def etree_subrequest(self, url, environ):
effective_url = self.premangle_subrequest(url, environ)
url_parts = urlparse(effective_url)
env = environ.copy()
env['PATH_INFO'] = url_parts[2]
if len(url_parts[4]):
env['QUERY_STRING'] = url_parts[4]
request_url = construct_url(environ, with_path_info=False,
with_query_string=False)
request_url_parts = urlparse(request_url)
if url == construct_url(environ):
req = Request(environ)
res = req.get_response(self.app)
status, headers, body = res.status, res.headerlist, res.unicode_body
elif url_parts[0] == 'file':
status, headers, body = get_file_resource(file, env)
elif request_url_parts[0:2] == url_parts[0:2]:
status, headers, body = get_internal_resource(url, env, self.app, add_to_environ={'transcluder.transclude_response': False,
TRANSCLUDED_HTTP_HEADER: env[TRANSCLUDED_HTTP_HEADER]})
else:
status, headers, body = get_external_resource(url, env)
if status.startswith('200') and self.is_html(status, headers, body):
parsed = etree.HTML(body)
else:
parsed = None
return status, headers, body, parsed
def cas_application(environ, start_response):
username = environ.get('REMOTE_USER','')
if username:
return application(environ, start_response)
qs = environ.get('QUERY_STRING','').split("&")
if qs and qs[-1].startswith("ticket="):
# assume a response from the authority
ticket = qs.pop().split("=", 1)[1]
environ['QUERY_STRING'] = "&".join(qs)
service = construct_url(environ)
args = urlencode(
{'service': service,'ticket': ticket})
requrl = authority + "validate?" + args
result = urlopen(requrl).read().split("\n")
if 'yes' == result[0]:
environ['REMOTE_USER'] = result[1]
environ['AUTH_TYPE'] = 'cas'
return application(environ, start_response)
exce = CASLoginFailure()
else:
service = construct_url(environ)
args = urlencode({'service': service})
location = authority + "login?" + args
exce = CASAuthenticate(location)
return exce.wsgi_application(environ, start_response)
def serialize(dataset):
location = construct_url(environ, with_query_string=False)
base = location[: location.rfind("/")]
context = {
"environ": environ,
"root": construct_url(environ, with_query_string=False, with_path_info=False, script_name="").rstrip(
"/"
),
"base": base,
"location": location,
"dataset": dataset,
"responses": dict(
[
(r.name, getattr(r.load(), "__description__", r.name))
for r in iter_entry_points("pydap.response")
if r.name not in COMMON_RESPONSES
]
),
"version": ".".join(str(i) for i in __version__),
}
renderer = environ.get("pydap.renderer", self.renderer)
template = renderer.loader("html.html")
output = renderer.render(template, context, output_format="text/html")
if hasattr(dataset, "close"):
dataset.close()
return [output.encode("utf-8")]
def _serviceURL(self, environ, qs=None):
""" Return a URL representing the current application (service).
Used 2 times : one to get the ticket, the other to validate it.
"""
if qs:
url = construct_url(environ, querystring=qs)
else:
url = construct_url(environ)
return url
def index(self, environ, start_response, template_name, content_type):
# Return directory listing.
path_info = environ.get('PATH_INFO', '')
directory = os.path.abspath(os.path.normpath(os.path.join(
self.root,
path_info.lstrip('/').replace('/', os.path.sep))))
mtime = getmtime(directory)
dirs_ = []
files_ = []
for root, dirs, files in os.walk(directory):
filepaths = [
os.path.abspath(os.path.join(root, filename))
for filename in files ]
# Get Last-modified.
filepaths = filter(os.path.exists, filepaths) # remove broken symlinks
if filepaths:
mtime = max(mtime, *map(getmtime, filepaths))
# Add list of files and directories.
if root == directory:
dirs_ = [d for d in dirs if not d.startswith('.')]
files_ = [{
'name': os.path.split(filepath)[1],
'size': format_size(getsize(filepath)),
'modified': time.localtime(getmtime(filepath)),
'supported': supported(filepath, self.handlers),
} for filepath in filepaths]
# Sort naturally using Ned Batchelder's algorithm.
dirs_.sort(key=alphanum_key)
files_.sort(key=lambda l: alphanum_key(l['name']))
# Base URL.
location = construct_url(environ, with_query_string=False)
root = construct_url(environ, with_query_string=False, with_path_info=False).rstrip('/')
context = {
'environ': environ,
'root': root,
'location': location,
'title': 'Index of %s' % (environ.get('PATH_INFO') or '/'),
'dirs' : dirs_,
'files': files_,
'catalog': self.catalog,
'version': '.'.join(str(d) for d in __version__)
}
template = environ['pydap.renderer'].loader(template_name)
output = environ['pydap.renderer'].render(template, context, output_format=content_type)
last_modified = formatdate(time.mktime(time.localtime(mtime)))
headers = [('Content-type', content_type), ('Last-modified', last_modified)]
start_response("200 OK", headers)
return [output.encode('utf-8')]
def __call__(self, environ, start_response):
if environ['PATH_INFO'].strip("/").startswith("_debug"):
return self.app(environ, start_response)
username = ''
environ['topp.user_info'] = dict(username = '', roles = ['Anonymous'], email = '*****@*****.**')
try:
authenticated = self.authenticate(environ)
except BadCookieError:
status = "401 Unauthorized"
start_response(status, [])
return ["Please delete your brower's cookies and login again."]
