def refined_query(self, query, model, req):
"""Derived classes may override this method to add model-specific query
refinements of their own.
"""
if model == Contribution:
return query.options(
joinedload_all(Contribution.references,
ContributionReference.source))
if model == Parameter:
if req.matchdict['id'][-1] not in ascii_uppercase:
# route match for 2008-style URL: redirect!
raise HTTPMovedPermanently(
req.route_url('contribution', id=req.matchdict['id']))
if model == Source:
try:
# redirect legacy refdb URLs formed with numeric id:
rec = Source.get(int(req.matchdict['id']), default=None)
if rec:
raise HTTPMovedPermanently(
req.route_url('source', id=rec.id))
else:
raise HTTPNotFound()
except ValueError:
pass
return query
def __call__(self, model, req):
if model == Language:
# responses for no longer supported legacy codes
if not models.Languoid.get(req.matchdict['id'], default=None):
legacy = models.LegacyCode.get(req.matchdict['id'],
default=None)
if legacy:
raise HTTPMovedPermanently(location=legacy.url(req))
#
# FIXME: how to serve HTTP 410 for legacy codes?
#
elif model == Source:
if ':' in req.matchdict['id']:
ref = req.db.query(models.Source)\
.join(models.Refprovider)\
.filter(models.Refprovider.id == req.matchdict['id'])\
.first()
if ref:
raise HTTPMovedPermanently(
location=req.route_url('source', id=ref.id))
legacy = req.db.query(
models.LegacyRef).filter_by(id=req.matchdict['id'])
if req.db.query(legacy.exists()).scalar():
raise HTTPGone()
return super(GLCtxFactoryQuery, self).__call__(model, req)
def release_detail(release, request):
project = release.project
# Check if the requested version is equivalent but not exactly the same as
# the release's version. Use `.get` because this view is used by
# `project_detail` and there may not be a version.
#
# This also handles the case where both the version and the project name
# need adjusted, and handles it in a single redirect.
if release.version != request.matchdict.get("version", release.version):
return HTTPMovedPermanently(
request.current_route_path(name=project.name, version=release.version)
)
# It's possible that the requested version was correct (or not provided),
# but we still need to adjust the project name.
if project.name != request.matchdict.get("name", project.name):
return HTTPMovedPermanently(request.current_route_path(name=project.name))
# Render the release description.
description = readme.render(release.description, release.description_content_type)
# Get all of the maintainers for this project.
maintainers = [
r.user
for r in (
request.db.query(Role)
.join(User)
.filter(Role.project == project)
.distinct(User.username)
.order_by(User.username)
.all()
)
]
# Get the license from both the `Classifier` and `License` metadata fields
license_classifiers = ", ".join(
c.split(" :: ")[-1] for c in release.classifiers if c.startswith("License")
)
# Make a best effort when the entire license text is given by using the
# first line only.
short_license = release.license.split("\n")[0] if release.license else None
if license_classifiers and short_license:
license = f"{license_classifiers} ({short_license})"
else:
license = license_classifiers or short_license or None
return {
"project": project,
"release": release,
"description": description,
"files": release.files.all(),
"latest_version": project.latest_version,
"all_versions": project.all_versions,
"maintainers": maintainers,
"license": license,
}
def display(request):
name = request.params.get('name')
version = request.params.get('version')
if not name:
raise HTTPNotFound
if version:
return HTTPMovedPermanently(
request.route_path('packaging.release', name=name,
version=version))
return HTTPMovedPermanently(
request.route_path('packaging.project', name=name))
def display(request):
name = request.params.get("name")
version = request.params.get("version")
if not name:
raise HTTPNotFound
if version:
return HTTPMovedPermanently(
request.route_path("packaging.release", name=name,
version=version))
return HTTPMovedPermanently(
request.route_path("packaging.project", name=name))
def file_redirect(request):
# Pull the information we need to find this file out of the URL.
pyversion, first, name, filename = request.matchdict["path"].split("/")
