def test_stub_request(self): html_request = self.stub_request() js_request = self.stub_request(content_type='text/javascript', status=401, interfaces=IFoo) iface_request = self.stub_request(interfaces=[IFoo, IBar]) self.replay() self.assertTrue(IDefaultBrowserLayer.providedBy(html_request)) self.assertTrue(IBrowserRequest.providedBy(html_request)) self.assertEqual(html_request.debug, False) self.assertEqual(html_request.response.getHeader('Content-Type'), 'text/html') self.assertEqual(html_request.response.getStatus(), 200) self.assertTrue(IDefaultBrowserLayer.providedBy(js_request)) self.assertTrue(IBrowserRequest.providedBy(js_request)) self.assertTrue(IFoo.providedBy(js_request)) self.assertEqual(js_request.debug, False) self.assertEqual(js_request.response.getHeader('Content-Type'), 'text/javascript') self.assertEqual(js_request.response.getStatus(), 401) self.assertTrue(IFoo.providedBy(iface_request)) self.assertTrue(IBar.providedBy(iface_request)) self.assertTrue(IDefaultBrowserLayer.providedBy(iface_request)) self.assertTrue(IBrowserRequest.providedBy(iface_request)) self.assertEqual(html_request.debug, False) self.assertEqual(html_request.response.getHeader('Content-Type'), 'text/html') self.assertEqual(html_request.response.getStatus(), 200)
def test_stub_request(self): html_request = self.stub_request() js_request = self.stub_request( content_type='text/javascript', status=401, interfaces=IFoo) iface_request = self.stub_request(interfaces=[IFoo, IBar]) self.replay() self.assertTrue(IDefaultBrowserLayer.providedBy(html_request)) self.assertTrue(IBrowserRequest.providedBy(html_request)) self.assertEqual(html_request.debug, False) self.assertEqual(html_request.response.getHeader( 'Content-Type'), 'text/html') self.assertEqual(html_request.response.getStatus(), 200) self.assertTrue(IDefaultBrowserLayer.providedBy(js_request)) self.assertTrue(IBrowserRequest.providedBy(js_request)) self.assertTrue(IFoo.providedBy(js_request)) self.assertEqual(js_request.debug, False) self.assertEqual(js_request.response.getHeader( 'Content-Type'), 'text/javascript') self.assertEqual(js_request.response.getStatus(), 401) self.assertTrue(IFoo.providedBy(iface_request)) self.assertTrue(IBar.providedBy(iface_request)) self.assertTrue(IDefaultBrowserLayer.providedBy(iface_request)) self.assertTrue(IBrowserRequest.providedBy(iface_request)) self.assertEqual(html_request.debug, False) self.assertEqual(html_request.response.getHeader( 'Content-Type'), 'text/html') self.assertEqual(html_request.response.getStatus(), 200)
def __bobo_traverse__(self, REQUEST, name): """Hook for Zope 2 traversal This method is called by Zope 2's ZPublisher upon traversal. It allows us to trick it into faking the Zope 3 traversal system by using an ITraverser adapter. """ # We are trying to be compatible with Zope 2 and 3 traversal # behaviour as much as possible. Therefore the first part of # this method is based on BaseRequest.traverse's behaviour: # 1. If an object has __bobo_traverse__, use it. # 2. Otherwise do attribute look-up or, if that doesn't work, # key item lookup. if hasattr(self, '__fallback_traverse__'): try: return self.__fallback_traverse__(REQUEST, name) except (AttributeError, KeyError): pass else: try: return getattr(self, name) except AttributeError: pass try: return self[name] except (KeyError, IndexError, TypeError, AttributeError): pass # This is the part Five adds: # 3. If neither __bobo_traverse__ nor attribute/key look-up # work, we try to find a Zope 3-style view. # For that we need to make sure we have a good request # (sometimes __bobo_traverse__ gets a stub request) if not IBrowserRequest.providedBy(REQUEST): # Try to get the REQUEST by acquisition REQUEST = getattr(self, 'REQUEST', None) if not IBrowserRequest.providedBy(REQUEST): REQUEST = FakeRequest() # Con Zope 3 into using Zope 2's checkPermission Products.Five.security.newInteraction() # Use the ITraverser adapter (which in turn uses ITraversable # adapters) to traverse to a view. Note that we're mixing # object-graph and object-publishing traversal here, but Zope # 2 has no way to tell us when to use which... # TODO Perhaps we can decide on object-graph vs. # object-publishing traversal depending on whether REQUEST is # a stub or not? try: return ITraverser(self).traverse(path=[name], request=REQUEST).__of__(self) except (ComponentLookupError, NotFoundError, AttributeError, KeyError, NotFound): pass raise AttributeError, name
def __bobo_traverse__(self, REQUEST, name): parent = aq_parent(self) proxy = self.__of__(parent) val = getattr(proxy, name, _marker) if val is not _marker: return val else: # try for a Zope 3-type view. see code in Five/traversable.py target = self.getTarget() if not IBrowserRequest.providedBy(REQUEST): # Try to get the REQUEST by acquisition REQUEST = getattr(self, 'REQUEST', None) if not IBrowserRequest.providedBy(REQUEST): REQUEST = FakeRequest() setDefaultSkin(REQUEST) Products.Five.security.newInteraction() try: # note use of 'target' instead of 'self'... return ITraverser(target).traverse( path=[name], request=REQUEST).__of__(target) except (ComponentLookupError, LookupError, AttributeError, KeyError, NotFound): pass raise AttributeError, "name"