if authenticated:
username = environ.get('REMOTE_USER', '').lower()
if 'topp.project_name' in environ:
project_name = environ['topp.project_name']
environ['topp.project_members'] = umapper = UserMapper(environ, project_name,
self.openplans_instance,
self.admin_info, self.profile_uri)
if username in umapper.project_member_names():
environ['topp.user_info']['roles'].extend(umapper.project_member_roles(username))
try:
info = get_info_for_project(project_name, self.openplans_instance, self.admin_info)
environ['topp.project_permission_level'] = info['policy']
environ['topp.app_installed'] = info['installed']
except ProjectNotFoundError: #assume the most restrictive
environ['topp.project_permission_level'] = dict(policy='closed_policy')
environ['topp.app_installed'] = True # this should prob be false, but i don't want to change behavior
status, headers, body = intercept_output(environ, self.app, self.needs_redirection, start_response)
if status:
if status.startswith('401'):
status = "303 See Other"
url = construct_url(environ)
headers = [('Location', '%s?came_from=%s' % (self.login_uri, quote(url)))]
start_response(status, headers)
return []
elif status.startswith('403'):
status = "303 See Other"
url = construct_url(environ)
headers = [('Location', '%s?portal_status_message=You+have+insufficient+privileges.' % self.homepage_uri)]
start_response(status, headers)
return []
else:
return body
def serialize(dataset):
location = construct_url(environ, with_query_string=False)
base = location[:location.rfind('/')]
context = {
'root': construct_url(environ, with_query_string=False, with_path_info=False, script_name='').rstrip('/'),
'base': base,
'location': location,
'version' : '.'.join(str(d) for d in __version__),
}
renderer = environ.get('pydap.renderer', self.renderer)
template = renderer.loader('help.html')
output = renderer.render(template, context, output_format='text/html')
if hasattr(dataset, 'close'): dataset.close()
return [output]
def wrapped(environ, start_response):
if ('HTTP_X_FORWARDED_SERVER' in environ
or environ['PATH_INFO'] != '/thread-debug'):
environ['lp.timestarted'] = time.time()
return app(environ, start_response)
threadpool = environ['paste.httpserver.thread_pool']
start_response("200 Ok", [])
output = [("url", "time running", "time since last activity")]
now = time.time()
# Because we're accessing mutable structures without locks here,
# we're a bit cautious about things looking like we expect -- if a
# worker doesn't seem fully set up, we just ignore it.
for worker in threadpool.workers:
if not hasattr(worker, 'thread_id'):
continue
time_started, info = threadpool.worker_tracker.get(
worker.thread_id, (None, None))
if time_started is not None and info is not None:
real_time_started = info.get('lp.timestarted', time_started)
output.append(
map(str, (
construct_url(info),
now - real_time_started,
now - time_started,
)))
return tabulate(output)
def __call__(self, environ, start_response):
try:
return self.app(environ, start_response)
except:
environ = environ.copy()
tb = traceback.format_exc()
try:
url = construct_url(environ)
except:
url = "Error getting URL from environ"
try:
method = environ['REQUEST_METHOD']
except:
method = "No HTTP method in WSGI request"
print """<!--XSUPERVISOR:BEGIN-->
Content-Type: text/plain
Request-url: %s
Method: %s
Environment: %s
Traceback: %s
<!--XSUPERVISOR:END-->""" % (url,
method,
pformat(environ),
tb)
raise
def wrapped(environ, start_response):
if ('HTTP_X_FORWARDED_SERVER' in environ
or environ['PATH_INFO'] != '/thread-debug'):
environ['lp.timestarted'] = time.time()
return app(environ, start_response)
threadpool = environ['paste.httpserver.thread_pool']
start_response("200 Ok", [])
output = [("url", "time running", "time since last activity")]
now = time.time()
# Because we're accessing mutable structures without locks here,
# we're a bit cautious about things looking like we expect -- if a
# worker doesn't seem fully set up, we just ignore it.
for worker in threadpool.workers:
if not hasattr(worker, 'thread_id'):
continue
time_started, info = threadpool.worker_tracker.get(
worker.thread_id, (None, None))
if time_started is not None and info is not None:
real_time_started = info.get(
'lp.timestarted', time_started)
output.append(
map(str,
(construct_url(info),
now - real_time_started,
now - time_started,)))
return tabulate(output)
def _setRedirectResponse(self):
"""Construct a redirect response adding in a return to address in a
URI query argument
@rtype: basestring
@return: redirect response
"""
return2URI = construct_url(self.environ)
return2URIQueryArg = urllib.urlencode(
{self.return2uri_argname: return2URI})
redirectURI = self.redirectURI
if '?' in redirectURI:
if redirectURI.endswith('&'):
redirectURI += return2URIQueryArg
else:
redirectURI += '&' + return2URIQueryArg
else:
if redirectURI.endswith('?'):
redirectURI += return2URIQueryArg
else:
redirectURI += '?' + return2URIQueryArg
# Call NDGSecurityMiddlewareBase.redirect utility method
return self.redirect(redirectURI)
def __call__(self, environ, start_response):
exactproxy.filter_paste_httpserver_proxy_environ(environ)
url = construct_url(environ)
if self.store.has_url(url):
app = self.store.static_serve_app(url)
return app(environ, start_response)
return exactproxy.proxy_exact_request(environ, start_response)
def __call__(self, environ, start_response):
# Shouldn't ever allow a response if this is called via the
# multi handler
username = environ.get('REMOTE_USER', '')
if 'POST' == environ['REQUEST_METHOD']:
formvars = parse_formvars(environ, include_get_vars=False)
username = formvars.get('username')
password = formvars.get('password')
if username and password:
if self.authfunc(environ, username, password):