# This is just a simple sanity check so that we don't have to look this up
# in the database since it would otherwise be redundant.
if first != name[0]:
return HTTPNotFound()
# If the filename we're looking for is a signature, then we'll need to turn
# this into the *real* filename and a note that we're looking for the
# signature.
if filename.endswith(".asc"):
filename = filename[:-4]
signature = True
else:
signature = False
# Look up to see if there is a file that match this python version, name,
# and filename in the database. If there isn't we'll 404 here.
try:
file_ = (
request.db.query(File)
.filter((File.python_version == pyversion) &
(File.name == name) &
(File.filename == filename))
.one()
)
except NoResultFound:
return HTTPNotFound()
# If we've located the file, but we're actually looking for the signature
# then we'll check to see if this file object has a signature associated
# with it. If it does we'll redirect to that, if not then we'll return a
# 404.
if signature:
if file_.has_signature:
return HTTPMovedPermanently(
request.route_path("packaging.file", path=file_.pgp_path)
)
else:
return HTTPNotFound()
# Finally if we've gotten here, then we want to just return a redirect to
# the actual file.
return HTTPMovedPermanently(
request.route_path("packaging.file", path=file_.path)
)
def profile(user, request):
if user.username != request.matchdict.get("username", user.username):
return HTTPMovedPermanently(
request.current_route_path(username=user.username),
)
return {"user": user}
def project_detail(project, request):
project_name = request.matchdict["project_name"]
if project_name != project.normalized_name:
raise HTTPMovedPermanently(
request.current_route_path(
project_name=project.normalized_name, ), )
maintainers = [
role for role in (request.db.query(Role).join(User).filter(
Role.project == project).distinct(User.username).all())
]
maintainers = sorted(
maintainers,
key=lambda x: (x.role_name, x.user.username),
)
journal = [
entry for entry in (request.db.query(JournalEntry).filter(
JournalEntry.name == project.name).order_by(
JournalEntry.submitted_date.desc()).limit(50))
]
return {
"project": project,
"maintainers": maintainers,
"journal": journal,
"ONE_MB": ONE_MB,
"MAX_FILESIZE": MAX_FILESIZE
}
def wiki_view(page, request):
# TODO wait what happens if the path is empty
# If we got here and the URL has no trailing slash, redirect and add it.
# (Only files and /@@foo are allowed to not have a trailing slash.)
# TODO any cleaner way to do this, or cleaner place to do it? i can't use
# append_slash because core has dibs on the notfound view, and anyway i
# want a consistent url for pages that /do/ exist too
if not request.path.endswith('/'):
new_url = request.path_url + '/'
if request.query_string:
new_url += '?'
new_url += request.query_string
raise HTTPMovedPermanently(location=new_url)
if not page.exists:
# TODO what if it exists, but is a directory, or unreadable, or etc.?
# TODO should offer spelling suggestions... eventually
# TODO should examine the hierarchy to see if the parent exist, or any
# children exist
# TODO possibly a URL containing a dot somewhere (or @@, or whatever)
# should not end up here?
request.response.status_int = 404
return render_to_response('spline_wiki:templates/missing.mako',
dict(page=page),
request=request)
# TODO maybe i should go through git for this too, in case the repo is
# bare. bare repo actually sounds like an ok idea.
content = render_prose(page.read())
return dict(
page=page,
content=content,
)
def error_redirect(request):
'''
Errors get redirected here
'''
url = request.application_url + '/assets/public/error.html'
return HTTPMovedPermanently(location=url, expires=0, cache_control='no-store, no-cache, must-revalidate')
def __call__(self, request):
""" Performs the URL lookup and returns a Traversal root object or None
if no context for the current URL could be found. If a context object
is found but the human readable part of the URL doesn't match an
HTTPMovedPermanently exception is raised.