def __bobo_traverse__(self, REQUEST, name): """Hook for Zope 2 traversal This method is called by Zope 2's ZPublisher upon traversal. It allows us to trick it into faking the Zope 3 traversal system by using an ITraverser adapter. """ if not IBrowserRequest.providedBy(REQUEST): # Try to get the REQUEST by acquisition REQUEST = getattr(self, 'REQUEST', None) if not IBrowserRequest.providedBy(REQUEST): REQUEST = FakeRequest() try: kw = dict(path=[name], request=REQUEST) return ITraverser(self).traverse(**kw).__of__(self) except (ComponentLookupError, NotFoundError, AttributeError, KeyError, NotFound): pass try: return getattr(self, name) except AttributeError: pass try: return self[name] except (AttributeError, KeyError): pass return self.__fallback_traverse__(REQUEST, name)
def __bobo_traverse__(self, REQUEST, name): """Hook for Zope 2 traversal This method is called by Zope 2's ZPublisher upon traversal. It allows us to trick it into faking the Zope 3 traversal system by using an ITraverser adapter. """ if not IBrowserRequest.providedBy(REQUEST): # Try to get the REQUEST by acquisition REQUEST = getattr(self, 'REQUEST', None) if not IBrowserRequest.providedBy(REQUEST): REQUEST = FakeRequest() # set the default skin on the request if it doesn't have any # layers set on it yet if queryType(REQUEST, ILayer) is None: setDefaultSkin(REQUEST) # con Zope 3 into using Zope 2's checkPermission newInteraction() try: return ITraverser(self).traverse(path=[name], request=REQUEST).__of__(self) except (ComponentLookupError, LookupError, AttributeError, KeyError, NotFound): pass try: return getattr(self, name) except AttributeError: pass try: return self[name] except (AttributeError, KeyError): pass return self.__fallback_traverse__(REQUEST, name)
def test_has_key(self): environ = { 'PATH_INFO': '/', 'QUERY_STRING': 'lastName=Doe;country:list=Japan;country:list=Hungary', } request = Request(environ) zrequest = IBrowserRequest(request) assert_that(zrequest.has_key('lastName'), is_(True))
def __call__(self, input_stream, env, output_stream=None): """See `zope.app.publication.interfaces.IPublicationRequestFactory`""" # BBB: This is backward-compatibility support for the deprecated # output stream. try: env.get except AttributeError: import warnings warnings.warn("Can't pass output streams to requests anymore. " "This will go away in Zope 3.4.", DeprecationWarning, 2) env, output_stream = output_stream, env method = env.get('REQUEST_METHOD', 'GET').upper() request_class, publication_class = chooseClasses(method, env) publication = self._publication_cache.get(publication_class) if publication is None: publication = publication_class(self._db) self._publication_cache[publication_class] = publication request = request_class(input_stream, env) request.setPublication(publication) if IBrowserRequest.providedBy(request): # only browser requests have skins setDefaultSkin(request) return request
def __call__(self, input_stream, env, output_stream=None): """See `zope.app.publication.interfaces.IPublicationRequestFactory`""" # BBB: This is backward-compatibility support for the deprecated # output stream. try: env.get except AttributeError: import warnings warnings.warn( "Can't pass output streams to requests anymore. " "This will go away in Zope 3.4.", DeprecationWarning, 2) env, output_stream = output_stream, env method = env.get('REQUEST_METHOD', 'GET').upper() request_class, publication_class = chooseClasses(method, env) publication = self._publication_cache.get(publication_class) if publication is None: publication = publication_class(self._db) self._publication_cache[publication_class] = publication request = request_class(input_stream, env) request.setPublication(publication) if IBrowserRequest.providedBy(request): # only browser requests have skins setDefaultSkin(request) return request
def translate(self, domain, msgid, mapping=None, context=None, target_language=None, default=None): """ Translate a message using Unicode. """ if not msgid: # refuse to translate an empty msgid return default # ZPT passes the object as context. That's wrong according to spec. if not IBrowserRequest.providedBy(context): context = aq_acquire(context, 'REQUEST') text = msgid catalogs = self.getCatalogsForTranslation(context, domain, target_language) for catalog in catalogs: try: text = getMessage(catalog, msgid, default) except KeyError: # it's not in this catalog, try the next one continue # found! break else: # Did the fallback fail? Sigh, use the default if it is not None. if default is not None: text = default # Now we need to do the interpolation return self.interpolate(text, mapping)