environ['AUTH_TYPE'] = 'form'
environ['REMOTE_USER'] = username
environ['REQUEST_METHOD'] = 'GET'
environ['CONTENT_LENGTH'] = ''
environ['CONTENT_TYPE'] = ''
del environ['paste.parsed_formvars']
return self.on_authorized(environ, start_response)
action = construct_url(environ)
log.debug("Form action is: %s", action)
content = self.template() % action
# @@@ Tell Pylons error documents middleware not to intercept the
# response
environ['pylons.error_call'] = 'authkit'
start_response(self.status,
[('Content-Type', 'text/html' + self.charset),
('Content-Length', str(len(content)))])
return [content]
def identify(self, environ):
if environ.has_key('rwpc.logout'):
return
uri = environ.get('REQUEST_URI', construct_url(environ))
query = parse_dict_querystring(environ)
cookies = get_cookies(environ)
cookie = cookies.get('auth_tkt')
if cookie is None or not cookie.value:
return None
remote_addr = '0.0.0.0'
identity = {}
try:
timestamp, userid, tokens, user_data = auth_tkt.parse_ticket(
self.ticket_secret, cookie.value, remote_addr)
except auth_tkt.BadTicket as e:
return None
#userObj = model.Session.query(model.User).filter_by(id=userid).first()
#if userObj is None:
# return None
#identity['login'] = userObj.name
identity['login'] = userid
return identity
def verify(self, environ, start_response):
baseurl = self.baseurl or construct_url(
environ, with_query_string=False, with_path_info=False)
params = dict(paste.request.parse_formvars(environ))
openid_url = params.get('openid')
if not openid_url:
response = render(self.template,
message='Enter an identity URL to verify.',
value='',
css_class='',
action=baseurl + self.path_verify)
start_response('200 OK',
[('Content-type', 'text/html' + self.charset),
('Content-length', str(len(response)))])
return response
oidconsumer = self._get_consumer(environ)
# import pdb; pdb.set_trace()
try:
request_ = oidconsumer.begin(openid_url)
except consumer.DiscoveryFailure, exc:
response = render(self.template,
message='Error retrieving identity URL: %s' %
(cgi.escape(str(exc[0]))),
value=self._quoteattr(openid_url),
css_class='error',
action=baseurl + self.path_verify)
start_response('200 OK',
[('Content-type', 'text/html' + self.charset),
('Content-length', str(len(response)))])
return response
def redirect_https(environ, start_response):
url = construct_url(environ)
s=list(urlparse.urlsplit(url))
s[0]="https"
u2 = urlparse.urlunsplit(s)
start_response("302 Temporary Redirect", [('location', u2), ('content-type', 'text/plain')])
return [u2]
def _POST(self, id):
"""
Create a new entry.
"""
entry = parse_request(self.environ, output_type='python')
# Set id, if POSTed to specific resource.
if id is not None:
entry.setdefault('id', id)
if not id == entry['id']: raise httpexceptions.HTTPConflict()
# Create the entry.
entry = self.em.create_entry(entry)
# Generate new resource location.
store = construct_url(self.environ, with_query_string=False, with_path_info=False)
location = urljoin(store, entry['id'])
app = self.format.responder(entry,
content_type='application/json',
headers=[('Location', location)])
# Fake start response to return 201 status.
def start(status, headers):
return self.start("201 Created", headers)
return app(self.environ, start)
def identify(self, environ):
query = parse_dict_querystring(environ)
# If the extractor finds a special query string on any request,
# it will attempt to find the values in the input body.
if query.get(self.login_form_qs):
form = parse_formvars(environ)
from StringIO import StringIO
# XXX we need to replace wsgi.input because we've read it
# this smells funny
environ['wsgi.input'] = StringIO()
form.update(query)
try:
login = form['login']
password = form['password']
realm = form['realm']
except KeyError:
return None
del query[self.login_form_qs]
environ['QUERY_STRING'] = urllib.urlencode(query)
environ['repoze.who.application'] = HTTPFound(
construct_url(environ))
credentials = {'login':login, 'password':password, 'realm':realm}
max_age = form.get('max_age', None)
if max_age is not None:
credentials['max_age'] = max_age
return credentials
return None
def fetch(self, environ):
if environ.get('REQUEST_METHOD', 'GET') not in self.allowed_methods:
return
request_headers = list(parse_headers(environ))
# if a Cache-Control/Pragma: no-cache header is in the request,
# and if honor_shift_reload is true, we don't serve it from cache
if self.honor_shift_reload:
if self._check_no_cache(request_headers, environ):
return
# we don't try to serve range requests up from the cache
if header_value(request_headers, 'Range'):
return
# we don't try to serve conditional requests up from cache
for conditional in ('If-Modified-Since', 'If-None-Match',
'If-Match'): # XXX other conditionals?
if header_value(request_headers, conditional):
return
url = construct_url(environ)
entries = self.storage.fetch(url)
if entries:
matching = self._discriminate(entries, request_headers, environ)
if not matching:
return
now = time.time()
discrims, expires, status, response_headers, body, extras = matching
if expires > now:
return status, response_headers, body
def fetch(self, environ):
if environ.get('REQUEST_METHOD', 'GET') not in self.allowed_methods:
return
request_headers = list(parse_headers(environ))
# if a Cache-Control/Pragma: no-cache header is in the request,
# and if honor_shift_reload is true, we don't serve it from cache
if self.honor_shift_reload:
if self._check_no_cache(request_headers, environ):
return
# we don't try to serve range requests up from the cache
if header_value(request_headers, 'Range'):
return
# we don't try to serve conditional requests up from cache
for conditional in ('If-Modified-Since', 'If-None-Match',
'If-Match'): # XXX other conditionals?
