ='
script += extensions_data
script += ';'
# now run the deferred extensions queued up while the scripts
# were being downloaded
script += 'moksha.extensions._extension_cache["' + exttype +'"] = moksha_loaded_extensions;'
script += 'var deferred=moksha.extensions._extension_deferred["' + exttype +'"];'
script += 'var d=deferred.shift();'
script += 'while(d){'
script += 'moksha.extensions.run_extensions(moksha_loaded_extensions, d);'
script += 'd = deferred.shift();'
script += '}'
response = Response(script)
else:
response = request.get_response(self.application)
return response(environ, start_response)
def __call__(self, environ, start_response):
"""Dispatcher to processBefore, processAfter, no-op, etc."""
req = Request(environ)
# Mark the start time
start = time.time()
# Generate the response. If text/html, print elapsed
resp = req.get_response(self.app)
if resp.content_type == "text/html":
elapsed = str(1 / (time.time() - start))[0:5]
first_result = resp.body
before = 'id="header-user-menu">'
scoreboard = """
<div style="float:left">Requests per second: %s</div>
"""
after = before + scoreboard % elapsed
body = first_result.replace(before, after, 1)
if isinstance(body, unicode):
resp.charset = 'UTF-8'
resp.unicode_body = body
else:
resp.body = body
return resp(environ, start_response)
def __call__(self,environ,start_response):
req = Request(environ)
session = environ.get('pybald.session', None)
if session and session.user and session.user.can_login:
environ['REMOTE_USER'] = session.user
else:
environ['REMOTE_USER'] = None
if environ['REMOTE_USER']:
# Continuously validate user sessions
# TODO: Clean up our app-level login code a lot...
# Look for a "valid" method on User
try:
valid = getattr(environ['REMOTE_USER'], "valid")
except AttributeError:
# (If this method isn't defined, do nothing.)
pass
else:
# If available, call it, and expect a Boolean:
# If False, end the session right now.
if not valid():
environ['REMOTE_USER'] = None
# Otherwise, do nothing
# update or create the pybald.extension to populate controller instances
environ['pybald.extension'] = environ.get('pybald.extension', {})
environ['pybald.extension']['user'] = environ['REMOTE_USER']
# call the next part of the pipeline
resp = req.get_response(self.application)
return resp(environ,start_response)
def __call__(self, environ, start_response):
req = Request(environ)
if self._no_redirect_re.match(environ['PATH_INFO']):
return req.get_response(self.app)(environ, start_response)
resp = None
try:
request_uri = req.url
request_uri.decode('ascii')
except UnicodeError:
resp = exc.HTTPNotFound()
secure = req.url.startswith('https://')
srv_path = req.url.split('://', 1)[-1]
# This SFUSER check is SourceForge-specific (to require all logged-in users to use https)
# BUT has the additional affect of not forcing SSL for regular Allura instances
# This is important for local development, at least. When we remove SFUSER (perhaps by requiring SSL everywhere),
# we can use `no_redirect.pattern = .` for local development to work without SSL
force_ssl = req.cookies.get('SFUSER') or self._force_ssl_re.match(environ['PATH_INFO'])
if not secure and force_ssl:
resp = exc.HTTPFound(location='https://' + srv_path)
elif secure and not force_ssl:
resp = exc.HTTPFound(location='http://' + srv_path)
if not resp:
resp = self.app
return resp(environ, start_response)
def __call__(self, environ, start_response):
req = Request(environ)
sess = self.session_factory(req)
req.environ[self.environ_key] = sess
resp = req.get_response(self.app)
sess.response_callback(req, resp)
return resp(environ, start_response)
def __call__(self, environ, start_response):
port = 80
hostname = environ.get('HTTP_HOST', '')
if ":" in hostname:
hostname, port = hostname.split(':', 1)
# nothing configure for this host bail out
if hostname not in self._config:
return self.app(environ, start_response)
request = Request(environ)
no_redirect_param = request.GET.get(self.no_redirect_param_name)
no_redirect_cookie = request.cookies.get(self.no_redirect_param_name)
force_no_redirect = no_redirect_param or no_redirect_cookie
# mobi.devices middleware has tagged it as mobile
if request.method == 'GET' and self.is_mobile(request):
if force_no_redirect:
response = request.get_response(self.app)
if not no_redirect_cookie:
response.set_cookie(
self.no_redirect_param_name, 'on', path="/")
return response(environ, start_response)
location = self._config[hostname]
if self.follow_path:
location = self._get_location(request, location)
start_response('302 Redirect', [('Location', location,)])
return []
return self.app(environ, start_response)
def __call__(self, environ, start_response):
request = Request(environ)
response = request.get_response(self.app)
vary = response.headers.get("vary")
if vary is None:
response.headerlist.append(("vary", "origin"))
else:
response.headers["vary"] += ", origin"
origin = request.headers.get("origin")
if origin and (origin in ALLOW_ORIGIN or "*" in ALLOW_ORIGIN):
response.headerlist.extend([
("access-control-allow-origin", origin),
("access-control-allow-credentials", "true"),
("access-control-expose-headers", self.expose_headers),
])
if request.method.lower() == "options":
response.headerlist.append(("access-control-allow-methods",
"GET, HEAD, PUT, POST, DELETE"))
acrh = request.headers.get("access-control-request-headers")
if acrh:
response.headerlist.append(
("access-control-allow-headers", acrh))
return response(environ, start_response)
def __call__(self, environ, start_response):
request = Request(environ)
response = request.get_response(self.app)
if ALLOW_ORIGIN:
origin = request.headers.get("origin")
if origin and (origin in ALLOW_ORIGIN
or "*" in ALLOW_ORIGIN):
response.headerlist.extend([
("access-control-allow-origin", origin),
("access-control-allow-credentials", "true"),
("access-control-expose-headers", "etag, location"),
])
if request.method.lower() == "options":
response.headerlist.append(
("access-control-allow-methods",
"GET, HEAD, PUT, POST, DELETE")
)
acrh = request.headers.get("access-control-request-headers")
if acrh:
response.headerlist.append(
("access-control-allow-headers", acrh)
)
return response(environ, start_response)
def get_wordpress_content(cls, environ, path):
if environ is None:
environ = {'PATH_INFO': path, 'REQUEST_METHOD': 'GET'}
from plugin import WordpresserException
# grab the WP page -- we always need it for the nav, at least,
# and optionally for content when we get a 404 from CKAN.
proxy_host = config.get('wordpresser.proxy_host')
#del environ['CONTENT_TYPE']
#del environ['HTTP_ACCEPT_CHARSET']
req = Request(environ)
req.remove_conditional_headers(remove_encoding=True)
follow = True
proxy_url = proxy_host
while follow:
# deal with redirects internal to Wordpress
try:
wp_resp = req.get_response(paste.proxy.Proxy(proxy_url))
except gaierror, e:
msg = "Address-related error: %s (%s)" % (str(e), proxy_host)
raise WordpresserException(msg)
follow = wp_resp.status_int == 301 \
and proxy_host in wp_resp.location
environ['PATH_INFO'] = '/'
proxy_url = wp_resp.location
req = Request(environ)
def __call__(self, environ, start_response):
"""
Authenticate using AppEngine users API or basic authentication.
"""
request = Request(environ)
user = users.get_current_user()
# If we already have a browser based session, proceed
if user:
logging.info("App Engine user found: %s", user)
response = request.get_response(self.app)
return response(environ, start_response)
else:
# Prompt to login if no authorization header
logging.info(
"No App Engine user. Checking HTTP basic authentication.")
if not request.authorization:
logging.info("No Auth header")
response = Response(status=302,
location=users.create_login_url('/'))
return response(environ, start_response)
auth_type, credentials = request.authorization
# If we are not basic auth, redirect to login screen
if auth_type != "Basic":
logging.info("Not basic auth!")
response = Response(status=403)
return response(environ, start_response)
username, password = base64.b64decode(credentials).split(':')
user = UserPrefs.lookup_user(username)
if not user:
logging.info("No user %s" % username)
response = Response(status=403)
return response(environ, start_response)
if not user.check_password(password):
logging.info("Wrong password %s" % username)
response = Response(status=403)
return response(environ, start_response)
logging.info("Authenticated %s" % username)
response = request.get_response(self.app)
return response(environ, start_response)
def __call__(self, environ, start_response):
req = Request(environ)
resp = req.get_response(self.app)
resp.headers['Access-Control-Allow-Origin'] = "*"
resp.headers['Access-Control-Allow-Method'] = "GET"
return resp(environ, start_response)
def __call__(self, environ, start_response):
req = Request(environ)
resp = req.get_response(self.app, catch_exc_info=True)
if resp.status_int in self.errors:
new_environ = environ.copy()
new_environ.update({
'statuscode.original_request': req,
'statuscode.original_response': resp,
'PATH_INFO': self.error_path,
})
new_req = Request(new_environ)
new_resp = new_req.get_response(self.app, catch_exc_info=True)
new_resp.status = resp.status
resp = new_resp
return resp(environ, start_response)
def __call__(self, environ, start_response):
"""
This method is called for each request. It looks for a user-supplied
CSRF token in the GET/POST parameters, and compares it to the token
attached to ``environ['repoze.who.identity']['_csrf_token']``. If it
does not match, or if a token is not provided, it will remove the
user from the ``environ``, based on the ``clear_env`` setting.