def traverse(self, name, furtherPath): # For some reason, when the adapter is constructed, the adapted # object is stored as self._subject rather than self.context. # I like self.context. #import pdb; pdb.set_trace() self.context = self._subject if name == 'keywords': tag_class = Keyword else: # We ignore it... return super(ImageRepositoryTraversable, self).traverse(name, furtherPath) # Now the guts of it... subpath = self.popFurtherPath(furtherPath) # furtherPath is now an empty list # Find the REQUEST REQUEST = getattr(self.context, 'REQUEST', None) if not IBrowserRequest.providedBy(REQUEST): REQUEST = FakeRequest() if len(subpath) == 0: return zapi.getView(self.context, name, REQUEST) #print name, furtherPath, subpath if len(subpath) == 1: furtherPath.append('index.html') tag = tag_class(subpath[0]).__of__(self.context) elif subpath[-1].startswith('@@'): furtherPath.append(subpath[-1]) tag = tag_class(subpath[:-1]).__of__(self.context) else: furtherPath.append('index.html') tag = tag_class(subpath).__of__(self.context) return tag
def getPreferredLanguages(self): # If the default locale negotiater can get a value, # that means we had a parameter or one of the cookies # (because of the subscriber that gets us here). negotiated = default_locale_negotiator(self.request) if negotiated: return [negotiated] # Here is where we would check for something during traversal, # but we don't actually support that at this time because it # relies on implementation details # Is there a non-default user preference? Right now we know # what a default is due to implementation details above. We also # know for sure that we *have* a remote use, otherwise we wouldn't # be here remote_user = IPrincipal(self.request, None) remote_user_langs = IUserPreferredLanguages(remote_user) if remote_user_langs is not EnglishUserPreferredLanguagesImpl: return remote_user_langs.getPreferredLanguages() # pylint:disable=too-many-function-args # Ok, see what the HTTP request can come up with. Note that we're # going to the Zope interface so that we don't get into an infinite # loop browser_request = IBrowserRequest(self.request) browser_langs = IModifiableUserPreferredLanguages(browser_request) return browser_langs.getPreferredLanguages() # pylint:disable=too-many-function-args
def endRequest(self, request, object): superclass = zope.app.publication.browser.BrowserPublication superclass.endRequest(self, request, object) da.clear_request_started() getUtility(IOpenLaunchBag).clear() # Maintain operational statistics. if getattr(request, '_wants_retry', False): OpStats.stats['retries'] += 1 else: OpStats.stats['requests'] += 1 # Increment counters for HTTP status codes we track individually # NB. We use IBrowserRequest, as other request types such as # IXMLRPCRequest use IHTTPRequest as a superclass. # This should be fine as Launchpad only deals with browser # and XML-RPC requests. if IBrowserRequest.providedBy(request): OpStats.stats['http requests'] += 1 status = request.response.getStatus() if status == 404: # Not Found OpStats.stats['404s'] += 1 elif status == 500: # Unhandled exceptions OpStats.stats['500s'] += 1 elif status == 503: # Timeouts OpStats.stats['503s'] += 1 # Increment counters for status code groups. status_group = str(status)[0] + 'XXs' OpStats.stats[status_group] += 1 # Increment counter for 5XXs_b. if is_browser(request) and status_group == '5XXs': OpStats.stats['5XXs_b'] += 1 # Make sure our databases are in a sane state for the next request. thread_name = threading.currentThread().getName() for name, store in getUtility(IZStorm).iterstores(): try: assert store._connection._state != STATE_DISCONNECTED, ( "Bug #504291: Store left in a disconnected state.") except AssertionError: # The Store is in a disconnected state. This should # not happen, as store.rollback() should have been called # by now. Log an OOPS so we know about this. This # is Bug #504291 happening. getUtility(IErrorReportingUtility).raising( sys.exc_info(), request) # Repair things so the server can remain operational. store.rollback() # Reset all Storm stores when not running the test suite. # We could reset them when running the test suite but # that'd make writing tests a much more painful task. We # still reset the slave stores though to minimize stale # cache issues. if thread_name != 'MainThread' or name.endswith('-slave'): store.reset()
def utranslate(domain, msgid, mapping=None, context=None, target_language=None, default=None): # We used to pass an object as context. if not IBrowserRequest.providedBy(context): context = aq_acquire(context, "REQUEST") # The signature of zope.i18n's translate has the msgid and domain switched return translate( msgid, domain=domain, mapping=mapping, context=context, target_language=target_language, default=default )
def schoolToolTraverseSubscriber(event): """A subscriber to BeforeTraverseEvent. Adds DevMode layer to the request. """ if (ISchoolToolApplication.providedBy(event.object) and IBrowserRequest.providedBy(event.request)): directlyProvides(event.request, directlyProvidedBy(event.request) + IDevModeLayer)
def __call__(self, objectId, instance, *args, **kw): request = instance.request if IBrowserRequest.providedBy(request): return {'request:SERVER_NAME': (request.get('SERVER_NAME', u''), request.get('SERVER_PORT', u''), request.getApplicationURL(),)} else: return ()