if header_value(request_headers, conditional):
return
url = construct_url(environ)
entries = self.storage.fetch(url)
if entries:
matching = self._discriminate(entries, request_headers, environ)
if not matching:
return
now = time.time()
discrims, expires, status, response_headers, body, extras = matching
if expires > now:
return status, response_headers, body
def form(self):
"""
Construct the plotting UI and return the page from template
Page contains the user input form and plot output img element
"""
# Log action
logger.info(
format_action_message(self.environ, 'FilePlotView.form',
'loading file plot form'))
file_name = os.path.basename(self.file_path)
location = construct_url(self.environ, with_query_string=False)
img_url = location + self._build_img_vars()
options = {
'file_name': file_name,
'img_url': img_url,
'na_file_error': self.na_file_error
}
for var_name, var_map in self.form_map.items():
options[var_name] = self._get_field_values(var_name, var_map)
context = self._build_context(**options)
template = self.PLOT_FORM_TEMPLATE
return self._render_response(template, context)
def __call__(self, environ, status, _headers):
if status.startswith('401 '):
return True
else:
if 'samlsp.pending' in environ:
return True
uri = environ.get('REQUEST_URI', None)
if uri is None:
uri = construct_url(environ)
# require and challenge for logout and inform the challenge plugin that it is a logout we want
for regex in self.path_logout:
if regex.match(uri) is not None:
environ['samlsp.logout'] = True
return True
# If the user is already authent, whatever happens(except logout),
# don't make a challenge
if 'repoze.who.identity' in environ:
return False
# require a challenge for login
for regex in self.path_login:
if regex.match(uri) is not None:
return True
return False
def respond(self, environ, start_response):
if environ.get('paste.throw_errors'):
return self.application(environ, start_response)
base_path = request.construct_url(environ, with_path_info=False,
with_query_string=False)
environ['paste.throw_errors'] = True
started = []
def detect_start_response(status, headers, exc_info=None):
try:
return start_response(status, headers, exc_info)
except:
raise
else:
started.append(True)
try:
__traceback_supplement__ = errormiddleware.Supplement, self, environ
app_iter = self.application(environ, detect_start_response)
try:
return_iter = list(app_iter)
return return_iter
finally:
if hasattr(app_iter, 'close'):
app_iter.close()
except:
exc_info = sys.exc_info()
for expected in environ.get('paste.expected_exceptions', []):
if isinstance(exc_info[1], expected):
raise
# Tell the Registry to save its StackedObjectProxies current state
# for later restoration
registry.restorer.save_registry_state(environ)
count = get_debug_count(environ)
view_uri = self.make_view_url(environ, base_path, count)
if not started:
headers = [('content-type', 'text/html')]
headers.append(('X-Debug-URL', view_uri))
start_response('500 Internal Server Error',
headers,
exc_info)
environ['wsgi.errors'].write('Debug at: %s\n' % view_uri)
exc_data = collector.collect_exception(*exc_info)
debug_info = DebugInfo(count, exc_info, exc_data, base_path,
environ, view_uri)
assert count not in self.debug_infos
self.debug_infos[count] = debug_info
if self.xmlhttp_key:
get_vars = wsgilib.parse_querystring(environ)
if dict(get_vars).get(self.xmlhttp_key):
exc_data = collector.collect_exception(*exc_info)
html = formatter.format_html(
exc_data, include_hidden_frames=False,
include_reusable=False, show_extra_data=False)
return [html]
# @@: it would be nice to deal with bad content types here
return debug_info.content()
def verify(self, environ, start_response):
baseurl = self.baseurl or construct_url(environ, with_query_string=False, with_path_info=False)
params = dict(paste.request.parse_formvars(environ))
openid_url = params.get("openid")
if not openid_url:
response = render(
self.template,
message="Enter an identity URL to verify.",
value="",
css_class="",
action=baseurl + self.path_verify,
)
start_response(
"200 OK", [("Content-type", "text/html" + self.charset), ("Content-length", str(len(response)))]
)
return response
oidconsumer = self._get_consumer(environ)
try:
request_ = oidconsumer.begin(openid_url)
except consumer.DiscoveryFailure, exc:
response = render(
self.template,
message="Error retrieving identity URL: %s" % (cgi.escape(str(exc[0]))),
value=self._quoteattr(openid_url),
css_class="error",
action=baseurl + self.path_verify,
)
start_response(
"200 OK", [("Content-type", "text/html" + self.charset), ("Content-length", str(len(response)))]
)
return response
def find_file(self, environ, base_filename):
possible = []
"""Cache a few values to reduce function call overhead"""
for filename in os.listdir(self.directory):
base, ext = os.path.splitext(filename)
full_filename = os.path.join(self.directory, filename)
if (ext in self.hide_extensions
or not base):
continue
if filename == base_filename:
possible.append(full_filename)
continue
if ext in self.ignore_extensions:
continue
if base == base_filename:
possible.append(full_filename)
if not possible:
#environ['wsgi.errors'].write(
# 'No file found matching %r in %s\n'
# % (base_filename, self.directory))
return None
if len(possible) > 1:
# If there is an exact match, this isn't 'ambiguous'
# per se; it might mean foo.gif and foo.gif.back for
# instance
if full_filename in possible:
return full_filename
else:
environ['wsgi.errors'].write(
'Ambiguous URL: %s; matches files %s\n'
% (request.construct_url(environ),
', '.join(possible)))
return None
return possible[0]
def identify(self, environ):
query = parse_dict_querystring(environ)
# If the extractor finds a special query string on any request,
# it will attempt to find the values in the input body.
if query.get(self.login_form_qs):
form = parse_formvars(environ)
from StringIO import StringIO
# XXX we need to replace wsgi.input because we've read it
# this smells funny
environ['wsgi.input'] = StringIO()
form.update(query)
credentials = self._getCredentials(form)
del query[self.login_form_qs]
environ['QUERY_STRING'] = urllib.urlencode(query)
environ['repoze.who.application'] = HTTPFound(
construct_url(environ))
if 'login' not in credentials or 'password' not in credentials:
return None
return credentials
return None
def __call__(self, environ, status, _headers):
if status.startswith('401 '):
return True
else:
if 'samlsp.pending' in environ:
return True
uri = environ.get('REQUEST_URI', None)
if uri is None:
uri = construct_url(environ)
# require and challenge for logout and inform the challenge plugin that it is a logout we want
for regex in self.path_logout:
if regex.match(uri) is not None:
environ['samlsp.logout'] = True
return True
# If the user is already authent, whatever happens(except logout),
# don't make a challenge
if 'repoze.who.identity' in environ:
return False
# require a challenge for login
for regex in self.path_login:
if regex.match(uri) is not None:
return True
return False
def identify(self, environ):
query = parse_dict_querystring(environ)
