def store(request):
try:
auth_vars = extract_auth_vars(request)
data = request.raw_post_data
if auth_vars:
server_version = auth_vars.get('sentry_version', '1.0')
else:
server_version = request.GET.get('version', '1.0')
if server_version not in ('1.0', '2.0'):
raise APIError('Client/server version mismatch. Unsupported version: %r' % server_version)
if auth_vars:
project = project_from_auth_vars(auth_vars, data)
elif request.GET.get('api_key') and request.GET.get('project_id') and request.is_secure():
# ssl requests dont have to have signature verification
project = project_from_api_key_and_id(request.GET['api_key'], request.GET['project_id'])
elif request.GET.get('project_id') and request.user.is_authenticated():
# authenticated users are simply trusted to provide the right id
project = project_from_id(request)
else:
raise APIUnauthorized()
if not data.startswith('{'):
data = decode_and_decompress_data(data)
data = safely_load_json_string(data)
validate_data(project, data)
insert_data_to_database(data)
except APIError, error:
return HttpResponse(error.msg, status=error.http_status)
def _parse_header(self, request, project):
try:
auth_vars = extract_auth_vars(request)
except (IndexError, ValueError):
raise APIError('Invalid auth header')
if not auth_vars:
raise APIError(
'Client/server version mismatch: Unsupported client')
server_version = auth_vars.get('sentry_version', '1.0')
client = auth_vars.get('sentry_client',
request.META.get('HTTP_USER_AGENT'))
Raven.tags_context({'client': client})
Raven.tags_context({'protocol': server_version})
if server_version not in PROTOCOL_VERSIONS:
raise APIError(
'Client/server version mismatch: Unsupported protocol version (%s)'
% server_version)
if not client:
raise APIError(
'Client request error: Missing client version identifier')
return auth_vars
def store(request):
try:
auth_vars = extract_auth_vars(request)
data = request.raw_post_data
if auth_vars:
project = project_from_auth_vars(auth_vars, data)
elif request.GET.get('api_key') and request.GET.get(
'project_id') and request.is_secure():
# ssl requests dont have to have signature verification
project = project_from_api_key_and_id(request.GET['api_key'],
request.GET['project_id'])
elif request.GET.get('project_id') and request.user.is_authenticated():
# authenticated users are simply trusted to provide the right id
project = project_from_id(request)
else:
raise APIUnauthorized()
if not data.startswith('{'):
data = decode_and_decompress_data(data)
data = safely_load_json_string(data)
ensure_valid_project_id(project, data)
insert_data_to_database(data)
except APIError, error:
return HttpResponse(error.msg, status=error.http_status)
def test_valid(self):
request = mock.Mock()
request.META = {'HTTP_X_SENTRY_AUTH': 'Sentry key=value, biz=baz'}
result = extract_auth_vars(request)
self.assertNotEquals(result, None)
self.assertTrue('key' in result)
self.assertEquals(result['key'], 'value')
self.assertTrue('biz' in result)
self.assertEquals(result['biz'], 'baz')
def test_valid_version_legacy(self):
request = mock.Mock()
request.META = {'HTTP_AUTHORIZATION': 'Sentry key=value, biz=baz'}
result = extract_auth_vars(request)
self.assertNotEquals(result, None)
self.assertTrue('key' in result)
self.assertEquals(result['key'], 'value')
self.assertTrue('biz' in result)
self.assertEquals(result['biz'], 'baz')
def test_valid(self):
request = mock.Mock()
request.META = {'HTTP_X_SENTRY_AUTH': 'Sentry key=value, biz=baz'}
result = extract_auth_vars(request)
self.assertNotEquals(result, None)
self.assertTrue('key' in result)
self.assertEquals(result['key'], 'value')
self.assertTrue('biz' in result)
self.assertEquals(result['biz'], 'baz')
def test_valid_version_legacy(self):
request = mock.Mock()
request.META = {"HTTP_AUTHORIZATION": "Sentry key=value, biz=baz"}
result = extract_auth_vars(request)
self.assertNotEquals(result, None)
self.assertTrue("key" in result)
self.assertEquals(result["key"], "value")
self.assertTrue("biz" in result)
self.assertEquals(result["biz"], "baz")
def test_valid_version_legacy(self):
request = mock.Mock()
request.META = {'HTTP_AUTHORIZATION': 'Sentry key=value, biz=baz'}
result = extract_auth_vars(request)
self.assertNotEquals(result, None)
self.assertTrue('key' in result)
self.assertEquals(result['key'], 'value')
self.assertTrue('biz' in result)
self.assertEquals(result['biz'], 'baz')
def test_valid(self):
request = mock.Mock()
request.META = {"HTTP_X_SENTRY_AUTH": "Sentry key=value, biz=baz"}
result = extract_auth_vars(request)
self.assertNotEquals(result, None)
self.assertTrue("key" in result)
self.assertEquals(result["key"], "value")
self.assertTrue("biz" in result)
self.assertEquals(result["biz"], "baz")
def _parse_header(self, request, project):
auth_vars = extract_auth_vars(request)
if not auth_vars:
raise APIError('Client/server version mismatch: Unsupported client')
server_version = auth_vars.get('sentry_version', '1.0')
client = auth_vars.get('sentry_client', request.META.get('HTTP_USER_AGENT'))
if server_version not in ('2.0', '3'):
raise APIError('Client/server version mismatch: Unsupported protocol version (%s)' % server_version)
if not client:
raise APIError('Client request error: Missing client version identifier.')
