def get_home(environ, start_response):
user = environ['tiddlyweb.usersign']
if user['name'] == 'GUEST' or 'MEMBER' not in user['roles']:
raise HTTP302(server_base_url(environ) + '/')
else:
raise HTTP302(
server_base_url(environ) + '/' + encode_name(user['name']))
def base(environ, start_response):
"""
The basic listing page that shows all available
:py:class:`challenger systems
<tiddlyweb.web.challengers.ChallengerInterface>`. If there is only
one challenger, we redirect to that instead of listing.
"""
auth_systems = environ['tiddlyweb.config']['auth_systems']
if len(auth_systems) == 1:
raise HTTP302(_challenger_url(environ, auth_systems[0]))
start_response('401 Unauthorized', [('Content-Type', 'text/html')])
title = 'Login Challengers'
header, footer = html_frame(environ, title)
challenger_info = []
for system in auth_systems:
challenger_uri = _challenger_url(environ, system)
try:
challenger = _get_challenger_module(system)
challenger_label = getattr(challenger, 'desc', challenger_uri)
challenger_info.append((challenger_uri, challenger_label))
except ImportError:
pass
output = [
'<li><a href="%s">%s</a></li>' % (uri, label)
for uri, label in challenger_info
]
return [header] + output + [footer]
def _process_choices(environ, start_response, form):
store = environ['tiddlyweb.store']
user = environ['tiddlyweb.usersign']
tmp_bag = form['tmp_bag'][0]
bag = form['target_bag'][0]
if bag:
bag = Bag(bag)
try:
bag.skinny = True
bag = store.get(bag)
except NoBagError:
return _send_wimport(environ, start_response,
'chosen bag does not exist')
else:
bag = form['new_bag'][0]
bag = _make_bag(environ, bag)
try:
bag.policy.allows(user, 'write')
except (ForbiddenError, UserRequiredError):
return _send_wimport(environ, start_response,
'you may not write to that bag')
tiddler_titles = form['tiddler']
for title in tiddler_titles:
tiddler = Tiddler(title.decode('utf-8', 'ignore'), tmp_bag)
tiddler = store.get(tiddler)
tiddler.bag = bag.name
store.put(tiddler)
tmp_bag = Bag(tmp_bag)
store.delete(tmp_bag)
bagurl = bag_url(environ, bag) + '/tiddlers'
raise HTTP302(bagurl)
def provider_auth_success(environ, data):
"""
Provider responds to authorize requests with redirect
including code.
"""
user = environ['tiddlyweb.usersign']['name']
redirect_uri = data['redirect_uri']
try:
auth_code = register_code(environ,
user=user,
client=data['client_id'],
redirect=redirect_uri,
scope=data['scope'])
except StoreError:
return provider_auth_error(data, error='server_error')
redirect_data = 'code=%s' % auth_code
if 'state' in data:
redirect_data += '&state=%s' % encode_name(data['state'])
if '?' in redirect_uri:
redirect_uri += '&%s' % redirect_data
else:
redirect_uri += '?%s' % redirect_data
raise HTTP302(redirect_uri)
def _get_tiddler_content(environ, tiddler):
"""
Extract the content of the tiddler, either straight up if
the content is not considered text, or serialized if it is.
"""
config = environ['tiddlyweb.config']
default_serializer = config['default_serializer']
default_serialize_type = config['serializers'][default_serializer][0]
serialize_type, mime_type, accept = get_serialize_type(environ,
accept_type=True)
extension = environ.get('tiddlyweb.extension')
serialized = False
# If this is a tiddler with a CANONICAL_URI_FIELD redirect
# there unless we are requesting a json form
if (CANONICAL_URI_FIELD in tiddler.fields
and CANONICAL_URI_PASS_TYPE not in mime_type):
raise HTTP302(tiddler.fields[CANONICAL_URI_FIELD])
if not renderable(tiddler, environ):
if (serialize_type == default_serialize_type
or accept.startswith(tiddler.type) or extension == 'html'):
mime_type = tiddler.type
content = tiddler.text
return content, mime_type, serialized
serializer = Serializer(serialize_type, environ)
serializer.object = tiddler
try:
content = serializer.to_string()
serialized = True
except (TiddlerFormatError, NoSerializationError) as exc:
raise HTTP415(exc)
return content, mime_type, serialized
def do_user_auth(environ, start_response):
"""
Consumer authorization for the sake of a user.
If no `code` is present then we send the user to the
auth uri of the selected provider. If there is a code
then we use that to get an access token, then use that
access token to get some information about the user
at the provider.
XXX: Save the access token for later use.