# If the extractor finds a special query string on any request,
# it will attempt to find the values in the input body.
if query.get(self.login_form_qs):
form = parse_formvars(environ)
from StringIO import StringIO
# XXX we need to replace wsgi.input because we've read it
# this smells funny
environ['wsgi.input'] = StringIO()
form.update(query)
credentials = self._getCredentials(form)
del query[self.login_form_qs]
environ['QUERY_STRING'] = urllib.urlencode(query)
environ['repoze.who.application'] = HTTPFound(
construct_url(environ))
if 'login' not in credentials or 'password' not in credentials:
return None
return credentials
return None
def _send_index(self, environ, start_response):
projects = []
for env_name in os.listdir(self.path):
env_path = os.path.join(self.path, env_name)
try:
env = open_environment(env_path)
env_perm = PermissionCache(
PermissionSystem(env).get_user_permissions(
environ.get("REMOTE_USER", "anonymous")))
if env_perm.has_permission('WIKI_VIEW'):
projects.append({
'name':
env.project_name,
'description':
env.project_description,
# XXX: get rid of the double / in the beginning
'href':
construct_url(environ, path_info="/" + env_name),
})
except Exception:
pass
projects.sort(lambda x, y: cmp(x['name'].lower(), y['name'].lower()))
start_response("200 OK", [('content-type', 'text/html')])
return self.template.render({"projects": projects},
format='xhtml',
template="wsgiplugin.index")
def identify(self, environ):
query = parse_dict_querystring(environ)
# If the extractor finds a special query string on any request,
# it will attempt to find the values in the input body.
if query.get(self.login_form_qs):
form = parse_formvars(environ)
from StringIO import StringIO
# XXX we need to replace wsgi.input because we've read it
# this smells funny
environ['wsgi.input'] = StringIO()
form.update(query)
try:
login = form['login']
password = form['password']
except KeyError:
return None
del query[self.login_form_qs]
environ['QUERY_STRING'] = urllib.urlencode(query)
environ['repoze.who.application'] = HTTPFound(
construct_url(environ))
credentials = {'login':login, 'password':password}
max_age = form.get('max_age', None)
if max_age is not None:
credentials['max_age'] = max_age
return credentials
return None
def not_found(self, environ, start_response, debug_message=None):
exc = httpexceptions.HTTPNotFound(
"The resource at %s could not be found" % request.construct_url(environ),
comment="SCRIPT_NAME=%r; PATH_INFO=%r; looking in %r; debug: %s"
% (environ.get("SCRIPT_NAME"), environ.get("PATH_INFO"), self.directory, debug_message or "(none)"),
)
return exc.wsgi_application(environ, start_response)
def _setRedirectResponse(self):
"""Construct a redirect response adding in a return to address in a
URI query argument
@rtype: basestring
@return: redirect response
"""
return2URI = construct_url(self.environ)
return2URIQueryArg = urllib.urlencode(
{self.return2uri_argname: return2URI})
redirectURI = self.redirectURI
if '?' in redirectURI:
if redirectURI.endswith('&'):
redirectURI += return2URIQueryArg
else:
redirectURI += '&' + return2URIQueryArg
else:
if redirectURI.endswith('?'):
redirectURI += return2URIQueryArg
else:
redirectURI += '?' + return2URIQueryArg
# Call NDGSecurityMiddlewareBase.redirect utility method
return self.redirect(redirectURI)
def find_file(self, environ, base_filename):
possible = []
"""Cache a few values to reduce function call overhead"""
for filename in os.listdir(self.directory):
base, ext = os.path.splitext(filename)
full_filename = os.path.join(self.directory, filename)
if (ext in self.hide_extensions or not base):
continue
if filename == base_filename:
possible.append(full_filename)
continue
if ext in self.ignore_extensions:
continue
if base == base_filename:
possible.append(full_filename)
if not possible:
#environ['wsgi.errors'].write(
# 'No file found matching %r in %s\n'
# % (base_filename, self.directory))
return None
if len(possible) > 1:
# If there is an exact match, this isn't 'ambiguous'
# per se; it might mean foo.gif and foo.gif.back for
# instance
if full_filename in possible:
return full_filename
else:
environ['wsgi.errors'].write(
'Ambiguous URL: %s; matches files %s\n' %
(request.construct_url(environ), ', '.join(possible)))
return None
return possible[0]
def __call__(self, environ, start_response):
https = environ.get("HTTPS", "off")
if self.secure and https != 'on':
return redirect_https(environ, start_response)
if self.parent:
project = path_info_pop(environ)
if project:
if not os.path.isdir('{0}/{1}'.format(self.path, project)):
start_response("404 Not Found", [('content-type', 'text/html')])
return self.template.render({'message': 'Trac name {0} does\'t exist.'.format(project)},
format='xhtml', template="wsgiplugin.notfound")
environ['trac.env_path'] = os.path.join(self.path, project)
try:
return dispatch_request(environ, start_response)
except HTTPForbidden:
if environ.get('REMOTE_USER'): #We have SOMETHING set in REMOTE_USER - so Forbidden
start_response("200 OK", [('content-type', 'text/html')])
return self.template.render({}, format='xhtml', template="wsgiplugin.unauthorized")
else:
url = '/login_form?came_from=%s' % construct_url(environ)
start_response("302 Temporary Redirect", [('Location', url)])
return []
except HTTPNotFound, e:
start_response("404 Not Found", [('content-type', 'text/html')])
return self.template.render({'message': e}, format='xhtml', template="wsgiplugin.notfound")
else:
return self._send_index(environ, start_response)
def store(self, status, response_headers, environ):
request_headers = list(parse_headers(environ))
# abort if we shouldn't store this response
request_method = environ.get('REQUEST_METHOD', 'GET')
if request_method not in self.allowed_methods:
return
if not (status.startswith('200') or status.startswith('203')):
return
if environ['wsgi.url_scheme'] == 'https':
if not self.store_https_responses:
return
if self._check_no_cache(response_headers, environ):
return
cc_header = header_value(response_headers, 'Cache-Control')
if cc_header:
cc_parts = parse_cache_control_header(cc_header)
try:
if int(cc_parts.get('max-age', '0')) == 0:
return
except ValueError:
return
# if we didn't abort due to any condition above, store the response
vary_header_names = []
vary = header_value(response_headers, 'Vary')
if vary is not None:
vary_header_names.extend(
[ x.strip().lower() for x in vary.split(',') ])
if self.always_vary_on_headers:
vary_header_names.extend(list(self.always_vary_on_headers))
if '*' in vary_header_names:
return
discriminators = Discriminators(request_headers, environ,
vary_header_names, self.always_vary_on_environ)
headers = endtoend(response_headers)
url = construct_url(environ)
