def get(self, request):
"""
Process the GET content request.
:param request: The WSGI request object.
:type request: django.core.handlers.wsgi.WSGIRequest
:return: An appropriate HTTP reply
:rtype: django.http.HttpResponse
"""
host = request.get_host()
path = os.path.realpath(request.path_info)
lazy_enabled = parse_bool(pulp_conf.get('lazy', 'enabled'))
# Authorization
if not allow_access(request.environ, host):
# Not Authorized
return HttpResponseForbidden()
# Immediately 404 if the symbolic link doesn't even exist
if not os.path.lexists(request.path_info):
return HttpResponseNotFound(request.path_info)
# Already downloaded
if os.path.exists(path):
return self.x_send(path)
# Redirect if lazy is on
if lazy_enabled:
return self.redirect(request, self.key)
# NotFound
return HttpResponseNotFound(request.path_info)
def get(self, request):
"""
Process the GET content request.
:param request: The WSGI request object.
:type request: django.core.handlers.wsgi.WSGIRequest
:return: An appropriate HTTP reply
:rtype: django.http.HttpResponse
"""
host = request.get_host()
path = os.path.realpath(request.path_info)
lazy_enabled = parse_bool(pulp_conf.get('lazy', 'enabled'))
# Authorization
if not allow_access(request.environ, host):
# Not Authorized
return HttpResponseForbidden()
# Already downloaded
if os.path.exists(path):
return self.x_send(path)
# Redirect
if lazy_enabled:
return self.redirect(request, self.key)
# NotFound
return HttpResponseNotFound(request.path_info)
def test_auth_disabled(self, auth_enabled):
"""
Test that we can disable auth via config flag
"""
# NB: 'True' means that auth is disabled
auth_enabled.return_value = True
environ = mock.Mock()
self.assertTrue(allow_access(environ, 'fake.host.name'))
def test_successful_auth(self, iter_ep):
"""
Test for when all auth methods succeed
"""
environ = mock.Mock()
self.auth_one.return_value = True
self.auth_two.return_value = True
iter_ep.return_value = self.entrypoint_list
self.assertTrue(allow_access(environ, 'fake.host.name'))
def test_successful_auth(self, iter_ep, auth_enabled):
"""
Test for when all auth methods succeed
"""
# NB: 'False' means that auth is enabled
auth_enabled.return_value = False
environ = mock.Mock()
self.auth_one.return_value = True
self.auth_two.return_value = True
iter_ep.return_value = self.entrypoint_list
self.assertTrue(allow_access(environ, 'fake.host.name'))
def test_deny_one(self, iter_ep, auth_enabled):
"""
Test for when one auth fails but not the other
"""
# NB: 'False' means that auth is enabled
auth_enabled.return_value = False
environ = mock.Mock()
self.auth_one.return_value = True
self.auth_two.return_value = False
iter_ep.return_value = self.entrypoint_list
self.assertFalse(allow_access(environ, 'fake.host.name'))
def test_check_entry_points(self, iter_ep, auth_enabled):
"""
Test that entry points are loaded
"""
# NB: 'False' means that auth is enabled
auth_enabled.return_value = False
environ = mock.Mock()
iter_ep.return_value = self.entrypoint_list
self.assertTrue(allow_access(environ, 'fake.host.name'))
self.auth_one.assert_called_once_with(environ)
self.auth_two.assert_called_once_with(environ)
def get(self, request):
"""
Process the GET content request.
:param request: The WSGI request object.
:type request: django.core.handlers.wsgi.WSGIRequest
:return: An appropriate HTTP reply
:rtype: django.http.HttpResponse
"""
host = request.get_host()
path = os.path.realpath(request.path_info)
# Check authorization if http isn't being used. This environ variable must
# be available in all implementations so it is not dependant on Apache httpd:
# https://www.python.org/dev/peps/pep-0333/#environ-variables
if request.environ['wsgi.url_scheme'] != 'http':
if not allow_access(request.environ, host):
# Not Authorized
logger.info(
_('Denying {host} access to {path} because one or more'
' authenticators failed.').format(host=host, path=path))
return HttpResponseForbidden()
if not any(
[path.startswith(prefix) for prefix in self.safe_serving_paths]):
# Someone is requesting something they shouldn't.
logger.info(
_('Denying {host} request to {path} as it does not resolve to'
'a Pulp content path.').format(host=host, path=path))
return HttpResponseForbidden()
# Immediately 404 if the symbolic link doesn't even exist
if not os.path.lexists(request.path_info):
logger.debug(
_('Symbolic link to {path} does not exist.').format(path=path))
raise Http404
if os.path.isdir(path):
logger.debug(
_('Rendering directory index for {path}.').format(path=path))
return self.directory_index(path)
# Already downloaded
if os.path.exists(path):
logger.debug(
_('Serving {path} with mod_xsendfile.').format(path=path))
return self.x_send(path)
logger.debug(_('Redirecting request for {path}.').format(path=path))
return self.redirect(request, self.key)
def test_disabled_authenticators(self, disabled_authenticators, iter_ep, auth_enabled):
"""
Test for when authenticators are individually disabled
"""
# NB: 'False' means that auth is enabled
auth_enabled.return_value = False
environ = mock.Mock()
disabled_authenticators.return_value = ['auth_one', 'auth_two']
self.auth_one.return_value = False
self.auth_two.return_value = False
iter_ep.return_value = self.entrypoint_list
self.assertTrue(allow_access(environ, 'fake.host.name'))
def test_deny_one_stops_loop(self, iter_ep, auth_enabled):
"""
Test that we bail out if either authenticator is False
"""
# NB: 'False' means that auth is enabled
auth_enabled.return_value = False
environ = mock.Mock()
self.auth_one.return_value = False
self.auth_two.return_value = False
iter_ep.return_value = self.entrypoint_list
self.assertFalse(allow_access(environ, 'fake.host.name'))
# we don't know if auth_one or auth_two will occur first
total_calls = self.auth_one.call_count + self.auth_two.call_count
self.assertEquals(total_calls, 1)
def get(self, request):
"""
Process the GET content request.
:param request: The WSGI request object.
:type request: django.core.handlers.wsgi.WSGIRequest
:return: An appropriate HTTP reply
:rtype: django.http.HttpResponse
"""
host = request.get_host()
path = os.path.realpath(request.path_info)
# Check authorization if http isn't being used. This environ variable must
# be available in all implementations so it is not dependant on Apache httpd:
# https://www.python.org/dev/peps/pep-0333/#environ-variables
if request.environ['wsgi.url_scheme'] != 'http':
if not allow_access(request.environ, host):
# Not Authorized
logger.info(_('Denying {host} access to {path} because one or more'
' authenticators failed.').format(host=host, path=path))
return HttpResponseForbidden()
if not any([path.startswith(prefix) for prefix in self.safe_serving_paths]):
# Someone is requesting something they shouldn't.
logger.info(_('Denying {host} request to {path} as it does not resolve to'
'a Pulp content path.').format(host=host, path=path))
return HttpResponseForbidden()
# Immediately 404 if the symbolic link doesn't even exist
if not os.path.lexists(request.path_info):
logger.debug(_('Symbolic link to {path} does not exist.').format(path=path))
raise Http404
if os.path.isdir(path):
logger.debug(_('Rendering directory index for {path}.').format(path=path))
return self.directory_index(path)
# Already downloaded
if os.path.exists(path):
logger.debug(_('Serving {path} with mod_xsendfile.').format(path=path))
return self.x_send(path)
logger.debug(_('Redirecting request for {path}.').format(path=path))
return self.redirect(request, self.key)