def _translate(context, msg): """helper to translate a term if its a messageid """ if not isinstance(msg, Message): return msg if not IBrowserRequest.providedBy(context): context = aq_acquire(context, 'REQUEST') msg = translate(msg, context=context).strip() msg = '\n'.join([_.strip() for _ in msg.split('\n')]) # needed if vdex return msg
def getEmptyTitle(context, translated=True): """Returns string to be used for objects with no title or id""" # The default is an extra fancy unicode elipsis empty = unicode('\x5b\xc2\xb7\xc2\xb7\xc2\xb7\x5d', 'utf-8') if translated: if context is not None: if not IBrowserRequest.providedBy(context): context = aq_get(context, 'REQUEST', None) empty = translate('title_unset', domain='plone', context=context, default=empty) return empty
def __bobo_traverse__(self, REQUEST, name): """Hook for Zope 2 traversal This method is called by Zope 2's ZPublisher upon traversal. It allows us to trick it into faking the Zope 3 traversal system by using an ITraverser adapter. """ if not IBrowserRequest.providedBy(REQUEST): # Try to get the REQUEST by acquisition REQUEST = getattr(self, 'REQUEST', None) if not IBrowserRequest.providedBy(REQUEST): REQUEST = FakeRequest() # set the default skin on the request if it doesn't have any # layers set on it yet if queryType(REQUEST, ILayer) is None: setDefaultSkin(REQUEST) # con Zope 3 into using Zope 2's checkPermission newInteraction() try: return ITraverser(self).traverse( path=[name], request=REQUEST).__of__(self) except (ComponentLookupError, LookupError, AttributeError, KeyError, NotFound): pass try: return self.__fallback_traverse__(REQUEST, name) except NotImplementedError: pass # TODO: This should at least make an attempt to deal with # potential WebDAV issues, in particular we should not perform # acquisition for webdav requests. See BaseRequest.traverse for # details. try: return getattr(self, name) except AttributeError: pass try: return self[name] except (AttributeError, KeyError): pass raise AttributeError, name
def translate(self, msgid, domain=None, mapping=None, context=None, target_language=None, default=None): # Translate method for resticted code like skins. if context is not None: if not IBrowserRequest.providedBy(context): context = aq_get(context, 'REQUEST', None) return translate(msgid, domain=domain, mapping=mapping, context=context, target_language=target_language, default=default)
def getEmptyTitle(context, translated=True): """Returns string to be used for objects with no title or id""" # The default is an extra fancy unicode elipsis empty = unicode("\x5b\xc2\xb7\xc2\xb7\xc2\xb7\x5d", "utf-8") if translated: if context is not None: if not IBrowserRequest.providedBy(context): context = aq_get(context, "REQUEST", None) empty = translate("title_unset", domain="plone", context=context, default=empty) return empty
def unauthorized(self, id, request): if not IBrowserRequest.providedBy(request) or request.method == 'PUT': next = getNextUtility(self, IAuthentication) return next.unauthorized(id, request) if str(request.URL).endswith('.ics'): # Special case: testing shows that Mozilla Calendar does not send # the Authorization header unless challenged. It is pointless # to redirect an iCalendar client to an HTML login form. next = getNextUtility(self, IAuthentication) return next.unauthorized(id, request) return self.authPlugin.unauthorized(id, request)
def translate(self, domain, msgid, mapping=None, context=None, target_language=None, default=None): # Translate a message using Unicode. if not msgid: # refuse to translate an empty msgid return default # ZPT passes the object as context. That's wrong according to spec. if not IBrowserRequest.providedBy(context): context = aq_acquire(context, "REQUEST") text = msgid return z3translate(msgid, domain, mapping, context, target_language, default)
def traverse(self, name, furtherPath): context = self._subject __traceback_info__ = (context, name, furtherPath) # Find the REQUEST REQUEST = getattr(context, 'REQUEST', None) if not IBrowserRequest.providedBy(REQUEST): REQUEST = FakeRequest() # Try to lookup a view try: return getView(context, name, REQUEST) except ComponentLookupError: pass
def test_form_parsing(self): environ = { 'PATH_INFO': '/', 'QUERY_STRING': 'lastName=Doe;country:list=Japan;country:list=Hungary', } request = Request(environ) zrequest = IBrowserRequest(request) assert_that(zrequest.form, { 'country': ['Japan', 'Hungary'], 'lastName': 'Doe' })
def traverse(self, name, furtherPath): context = self._subject __traceback_info__ = (context, name, furtherPath) # Find the REQUEST REQUEST = getattr(context, "REQUEST", None) if not IBrowserRequest.providedBy(REQUEST): REQUEST = FakeRequest() setDefaultSkin(REQUEST) # Try to lookup a view try: return getMultiAdapter((context, REQUEST), Interface, name) except ComponentLookupError: pass
