Esempio n. 1
0
def _check_internal_request(request, session, from_web, require_login,
                            required_permission_flag=None):
    """
    A low-level component implementing request scheme, port, session and
    optional system permission checking for an "internal" web request.
    Incorporates _check_port and _check_ssl_request.
    Returns a Flask redirect or response if there is a problem, otherwise None.
    """
    # Check the port first
    if app.config['INTERNAL_BROWSING_PORT']:
        port_response = _check_port(request, app.config['INTERNAL_BROWSING_PORT'], from_web)
        if port_response:
            return port_response
    # Check SSL second, so that if we need to redirect to HTTPS
    # we know we're already on the correct port number
    if app.config['INTERNAL_BROWSING_SSL']:
        ssl_response = _check_ssl_request(request, from_web)
        if ssl_response:
            return ssl_response
    # Check the session is logged in
    if require_login:
        if not logged_in():
            if from_web:
                from_path = request.path
                if len(request.args) > 0:
                    from_path += '?' + url_encode(request.args)
                # Go to login page, redirecting to original destination on success
                return redirect(internal_url_for('login', next=from_path))
            else:
                # Return an error
                return make_api_error_response(AuthenticationError(
                    'You must be logged in to access this function'
                ))
        # Check admin permission
        if required_permission_flag:
            try:
                permissions_engine.ensure_permitted(
                    required_permission_flag, get_session_user()
                )
            except SecurityError as e:
                # Return an error
                if from_web:
                    return make_response(str(e), 403)
                else:
                    return make_api_error_response(e)
    # OK
    return None
Esempio n. 2
0
def _check_port(request, required_port, from_web):
    """
    A low-level component implementing a request checker that tests the port
    number in use and returns a Flask redirect if required
    (or a JSON error response if not from_web), but otherwise returns None.
    """
    if get_port(request) != required_port:
        msg = 'This URL is not available on port %d' % get_port(request)
        if from_web:
            return make_response(msg, 401)
        else:
            return make_api_error_response(AuthenticationError(msg))
    return None
Esempio n. 3
0
def _check_ssl_request(request, from_web):
    """
    A low-level component implementing a request checker that tests for HTTPS
    and returns a Flask redirect if required (or a JSON error response if not
    from_web), but otherwise returns None.
    """
    if not request.is_secure:
        if from_web:
            to_url = request.url.replace('http:', 'https:', 1)
            return redirect(to_url)
        else:
            return make_api_error_response(AuthenticationError(
                'HTTPS must be used to access this function'
            ))
    return None