:param request: Current request
:type request: :class:`~pyramid.request.Request`
:raises pyramid.httpexceptions.HTTPMovedPermanently: If the request
human readable URL didn't match
:return: None or a dict like object
"""
if not request.matchdict:
return None
path_elements = request.matchdict.get('traverse', [])
id, requested_url_parts = self._context_id(
path_elements, separator='-'
)
if not id:
return None
context = self._get_context(id)
if not context:
return None
context_url = request.resource_path(context)
if not self._validate_url(requested_url_parts, context_url):
raise HTTPMovedPermanently(location=request.y_path(context))
return self._get_root(requested_url_parts, context.lineage)
def canonical_redirect(event):
request = event['request']
# Ignore subrequests
if len(manager.stack) > 1:
return
if request.method not in ('GET', 'HEAD'):
return
if request.response.status_int != 200:
return
if not request.environ.get('clincoded.canonical_redirect', True):
return
if request.path_info == '/':
return
canonical_path = event.rendering_val.get('@id', None)
if canonical_path is None:
return
canonical_path = canonical_path.split('?', 1)[0]
request_path = _join_path_tuple(('', ) +
split_path_info(request.path_info))
if (request_path == canonical_path.rstrip('/') and
request.path_info.endswith('/') == canonical_path.endswith('/')):
return
if '/@@' in request.path_info:
return
qs = request.query_string
location = canonical_path + ('?' if qs else '') + qs
raise HTTPMovedPermanently(location=location)
def _check_slug(group, request):
"""Redirect if the request slug does not match that of the group."""
slug = request.matchdict.get('slug')
if slug is None or slug != group.slug:
raise HTTPMovedPermanently(request.route_path('group_read',
pubid=group.pubid,
slug=group.slug))
def idea_vote(request):
post_data = request.POST
target = post_data.get('target')
session = DBSession()
idea = Idea.get_by_id(target)
voter_username = authenticated_userid(request)
voter = User.get_by_username(voter_username)
if post_data.get('form.vote_hit'):
idea.hits += 1
idea.author.hits += 1
voter.delivered_hits += 1
elif post_data.get('form.vote_miss'):
idea.misses += 1
idea.author.misses += 1
voter.delivered_misses += 1
idea.voted_users.append(voter)
session.flush()
redirect_url = route_url('idea', request, idea_id=idea.idea_id)
response = HTTPMovedPermanently(location=redirect_url)
return response
def project_detail(project, request):
project_name = request.matchdict["project_name"]
if project_name != project.normalized_name:
raise HTTPMovedPermanently(
request.current_route_path(project_name=project.normalized_name))
releases = (request.db.query(Release).filter(
Release.project == project).order_by(
Release._pypi_ordering.desc()).limit(10).all())
maintainers = [
role for role in (request.db.query(Role).join(User).filter(
Role.project == project).distinct(User.username).all())
]
maintainers = sorted(maintainers,
key=lambda x: (x.role_name, x.user.username))
journal = [
entry for entry in (request.db.query(JournalEntry).options(
joinedload("submitted_by")).filter(
JournalEntry.name == project.name).order_by(
JournalEntry.submitted_date.desc(),
JournalEntry.id.desc()).limit(30))
]
return {
"project": project,
"releases": releases,
"maintainers": maintainers,
"journal": journal,
"ONE_MB": ONE_MB,
"MAX_FILESIZE": MAX_FILESIZE,
"ONE_GB": ONE_GB,
"MAX_PROJECT_SIZE": MAX_PROJECT_SIZE,
}
def release_detail(release, request):
project = release.project
if project.name != request.matchdict.get("name", project.name):
return HTTPMovedPermanently(
request.current_route_path(name=project.name), )
# Get all of the registered versions for this Project, in order of newest
# to oldest.
all_releases = (request.db.query(Release).filter(
Release.project == project).with_entities(
Release.version,
Release.created).order_by(Release._pypi_ordering.desc()).all())
# Get all of the maintainers for this project.
maintainers = [
r.user for r in (request.db.query(Role).join(User).filter(
Role.project == project).distinct(User.username).order_by(
User.username).all())
]
return {
"project": project,
"release": release,
"files": release.files.all(),
"all_releases": all_releases,
"maintainers": maintainers,
}
def release_detail(release, request):
project = release.project
if project.name != request.matchdict.get("name", project.name):
return HTTPMovedPermanently(
request.current_route_path(name=project.name), )