return auth_vars
def _parse_header(self, request, project):
try:
auth_vars = extract_auth_vars(request)
except (IndexError, ValueError):
raise APIError('Invalid auth header')
if not auth_vars:
raise APIError('Client/server version mismatch: Unsupported client')
server_version = auth_vars.get('sentry_version', '1.0')
client = auth_vars.get('sentry_client', request.META.get('HTTP_USER_AGENT'))
if server_version not in PROTOCOL_VERSIONS:
raise APIError('Client/server version mismatch: Unsupported protocol version (%s)' % server_version)
if not client:
raise APIError('Client request error: Missing client version identifier')
return auth_vars
def _parse_header(self, request, project):
try:
auth_vars = extract_auth_vars(request)
except (IndexError, ValueError):
raise APIError("Invalid auth header")
if not auth_vars:
raise APIError("Client/server version mismatch: Unsupported client")
server_version = auth_vars.get("sentry_version", "1.0")
client = auth_vars.get("sentry_client", request.META.get("HTTP_USER_AGENT"))
if server_version not in ("2.0", "3", "4"):
raise APIError("Client/server version mismatch: Unsupported protocol version (%s)" % server_version)
if not client:
raise APIError("Client request error: Missing client version identifier")
return auth_vars
def _parse_header(self, request, project):
auth_vars = extract_auth_vars(request)
if not auth_vars:
raise APIError(
'Client/server version mismatch: Unsupported client')
server_version = auth_vars.get('sentry_version', '1.0')
client = auth_vars.get('sentry_client',
request.META.get('HTTP_USER_AGENT'))
if server_version not in ('2.0', '3'):
raise APIError(
'Client/server version mismatch: Unsupported protocol version (%s)'
% server_version)
if not client:
raise APIError(
'Client request error: Missing client version identifier.')
return auth_vars
def test_invalid_header_defers_to_GET(self):
request = mock.Mock()
request.META = {'HTTP_X_SENTRY_AUTH': 'foobar'}
request.GET = {'sentry_version': 1, 'foo': 'bar'}
result = extract_auth_vars(request)
self.assertEquals(result, {'sentry_version': 1})
def store(request, project_id=None):
"""
The primary endpoint for storing new events.
This will validate the client's authentication and data, and if
successfull pass on the payload to the internal database handler.
Authentication works in three flavors:
1. Explicit signed requests
These are implemented using the documented signed request protocol, and
require an authentication header which is signed using with the project
member's secret key.
2. CORS Secured Requests
Generally used for communications with client-side platforms (such as
JavaScript in the browser), they require a standard header, excluding
the signature and timestamp requirements, and must be listed in the
origins for the given project (or the global origins).
3. Implicit trusted requests
Used by the Sentry core, they are only available from same-domain requests
and do not require any authentication information. They only require that
the user be authenticated, and a project_id be sent in the GET variables.
"""
logger.debug('Inbound %r request from %r', request.method, request.META['REMOTE_ADDR'])
client = '<unknown client>'
if project_id:
if project_id.isdigit():
lookup_kwargs = {'id': int(project_id)}
else:
lookup_kwargs = {'slug': project_id}
try:
project = Project.objects.get_from_cache(**lookup_kwargs)
except Project.DoesNotExist:
raise APIError('Project does not exist')
else:
project = None
if request.method == 'POST':
try:
auth_vars = extract_auth_vars(request)
data = request.raw_post_data
if auth_vars:
server_version = auth_vars.get('sentry_version', '1.0')
client = auth_vars.get('sentry_client')
else:
server_version = request.GET.get('version', '1.0')
client = request.META.get('HTTP_USER_AGENT', request.GET.get('client'))
if server_version not in ('1.0', '2.0'):
raise APIError('Client/server version mismatch: Unsupported version: %r' % server_version)
if server_version != '1.0' and not client:
raise APIError('Client request error: Missing client version identifier.')