"""
request = Request(environ)
log.debug("CSRFProtectionMiddleware(%s)" % request.path)
token = environ.get('repoze.who.identity', {}).get(self.csrf_token_id)
csrf_token = environ.get(self.token_env)
if token and csrf_token and token == csrf_token:
log.debug("User supplied CSRF token matches environ!")
else:
if not environ.get(self.auth_state):
log.debug("Clearing identity")
CSRFMetadataProvider.clean_environ(environ, self.clear_env)
if csrf_token:
log.warning("Invalid CSRF token. User supplied (%s) "
"does not match what's in our environ (%s)" %
(csrf_token, token))
if not environ.get(self.auth_state):
log.debug("Logging the user out")
request.path_info = '/logout_handler'
response = request.get_response(self.application)
response.status = '401'
return response(environ, start_response)
response = request.get_response(self.application)
if environ.get(self.auth_state):
log.debug("CSRF_AUTH_STATE; rewriting headers")
token = environ.get('repoze.who.identity',
{}).get(self.csrf_token_id)
loc = update_qs(response.location,
{self.csrf_token_id: str(token)})
response.location = loc
log.debug("response.location = %s" % response.location)
environ[self.auth_state] = None
return response(environ, start_response)
def __call__(self, environ, start_response):
req = Request(environ)
try:
response = req.get_response(self.app)
except Exception:
response = Response()
response.status_int = 200
response.body = "An error has been handled appropriately"
return response(environ, start_response)
def __call__(self, environ, start_response):
req = Request(environ)
try:
response = req.get_response(self.app)
except Exception:
response = Response()
response.status_int = 404
response.body = "An error has occurred with proper client error handling"
return response(environ, start_response)
def __call__(self, environ, start_response):
from webob import Request
req = Request(environ)
resp = req.get_response(self.app)
if resp.content_type != 'text/html' or resp.status_int != 200:
return resp(environ, start_response)
data = self.get_data(req.url)
# ... do stuff with data, update resp ...
return resp(environ, start_response)
def __call__(self, environ, start_response):
req = Request(environ)
resp = req.get_response(self.app)
content_length = resp.headers.get('x-content-length')
if content_length:
resp.headers['Content-Length'] = content_length
return resp(environ, start_response)
def __call__(self, environ, start_response):
req = Request(environ)
if (req.method == "GET" and req.GET.getall("query") or
req.method == "POST" and req.content_type in self.POST_CTYPES):
resp = self.handle_sparql(req)
else:
# pass through request to the wrapped application
resp = req.get_response(self.app)
return resp(environ, start_response)
def m(environ, start_response):
request = Request(environ)
jar.add_cookie_header(RequestCookieAdapter(request))
response = request.get_response(app)
cookies = jar.make_cookies(ResponseCookieAdapter(response),
RequestCookieAdapter(request))
for c in cookies:
jar.set_cookie(c)
return response(environ, start_response)
def _injector(environ, start_response):
req = Request(environ)
resp = req.get_response(app)
content_type = resp.headers.get('Content-Type', 'text/plain').lower()
if 'html' in content_type:
resources = framework.pop_resources()
if resources:
resp.body = inject_resources(resp.body, resources,
resp.charset)
return resp(environ, start_response)
def __call__(self, environ, start_response):
req = Request(environ)
resp = req.get_response(self.app)
if req.scheme == 'http':
# Strip all secure cookies.
if 'Set-Cookie' in resp.headers:
for header in resp.headers.getall('Set-Cookie'):
if header.endswith('secure') or 'secure; ' in header:
name = header.split('=')[0].strip()
resp.unset_cookie(name)
return resp(environ, start_response)
def __call__(self, environ, start_response):
from webob import Request
req = Request(environ)
resp = req.get_response(self.app)
if resp.content_type != 'text/html' or resp.status_int != 200:
return resp(environ, start_response)
data = self.get_data(req.url)
body = resp.body
body = self.add_to_end(body, self.format_comments(data))
resp.body = body
return resp(environ, start_response)
def __call__(self, environ, start_response):
req = resp = None
try:
req = Request(environ)
operator.context['request'] = req
self.pre_request(req)
resp = req.get_response(self.app)
return resp(environ, start_response)
finally:
self.post_request(req, resp)
self.request_finished(req)