# Get all of the registered versions for this Project, in order of newest
# to oldest.
all_releases = (project.releases.with_entities(
Release.version,
Release.created).order_by(Release._pypi_ordering.desc()).all())
# Get all of the maintainers for this project.
maintainers = [
r.user for r in (request.db.query(Role).join(User).filter(
Role.project == project).distinct(User.username).order_by(
User.username).all())
]
stats_svc = request.find_service(IDownloadStatService)
return {
"project": project,
"release": release,
"files": release.files.all(),
"all_releases": all_releases,
"maintainers": maintainers,
"download_stats": {
"daily": stats_svc.get_daily_stats(project.name),
"weekly": stats_svc.get_weekly_stats(project.name),
"monthly": stats_svc.get_monthly_stats(project.name),
},
}
def my_route(request, path):
if not path:
path = "/"
if path.endswith("/"):
path += "index.html"
try:
key = request.s3.get_key(path)
except S3ResponseError:
# Try the same request, but with a /index.html added onto it.
try:
key = request.s3.get_key(path + "/index.html")
except S3ResponseError:
return HTTPNotFound()
else:
return HTTPMovedPermanently("/" + path + "/")
key.open_read()
content_type, content_encoding = mimetypes.guess_type(path)
return Response(
app_iter=key,
content_type=content_type,
content_encoding=content_encoding,
)
def simple_detail(project, request):
# TODO: Handle files which are not hosted on PyPI
# Make sure that we're using the normalized version of the URL.
if project.normalized_name != request.matchdict.get(
"name", project.normalized_name
):
return HTTPMovedPermanently(
request.current_route_path(name=project.normalized_name)
)
# Get the latest serial number for this project.
request.response.headers["X-PyPI-Last-Serial"] = str(project.last_serial)
# Get all of the files for this project.
files = sorted(
request.db.query(File)
.options(joinedload(File.release))
.join(Release)
.filter(Release.project == project)
.all(),
key=lambda f: (parse(f.release.version), f.filename),
)
return {"project": project, "files": files}
def __call__(self, value, system):
request = system.get('request')
vary = request.environ.get('encoded.vary', None)
if vary is not None:
original_vary = request.response.vary or ()
request.response.vary = original_vary + vary
if (request.method in ('GET', 'HEAD')
and request.response.status_int == 200
and isinstance(value, dict)
and request.environ.get('encoded.canonical_redirect', True)):
url = value.get('@id', None)
if url is not None:
path = url.split('?', 1)[0]
if path != request.path:
qs = request.query_string
location = path + ('?' if qs else '') + qs
raise HTTPMovedPermanently(location=location)
format = request.environ.get('encoded.format', 'json')
value = self.json_renderer(value, system)
if format == 'json':
return value
else:
return self.page_renderer(value, system)
def error_redirect(request):
'''
Errors get redirected here
'''
return HTTPMovedPermanently(
location=request.route_url('error'),
expires=0,
cache_control='no-store, no-cache, must-revalidate')
def json_release_slash(project, request):
return HTTPMovedPermanently(
# Respond with redirect to url without trailing slash
request.route_path("legacy.api.json.release",
name=project.name,
version=project.version),
headers=_CORS_HEADERS,
)
def __init__(self, f, request, disposition='attachment',
cache_max_age=604800, content_type=None,
content_encoding=None):
"""
:param f: the ``UploadedFile`` file field value.
:type f: :class:`depot.io.interfaces.StoredFile`
:param request: Current request.
:type request: :class:`pyramid.request.Request`
:param disposition:
:type disposition:
:param cache_max_age: The number of seconds that should be used to HTTP
cache this response.
:param content_type: The content_type of the response.
:param content_encoding: The content_encoding of the response.
It's generally safe to leave this set to
``None`` if you're serving a binary file.
This argument will be ignored if you also
leave ``content-type`` as ``None``.