referrer = request.META.get('HTTP_REFERER')
if auth_vars:
# We only require a signature if a referrer was not set
# (this is restricted via the CORS headers)
origin = request.META.get('HTTP_ORIGIN')
project_ = project_from_auth_vars(auth_vars, data,
require_signature=bool(not origin))
if not project:
project = project_
elif project_ != project:
raise APIError('Project ID mismatch')
elif request.user.is_authenticated() and is_same_domain(request.build_absolute_uri(), referrer):
# authenticated users are simply trusted to provide the right id
project_ = project_from_id(request)
if not project:
project = project_
elif project_ != project:
raise APIError('Project ID mismatch')
else:
raise APIUnauthorized()
if not data.startswith('{'):
data = decode_and_decompress_data(data)
data = safely_load_json_string(data)
try:
validate_data(project, data, client)
except InvalidData, e:
raise APIError(unicode(e))
insert_data_to_database(data)
except APIError, error:
logging.error('Client %r raised API error: %s' % (client, error), exc_info=True)
response = HttpResponse(unicode(error.msg), status=error.http_status)
def test_invalid_construct_legacy(self):
request = mock.Mock()
request.META = {'HTTP_AUTHORIZATION': 'foobar'}
result = extract_auth_vars(request)
self.assertEquals(result, None)
def test_invalid_construct(self):
request = mock.Mock()
request.META = {'HTTP_X_SENTRY_AUTH': 'foobar'}
result = extract_auth_vars(request)
self.assertEquals(result, None)
def test_invalid_legacy_header_defers_to_GET(self):
request = mock.Mock()
request.META = {'HTTP_AUTHORIZATION': 'foobar'}
request.GET = {'sentry_version': 1, 'foo': 'bar'}
result = extract_auth_vars(request)
self.assertEquals(result, {'sentry_version': 1})
def test_invalid_header_defers_to_GET(self):
request = mock.Mock()
request.META = {'HTTP_X_SENTRY_AUTH': 'foobar'}
result = extract_auth_vars(request)
self.assertEquals(result, request.GET)
def test_invalid_legacy_header_defers_to_GET(self):
request = mock.Mock()
request.META = {"HTTP_AUTHORIZATION": "foobar"}
request.GET = {"sentry_version": 1, "foo": "bar"}
result = extract_auth_vars(request)
self.assertEquals(result, {"sentry_version": 1})
def store(request, project=None):
"""
The primary endpoint for storing new events.
This will validate the client's authentication and data, and if
successfull pass on the payload to the internal database handler.
Authentication works in three flavors:
1. Explicit signed requests
These are implemented using the documented signed request protocol, and
require an authentication header which is signed using with the project
member's secret key.
2. CORS Secured Requests
Generally used for communications with client-side platforms (such as
JavaScript in the browser), they require a standard header, excluding
the signature and timestamp requirements, and must be listed in the
origins for the given project (or the global origins).
3. Implicit trusted requests
Used by the Sentry core, they are only available from same-domain requests
and do not require any authentication information. They only require that
the user be authenticated, and a project_id be sent in the GET variables.
"""
logger.debug('Inbound %r request from %r (%s)', request.method,
request.META['REMOTE_ADDR'],
request.META.get('HTTP_USER_AGENT'))
client = '<unknown client>'
response = HttpResponse()
if request.method == 'POST':
try:
auth_vars = extract_auth_vars(request)
data = request.raw_post_data
if auth_vars:
server_version = auth_vars.get('sentry_version', '1.0')
client = auth_vars.get('sentry_client',
request.META.get('HTTP_USER_AGENT'))
else:
server_version = request.GET.get('version', '1.0')
client = request.META.get('HTTP_USER_AGENT',
request.GET.get('client'))
if server_version not in ('1.0', '2.0'):
raise APIError(
'Client/server version mismatch: Unsupported version: %r' %
server_version)
if server_version != '1.0' and not client:
raise APIError(
'Client request error: Missing client version identifier.')
