def test_stub_request(self):
html_request = self.stub_request()
js_request = self.stub_request(content_type='text/javascript',
status=401,
interfaces=IFoo)
iface_request = self.stub_request(interfaces=[IFoo, IBar])
self.replay()
self.assertTrue(IDefaultBrowserLayer.providedBy(html_request))
self.assertTrue(IBrowserRequest.providedBy(html_request))
self.assertEqual(html_request.debug, False)
self.assertEqual(html_request.response.getHeader('Content-Type'),
'text/html')
self.assertEqual(html_request.response.getStatus(), 200)
self.assertTrue(IDefaultBrowserLayer.providedBy(js_request))
self.assertTrue(IBrowserRequest.providedBy(js_request))
self.assertTrue(IFoo.providedBy(js_request))
self.assertEqual(js_request.debug, False)
self.assertEqual(js_request.response.getHeader('Content-Type'),
'text/javascript')
self.assertEqual(js_request.response.getStatus(), 401)
self.assertTrue(IFoo.providedBy(iface_request))
self.assertTrue(IBar.providedBy(iface_request))
self.assertTrue(IDefaultBrowserLayer.providedBy(iface_request))
self.assertTrue(IBrowserRequest.providedBy(iface_request))
self.assertEqual(html_request.debug, False)
self.assertEqual(html_request.response.getHeader('Content-Type'),
'text/html')
self.assertEqual(html_request.response.getStatus(), 200)
def test_stub_request(self):
html_request = self.stub_request()
js_request = self.stub_request(
content_type='text/javascript', status=401, interfaces=IFoo)
iface_request = self.stub_request(interfaces=[IFoo, IBar])
self.replay()
self.assertTrue(IDefaultBrowserLayer.providedBy(html_request))
self.assertTrue(IBrowserRequest.providedBy(html_request))
self.assertEqual(html_request.debug, False)
self.assertEqual(html_request.response.getHeader(
'Content-Type'), 'text/html')
self.assertEqual(html_request.response.getStatus(), 200)
self.assertTrue(IDefaultBrowserLayer.providedBy(js_request))
self.assertTrue(IBrowserRequest.providedBy(js_request))
self.assertTrue(IFoo.providedBy(js_request))
self.assertEqual(js_request.debug, False)
self.assertEqual(js_request.response.getHeader(
'Content-Type'), 'text/javascript')
self.assertEqual(js_request.response.getStatus(), 401)
self.assertTrue(IFoo.providedBy(iface_request))
self.assertTrue(IBar.providedBy(iface_request))
self.assertTrue(IDefaultBrowserLayer.providedBy(iface_request))
self.assertTrue(IBrowserRequest.providedBy(iface_request))
self.assertEqual(html_request.debug, False)
self.assertEqual(html_request.response.getHeader(
'Content-Type'), 'text/html')
self.assertEqual(html_request.response.getStatus(), 200)
def __bobo_traverse__(self, REQUEST, name):
"""Hook for Zope 2 traversal
This method is called by Zope 2's ZPublisher upon traversal.
It allows us to trick it into faking the Zope 3 traversal system
by using an ITraverser adapter.
"""
# We are trying to be compatible with Zope 2 and 3 traversal
# behaviour as much as possible. Therefore the first part of
# this method is based on BaseRequest.traverse's behaviour:
# 1. If an object has __bobo_traverse__, use it.
# 2. Otherwise do attribute look-up or, if that doesn't work,
# key item lookup.
if hasattr(self, '__fallback_traverse__'):
try:
return self.__fallback_traverse__(REQUEST, name)
except (AttributeError, KeyError):
pass
else:
try:
return getattr(self, name)
except AttributeError:
pass
try:
return self[name]
except (KeyError, IndexError, TypeError, AttributeError):
pass
# This is the part Five adds:
# 3. If neither __bobo_traverse__ nor attribute/key look-up
# work, we try to find a Zope 3-style view.
# For that we need to make sure we have a good request
# (sometimes __bobo_traverse__ gets a stub request)
if not IBrowserRequest.providedBy(REQUEST):
# Try to get the REQUEST by acquisition
REQUEST = getattr(self, 'REQUEST', None)
if not IBrowserRequest.providedBy(REQUEST):
REQUEST = FakeRequest()
# Con Zope 3 into using Zope 2's checkPermission
Products.Five.security.newInteraction()
# Use the ITraverser adapter (which in turn uses ITraversable
# adapters) to traverse to a view. Note that we're mixing
# object-graph and object-publishing traversal here, but Zope
# 2 has no way to tell us when to use which...
# TODO Perhaps we can decide on object-graph vs.
# object-publishing traversal depending on whether REQUEST is
# a stub or not?
try:
return ITraverser(self).traverse(path=[name],
request=REQUEST).__of__(self)
except (ComponentLookupError, NotFoundError, AttributeError, KeyError,
NotFound):
pass
raise AttributeError, name
def __bobo_traverse__(self, REQUEST, name):
parent = aq_parent(self)
proxy = self.__of__(parent)
val = getattr(proxy, name, _marker)
if val is not _marker:
return val
else:
# try for a Zope 3-type view. see code in Five/traversable.py
target = self.getTarget()
if not IBrowserRequest.providedBy(REQUEST):
# Try to get the REQUEST by acquisition
REQUEST = getattr(self, 'REQUEST', None)
if not IBrowserRequest.providedBy(REQUEST):
REQUEST = FakeRequest()
setDefaultSkin(REQUEST)
Products.Five.security.newInteraction()
try:
# note use of 'target' instead of 'self'...
return ITraverser(target).traverse(
path=[name], request=REQUEST).__of__(target)
except (ComponentLookupError, LookupError, AttributeError,
KeyError, NotFound):
pass
raise AttributeError, "name"
def __bobo_traverse__(self, REQUEST, name):
"""Hook for Zope 2 traversal
This method is called by Zope 2's ZPublisher upon traversal.
It allows us to trick it into faking the Zope 3 traversal system
by using an ITraverser adapter.