def getSubObject(self, name, REQUEST, RESPONSE=None): obj = self.__p4a_z2utils_orig_getSubObject(name, REQUEST, RESPONSE) if obj is not None: return obj # The following is a copy from Five's __bobo_traverse__ stuff, # see Products.Five.traversable for details. # Basically we're forcing Archetypes to look up the correct # Five way: # 1) check for data object first # 2) check for zope3 view # 3) return nothing so that AT's default __bobo_traverse__ will use aq if not IBrowserRequest.providedBy(REQUEST): # Try to get the REQUEST by acquisition REQUEST = getattr(self, 'REQUEST', None) if not IBrowserRequest.providedBy(REQUEST): REQUEST = FakeRequest() setDefaultSkin(REQUEST) # Con Zope 3 into using Zope 2's checkPermission Products.Five.security.newInteraction() # Use the ITraverser adapter (which in turn uses ITraversable # adapters) to traverse to a view. Note that we're mixing # object-graph and object-publishing traversal here, but Zope # 2 has no way to tell us when to use which... # TODO Perhaps we can decide on object-graph vs. # object-publishing traversal depending on whether REQUEST is # a stub or not? try: return ITraverser(self).traverse( path=[name], request=REQUEST).__of__(self) except (ComponentLookupError, LookupError, TypeError, AttributeError, KeyError, NotFound): pass return None
def traverse(self, name, furtherPath): context = self._subject __traceback_info__ = (context, name, furtherPath) # Find the REQUEST REQUEST = getattr(context, 'REQUEST', None) if not IBrowserRequest.providedBy(REQUEST): REQUEST = FakeRequest() # Try to lookup a view first try: return getView(context, name, REQUEST) except ComponentLookupError: pass # If a view can't be found, then use default traversable return super(FiveTraversable, self).traverse(name, furtherPath)
def translate(self, msgid, mapping=None, context=None, target_language=None, default=None): pts = getTranslationService() if pts is None or context is None: # If we don't have enough context use interpolate return interpolate(default, mapping) # Don't accept anything which isn't a real request if not IBrowserRequest.providedBy(context) or 'PARENTS' not in context: raise ValueError, "You didn't pass in a request as the context." parent = context['PARENTS'][-1] return pts.translate(self.domain, msgid, mapping, parent, target_language, default)
def _curried(*args, **kw): request = args[r_index] if IBrowserRequest.providedBy(request): if request.method not in methods: raise Forbidden('Request must be %s' % methodsstr) # Reconstruct keyword arguments if defaults is not None: args, kwparams = args[:arglen], args[arglen:] for positional, (key, default) in zip(kwparams, defaults): if positional is _default: kw[key] = default else: kw[key] = positional return callable(*args, **kw)
def utranslate(domain, msgid, mapping=None, context=None, target_language=None, default=None): # We used to pass an object as context. if not IBrowserRequest.providedBy(context): context = aq_acquire(context, 'REQUEST') # The signature of zope.i18n's translate has the msgid and domain switched return translate(msgid, domain=domain, mapping=mapping, context=context, target_language=target_language, default=default)
def get_change_note(request, default=None): """Returns the changeNote submitted with this request. The changeNote is read from the form-field (see behaviors.IVersionable) """ _marker = object() value = _marker if IBrowserRequest.providedBy(request): annotations = IAnnotations(request) value = annotations.get('plone.app.versioningbehavior-changeNote', _marker) if not value or value == _marker: return default return value
def get_change_note(request, default=None): """Returns the changeNote submitted with this request. The changeNote is read from the form-field (see behaviors.IVersionable) """ _marker = object() value = _marker if IBrowserRequest.providedBy(request): annotations = IAnnotations(request) value = annotations.get( 'plone.app.versioningbehavior-changeNote', _marker) if not value or value == _marker: return default return value
def translate(message, context): """ Translate i18n message. """ if isinstance(message, Exception): try: message = message[0] except (TypeError, IndexError): pass # in Zope3, context is adapted to IUserPreferredLanguages, # which means context should be the request in this case. # Do not attempt to acquire REQUEST from the context, when we already # got a request as the context if context is not None: if not IBrowserRequest.providedBy(context): context = aq_get(context, 'REQUEST', None) return i18n.translate(message, domain='cmf_default', context=context)
def afterCallHandler(event): request = event.request if IBrowserRequest.providedBy(request): response = request.response status = response.getStatus() if status not in (302, 303): service = IStatusMessage(request, None) if service is not None: messages = service.clear() if messages: msg = u'\n'.join(messages) msg = msg.encode('utf-8', 'ignore') body = response.consumeBody() body = body.replace('<!--zojax-statusmessage-->', msg, 1) response.setResult(body)
