def _check_internal_request(request, session, from_web, require_login, required_permission_flag=None): """ A low-level component implementing request scheme, port, session and optional system permission checking for an "internal" web request. Incorporates _check_port and _check_ssl_request. Returns a Flask redirect or response if there is a problem, otherwise None. """ # Check the port first if app.config['INTERNAL_BROWSING_PORT']: port_response = _check_port(request, app.config['INTERNAL_BROWSING_PORT'], from_web) if port_response: return port_response # Check SSL second, so that if we need to redirect to HTTPS # we know we're already on the correct port number if app.config['INTERNAL_BROWSING_SSL']: ssl_response = _check_ssl_request(request, from_web) if ssl_response: return ssl_response # Check the session is logged in if require_login: if not logged_in(): if from_web: from_path = request.path if len(request.args) > 0: from_path += '?' + url_encode(request.args) # Go to login page, redirecting to original destination on success return redirect(internal_url_for('login', next=from_path)) else: # Return an error return make_api_error_response(AuthenticationError( 'You must be logged in to access this function' )) # Check admin permission if required_permission_flag: try: permissions_engine.ensure_permitted( required_permission_flag, get_session_user() ) except SecurityError as e: # Return an error if from_web: return make_response(str(e), 403) else: return make_api_error_response(e) # OK return None
def _check_port(request, required_port, from_web): """ A low-level component implementing a request checker that tests the port number in use and returns a Flask redirect if required (or a JSON error response if not from_web), but otherwise returns None. """ if get_port(request) != required_port: msg = 'This URL is not available on port %d' % get_port(request) if from_web: return make_response(msg, 401) else: return make_api_error_response(AuthenticationError(msg)) return None
def _check_ssl_request(request, from_web): """ A low-level component implementing a request checker that tests for HTTPS and returns a Flask redirect if required (or a JSON error response if not from_web), but otherwise returns None. """ if not request.is_secure: if from_web: to_url = request.url.replace('http:', 'https:', 1) return redirect(to_url) else: return make_api_error_response(AuthenticationError( 'HTTPS must be used to access this function' )) return None