"""
if not IBrowserRequest.providedBy(REQUEST):
# Try to get the REQUEST by acquisition
REQUEST = getattr(self, 'REQUEST', None)
if not IBrowserRequest.providedBy(REQUEST):
REQUEST = FakeRequest()
try:
kw = dict(path=[name], request=REQUEST)
return ITraverser(self).traverse(**kw).__of__(self)
except (ComponentLookupError, NotFoundError,
AttributeError, KeyError, NotFound):
pass
try:
return getattr(self, name)
except AttributeError:
pass
try:
return self[name]
except (AttributeError, KeyError):
pass
return self.__fallback_traverse__(REQUEST, name)
def __bobo_traverse__(self, REQUEST, name):
"""Hook for Zope 2 traversal
This method is called by Zope 2's ZPublisher upon traversal.
It allows us to trick it into faking the Zope 3 traversal system
by using an ITraverser adapter.
"""
if not IBrowserRequest.providedBy(REQUEST):
# Try to get the REQUEST by acquisition
REQUEST = getattr(self, 'REQUEST', None)
if not IBrowserRequest.providedBy(REQUEST):
REQUEST = FakeRequest()
# set the default skin on the request if it doesn't have any
# layers set on it yet
if queryType(REQUEST, ILayer) is None:
setDefaultSkin(REQUEST)
# con Zope 3 into using Zope 2's checkPermission
newInteraction()
try:
return ITraverser(self).traverse(path=[name],
request=REQUEST).__of__(self)
except (ComponentLookupError, LookupError, AttributeError, KeyError,
NotFound):
pass
try:
return getattr(self, name)
except AttributeError:
pass
try:
return self[name]
except (AttributeError, KeyError):
pass
return self.__fallback_traverse__(REQUEST, name)
def __bobo_traverse__(self, REQUEST, name):
"""Hook for Zope 2 traversal
This method is called by Zope 2's ZPublisher upon traversal.
It allows us to trick it into faking the Zope 3 traversal system
by using an ITraverser adapter.
"""
if not IBrowserRequest.providedBy(REQUEST):
# Try to get the REQUEST by acquisition
REQUEST = getattr(self, 'REQUEST', None)
if not IBrowserRequest.providedBy(REQUEST):
REQUEST = FakeRequest()
try:
kw = dict(path=[name], request=REQUEST)
return ITraverser(self).traverse(**kw).__of__(self)
except (ComponentLookupError, NotFoundError, AttributeError, KeyError,
NotFound):
pass
try:
return getattr(self, name)
except AttributeError:
pass
try:
return self[name]
except (AttributeError, KeyError):
pass
return self.__fallback_traverse__(REQUEST, name)
def test_has_key(self):
environ = {
'PATH_INFO': '/',
'QUERY_STRING':
'lastName=Doe;country:list=Japan;country:list=Hungary',
}
request = Request(environ)
zrequest = IBrowserRequest(request)
assert_that(zrequest.has_key('lastName'), is_(True))
def __call__(self, input_stream, env, output_stream=None):
"""See `zope.app.publication.interfaces.IPublicationRequestFactory`"""
# BBB: This is backward-compatibility support for the deprecated
# output stream.
try:
env.get
except AttributeError:
import warnings
warnings.warn("Can't pass output streams to requests anymore. "
"This will go away in Zope 3.4.",
DeprecationWarning,
2)
env, output_stream = output_stream, env
method = env.get('REQUEST_METHOD', 'GET').upper()
request_class, publication_class = chooseClasses(method, env)
publication = self._publication_cache.get(publication_class)
if publication is None:
publication = publication_class(self._db)
self._publication_cache[publication_class] = publication
request = request_class(input_stream, env)
request.setPublication(publication)
if IBrowserRequest.providedBy(request):
# only browser requests have skins
setDefaultSkin(request)
return request
def __call__(self, input_stream, env, output_stream=None):
"""See `zope.app.publication.interfaces.IPublicationRequestFactory`"""
# BBB: This is backward-compatibility support for the deprecated
# output stream.
try:
env.get
except AttributeError:
import warnings
warnings.warn(
"Can't pass output streams to requests anymore. "
"This will go away in Zope 3.4.", DeprecationWarning, 2)
env, output_stream = output_stream, env
method = env.get('REQUEST_METHOD', 'GET').upper()
request_class, publication_class = chooseClasses(method, env)
publication = self._publication_cache.get(publication_class)
if publication is None:
publication = publication_class(self._db)
self._publication_cache[publication_class] = publication
request = request_class(input_stream, env)
request.setPublication(publication)
if IBrowserRequest.providedBy(request):
# only browser requests have skins
setDefaultSkin(request)
return request
def translate(self, domain, msgid, mapping=None, context=None,
target_language=None, default=None):
"""
Translate a message using Unicode.
"""
if not msgid:
# refuse to translate an empty msgid
return default
# ZPT passes the object as context. That's wrong according to spec.
if not IBrowserRequest.providedBy(context):
context = aq_acquire(context, 'REQUEST')
text = msgid
catalogs = self.getCatalogsForTranslation(context, domain, target_language)
for catalog in catalogs:
try:
text = getMessage(catalog, msgid, default)
except KeyError:
# it's not in this catalog, try the next one
continue
# found!
break
else:
# Did the fallback fail? Sigh, use the default if it is not None.
if default is not None:
text = default
# Now we need to do the interpolation
return self.interpolate(text, mapping)
def traverse(self, name, furtherPath):
# For some reason, when the adapter is constructed, the adapted
# object is stored as self._subject rather than self.context.
# I like self.context.
#import pdb; pdb.set_trace()
self.context = self._subject
if name == 'keywords':
tag_class = Keyword
else:
# We ignore it...
return super(ImageRepositoryTraversable, self).traverse(name, furtherPath)
# Now the guts of it...
subpath = self.popFurtherPath(furtherPath)
# furtherPath is now an empty list
# Find the REQUEST
REQUEST = getattr(self.context, 'REQUEST', None)
if not IBrowserRequest.providedBy(REQUEST):
REQUEST = FakeRequest()
if len(subpath) == 0:
return zapi.getView(self.context, name, REQUEST)
#print name, furtherPath, subpath
if len(subpath) == 1:
furtherPath.append('index.html')
tag = tag_class(subpath[0]).__of__(self.context)
elif subpath[-1].startswith('@@'):
furtherPath.append(subpath[-1])
tag = tag_class(subpath[:-1]).__of__(self.context)
else:
furtherPath.append('index.html')
tag = tag_class(subpath).__of__(self.context)
return tag
def getPreferredLanguages(self):