def retry(self): 'See IPublisherRequest' count = getattr(self, '_retry_count', 0) self._retry_count = count + 1 request = self.__class__( # Use the cache stream as the new input stream. body_instream=self._body_instream.getCacheStream(), environ=self._orig_env, response=self.response.retry(), ) # restore the default skin if IBrowserRequest.providedBy(self): # only browser requests have skins zope.publisher.browser.setDefaultSkin(request) request.setPublication(self.publication) request._retry_count = self._retry_count return request
def translate(self, domain, msgid, mapping=None, context=None, target_language=None, default=None): # Translate a message using Unicode. if not msgid: # refuse to translate an empty msgid return default # ZPT passes the object as context. That's wrong according to spec. if not IBrowserRequest.providedBy(context): context = aq_acquire(context, 'REQUEST') text = msgid return z3translate(msgid, domain, mapping, context, target_language, default)
def __call__(self, value, system): """ :param value: The object returned from the view. Either a dictionary, or a context object. If a context object, will be available at the path ``options/here`` in the template. If a dictionary, its values are merged with those in `system`. """ __traceback_info__ = value, system try: system.update(value) except (TypeError, ValueError): # raise ValueError('renderer was passed non-dictionary as value') system['here'] = value # See plasTeX/Renderers/__init__.py for comments about how 'self' # is a problem request = None if 'request' in system and system['request'] is not None: request = IBrowserRequest(system['request']) system['request'] = request view = system['view'] # TODO: We can do better with this if view is None and request is not None: view = request system['view'] = request # We used to register macros, but now you should use # z3c.macro and the macro: expression type # if 'master' not in system: # XXX: FIXME: There must be a better way to handle this. # How did zope do it? (Acquisition?) # (Answer: Yes, basically. Every template was auto-loaded # and at a traversable location, usually also in the # acquisition path; pages traversed to the macros of the # template they wanted. We can do something similar though # traversal, we just need to update our templates.) # FIXME: Note use of nti.appserver package # master = get_renderer('nti.appserver:templates/master_email.pt').implementation() # system['master'] = master result = self.template.bind(view)(**system) return result
def __bobo_traverse__(self, REQUEST, name): """Hook for Zope 2 traversal This method is called by Zope 2's ZPublisher upon traversal. It allows us to trick it into publishing Zope 3-style views. """ if not IBrowserRequest.providedBy(REQUEST): REQUEST = FakeRequest() try: return getView(self, name, REQUEST).__of__(self) except ComponentLookupError: pass try: return getattr(self, name) except AttributeError: pass try: return self[name] except (AttributeError, KeyError): pass return self.__fallback_traverse__(REQUEST, name)
def test_url_traversal(self): request = Request.blank('http://foobar.com/folder/item') zrequest = IBrowserRequest(request) assert_that(str(zrequest.URL), is_('http://foobar.com/folder/item')) assert_that(zrequest.URL['-1'], is_('http://foobar.com/folder')) assert_that(zrequest.URL['-2'], is_('http://foobar.com')) assert_that( calling(zrequest.URL.__getitem__).with_args('-3'), raises(KeyError)) assert_that(zrequest.URL['0'], is_('http://foobar.com')) assert_that(zrequest.URL['1'], is_('http://foobar.com/folder')) assert_that(zrequest.URL['2'], is_('http://foobar.com/folder/item')) assert_that( calling(zrequest.URL.__getitem__).with_args('3'), raises(KeyError)) assert_that(zrequest.URL.get('0'), is_('http://foobar.com')) assert_that(zrequest.URL.get('1'), is_('http://foobar.com/folder')) assert_that(zrequest.URL.get('2'), is_('http://foobar.com/folder/item')) assert_that(zrequest.URL.get('3', 'none'), is_('none'))
def filterTemporaryItems(obj, checkId=True): """ check if the item has an acquisition chain set up and is not of temporary nature, i.e. still handled by the `portal_factory`; if so return it, else return None """ parent = aq_parent(aq_inner(obj)) if parent is None: return None if IBrowserRequest.providedBy(parent): return None if checkId and getattr(obj, 'getId', None): parent = aq_base(parent) if getattr(parent, '__contains__', None) is None: return None elif obj.getId() not in parent: return None isTemporary = getattr(obj, 'isTemporary', None) if isTemporary is not None: try: if obj.isTemporary(): return None except TypeError: return None # `isTemporary` on the `FactoryTool` expects 2 args return obj
def render_content(content, request, suppress_title=False): """Render a content for inclusion. """ if not (checkPermission('zope2.View', content) or IBrowserRequest.providedBy(request)): # You can't see the content or don't have a valid request. return u'' content = content.get_silva_object() if suppress_title: if IDocument.providedBy(content): version = content.get_viewable() if version is None: return u'' details = getMultiAdapter((version, request), name="details") return details.get_text() if IAutoTOC.providedBy(content): toc = getMultiAdapter((content, request), name="toc") toc.update() return toc.render() # suppress title is not supported for other contents, render them publicly. renderer = queryMultiAdapter((content, request), name='content.html') if renderer is not None: return renderer() return u''
