Esempio n. 1
0
 def __activate__(self, context):
     self.velocityContext = context
     self.log = context["log"]
     self.sessionState = context["sessionState"]
     self.services = context["Services"]
     self.security = context["security"]
     self.request = context["request"]
     self.portalId = context["portalId"]
     uri = URLDecoder.decode(self.request.getAttribute("RequestURI"))
     self.__relPath = "/".join(uri.split("/")[1:])
     self.authentication = AuthenticationData()
     self.authentication.__activate__(context)
Esempio n. 2
0
 def __activate__(self, context):
     self.sessionState = context["sessionState"]
     self.services = context["Services"]
     self.security = context["security"]
     self.request = context["request"]
     self.portalId = context["portalId"]
     uri = URLDecoder.decode(self.request.getAttribute("RequestURI"))
     self.__relPath = "/".join(uri.split("/")[1:])
     self.authentication = AuthenticationData()
     self.authentication.__activate__(context)
Esempio n. 3
0
class SearchTreeData:
    def __init__(self):
        self.authentication = AuthenticationData()
        self.__search()

    def __search(self):
        query = formData.get("query")
        searchQuery = sessionState.get("searchQuery")
        if query is None or query == "":
            query = "*:*"
        if searchQuery and query == "*:*":
            query = searchQuery
        elif searchQuery:
            query += " AND " + searchQuery
        facetField = formData.get("facet.field")

        req = SearchRequest(query)
        req.setParam("facet", "true")
        req.setParam("fl", "id")
        req.setParam("rows", "0")
        req.setParam("facet.limit", "-1")
        req.setParam("facet.field", facetField)

        fq = sessionState.get("fq")
        if fq is not None:
            req.setParam("fq", fq)
        req.addParam("fq", 'item_type:"object"')

        # Make sure 'fq' has already been set in the session
        security_roles = self.authentication.get_roles_list()
        security_query = 'security_filter:("' + '" OR "'.join(security_roles) + '")'
        req.addParam("fq", security_query)

        out = ByteArrayOutputStream()
        indexer = Services.getIndexer()
        indexer.search(req, out)
        result = JsonConfigHelper(ByteArrayInputStream(out.toByteArray()))

        self.__facetList = FacetList(facetField, result)

    def getFacetList(self):
        return self.__facetList

    def getFacet(self, value):
        return self.__facetList.get(value)
Esempio n. 4
0
class LayoutData:
    def __init__(self):
        pass

    def __activate__(self, context):
        self.velocityContext = context
        self.log = context["log"]
        self.sessionState = context["sessionState"]
        self.services = context["Services"]
        self.security = context["security"]
        self.request = context["request"]
        self.portalId = context["portalId"]
        uri = URLDecoder.decode(self.request.getAttribute("RequestURI"))
        self.__relPath = "/".join(uri.split("/")[1:])
        self.authentication = AuthenticationData()
        self.authentication.__activate__(context)

        #self.formData = context["formData"]
        #if self.formData is not None:
        #    for field in self.formData.getFormFields():
        #        log.debug("Form Data: '{}' => '{}'", field, self.formData.get(field))
        #if self.sessionState is not None:
        #    for field in self.sessionState.keySet():
        #        log.debug("Session Data: '{}' => '{}'", field, self.sessionState.get(field))
        #log.debug("PATH: '{}'", self.request.getPath())
        #for param in self.request.getParameterNames():
        #    log.debug("PARAM: '{}' : '{}'", param, self.request.getParameter(param));