# If the default locale negotiater can get a value,
# that means we had a parameter or one of the cookies
# (because of the subscriber that gets us here).
negotiated = default_locale_negotiator(self.request)
if negotiated:
return [negotiated]
# Here is where we would check for something during traversal,
# but we don't actually support that at this time because it
# relies on implementation details
# Is there a non-default user preference? Right now we know
# what a default is due to implementation details above. We also
# know for sure that we *have* a remote use, otherwise we wouldn't
# be here
remote_user = IPrincipal(self.request, None)
remote_user_langs = IUserPreferredLanguages(remote_user)
if remote_user_langs is not EnglishUserPreferredLanguagesImpl:
return remote_user_langs.getPreferredLanguages() # pylint:disable=too-many-function-args
# Ok, see what the HTTP request can come up with. Note that we're
# going to the Zope interface so that we don't get into an infinite
# loop
browser_request = IBrowserRequest(self.request)
browser_langs = IModifiableUserPreferredLanguages(browser_request)
return browser_langs.getPreferredLanguages() # pylint:disable=too-many-function-args
def endRequest(self, request, object):
superclass = zope.app.publication.browser.BrowserPublication
superclass.endRequest(self, request, object)
da.clear_request_started()
getUtility(IOpenLaunchBag).clear()
# Maintain operational statistics.
if getattr(request, '_wants_retry', False):
OpStats.stats['retries'] += 1
else:
OpStats.stats['requests'] += 1
# Increment counters for HTTP status codes we track individually
# NB. We use IBrowserRequest, as other request types such as
# IXMLRPCRequest use IHTTPRequest as a superclass.
# This should be fine as Launchpad only deals with browser
# and XML-RPC requests.
if IBrowserRequest.providedBy(request):
OpStats.stats['http requests'] += 1
status = request.response.getStatus()
if status == 404: # Not Found
OpStats.stats['404s'] += 1
elif status == 500: # Unhandled exceptions
OpStats.stats['500s'] += 1
elif status == 503: # Timeouts
OpStats.stats['503s'] += 1
# Increment counters for status code groups.
status_group = str(status)[0] + 'XXs'
OpStats.stats[status_group] += 1
# Increment counter for 5XXs_b.
if is_browser(request) and status_group == '5XXs':
OpStats.stats['5XXs_b'] += 1
# Make sure our databases are in a sane state for the next request.
thread_name = threading.currentThread().getName()
for name, store in getUtility(IZStorm).iterstores():
try:
assert store._connection._state != STATE_DISCONNECTED, (
"Bug #504291: Store left in a disconnected state.")
except AssertionError:
# The Store is in a disconnected state. This should
# not happen, as store.rollback() should have been called
# by now. Log an OOPS so we know about this. This
# is Bug #504291 happening.
getUtility(IErrorReportingUtility).raising(
sys.exc_info(), request)
# Repair things so the server can remain operational.
store.rollback()
# Reset all Storm stores when not running the test suite.
# We could reset them when running the test suite but
# that'd make writing tests a much more painful task. We
# still reset the slave stores though to minimize stale
# cache issues.
if thread_name != 'MainThread' or name.endswith('-slave'):
store.reset()
def endRequest(self, request, object):
superclass = zope.app.publication.browser.BrowserPublication
superclass.endRequest(self, request, object)
da.clear_request_started()
getUtility(IOpenLaunchBag).clear()
# Maintain operational statistics.
if getattr(request, '_wants_retry', False):
OpStats.stats['retries'] += 1
else:
OpStats.stats['requests'] += 1
# Increment counters for HTTP status codes we track individually
# NB. We use IBrowserRequest, as other request types such as
# IXMLRPCRequest use IHTTPRequest as a superclass.
# This should be fine as Launchpad only deals with browser
# and XML-RPC requests.
if IBrowserRequest.providedBy(request):
OpStats.stats['http requests'] += 1
status = request.response.getStatus()
if status == 404: # Not Found
OpStats.stats['404s'] += 1
elif status == 500: # Unhandled exceptions
OpStats.stats['500s'] += 1
elif status == 503: # Timeouts
OpStats.stats['503s'] += 1
# Increment counters for status code groups.
status_group = str(status)[0] + 'XXs'
OpStats.stats[status_group] += 1
# Increment counter for 5XXs_b.
if is_browser(request) and status_group == '5XXs':
OpStats.stats['5XXs_b'] += 1
# Make sure our databases are in a sane state for the next request.
thread_name = threading.currentThread().getName()
for name, store in getUtility(IZStorm).iterstores():
try:
assert store._connection._state != STATE_DISCONNECTED, (
"Bug #504291: Store left in a disconnected state.")
except AssertionError:
# The Store is in a disconnected state. This should
# not happen, as store.rollback() should have been called
# by now. Log an OOPS so we know about this. This
# is Bug #504291 happening.
getUtility(IErrorReportingUtility).raising(
sys.exc_info(), request)
# Repair things so the server can remain operational.
store.rollback()
# Reset all Storm stores when not running the test suite.
# We could reset them when running the test suite but
# that'd make writing tests a much more painful task. We
# still reset the slave stores though to minimize stale
# cache issues.
if thread_name != 'MainThread' or name.endswith('-slave'):
store.reset()
def utranslate(domain, msgid, mapping=None, context=None, target_language=None, default=None):
# We used to pass an object as context.
if not IBrowserRequest.providedBy(context):
context = aq_acquire(context, "REQUEST")
# The signature of zope.i18n's translate has the msgid and domain switched
return translate(
msgid, domain=domain, mapping=mapping, context=context, target_language=target_language, default=default
)
def schoolToolTraverseSubscriber(event):
"""A subscriber to BeforeTraverseEvent.
Adds DevMode layer to the request.
"""
if (ISchoolToolApplication.providedBy(event.object) and
IBrowserRequest.providedBy(event.request)):
directlyProvides(event.request,
directlyProvidedBy(event.request) + IDevModeLayer)
def __call__(self, objectId, instance, *args, **kw):
request = instance.request
if IBrowserRequest.providedBy(request):
return {'request:SERVER_NAME':
(request.get('SERVER_NAME', u''),
request.get('SERVER_PORT', u''),
request.getApplicationURL(),)}
else:
return ()
def _translate(context, msg):
"""helper to translate a term if its a messageid
"""
if not isinstance(msg, Message):
return msg
if not IBrowserRequest.providedBy(context):
context = aq_acquire(context, 'REQUEST')
msg = translate(msg, context=context).strip()
msg = '\n'.join([_.strip() for _ in msg.split('\n')]) # needed if vdex
return msg
def getEmptyTitle(context, translated=True):
"""Returns string to be used for objects with no title or id"""
# The default is an extra fancy unicode elipsis
empty = unicode('\x5b\xc2\xb7\xc2\xb7\xc2\xb7\x5d', 'utf-8')
if translated:
if context is not None:
if not IBrowserRequest.providedBy(context):
context = aq_get(context, 'REQUEST', None)
empty = translate('title_unset', domain='plone', context=context, default=empty)
return empty
def __bobo_traverse__(self, REQUEST, name):
"""Hook for Zope 2 traversal
This method is called by Zope 2's ZPublisher upon traversal.