# Response headers won't have a date if we aren't proxying to
# another http server on our right hand side.
date = header_value(response_headers, 'Date')
if date is None:
date = time.time()
else:
date = calendar.timegm(parsedate_tz(date))
expires = self._expires(date, response_headers)
# XXX purge?
return self.storage.store(
url,
discriminators,
expires,
status,
headers,
)
def __call__(self, environ, start_response):
if not environ['PATH_INFO'].endswith('/') and not environ['PATH_INFO'].startswith('/_debug'):
environ['PATH_INFO'] += '/'
url = construct_url(environ)
start_response('301 Moved Permanently', [('Location', url)])
return []
else:
return self.app(environ, start_response)
def redirect_https(environ, start_response):
url = construct_url(environ)
s = list(urlparse.urlsplit(url))
s[0] = "https"
u2 = urlparse.urlunsplit(s)
start_response("302 Temporary Redirect", [('location', u2),
('content-type', 'text/plain')])
return [u2]
def not_found(self, environ, start_response, debug_message=None):
exc = httpexceptions.HTTPNotFound(
'The resource at %s could not be found' %
request.construct_url(environ),
comment='SCRIPT_NAME=%r; PATH_INFO=%r; looking in %r; debug: %s' %
(environ.get('SCRIPT_NAME'), environ.get('PATH_INFO'),
self.directory, debug_message or '(none)'))
return exc.wsgi_application(environ, start_response)
def __call__(self, environ, start_response):
path_info = environ.setdefault('PATH_INFO', '')
if path_info.startswith('/.olpcproxy/'):
path_info_pop(environ)
return static_app(environ, start_response)
environ['olpcproxy.static_url'] = construct_url(environ, path_info='/.olpcproxy', with_query_string=False)
environ['olpcproxy.static_path'] = static_dir
return self.proxy(environ, start_response)
def not_found(self, environ, start_response, debug_message=None):
exc = httpexceptions.HTTPNotFound(
'The resource at %s could not be found'
% request.construct_url(environ),
comment='SCRIPT_NAME=%r; PATH_INFO=%r; looking in egg:%s#%r; debug: %s'
% (environ.get('SCRIPT_NAME'), environ.get('PATH_INFO'),
self.egg, self.resource_name, debug_message or '(none)'))
return exc.wsgi_application(environ, start_response)
def identify(self, environ):
"""
Tries do the identification
"""
#logger = environ.get('repoze.who.logger', '')
if "CONTENT_LENGTH" not in environ or not environ["CONTENT_LENGTH"]:
logger.debug('[identify] get or empty post')
return {}
# if logger:
# logger.info("ENVIRON: %s" % environ)
# logger.info("self: %s" % (self.__dict__,))
uri = environ.get('REQUEST_URI', construct_url(environ))
logger.debug('[sp.identify] uri: %s' % (uri, ))
query = parse_dict_querystring(environ)
logger.debug('[sp.identify] query: %s' % (query, ))
post = self._get_post(environ)
try:
logger.debug('[sp.identify] post keys: %s' % (post.keys(), ))
except (TypeError, IndexError):
pass
try:
if not post.has_key("SAMLResponse"):
logger.info("[sp.identify] --- NOT SAMLResponse ---")
# Not for me, put the post back where next in line can
# find it
environ["post.fieldstorage"] = post
return {}
else:
logger.info("[sp.identify] --- SAMLResponse ---")
# check for SAML2 authN response
#if self.debug:
try:
session_info = self._eval_authn_response(
environ, cgi_field_storage_to_dict(post))
except Exception:
return None
except TypeError, exc:
# might be a ECP (=SOAP) response
body = environ.get('s2repoze.body', None)
if body:
# might be a ECP response
try:
session_info = self.do_ecp_response(body, environ)
except Exception:
environ["post.fieldstorage"] = post
return {}
else:
exception_trace("sp.identity", exc, logger)
environ["post.fieldstorage"] = post
return {}
def identify(self, environ):
"""
Tries do the identification
"""
#logger = environ.get('repoze.who.logger', '')
if "CONTENT_LENGTH" not in environ or not environ["CONTENT_LENGTH"]:
logger.debug('[identify] get or empty post')
return {}
# if logger:
# logger.info("ENVIRON: %s" % environ)
# logger.info("self: %s" % (self.__dict__,))
uri = environ.get('REQUEST_URI', construct_url(environ))
logger.debug('[sp.identify] uri: %s' % (uri,))
query = parse_dict_querystring(environ)
logger.debug('[sp.identify] query: %s' % (query,))
post = self._get_post(environ)
try:
logger.debug('[sp.identify] post keys: %s' % (post.keys(),))
except (TypeError, IndexError):
pass
try:
if not post.has_key("SAMLResponse"):
logger.info("[sp.identify] --- NOT SAMLResponse ---")
# Not for me, put the post back where next in line can
# find it
environ["post.fieldstorage"] = post
return {}
else:
logger.info("[sp.identify] --- SAMLResponse ---")
# check for SAML2 authN response
#if self.debug:
try:
session_info = self._eval_authn_response(environ,
cgi_field_storage_to_dict(post))
except Exception:
return None
except TypeError, exc:
# might be a ECP (=SOAP) response
body = environ.get('s2repoze.body', None)
if body:
# might be a ECP response
try:
session_info = self.do_ecp_response(body, environ)
except Exception:
environ["post.fieldstorage"] = post
return {}
else:
exception_trace("sp.identity", exc, logger)
environ["post.fieldstorage"] = post
return {}
def _log_message(self, environ):
remote_addr = environ.get('HTTP_X_FORWARDED_FOR',
environ['REMOTE_ADDR'])
LOG.info("%s request issued by user (%s) tenant (%s) remote address "
"(%s)"
" \"%s %s\"" %
(environ['REQUEST_METHOD'], environ['HTTP_X_USER'],
environ['HTTP_X_TENANT'], remote_addr,
environ['REQUEST_METHOD'], construct_url(environ)))
def serialize(dataset):
fix_map_attributes(dataset)
grids = [grid for grid in walk(dataset, GridType) if is_valid(grid, dataset)]