    # Get from velocity context
    def vc(self, index):
        if self.velocityContext[index] is not None:
            return self.velocityContext[index]
        else:
            log.error("ERROR: Requested context entry '" + index +
                      "' doesn't exist")
            return None

    def getRelativePath(self):
        return self.__relPath

    def getPortal(self):
        return self.services.getPortalManager().get(self.portalId)

    def getPortals(self):
        return self.services.getPortalManager().portals

    def getPortalName(self):
        return self.getPortal().getDescription()

    def getQuery(self):
        query = self.sessionState.get("query")
        if query is None:
            return ""
        else:
            return self.escapeHtml(query)

    def escapeXml(self, text):
        return StringEscapeUtils.escapeXml(text)

    def escapeUrl(self, text):
        return URLEncoder.encode(text, "utf-8")

    def escapeHtml(self, text):
        return StringEscapeUtils.escapeHtml(text)

    def unescapeHtml(self, text):
        return StringEscapeUtils.unescapeHtml(text)

    def md5Hash(self, data):
        return md5.new(data).hexdigest()

    def capitalise(self, text):
        return text[0].upper() + text[1:]

    def getTemplate(self, templateName):
        return self.services.velocityService.resourceExists(
            self.portalId, templateName)

    def getQueueStats(self):
        return self.services.getHouseKeepingManager().getQueueStats()

    def getSsoProviders(self):
        return self.security.ssoBuildLogonInterface(self.sessionState)

    def csrfSecurePage(self):
        pageName = self.vc("pageName")

        # Allow only POSTS to CSRF protected pages
        method = self.request.getMethod()
        if method != "POST":
            self.log.error(
                "The secure page '{}' received a '{}' request and it only accepts 'POST'",
                pageName, method)
            return False
        # Allow only pages refered by use <= NOTE, this can be spoofed
        referer = self.request.getHeader("Referer")
        validReferer = self.vc("portalPath")
        validRefererClean = String(self.vc("portalPath")).replaceAll(
            "verNum[0-9A-Za-z_.\\-]+/", "")

        if referer is not None and referer.startswith(validRefererClean):
            return True
        if referer is None or not referer.startswith(validReferer):
            self.log.error(
                "The secure page '{}' requires a valid HTTP Header Referer to use. REFERER: {}",
                pageName, referer)
            return False
        return True
Esempio n. 5
0
class LayoutData:
    def __init__(self):
        pass
    
    def __activate__(self, context):
        self.sessionState = context["sessionState"]
        self.services = context["Services"]
        self.security = context["security"]
        self.request = context["request"]
        self.portalId = context["portalId"]
        uri = URLDecoder.decode(self.request.getAttribute("RequestURI"))
        self.__relPath = "/".join(uri.split("/")[1:])
        self.authentication = AuthenticationData()
        self.authentication.__activate__(context)
        
        #self.formData = context["formData"]
        #if self.formData is not None:
        #    for field in self.formData.getFormFields():
        #        log.debug("Form Data: '{}' => '{}'", field, self.formData.get(field))
        #if self.sessionState is not None:
        #    for field in self.sessionState.keySet():
        #        log.debug("Session Data: '{}' => '{}'", field, self.sessionState.get(field))
        #log.debug("PATH: '{}'", self.request.getPath())
        #for param in self.request.getParameterNames():
        #    log.debug("PARAM: '{}' : '{}'", param, self.request.getParameter(param));

    def getRelativePath(self):
        return self.__relPath
    
    def getPortal(self):
        return self.services.getPortalManager().get(self.portalId)
    
    def getPortals(self):
        return self.services.getPortalManager().portals
    
    def getPortalName(self):
        return self.getPortal().getDescription()

    def getQuery(self):
        query = self.sessionState.get("query")
        if query is None:
            return ""
        else:
            return self.escapeHtml(query)

    def escapeXml(self, text):
        return StringEscapeUtils.escapeXml(text)
    
    def escapeHtml(self, text):
        return StringEscapeUtils.escapeHtml(text)
    
    def unescapeHtml(self, text):
        return StringEscapeUtils.unescapeHtml(text)
    
    def md5Hash(self, data):
        return md5.new(data).hexdigest()
    
    def capitalise(self, text):
        return text[0].upper() + text[1:]
    
