def afterTraversal(event):
"""
check it should be blocked by lockout
"""
request = event.request
if not ICastleLayer.providedBy(request):
return
shield.protect(request)
resp = request.response
context = get_context_from_request(request)
cache_tags = set([
getattr(context, 'portal_type', '').lower().replace(' ', '-'),
getattr(context, 'meta_type', '').lower().replace(' ', '-'),
IUUID(context, ''),
urlparse(request.URL).netloc.lower().replace('.', '').replace(':', '')
])
resp.setHeader('Cache-Tag', ','.join(t for t in cache_tags if t))
# Prevent IE and Chrome from incorrectly detecting non-scripts as scripts
resp.setHeader('X-Content-Type-Options', 'nosniff')
# prevent some XSS from browser
resp.setHeader('X-XSS-Protection', '1; mode=block')
def test_not_raises_redirect_exception_when_shield_active_and_logged_in(
self):
login(self.portal, TEST_USER_NAME)
registry = queryUtility(IRegistry)
registry['plone.login_shield_setting'] = SHIELD.ALL
self.request.PARENTS = [self.portal]
shield.protect(self.request)
def __call__(self):
shield.protect(self.request, recheck=True)
self.notfound = self.context
self.context = api.portal.get()
if '++' in self.request.URL:
self.request.response.setStatus(404)
try:
return self.index()
except Exception:
logger.warn(
"Failed to render 404 template, had to return simple response"
)
return "not found"
archive_storage = archival.Storage(self.context)
site_url = self.context.absolute_url()
path = self.request.ACTUAL_URL[len(site_url):].rstrip('/')
wants_view = False
if path.endswith('/view'):
wants_view = True
path = path.rsplit('/view', 1)[0]
new_url = None
if path.startswith('/resolveuid'):
uid = path.replace('/resolveuid/', '')
try:
new_url = archive_storage.get_archive_url_by_uid(uid)
except Exception:
pass
else:
try:
new_url = archive_storage.get_archive_url_by_path(
path, wants_view)
except Exception:
pass
if new_url:
# XXX need to force redirect this way since normal redirect
# gets overridden with 404
if self.request.environ.get('QUERY_STRING'):
new_url += '?' + self.request.environ['QUERY_STRING']
raise Redirect(aws.swap_url(new_url))
self.attempt_redirect()
self.request.response.setStatus(404)
return self.index()
def __call__(self):
shield.protect(self.request)
self.notfound = self.context
self.context = api.portal.get()
archive_storage = archival.Storage(self.context)
site_url = self.context.absolute_url()
path = self.request.ACTUAL_URL[len(site_url):].rstrip('/')
wants_view = False
if path.endswith('/view'):
wants_view = True
path = path.rsplit('/view', 1)[0]
new_url = None
if path.startswith('/resolveuid'):
uid = path.replace('/resolveuid/', '')
try:
new_url = archive_storage.get_archive_url_by_uid(uid)
except:
pass
else:
try:
new_url = archive_storage.get_archive_url_by_path(path, wants_view)
except:
pass
if new_url:
# XXX need to force redirect this way since normal redirect
# gets overridden with 404
if self.request.environ.get('QUERY_STRING'):
new_url += '?' + self.request.environ['QUERY_STRING']
raise Redirect(aws.swap_url(new_url))
# seems this overrides plone.app.redirector handler
redirector = queryMultiAdapter((self.context, self.request),
name=u'plone_redirector_view')
if redirector:
redirector.attempt_redirect()
return self.index()
def afterTraversal(event):
"""
check if it should be blocked by lockout
"""
request = event.request
if not ICastleLayer.providedBy(request):
return
robot_view = shield.protect(request)
resp = request.response
if robot_view:
resp.setBody(robot_view, lock=True)
resp.setHeader('X-Robots-Tag', 'noindex')
context = get_context_from_request(request)
if api.user.is_anonymous():
if hasattr(context, 'UID'):
if not api.portal.get_registry_record(
'plone.allow_public_in_private_container', default=False):
try:
brain = api.portal.get_tool('portal_catalog')(
UID=context.UID())[0]
if getattr(brain, 'has_private_parents', False):
raise NotFound
except IndexError:
pass # brain 0 was not found by its UID
cache_tags = set([
getattr(context, 'portal_type', '').lower().replace(' ', '-'),
getattr(context, 'meta_type', '').lower().replace(' ', '-'),
IUUID(context, ''),
urlparse(request.URL).netloc.lower().replace('.', '').replace(':', '')
])
resp.setHeader('Cache-Tag', ','.join(t for t in cache_tags if t))
# Prevent IE and Chrome from incorrectly detecting non-scripts as scripts
resp.setHeader('X-Content-Type-Options', 'nosniff')
# prevent some XSS from browser
resp.setHeader('X-XSS-Protection', '1; mode=block')
def test_not_raises_redirect_exception_when_shield_not_active(self):
logout()
registry = queryUtility(IRegistry)
registry['plone.login_shield_setting'] = SHIELD.NONE
self.request.PARENTS = [self.portal]
shield.protect(self.request)