It allows us to trick it into faking the Zope 3 traversal system
by using an ITraverser adapter.
"""
if not IBrowserRequest.providedBy(REQUEST):
# Try to get the REQUEST by acquisition
REQUEST = getattr(self, 'REQUEST', None)
if not IBrowserRequest.providedBy(REQUEST):
REQUEST = FakeRequest()
# set the default skin on the request if it doesn't have any
# layers set on it yet
if queryType(REQUEST, ILayer) is None:
setDefaultSkin(REQUEST)
# con Zope 3 into using Zope 2's checkPermission
newInteraction()
try:
return ITraverser(self).traverse(
path=[name], request=REQUEST).__of__(self)
except (ComponentLookupError, LookupError,
AttributeError, KeyError, NotFound):
pass
try:
return self.__fallback_traverse__(REQUEST, name)
except NotImplementedError:
pass
# TODO: This should at least make an attempt to deal with
# potential WebDAV issues, in particular we should not perform
# acquisition for webdav requests. See BaseRequest.traverse for
# details.
try:
return getattr(self, name)
except AttributeError:
pass
try:
return self[name]
except (AttributeError, KeyError):
pass
raise AttributeError, name
def translate(self, msgid, domain=None, mapping=None, context=None,
target_language=None, default=None):
# Translate method for resticted code like skins.
if context is not None:
if not IBrowserRequest.providedBy(context):
context = aq_get(context, 'REQUEST', None)
return translate(msgid, domain=domain, mapping=mapping,
context=context, target_language=target_language,
default=default)
def getEmptyTitle(context, translated=True):
"""Returns string to be used for objects with no title or id"""
# The default is an extra fancy unicode elipsis
empty = unicode("\x5b\xc2\xb7\xc2\xb7\xc2\xb7\x5d", "utf-8")
if translated:
if context is not None:
if not IBrowserRequest.providedBy(context):
context = aq_get(context, "REQUEST", None)
empty = translate("title_unset", domain="plone", context=context, default=empty)
return empty
def unauthorized(self, id, request):
if not IBrowserRequest.providedBy(request) or request.method == 'PUT':
next = getNextUtility(self, IAuthentication)
return next.unauthorized(id, request)
if str(request.URL).endswith('.ics'):
# Special case: testing shows that Mozilla Calendar does not send
# the Authorization header unless challenged. It is pointless
# to redirect an iCalendar client to an HTML login form.
next = getNextUtility(self, IAuthentication)
return next.unauthorized(id, request)
return self.authPlugin.unauthorized(id, request)
def translate(self, domain, msgid, mapping=None, context=None, target_language=None, default=None):
# Translate a message using Unicode.
if not msgid:
# refuse to translate an empty msgid
return default
# ZPT passes the object as context. That's wrong according to spec.
if not IBrowserRequest.providedBy(context):
context = aq_acquire(context, "REQUEST")
text = msgid
return z3translate(msgid, domain, mapping, context, target_language, default)
def traverse(self, name, furtherPath):
context = self._subject
__traceback_info__ = (context, name, furtherPath)
# Find the REQUEST
REQUEST = getattr(context, 'REQUEST', None)
if not IBrowserRequest.providedBy(REQUEST):
REQUEST = FakeRequest()
# Try to lookup a view
try:
return getView(context, name, REQUEST)
except ComponentLookupError:
pass
def test_form_parsing(self):
environ = {
'PATH_INFO': '/',
'QUERY_STRING':
'lastName=Doe;country:list=Japan;country:list=Hungary',
}
request = Request(environ)
zrequest = IBrowserRequest(request)
assert_that(zrequest.form, {
'country': ['Japan', 'Hungary'],
'lastName': 'Doe'
})
def traverse(self, name, furtherPath):
context = self._subject
__traceback_info__ = (context, name, furtherPath)
# Find the REQUEST
REQUEST = getattr(context, 'REQUEST', None)
if not IBrowserRequest.providedBy(REQUEST):
REQUEST = FakeRequest()
# Try to lookup a view
try:
return getView(context, name, REQUEST)
except ComponentLookupError:
pass
def traverse(self, name, furtherPath):
context = self._subject
__traceback_info__ = (context, name, furtherPath)
# Find the REQUEST
REQUEST = getattr(context, "REQUEST", None)
if not IBrowserRequest.providedBy(REQUEST):
REQUEST = FakeRequest()
setDefaultSkin(REQUEST)
# Try to lookup a view
try:
return getMultiAdapter((context, REQUEST), Interface, name)
except ComponentLookupError:
pass
def getSubObject(self, name, REQUEST, RESPONSE=None):
obj = self.__p4a_z2utils_orig_getSubObject(name, REQUEST, RESPONSE)
if obj is not None:
return obj
# The following is a copy from Five's __bobo_traverse__ stuff,
# see Products.Five.traversable for details.
# Basically we're forcing Archetypes to look up the correct
# Five way:
# 1) check for data object first
# 2) check for zope3 view
# 3) return nothing so that AT's default __bobo_traverse__ will use aq
if not IBrowserRequest.providedBy(REQUEST):
# Try to get the REQUEST by acquisition
REQUEST = getattr(self, 'REQUEST', None)
if not IBrowserRequest.providedBy(REQUEST):
REQUEST = FakeRequest()
setDefaultSkin(REQUEST)
# Con Zope 3 into using Zope 2's checkPermission
Products.Five.security.newInteraction()