# Set global lon/lat ranges.
try:
lon_range = self.cache.get_value('lon_range')
except (KeyError, AttributeError):
try:
lon_range = dataset.attributes['NC_GLOBAL']['lon_range']
except KeyError:
lon_range = [np.inf, -np.inf]
for grid in grids:
lon = np.asarray(get_lon(grid, dataset)[:])
lon_range[0] = min(lon_range[0], np.min(lon))
lon_range[1] = max(lon_range[1], np.max(lon))
if self.cache:
self.cache.set_value('lon_range', lon_range)
try:
lat_range = self.cache.get_value('lat_range')
except (KeyError, AttributeError):
try:
lat_range = dataset.attributes['NC_GLOBAL']['lat_range']
except KeyError:
lat_range = [np.inf, -np.inf]
for grid in grids:
lat = np.asarray(get_lat(grid, dataset)[:])
lat_range[0] = min(lat_range[0], np.min(lat))
lat_range[1] = max(lat_range[1], np.max(lat))
if self.cache:
self.cache.set_value('lat_range', lat_range)
# Remove ``REQUEST=GetCapabilites`` from query string.
location = construct_url(environ, with_query_string=True)
base = location.split('REQUEST=')[0].rstrip('?&')
context = {
'dataset': dataset,
'location': base,
'layers': grids,
'lon_range': lon_range,
'lat_range': lat_range,
}
# Load the template using the specified renderer, or fallback to the
# default template since most of the people won't bother installing
# and/or creating a capabilities template -- this guarantees that the
# response will work out of the box.
try:
renderer = environ['pydap.renderer']
template = renderer.loader('capabilities.xml')
except (KeyError, TemplateNotFound):
renderer = self.renderer
template = renderer.loader('capabilities.xml')
output = renderer.render(template, context, output_format='text/xml')
if hasattr(dataset, 'close'): dataset.close()
return [output.encode('utf-8')]
def serialize(dataset):
location = construct_url(environ, with_query_string=False)
base = location[:location.rfind('/')]
context = {
'environ': environ,
'root': construct_url(environ, with_query_string=False, with_path_info=False, script_name='').rstrip('/'),
'base': base,
'location': location,
'dataset': dataset,
'responses': dict([(r.name, getattr(r.load(), '__description__', r.name))
for r in iter_entry_points('pydap.response')
if r.name not in COMMON_RESPONSES]),
'version': '.'.join(str(i) for i in __version__),
}
renderer = environ.get('pydap.renderer', self.renderer)
template = renderer.loader('html.html')
output = renderer.render(template, context, output_format='text/html')
if hasattr(dataset, 'close'): dataset.close()
return [output.encode('utf-8')]
def getURI(worker_environ):
# worker_environ can go away anytime, protect against that
try:
uri = worker_environ["HTTP_X_FORWARDED_FOR"]
except:
try:
uri = construct_url(worker_environ)
except:
uri = "n/a"
return uri
def islocalhost():
"""
Checks to see if the user is accessing the page locally.
@return True if user is on localhost
@return False if user is not on localhost
"""
URL = construct_url(request.environ,
with_query_string=False,
with_path_info=False)
return (URL.find("localhost") > -1)
def __call__(self, environ, start_response):
baseurl = self.baseurl or construct_url(
environ, with_query_string=False, with_path_info=False)
content = render(self.template,
message='',
value='',
css_class='',
action=baseurl + self.path_verify)
start_response("200 OK", [('Content-Type', 'text/html' + self.charset),
('Content-Length', str(len(content)))])
return [content]
def _is_nfvi_request(self, request):
body = get_jason_request_body(request)
data = json.loads(body)
for action in self._actions:
if action in list(data):
environ = request.environ
LOG.info("Forward to NFV \"%s %s\", action: (%s), val:(%s)" %
(environ['REQUEST_METHOD'], construct_url(environ),
action, data[action]))
return True
return False
def make_repost_button(environ):
url = request.construct_url(environ)
if environ['REQUEST_METHOD'] == 'GET':
return ('<button onclick="window.location.href=%r">'
'Re-GET Page</button><br>' % url)
else:
# @@: I'd like to reconstruct this, but I can't because
# the POST body is probably lost at this point, and
# I can't get it back :(
return None
# @@: Use or lose the following code block
"""
def process(self, environ, start_response):
baseurl = self.baseurl or construct_url(
environ, with_query_string=False, with_path_info=False)
value = ''
css_class = 'error'
message = ''
params = dict(paste.request.parse_querystring(environ))
oidconsumer = self._get_consumer(environ)
info = oidconsumer.complete(dict(params))
css_class = 'error'
if info.status == consumer.FAILURE and info.identity_url:
fmt = "Verification of %s failed."