def maybe_block_offsite_form_post(request): """Check if an attempt was made to post a form from a remote site. This is a cross-site request forgery (XSRF/CSRF) countermeasure. The OffsiteFormPostError exception is raised if the following holds true: 1. the request method is POST *AND* 2. a. the HTTP referer header is empty *OR* b. the host portion of the referrer is not a registered vhost """ if request.method != 'POST': return if (IOAuthSignedRequest.providedBy(request) or not IBrowserRequest.providedBy(request)): # We only want to check for the referrer header if we are # in the middle of a request initiated by a web browser. A # request to the web service (which is necessarily # OAuth-signed) or a request that does not implement # IBrowserRequest (such as an XML-RPC request) can do # without a Referer. return if request['PATH_INFO'] in OFFSITE_POST_WHITELIST: # XXX: jamesh 2007-11-23 bug=124421: # Allow offsite posts to our TestOpenID endpoint. Ideally we'd # have a better way of marking this URL as allowing offsite # form posts. # # XXX gary 2010-03-09 bug=535122,538097 # The one-off exceptions are necessary because existing # non-browser applications make requests to these URLs # without providing a Referer. Apport makes POST requests # to +storeblob without providing a Referer (bug 538097), # and launchpadlib used to make POST requests to # +request-token and +access-token without providing a # Referer. # # XXX Abel Deuring 2010-04-09 bug=550973 # The HWDB client "checkbox" accesses /+hwdb/+submit without # a referer. This will change in the version in Ubuntu 10.04, # but Launchpad should support HWDB submissions from older # Ubuntu versions during their support period. # # We'll have to keep an application's one-off exception # until the application has been changed to send a # Referer, and until we have no legacy versions of that # application to support. For instance, we can't get rid # of the apport exception until after Lucid's end-of-life # date. We should be able to get rid of the launchpadlib # exception after Karmic's end-of-life date. return if request['PATH_INFO'].startswith('/+openid-callback'): # If this is a callback from an OpenID provider, we don't require an # on-site referer (because the provider may be off-site). This # exception was added as a result of bug 597324 (message #10 in # particular). return referrer = request.getHeader('referer') # Match HTTP spec misspelling. if not referrer: raise NoReferrerError('No value for REFERER header') # XXX: jamesh 2007-04-26 bug=98437: # The Zope testing infrastructure sets a default (incorrect) # referrer value of "localhost" or "localhost:9000" if no # referrer is included in the request. We let it pass through # here for the benefits of the tests. Web browsers send full # URLs so this does not open us up to extra XSRF attacks. if referrer in ['localhost', 'localhost:9000']: return # Extract the hostname from the referrer URI try: hostname = URI(referrer).host except InvalidURIError: hostname = None if hostname not in allvhosts.hostnames: raise OffsiteFormPostError(referrer)
def __bobo_traverse__(self, REQUEST, name): """Hook for Zope 2 traversal This method is called by Zope 2's ZPublisher upon traversal. It allows us to trick it into faking the Zope 3 traversal system by using an ITraverser adapter. """ # We are trying to be compatible with Zope 2 and 3 traversal # behaviour as much as possible. Therefore the first part of # this method is based on BaseRequest.traverse's behaviour: # 1. If an object has __bobo_traverse__, use it. # 2. Otherwise do attribute look-up or, if that doesn't work, # key item lookup. if zope.deprecation.__show__(): warnings.warn("The view lookup done by Traversable." \ "__bobo_traverse__ is now done by the standard " \ "traversal. This class is no longer needed and " "will be removed in Zope 2.12.", DeprecationWarning, 2) if hasattr(self, '__fallback_traverse__'): try: return self.__fallback_traverse__(REQUEST, name) except (AttributeError, KeyError): pass except NotFound: # OFS.Application.__bobo_traverse__ calls # REQUEST.RESPONSE.notFoundError which sets the HTTP # status code to 404 try: REQUEST.RESPONSE.setStatus(200) except AttributeError: pass else: try: return getattr(self, name) except AttributeError: pass try: return self[name] except (KeyError, IndexError, TypeError, AttributeError): pass # This is the part Five adds: # 3. If neither __bobo_traverse__ nor attribute/key look-up # work, we try to find a Zope 3-style view. # For that we need to make sure we have a good request # (sometimes __bobo_traverse__ gets a stub request) if not IBrowserRequest.providedBy(REQUEST): # Try to get the REQUEST by acquisition REQUEST = getattr(self, 'REQUEST', None) if not IBrowserRequest.providedBy(REQUEST): REQUEST = FakeRequest() setDefaultSkin(REQUEST) # Con Zope 3 into using Zope 2's checkPermission Products.Five.security.newInteraction() # Use the ITraverser adapter (which in turn uses ITraversable # adapters) to traverse to a view. Note that we're mixing # object-graph and object-publishing traversal here, but Zope # 2 has no way to tell us when to use which... # TODO Perhaps we can decide on object-graph vs. # object-publishing traversal depending on whether REQUEST is # a stub or not? try: return ITraverser(self).traverse( path=[name], request=REQUEST).__of__(self) except (ComponentLookupError, LookupError, AttributeError, KeyError, NotFound): pass raise AttributeError(name)