# Use the ITraverser adapter (which in turn uses ITraversable
# adapters) to traverse to a view. Note that we're mixing
# object-graph and object-publishing traversal here, but Zope
# 2 has no way to tell us when to use which...
# TODO Perhaps we can decide on object-graph vs.
# object-publishing traversal depending on whether REQUEST is
# a stub or not?
try:
return ITraverser(self).traverse(
path=[name], request=REQUEST).__of__(self)
except (ComponentLookupError, LookupError, TypeError,
AttributeError, KeyError, NotFound):
pass
return None
def traverse(self, name, furtherPath):
context = self._subject
__traceback_info__ = (context, name, furtherPath)
# Find the REQUEST
REQUEST = getattr(context, 'REQUEST', None)
if not IBrowserRequest.providedBy(REQUEST):
REQUEST = FakeRequest()
# Try to lookup a view first
try:
return getView(context, name, REQUEST)
except ComponentLookupError:
pass
# If a view can't be found, then use default traversable
return super(FiveTraversable, self).traverse(name, furtherPath)
def traverse(self, name, furtherPath):
context = self._subject
__traceback_info__ = (context, name, furtherPath)
# Find the REQUEST
REQUEST = getattr(context, 'REQUEST', None)
if not IBrowserRequest.providedBy(REQUEST):
REQUEST = FakeRequest()
# Try to lookup a view first
try:
return getView(context, name, REQUEST)
except ComponentLookupError:
pass
# If a view can't be found, then use default traversable
return super(FiveTraversable, self).traverse(name, furtherPath)
def translate(self, msgid, mapping=None, context=None,
target_language=None, default=None):
pts = getTranslationService()
if pts is None or context is None:
# If we don't have enough context use interpolate
return interpolate(default, mapping)
# Don't accept anything which isn't a real request
if not IBrowserRequest.providedBy(context) or 'PARENTS' not in context:
raise ValueError, "You didn't pass in a request as the context."
parent = context['PARENTS'][-1]
return pts.translate(self.domain, msgid, mapping, parent,
target_language, default)
def _curried(*args, **kw):
request = args[r_index]
if IBrowserRequest.providedBy(request):
if request.method not in methods:
raise Forbidden('Request must be %s' % methodsstr)
# Reconstruct keyword arguments
if defaults is not None:
args, kwparams = args[:arglen], args[arglen:]
for positional, (key, default) in zip(kwparams, defaults):
if positional is _default:
kw[key] = default
else:
kw[key] = positional
return callable(*args, **kw)
def _curried(*args, **kw):
request = args[r_index]
if IBrowserRequest.providedBy(request):
if request.method not in methods:
raise Forbidden('Request must be %s' % methodsstr)
# Reconstruct keyword arguments
if defaults is not None:
args, kwparams = args[:arglen], args[arglen:]
for positional, (key, default) in zip(kwparams, defaults):
if positional is _default:
kw[key] = default
else:
kw[key] = positional
return callable(*args, **kw)
def utranslate(domain,
msgid,
mapping=None,
context=None,
target_language=None,
default=None):
# We used to pass an object as context.
if not IBrowserRequest.providedBy(context):
context = aq_acquire(context, 'REQUEST')
# The signature of zope.i18n's translate has the msgid and domain switched
return translate(msgid,
domain=domain,
mapping=mapping,
context=context,
target_language=target_language,
default=default)
def get_change_note(request, default=None):
"""Returns the changeNote submitted with this request. The changeNote
is read from the form-field (see behaviors.IVersionable)
"""
_marker = object()
value = _marker
if IBrowserRequest.providedBy(request):
annotations = IAnnotations(request)
value = annotations.get('plone.app.versioningbehavior-changeNote',
_marker)
if not value or value == _marker:
return default
return value
def get_change_note(request, default=None):
"""Returns the changeNote submitted with this request. The changeNote
is read from the form-field (see behaviors.IVersionable)
"""
_marker = object()
value = _marker
if IBrowserRequest.providedBy(request):
annotations = IAnnotations(request)
value = annotations.get(
'plone.app.versioningbehavior-changeNote', _marker)
if not value or value == _marker:
return default
return value
def translate(message, context):
""" Translate i18n message.
"""
if isinstance(message, Exception):
try:
message = message[0]
except (TypeError, IndexError):
pass
# in Zope3, context is adapted to IUserPreferredLanguages,
# which means context should be the request in this case.
# Do not attempt to acquire REQUEST from the context, when we already
# got a request as the context
if context is not None:
if not IBrowserRequest.providedBy(context):
context = aq_get(context, 'REQUEST', None)
return i18n.translate(message, domain='cmf_default', context=context)
def translate(message, context):
""" Translate i18n message.
"""
if isinstance(message, Exception):
try:
message = message[0]
except (TypeError, IndexError):
pass
# in Zope3, context is adapted to IUserPreferredLanguages,
# which means context should be the request in this case.
# Do not attempt to acquire REQUEST from the context, when we already
# got a request as the context
if context is not None:
if not IBrowserRequest.providedBy(context):
context = aq_get(context, 'REQUEST', None)
return i18n.translate(message, domain='cmf_default', context=context)
def translate(self,
msgid,
domain=None,
mapping=None,
context=None,
target_language=None,
default=None):
# Translate method for resticted code like skins.
if context is not None:
if not IBrowserRequest.providedBy(context):
context = aq_get(context, 'REQUEST', None)
return translate(msgid,
domain=domain,
mapping=mapping,
context=context,
target_language=target_language,
default=default)
def afterCallHandler(event):
request = event.request
if IBrowserRequest.providedBy(request):
response = request.response
status = response.getStatus()
if status not in (302, 303):
service = IStatusMessage(request, None)
if service is not None:
messages = service.clear()
if messages:
msg = u'\n'.join(messages)
msg = msg.encode('utf-8', 'ignore')
body = response.consumeBody()
body = body.replace('<!--zojax-statusmessage-->', msg, 1)
response.setResult(body)
def retry(self):
'See IPublisherRequest'
count = getattr(self, '_retry_count', 0)
self._retry_count = count + 1
request = self.__class__(
# Use the cache stream as the new input stream.
body_instream=self._body_instream.getCacheStream(),
environ=self._orig_env,
response=self.response.retry(),
)
# restore the default skin
if IBrowserRequest.providedBy(self):
# only browser requests have skins
zope.publisher.browser.setDefaultSkin(request)
request.setPublication(self.publication)
request._retry_count = self._retry_count
return request
def translate(self,
domain,
msgid,
mapping=None,
context=None,
target_language=None,
default=None):
# Translate a message using Unicode.
if not msgid:
# refuse to translate an empty msgid
return default
# ZPT passes the object as context. That's wrong according to spec.
if not IBrowserRequest.providedBy(context):
context = aq_acquire(context, 'REQUEST')
text = msgid
return z3translate(msgid, domain, mapping, context, target_language,
default)
def __call__(self, value, system):
"""
:param value: The object returned from the view. Either a dictionary,
or a context object. If a context object, will be available at the path
``options/here`` in the template. If a dictionary, its values are merged with
those in `system`.