message = fmt % (cgi.escape(info.identity_url), )
environ['wsgi.errors'].write("Passurl Message: %s %s" %
(message, info.message))
elif info.status == consumer.SUCCESS:
username = info.identity_url
user_data = str(info.extensionResponse('sreg'))
# Set the cookie
if self.urltouser:
username = self.urltouser(environ, info.identity_url)
environ['paste.auth_tkt.set_user'](username, user_data=user_data)
# Return a page that does a meta refresh
response = """
<HTML>
<HEAD>
<META HTTP-EQUIV="refresh" content="0;URL=%s">
<TITLE>Signed in</TITLE>
</HEAD>
<BODY>
<!-- You are sucessfully signed in. Redirecting... -->
</BODY>
</HTML>
""" % (self.baseurl + self.path_signedin)
start_response('200 OK',
[('Content-type', 'text/html' + self.charset),
('Content-length', len(response))])
return response
elif info.status == consumer.CANCEL:
message = 'Verification cancelled'
else:
environ['wsgi.errors'].write("Passurl Message: %s" % info.message)
message = 'Verification failed.'
value = self._quoteattr(info.identity_url)
response = render(self.template,
message=message,
value=value,
css_class=css_class,
action=baseurl + self.path_verify)
start_response('200 OK', [('Content-type', 'text/html' + self.charset),
('Content-length', len(response))])
return response
def serialize(dataset):
location = construct_url(environ, with_query_string=False)
base = location[:location.rfind('/')]
context = {
'root':
construct_url(environ,
with_query_string=False,
with_path_info=False,
script_name='').rstrip('/'),
'base':
base,
'location':
location,
'version':
'.'.join(str(d) for d in __version__),
}
renderer = environ.get('pydap.renderer', self.renderer)
template = renderer.loader('help.html')
output = renderer.render(template,
context,
output_format='text/html')
if hasattr(dataset, 'close'): dataset.close()
return [output]
def add_slash(self, environ, start_response):
"""
This happens when you try to get to a directory
without a trailing /
"""
url = request.construct_url(environ, with_query_string=False)
url += '/'
if environ.get('QUERY_STRING'):
url += '?' + environ['QUERY_STRING']
exc = httpexceptions.HTTPMovedPermanently(
'The resource has moved to %s - you should be redirected '
'automatically.' % url,
headers=[('location', url)])
return exc.wsgi_application(environ, start_response)
def _build_context(self, **kwargs):
'''
Constructs the context required for rendering a Jinja2 template
'''
# Base URL.
location = construct_url(self.environ, with_query_string=False)
root = construct_url(self.environ,
with_query_string=False,
with_path_info=False)
root = root.rstrip('/')
context = {
'environ': self.environ,
'root': root,
'location': location,
'version': '.'.join(str(d) for d in __version__)
}
context.update(kwargs)
return context
def _verify_request(self, env):
r"""Construct an oauth2 request from the parameters and verify the
signature. Die if unsuccessful.
"""
req = oauth2.Request(
method=env['environ']['REQUEST_METHOD'],
# A full url is needed
url=construct_url(env['environ'], with_query_string=False),
parameters=env['identity'])
try:
self.server.verify_request(req, env['consumer'], env.get('token'))
except oauth2.Error, e:
# Verification error
return False
def forbidden_exception(self, environ, start_response, debug_message=None):
"""add???
:param environ: add???
:param start_response: add??
:param debug_message: add???. Default value is ``None``
:returns: add???
"""
exc = httpexceptions.HTTPForbidden(
'The resource at %s could not be viewed'
% paste_request.construct_url(environ),
comment='SCRIPT_NAME=%r; PATH_INFO=%r; debug: %s'
% (environ.get('SCRIPT_NAME'), environ.get('PATH_INFO'),
debug_message or '(none)'))
return exc.wsgi_application(environ, start_response)
def challenge(self, environ, status, app_headers, forget_headers):
reason = header_value(app_headers, 'X-Authorization-Failure-Reason')
url_parts = list(urlparse.urlparse(self.login_form_url))
query = url_parts[4]
query_elements = cgi.parse_qs(query)
came_from = environ.get('came_from', construct_url(environ))
query_elements['came_from'] = came_from
if reason:
query_elements[self.reason_param] = reason
url_parts[4] = urllib.urlencode(query_elements, doseq=True)
login_form_url = urlparse.urlunparse(url_parts)
headers = [ ('Location', login_form_url) ]
cookies = [(h,v) for (h,v) in app_headers if h.lower() == 'set-cookie']
headers = headers + forget_headers + cookies
return HTTPFound(headers=headers)
def __call__(self, req):
from paste.request import construct_url
environ = req.environ
LOG.info('Incoming headers: (%s %s)\n' %
(environ['REQUEST_METHOD'], construct_url(environ)))
for name, value in sorted(environ.items()):
name = self.translate_keys.get(name, name)
if not name.startswith('HTTP_'):
continue
name = name[5:].replace('_', '-').title()
LOG.info(' %s: %s\n' % (name, value))
if self._show_body:
self.show_request_body(environ)
return self.application
def cas_application(environ, start_response):
username = environ.get('REMOTE_USER', '')
if username:
return application(environ, start_response)
qs = environ.get('QUERY_STRING', '').split("&")
if qs and qs[-1].startswith("ticket="):
# assume a response from the authority
ticket = qs.pop().split("=", 1)[1]
environ['QUERY_STRING'] = "&".join(qs)
service = construct_url(environ)
args = urllib.urlencode({'service': service, 'ticket': ticket})
requrl = authority + "validate?" + args
result = urllib.urlopen(requrl).read().split("\n")
if 'yes' == result[0]:
environ['REMOTE_USER'] = result[1]
environ['AUTH_TYPE'] = 'cas'
return application(environ, start_response)
exce = CASLoginFailure()
else:
service = construct_url(environ)
args = urllib.urlencode({'service': service})
location = authority + "login?" + args
exce = CASAuthenticate(location)
return exce.wsgi_application(environ, start_response)