"""
if f.public_url:
raise HTTPMovedPermanently(f.public_url)
content_encoding, content_type = self._get_type_and_encoding(
content_encoding, content_type, f)
super(StoredFileResponse, self).__init__(
conditional_response=True,
content_type=content_type,
content_encoding=content_encoding)
app_iter = None
if request is not None and \
not get_settings()['kotti.depot_replace_wsgi_file_wrapper']:
environ = request.environ
if 'wsgi.file_wrapper' in environ:
app_iter = environ['wsgi.file_wrapper'](f, _BLOCK_SIZE)
if app_iter is None:
app_iter = FileIter(f)
self.app_iter = app_iter
# assignment of content_length must come after assignment of app_iter
self.content_length = f.content_length
self.last_modified = f.last_modified
if cache_max_age is not None:
self.cache_expires = cache_max_age
self.cache_control.public = True
self.etag = self.generate_etag(f)
self.content_disposition = rfc6266.build_header(
f.filename, disposition=disposition,
filename_compat=unidecode(f.filename))
def test_unicode_redirects(original_location, expected_location):
if original_location:
resp_in = HTTPMovedPermanently(original_location)
else:
resp_in = Response()
resp_out = sanity.unicode_redirects(resp_in)
assert resp_out.location == expected_location
def antibody_approval_page_view(context, request):
if 'antibodies' in request.traversed:
obj = request.embed(request.resource_path(context), '@@object')
qs = request.query_string
location = obj['antibody'] + ('?' if qs else '') + qs
raise HTTPMovedPermanently(location=location)
if request.has_permission('view'):
return item_view_page(context, request)
raise HTTPForbidden()
def public_report_short_url(request, validator=None):
request.matchdict['name'] = 'public_short_url'
request.GET['sid'] = request.matchdict['sid']
path = generate_report(request, validator, prefix='public.')
url = request.application_url + path
return HTTPMovedPermanently(
location=url,
expires=0,
cache_control='no-store, no-cache, must-revalidate')
def __init__(self, request):
settings = request.registry.settings
if not asbool(settings.get('caliopen_ws.force_https', '0')):
return
if request.environ.get('REQUEST_SCHEME') != 'https':
url = "https://" + request.host + request.path_qs
log.debug('Redirect to %s' % url)
raise HTTPMovedPermanently(location=url)
self.request = request
def profile(user, request):
if user.username != request.matchdict.get("username", user.username):
return HTTPMovedPermanently(
request.current_route_path(username=user.username), )
projects = (request.db.query(Release).options(joinedload(
Release.project)).join(Project).distinct(Project.name).filter(
Project.users.contains(user)).order_by(Project.name).all())
return {"user": user, "projects": projects}
def profile(user, request):
if user.username != request.matchdict.get("username", user.username):
return HTTPMovedPermanently(
request.current_route_path(username=user.username))
projects = (request.db.query(Project).filter(
Project.users.contains(user)).join(Project.releases).order_by(
Release.created.desc()).all())
return {"user": user, "projects": projects}
def reset(request):
_ = request.translate
token = DBSession.query(PasswordResetToken) \
.filter_by(token=request.matchdict['token']) \
.first()
if not token or not token.user:
request.messages.error(_('Unknown password reset token.'))
url = request.route_url('account_forgot')
return HTTPMovedPermanently(location=url)
password = request.POST.get('password')
password2 = request.POST.get('password2')
if request.method != 'POST' or not password or not password2:
return {'token': token}
if not User.validate_password(password) or password != password2:
request.messages.error(_('Invalid password.'))
request.response.status_code = HTTPBadRequest.code
return {'token': token}
token.user.set_password(password)
mailer = get_mailer(request)
body = render('mail/password_reset_done.mako', {
'user': token.user,
'changed_by': request.remote_addr,
},
request=request)
message = Message(subject=_('CCVPN: Password changed'),
recipients=[token.user.email],
body=body)
mailer.send(message)
msg = _('You have changed the password for ${user}.',
mapping={'user': token.user.username})
msg += ' ' + _('You can now log in.')
request.messages.info(msg)
DBSession.delete(token)
url = request.route_url('account_login')
return HTTPMovedPermanently(location=url)