"""
__traceback_info__ = value, system
try:
system.update(value)
except (TypeError, ValueError):
# raise ValueError('renderer was passed non-dictionary as value')
system['here'] = value
# See plasTeX/Renderers/__init__.py for comments about how 'self'
# is a problem
request = None
if 'request' in system and system['request'] is not None:
request = IBrowserRequest(system['request'])
system['request'] = request
view = system['view'] # TODO: We can do better with this
if view is None and request is not None:
view = request
system['view'] = request
# We used to register macros, but now you should use
# z3c.macro and the macro: expression type
# if 'master' not in system:
# XXX: FIXME: There must be a better way to handle this.
# How did zope do it? (Acquisition?)
# (Answer: Yes, basically. Every template was auto-loaded
# and at a traversable location, usually also in the
# acquisition path; pages traversed to the macros of the
# template they wanted. We can do something similar though
# traversal, we just need to update our templates.)
# FIXME: Note use of nti.appserver package
# master = get_renderer('nti.appserver:templates/master_email.pt').implementation()
# system['master'] = master
result = self.template.bind(view)(**system)
return result
def __bobo_traverse__(self, REQUEST, name):
"""Hook for Zope 2 traversal
This method is called by Zope 2's ZPublisher upon traversal.
It allows us to trick it into publishing Zope 3-style views.
"""
if not IBrowserRequest.providedBy(REQUEST):
REQUEST = FakeRequest()
try:
return getView(self, name, REQUEST).__of__(self)
except ComponentLookupError:
pass
try:
return getattr(self, name)
except AttributeError:
pass
try:
return self[name]
except (AttributeError, KeyError):
pass
return self.__fallback_traverse__(REQUEST, name)
def __bobo_traverse__(self, REQUEST, name):
"""Hook for Zope 2 traversal
This method is called by Zope 2's ZPublisher upon traversal.
It allows us to trick it into publishing Zope 3-style views.
"""
if not IBrowserRequest.providedBy(REQUEST):
REQUEST = FakeRequest()
try:
return getView(self, name, REQUEST).__of__(self)
except ComponentLookupError:
pass
try:
return getattr(self, name)
except AttributeError:
pass
try:
return self[name]
except (AttributeError, KeyError):
pass
return self.__fallback_traverse__(REQUEST, name)
def test_url_traversal(self):
request = Request.blank('http://foobar.com/folder/item')
zrequest = IBrowserRequest(request)
assert_that(str(zrequest.URL), is_('http://foobar.com/folder/item'))
assert_that(zrequest.URL['-1'], is_('http://foobar.com/folder'))
assert_that(zrequest.URL['-2'], is_('http://foobar.com'))
assert_that(
calling(zrequest.URL.__getitem__).with_args('-3'),
raises(KeyError))
assert_that(zrequest.URL['0'], is_('http://foobar.com'))
assert_that(zrequest.URL['1'], is_('http://foobar.com/folder'))
assert_that(zrequest.URL['2'], is_('http://foobar.com/folder/item'))
assert_that(
calling(zrequest.URL.__getitem__).with_args('3'), raises(KeyError))
assert_that(zrequest.URL.get('0'), is_('http://foobar.com'))
assert_that(zrequest.URL.get('1'), is_('http://foobar.com/folder'))
assert_that(zrequest.URL.get('2'),
is_('http://foobar.com/folder/item'))
assert_that(zrequest.URL.get('3', 'none'), is_('none'))
def filterTemporaryItems(obj, checkId=True):
""" check if the item has an acquisition chain set up and is not of
temporary nature, i.e. still handled by the `portal_factory`; if
so return it, else return None """
parent = aq_parent(aq_inner(obj))
if parent is None:
return None
if IBrowserRequest.providedBy(parent):
return None
if checkId and getattr(obj, 'getId', None):
parent = aq_base(parent)
if getattr(parent, '__contains__', None) is None:
return None
elif obj.getId() not in parent:
return None
isTemporary = getattr(obj, 'isTemporary', None)
if isTemporary is not None:
try:
if obj.isTemporary():
return None
except TypeError:
return None # `isTemporary` on the `FactoryTool` expects 2 args
return obj
def filterTemporaryItems(obj, checkId=True):
""" check if the item has an acquisition chain set up and is not of
temporary nature, i.e. still handled by the `portal_factory`; if
so return it, else return None """
parent = aq_parent(aq_inner(obj))
if parent is None:
return None
if IBrowserRequest.providedBy(parent):
return None
if checkId and getattr(obj, 'getId', None):
parent = aq_base(parent)
if getattr(parent, '__contains__', None) is None:
return None
elif obj.getId() not in parent:
return None
isTemporary = getattr(obj, 'isTemporary', None)
if isTemporary is not None:
try:
if obj.isTemporary():
return None
except TypeError:
return None # `isTemporary` on the `FactoryTool` expects 2 args
return obj
def render_content(content, request, suppress_title=False):
"""Render a content for inclusion.
"""
if not (checkPermission('zope2.View', content)
or IBrowserRequest.providedBy(request)):
# You can't see the content or don't have a valid request.
return u''
content = content.get_silva_object()
if suppress_title:
if IDocument.providedBy(content):
version = content.get_viewable()
if version is None:
return u''
details = getMultiAdapter((version, request), name="details")
return details.get_text()
if IAutoTOC.providedBy(content):
toc = getMultiAdapter((content, request), name="toc")
toc.update()
return toc.render()
# suppress title is not supported for other contents, render them publicly.
renderer = queryMultiAdapter((content, request), name='content.html')
if renderer is not None:
return renderer()
return u''
def maybe_block_offsite_form_post(request):
"""Check if an attempt was made to post a form from a remote site.
This is a cross-site request forgery (XSRF/CSRF) countermeasure.