def __call__(self, request_string, handle_errors=True, form=None): # Commit work done by previous python code. commit() # Discard leading white space to make call layout simpler request_string = request_string.lstrip() # split off and parse the command line l = request_string.find('\n') command_line = request_string[:l].rstrip() request_string = request_string[l+1:] method, path, protocol = command_line.split() path = urllib.unquote(path) instream = StringIO(request_string) environment = {"HTTP_COOKIE": self.httpCookie(path), "HTTP_HOST": 'localhost', "HTTP_REFERER": 'localhost', "REQUEST_METHOD": method, "SERVER_PROTOCOL": protocol, } headers = [split_header(header) for header in rfc822.Message(instream).headers] for name, value in headers: name = ('_'.join(name.upper().split('-'))) if name not in ('CONTENT_TYPE', 'CONTENT_LENGTH'): name = 'HTTP_' + name environment[name] = value.rstrip() auth_key = 'HTTP_AUTHORIZATION' if environment.has_key(auth_key): environment[auth_key] = auth_header(environment[auth_key]) old_site = getSite() setSite(None) request_cls, publication_cls = self.chooseRequestClass(method, path, environment) app = FunctionalTestSetup().getApplication() request = app._request( path, instream, environment=environment, request=request_cls, publication=publication_cls) if IBrowserRequest.providedBy(request): # only browser requests have skins setDefaultSkin(request) if form is not None: if request.form: raise ValueError("only one set of form values can be provided") request.form = form response = ResponseWrapper( request.response, path, omit=('x-content-type-warning', 'x-powered-by'), ) publish(request, handle_errors=handle_errors) self.saveCookies(response) setSite(old_site) # sync Python connection: getRootFolder()._p_jar.sync() return response
def __bobo_traverse__(self, REQUEST, name): """Hook for Zope 2 traversal This method is called by Zope 2's ZPublisher upon traversal. It allows us to trick it into faking the Zope 3 traversal system by using an ITraverser adapter. """ # We are trying to be compatible with Zope 2 and 3 traversal # behaviour as much as possible. Therefore the first part of # this method is based on BaseRequest.traverse's behaviour: # 1. If an object has __bobo_traverse__, use it. # 2. Otherwise do attribute look-up or, if that doesn't work, # key item lookup. result = _marker if hasattr(self, '__fallback_traverse__'): try: return self.__fallback_traverse__(REQUEST, name) except (AttributeError, KeyError): pass except NotFound: # OFS.Application.__bobo_traverse__ calls # REQUEST.RESPONSE.notFoundError which sets the HTTP # status code to 404 try: REQUEST.RESPONSE.setStatus(200) except AttributeError: pass else: # See if the object itself has the attribute, try acquisition # later if getattr(aq_base(self), name, _marker) is not _marker: return getattr(self, name) try: # item access should never acquire result = self[name] # WebDAV requests will always return something, # sometimes it's a NullResource, which we will ignore # and return later if necessary if not isinstance(result, NullResource): return result except (KeyError, IndexError, TypeError, AttributeError): pass # This is the part Five adds: # 3. If neither __bobo_traverse__ nor attribute/key look-up # work, we try to find a Zope 3-style view. # For that we need to make sure we have a good request # (sometimes __bobo_traverse__ gets a stub request) if not IBrowserRequest.providedBy(REQUEST): # Try to get the REQUEST by acquisition REQUEST = getattr(self, 'REQUEST', None) if not IBrowserRequest.providedBy(REQUEST): REQUEST = FakeRequest() setDefaultSkin(REQUEST) # Con Zope 3 into using Zope 2's checkPermission Products.Five.security.newInteraction() # Use the ITraverser adapter (which in turn uses ITraversable # adapters) to traverse to a view. Note that we're mixing # object-graph and object-publishing traversal here, but Zope # 2 has no way to tell us when to use which... # TODO Perhaps we can decide on object-graph vs. # object-publishing traversal depending on whether REQUEST is # a stub or not? try: return ITraverser(self).traverse( path=[name], request=REQUEST).__of__(self) except (ComponentLookupError, LookupError, AttributeError, KeyError, NotFound): pass # Fallback on acquisition, let it raise an AttributeError if it must try: return getattr(self, name) except AttributeError: if result is not _marker: return result raise