"""
query = environ['tiddlyweb.query']
config = environ['tiddlyweb.config']
code = query.get('code', [None])[0]
error = query.get('error', [None])[0]
server_name = query.get('server_name', [None])[0]
redirect_uri = query.get('tiddlyweb_redirect', [None])[0]
if not server_name:
raise HTTP400('invalid request, server_name required')
# initial redirect
if not code and not error:
raise HTTP302(get_auth_uri(config, server_name, redirect_uri))
response_map = config['oauth.servers'][server_name].get('response_map')
output = []
if code:
try:
credentials, http = get_credentials(config, server_name, code)
except OAuthError as exc:
raise HTTP400('credentials failure: %s' % exc)
credentials.authorize(http)
response, content = http.request(
config['oauth.servers'][server_name]['info_uri'])
if response['status'] == '200':
if response_map:
return _do_login_or_register(environ, start_response,
server_name, response_map,
content)
else:
output.append('code: %s\n' % code)
output.append(content)
else:
output.append('Unable to reach info_uri')
if error:
output.append('error: %s\n' % error)
start_response('200 OK', [('Content-Type', 'text-plain')])
return output
def provider_auth_error(data, error='invalid_request'):
"""
Provider responds to the redirect_url with error.
"""
redirect_uri = data['redirect_uri']
if '?' in redirect_uri:
redirect_uri += '&error=%s' % error
else:
redirect_uri += '?error=%s' % error
raise HTTP302(redirect_uri)
def __call__(self, environ, start_response):
try:
output = self.application(environ, start_response)
return output
except ForbiddenError as exc:
raise HTTP403(exc)
except UserRequiredError as exc:
# We only send to the challenger on a GET
# request. Otherwise we're in for major confusion
# on dealing with redirects and the like in
# scripts and javascript, where follow
# behavior is inconsistent.
if environ['REQUEST_METHOD'] == 'GET':
url = _challenge_url(environ)
raise HTTP302(url)
raise HTTP403(exc)
def wiki_page(environ, start_response):
"""
Present a single tiddler from a given tank.
"""
tank_name = get_route_value(environ, 'bag_name')
store = environ['tiddlyweb.store']
usersign = environ['tiddlyweb.usersign']
config = environ['tiddlyweb.config']
try:
bag = store.get(Bag(tank_name))
bag = augment_bag(store, bag)
except NoBagError:
raise HTTP404('no tank found for %s' % tank_name)
try:
tiddler_name = get_route_value(environ, 'tiddler_name')
except (KeyError, AttributeError):
raise HTTP302(tank_page_uri(environ, tank_name, INDEX_PAGE))
if tiddler_name in SPECIAL_PAGES:
return SPECIAL_PAGES[tiddler_name](environ, start_response)
# let permissions problems raise
bag.policy.allows(usersign, 'read')
editable = True
creatable = True
deletable = True
try:
bag.policy.allows(usersign, 'write')
except PermissionsError:
editable = False
try:
bag.policy.allows(usersign, 'create')
except PermissionsError:
creatable = False
try:
bag.policy.allows(usersign, 'delete')
except PermissionsError:
deletable = False
try:
tiddler = Tiddler(tiddler_name, tank_name)
tiddler = store.get(tiddler)
except NoTiddlerError:
tiddler.type = 'text/x-markdown'
tiddler.text = '### This tiddler does not yet exist\n'
if creatable:
editable = True
else:
editable = False
deletable = False
if tiddler.title != INDEX_PAGE:
sisterlinks = get_sisterlinks(environ, tiddler)
tiddler.text = (tiddler.text +
'\n### Other tiddlers with similar names\n' +
''.join([
'* [[%s]]@[[%s]] @%s\n' %
(stiddler.title, stiddler.bag, stiddler.bag)
for stiddler in sisterlinks
]))
if renderable(tiddler, environ):
backlinks = get_backlinks(environ, tiddler)
rellinks = get_rellinks(environ, tiddler)
compable = full_search(config, 'id:"%s:app"' % tank_name)
html = render_wikitext(tiddler, environ)
start_response('200 OK', [('Content-Type', 'text/html; charset=UTF-8'),
('Cache-Control', 'no-cache')])
return send_template(
environ, WIKI_TEMPLATE, {
'tiddler': tiddler,
'html': html,
'bag': bag,
'backlinks': backlinks,
'create': creatable,
'edit': editable,
'delete': deletable,
'compable': compable,
'links': rellinks,
})
else:
return tiddler_get(environ, start_response)
def policy_mgr(environ, start_repsonse):
"""
Redirect to the policy manager for this tank.
"""
tank_name = get_route_value(environ, 'bag_name')
raise HTTP302('/policymgr#/%s' % quote(tank_name, safe=''))
def front(environ, start_response):
user = environ['tiddlyweb.usersign']
if user['name'] != 'GUEST' and 'MEMBER' in user['roles']:
raise HTTP302(
server_base_url(environ) + '/' + encode_name(user['name']))
return send_template(environ, 'home.html', {'title': 'Welcome'})