The OffsiteFormPostError exception is raised if the following
holds true:
1. the request method is POST *AND*
2. a. the HTTP referer header is empty *OR*
b. the host portion of the referrer is not a registered vhost
"""
if request.method != 'POST':
return
if (IOAuthSignedRequest.providedBy(request)
or not IBrowserRequest.providedBy(request)):
# We only want to check for the referrer header if we are
# in the middle of a request initiated by a web browser. A
# request to the web service (which is necessarily
# OAuth-signed) or a request that does not implement
# IBrowserRequest (such as an XML-RPC request) can do
# without a Referer.
return
if request['PATH_INFO'] in OFFSITE_POST_WHITELIST:
# XXX: jamesh 2007-11-23 bug=124421:
# Allow offsite posts to our TestOpenID endpoint. Ideally we'd
# have a better way of marking this URL as allowing offsite
# form posts.
#
# XXX gary 2010-03-09 bug=535122,538097
# The one-off exceptions are necessary because existing
# non-browser applications make requests to these URLs
# without providing a Referer. Apport makes POST requests
# to +storeblob without providing a Referer (bug 538097),
# and launchpadlib used to make POST requests to
# +request-token and +access-token without providing a
# Referer.
#
# XXX Abel Deuring 2010-04-09 bug=550973
# The HWDB client "checkbox" accesses /+hwdb/+submit without
# a referer. This will change in the version in Ubuntu 10.04,
# but Launchpad should support HWDB submissions from older
# Ubuntu versions during their support period.
#
# We'll have to keep an application's one-off exception
# until the application has been changed to send a
# Referer, and until we have no legacy versions of that
# application to support. For instance, we can't get rid
# of the apport exception until after Lucid's end-of-life
# date. We should be able to get rid of the launchpadlib
# exception after Karmic's end-of-life date.
return
if request['PATH_INFO'].startswith('/+openid-callback'):
# If this is a callback from an OpenID provider, we don't require an
# on-site referer (because the provider may be off-site). This
# exception was added as a result of bug 597324 (message #10 in
# particular).
return
referrer = request.getHeader('referer') # Match HTTP spec misspelling.
if not referrer:
raise NoReferrerError('No value for REFERER header')
# XXX: jamesh 2007-04-26 bug=98437:
# The Zope testing infrastructure sets a default (incorrect)
# referrer value of "localhost" or "localhost:9000" if no
# referrer is included in the request. We let it pass through
# here for the benefits of the tests. Web browsers send full
# URLs so this does not open us up to extra XSRF attacks.
if referrer in ['localhost', 'localhost:9000']:
return
# Extract the hostname from the referrer URI
try:
hostname = URI(referrer).host
except InvalidURIError:
hostname = None
if hostname not in allvhosts.hostnames:
raise OffsiteFormPostError(referrer)
def maybe_block_offsite_form_post(request):
"""Check if an attempt was made to post a form from a remote site.
This is a cross-site request forgery (XSRF/CSRF) countermeasure.
The OffsiteFormPostError exception is raised if the following
holds true:
1. the request method is POST *AND*
2. a. the HTTP referer header is empty *OR*
b. the host portion of the referrer is not a registered vhost
"""
if request.method != 'POST':
return
if (IOAuthSignedRequest.providedBy(request)
or not IBrowserRequest.providedBy(request)):
# We only want to check for the referrer header if we are
# in the middle of a request initiated by a web browser. A
# request to the web service (which is necessarily
# OAuth-signed) or a request that does not implement
# IBrowserRequest (such as an XML-RPC request) can do
# without a Referer.
return
if request['PATH_INFO'] in OFFSITE_POST_WHITELIST:
# XXX: jamesh 2007-11-23 bug=124421:
# Allow offsite posts to our TestOpenID endpoint. Ideally we'd
# have a better way of marking this URL as allowing offsite
# form posts.
#
# XXX gary 2010-03-09 bug=535122,538097
# The one-off exceptions are necessary because existing
# non-browser applications make requests to these URLs
# without providing a Referer. Apport makes POST requests
# to +storeblob without providing a Referer (bug 538097),
# and launchpadlib used to make POST requests to
# +request-token and +access-token without providing a
# Referer.
#
# XXX Abel Deuring 2010-04-09 bug=550973
# The HWDB client "checkbox" accesses /+hwdb/+submit without
# a referer. This will change in the version in Ubuntu 10.04,
# but Launchpad should support HWDB submissions from older
# Ubuntu versions during their support period.
#
# We'll have to keep an application's one-off exception
# until the application has been changed to send a
# Referer, and until we have no legacy versions of that
# application to support. For instance, we can't get rid
# of the apport exception until after Lucid's end-of-life
# date. We should be able to get rid of the launchpadlib
# exception after Karmic's end-of-life date.
return
if request['PATH_INFO'].startswith('/+openid-callback'):
# If this is a callback from an OpenID provider, we don't require an
# on-site referer (because the provider may be off-site). This
# exception was added as a result of bug 597324 (message #10 in
# particular).
return
referrer = request.getHeader('referer') # Match HTTP spec misspelling.
if not referrer:
raise NoReferrerError('No value for REFERER header')
# XXX: jamesh 2007-04-26 bug=98437:
# The Zope testing infrastructure sets a default (incorrect)
# referrer value of "localhost" or "localhost:9000" if no
# referrer is included in the request. We let it pass through
# here for the benefits of the tests. Web browsers send full
# URLs so this does not open us up to extra XSRF attacks.
if referrer in ['localhost', 'localhost:9000']:
return
# Extract the hostname from the referrer URI
try:
hostname = URI(referrer).host
except InvalidURIError:
hostname = None
if hostname not in allvhosts.hostnames:
raise OffsiteFormPostError(referrer)
def __bobo_traverse__(self, REQUEST, name):
"""Hook for Zope 2 traversal
This method is called by Zope 2's ZPublisher upon traversal.
It allows us to trick it into faking the Zope 3 traversal system
by using an ITraverser adapter.