    def getTemplate(self, templateName):
        return self.services.pageService.resourceExists(self.portalId, templateName)
    
    def getQueueStats(self):
        return self.services.getHouseKeepingManager().getQueueStats()
    
    def getSsoProviders(self):
        return self.security.ssoBuildLogonInterface(self.sessionState)
Esempio n. 6
0
class LayoutData:
    def __init__(self):
        pass
    
    def __activate__(self, context):
        self.velocityContext = context
        self.log = context["log"]
        self.sessionState = context["sessionState"]
        self.services = context["Services"]
        self.security = context["security"]
        self.request = context["request"]
        self.portalId = context["portalId"]
        uri = URLDecoder.decode(self.request.getAttribute("RequestURI"))
        self.__relPath = "/".join(uri.split("/")[1:])
        self.authentication = AuthenticationData()
        self.authentication.__activate__(context)

        #self.formData = context["formData"]
        #if self.formData is not None:
        #    for field in self.formData.getFormFields():
        #        log.debug("Form Data: '{}' => '{}'", field, self.formData.get(field))
        #if self.sessionState is not None:
        #    for field in self.sessionState.keySet():
        #        log.debug("Session Data: '{}' => '{}'", field, self.sessionState.get(field))
        #log.debug("PATH: '{}'", self.request.getPath())
        #for param in self.request.getParameterNames():
        #    log.debug("PARAM: '{}' : '{}'", param, self.request.getParameter(param));

    # Get from velocity context
    def vc(self, index):
        if self.velocityContext[index] is not None:
            return self.velocityContext[index]
        else:
            log.error("ERROR: Requested context entry '" + index + "' doesn't exist")
            return None

    def getRelativePath(self):
        return self.__relPath
    
    def getPortal(self):
        return self.services.getPortalManager().get(self.portalId)
    
    def getPortals(self):
        return self.services.getPortalManager().portals
    
    def getPortalName(self):
        return self.getPortal().getDescription()

    def getQuery(self):
        query = self.sessionState.get("query")
        if query is None:
            return ""
        else:
            return self.escapeHtml(query)

    def escapeXml(self, text):
        return StringEscapeUtils.escapeXml(text)
    
    def escapeUrl(self, text):
        return URLEncoder.encode(text,"utf-8")
    
    def escapeHtml(self, text):
        return StringEscapeUtils.escapeHtml(text)
    
    def unescapeHtml(self, text):
        return StringEscapeUtils.unescapeHtml(text)
    
    def md5Hash(self, data):
        return md5.new(data).hexdigest()
    
    def capitalise(self, text):
        return text[0].upper() + text[1:]
    
    def getTemplate(self, templateName):
        return self.services.velocityService.resourceExists(self.portalId, templateName)
    
    def getQueueStats(self):
        return self.services.getHouseKeepingManager().getQueueStats()
    
    def getSsoProviders(self):
        return self.security.ssoBuildLogonInterface(self.sessionState)

    def csrfSecurePage(self):
        pageName = self.vc("pageName");
        
        # Allow only POSTS to CSRF protected pages
        method = self.request.getMethod()
        if method != "POST":
            self.log.error("The secure page '{}' received a '{}' request and it only accepts 'POST'", pageName, method)
            return False
        # Allow only pages refered by use <= NOTE, this can be spoofed
        referer = self.request.getHeader("Referer")
        validReferer = self.vc("portalPath")
        validRefererClean = String(self.vc("portalPath")).replaceAll("verNum[0-9A-Za-z_.\\-]+/","")
        
        if referer is not None and referer.startswith(validRefererClean) :
            return True
        if referer is None or not referer.startswith(validReferer):
            self.log.error("The secure page '{}' requires a valid HTTP Header Referer to use. REFERER: {}", pageName, referer)
            return False
        return True
Esempio n. 7
0
 def __init__(self):
     self.authentication = AuthenticationData()
     self.__search()