"""
# We are trying to be compatible with Zope 2 and 3 traversal
# behaviour as much as possible. Therefore the first part of
# this method is based on BaseRequest.traverse's behaviour:
# 1. If an object has __bobo_traverse__, use it.
# 2. Otherwise do attribute look-up or, if that doesn't work,
# key item lookup.
if zope.deprecation.__show__():
warnings.warn("The view lookup done by Traversable." \
"__bobo_traverse__ is now done by the standard " \
"traversal. This class is no longer needed and "
"will be removed in Zope 2.12.",
DeprecationWarning, 2)
if hasattr(self, '__fallback_traverse__'):
try:
return self.__fallback_traverse__(REQUEST, name)
except (AttributeError, KeyError):
pass
except NotFound:
# OFS.Application.__bobo_traverse__ calls
# REQUEST.RESPONSE.notFoundError which sets the HTTP
# status code to 404
try:
REQUEST.RESPONSE.setStatus(200)
except AttributeError:
pass
else:
try:
return getattr(self, name)
except AttributeError:
pass
try:
return self[name]
except (KeyError, IndexError, TypeError, AttributeError):
pass
# This is the part Five adds:
# 3. If neither __bobo_traverse__ nor attribute/key look-up
# work, we try to find a Zope 3-style view.
# For that we need to make sure we have a good request
# (sometimes __bobo_traverse__ gets a stub request)
if not IBrowserRequest.providedBy(REQUEST):
# Try to get the REQUEST by acquisition
REQUEST = getattr(self, 'REQUEST', None)
if not IBrowserRequest.providedBy(REQUEST):
REQUEST = FakeRequest()
setDefaultSkin(REQUEST)
# Con Zope 3 into using Zope 2's checkPermission
Products.Five.security.newInteraction()
# Use the ITraverser adapter (which in turn uses ITraversable
# adapters) to traverse to a view. Note that we're mixing
# object-graph and object-publishing traversal here, but Zope
# 2 has no way to tell us when to use which...
# TODO Perhaps we can decide on object-graph vs.
# object-publishing traversal depending on whether REQUEST is
# a stub or not?
try:
return ITraverser(self).traverse(
path=[name], request=REQUEST).__of__(self)
except (ComponentLookupError, LookupError,
AttributeError, KeyError, NotFound):
pass
raise AttributeError(name)
def __call__(self, request_string, handle_errors=True, form=None):
# Commit work done by previous python code.
commit()
# Discard leading white space to make call layout simpler
request_string = request_string.lstrip()
# split off and parse the command line
l = request_string.find('\n')
command_line = request_string[:l].rstrip()
request_string = request_string[l+1:]
method, path, protocol = command_line.split()
path = urllib.unquote(path)
instream = StringIO(request_string)
environment = {"HTTP_COOKIE": self.httpCookie(path),
"HTTP_HOST": 'localhost',
"HTTP_REFERER": 'localhost',
"REQUEST_METHOD": method,
"SERVER_PROTOCOL": protocol,
}
headers = [split_header(header)
for header in rfc822.Message(instream).headers]
for name, value in headers:
name = ('_'.join(name.upper().split('-')))
if name not in ('CONTENT_TYPE', 'CONTENT_LENGTH'):
name = 'HTTP_' + name
environment[name] = value.rstrip()
auth_key = 'HTTP_AUTHORIZATION'
if environment.has_key(auth_key):
environment[auth_key] = auth_header(environment[auth_key])
old_site = getSite()
setSite(None)
request_cls, publication_cls = self.chooseRequestClass(method, path,
environment)
app = FunctionalTestSetup().getApplication()
request = app._request(
path, instream,
environment=environment,
request=request_cls, publication=publication_cls)
if IBrowserRequest.providedBy(request):
# only browser requests have skins
setDefaultSkin(request)
if form is not None:
if request.form:
raise ValueError("only one set of form values can be provided")
request.form = form
response = ResponseWrapper(
request.response, path,
omit=('x-content-type-warning', 'x-powered-by'),
)
publish(request, handle_errors=handle_errors)
self.saveCookies(response)
setSite(old_site)
# sync Python connection:
getRootFolder()._p_jar.sync()
return response
def __bobo_traverse__(self, REQUEST, name):
"""Hook for Zope 2 traversal
This method is called by Zope 2's ZPublisher upon traversal.
It allows us to trick it into faking the Zope 3 traversal system
by using an ITraverser adapter.
"""
# We are trying to be compatible with Zope 2 and 3 traversal
# behaviour as much as possible. Therefore the first part of
# this method is based on BaseRequest.traverse's behaviour:
# 1. If an object has __bobo_traverse__, use it.
# 2. Otherwise do attribute look-up or, if that doesn't work,
# key item lookup.
result = _marker
if hasattr(self, '__fallback_traverse__'):
try:
return self.__fallback_traverse__(REQUEST, name)
except (AttributeError, KeyError):
pass
except NotFound:
# OFS.Application.__bobo_traverse__ calls
# REQUEST.RESPONSE.notFoundError which sets the HTTP
# status code to 404
try:
REQUEST.RESPONSE.setStatus(200)
except AttributeError:
pass
else:
# See if the object itself has the attribute, try acquisition
# later
if getattr(aq_base(self), name, _marker) is not _marker:
return getattr(self, name)
try:
# item access should never acquire
result = self[name]
# WebDAV requests will always return something,
# sometimes it's a NullResource, which we will ignore
# and return later if necessary
if not isinstance(result, NullResource):
return result
except (KeyError, IndexError, TypeError, AttributeError):
pass
# This is the part Five adds:
# 3. If neither __bobo_traverse__ nor attribute/key look-up
# work, we try to find a Zope 3-style view.
# For that we need to make sure we have a good request
# (sometimes __bobo_traverse__ gets a stub request)
if not IBrowserRequest.providedBy(REQUEST):
# Try to get the REQUEST by acquisition
REQUEST = getattr(self, 'REQUEST', None)
if not IBrowserRequest.providedBy(REQUEST):
REQUEST = FakeRequest()
setDefaultSkin(REQUEST)
# Con Zope 3 into using Zope 2's checkPermission
Products.Five.security.newInteraction()
# Use the ITraverser adapter (which in turn uses ITraversable
# adapters) to traverse to a view. Note that we're mixing
# object-graph and object-publishing traversal here, but Zope
# 2 has no way to tell us when to use which...
# TODO Perhaps we can decide on object-graph vs.
# object-publishing traversal depending on whether REQUEST is
# a stub or not?
try:
return ITraverser(self).traverse(
path=[name], request=REQUEST).__of__(self)
except (ComponentLookupError, LookupError,
AttributeError, KeyError, NotFound):
pass
# Fallback on acquisition, let it raise an AttributeError if it must
try:
return getattr(self, name)
except AttributeError:
if result is not _marker:
return result
raise