referrer = request.META.get('HTTP_REFERER')
if auth_vars:
# We only require a signature if a referrer was not set
# (this is restricted via the CORS headers)
project_ = project_from_auth_vars(auth_vars,
data,
require_signature=False)
if not project:
project = project_
elif project_ != project:
raise APIError('Project ID mismatch')
elif request.user.is_authenticated() and is_same_domain(
request.build_absolute_uri(), referrer):
# authenticated users are simply trusted to provide the right id
project_ = project_from_id(request)
if not project:
project = project_
elif project_ != project:
raise APIError('Project ID mismatch')
else:
raise APIUnauthorized()
if not data.startswith('{'):
data = decode_and_decompress_data(data)
data = safely_load_json_string(data)
try:
validate_data(project, data, client)
except InvalidData, e:
raise APIError(u'Invalid data: %s' % unicode(e))
insert_data_to_database(data)
except APIError, error:
logger.error('Client %r raised API error: %s',
client,
error,
extra={
'request': request,
},
exc_info=True)
response = HttpResponse(unicode(error.msg),
status=error.http_status)
def store(request):
"""
The primary endpoint for storing new events.
This will validate the client's authentication and data, and if
successfull pass on the payload to the internal database handler.
Authentication works in three flavors:
1. Explicit signed requests
These are implemented using the documented signed request protocol, and
require an authentication header which is signed using with the project
member's secret key.
2. Explicit trusted requests
Generally used for communications with client-side platforms (such as
JavaScript in the browser), they require the GET variables public_key
and project_id, as well as an HTTP_REFERER to be set from a trusted
domain.
3. Implicit trusted requests
Used by the Sentry core, they are only available from same-domain requests
and do not require any authentication information. They only require that
the user be authenticated, and a project_id be sent in the GET variables.
"""
logger.debug('Inbound %r request from %r', request.method,
request.META['REMOTE_ADDR'])
client = '<unknown client>'
try:
if request.method == 'POST':
auth_vars = extract_auth_vars(request)
data = request.raw_post_data
if auth_vars:
server_version = auth_vars.get('sentry_version', '1.0')
client = auth_vars.get('sentry_client')
else:
server_version = request.GET.get('version', '1.0')
client = request.META.get('HTTP_USER_AGENT',
request.GET.get('client'))
if server_version not in ('1.0', '2.0'):
raise APIError(
'Client/server version mismatch: Unsupported version: %r' %
server_version)
if server_version != '1.0' and not client:
raise APIError(
'Client request error: Missing client version identifier.')
referrer = request.META.get('HTTP_REFERER')
if auth_vars:
project = project_from_auth_vars(auth_vars, data)
elif request.GET.get('api_key') and request.GET.get('project_id'):
# public requests only need referrer validation for CSRF
project = project_from_api_key_and_id(
request.GET['api_key'], request.GET['project_id'])
if not ProjectDomain.test(project, referrer):
raise APIUnauthorized()
elif request.GET.get('project_id') and request.user.is_authenticated() and \
is_same_domain(request.build_absolute_uri(), referrer):
# authenticated users are simply trusted to provide the right id
project = project_from_id(request)
else:
raise APIUnauthorized()
if not data.startswith('{'):
data = decode_and_decompress_data(data)
data = safely_load_json_string(data)
try:
validate_data(project, data, client)
except InvalidData, e:
raise APIError(unicode(e))
insert_data_to_database(data)
except APIError, error:
logging.error('Client %r raised API error: %s' % (client, error),
exc_info=True)
response = HttpResponse(unicode(error.msg), status=error.http_status)
def store(request, project=None):
"""
The primary endpoint for storing new events.
This will validate the client's authentication and data, and if
successfull pass on the payload to the internal database handler.
Authentication works in three flavors:
1. Explicit signed requests
These are implemented using the documented signed request protocol, and
require an authentication header which is signed using with the project
member's secret key.
2. CORS Secured Requests
Generally used for communications with client-side platforms (such as
JavaScript in the browser), they require a standard header, excluding
the signature and timestamp requirements, and must be listed in the
origins for the given project (or the global origins).
3. Implicit trusted requests
Used by the Sentry core, they are only available from same-domain requests
and do not require any authentication information. They only require that
the user be authenticated, and a project_id be sent in the GET variables.
"""
logger.debug(
"Inbound %r request from %r (%s)",
request.method,
request.META["REMOTE_ADDR"],
request.META.get("HTTP_USER_AGENT"),
)
client = "<unknown client>"
response = HttpResponse()
if request.method == "POST":
try:
auth_vars = extract_auth_vars(request)
data = request.raw_post_data
if auth_vars:
server_version = auth_vars.get("sentry_version", "1.0")
client = auth_vars.get("sentry_client", request.META.get("HTTP_USER_AGENT"))
else:
server_version = request.GET.get("version", "1.0")
client = request.META.get("HTTP_USER_AGENT", request.GET.get("client"))
if server_version not in ("1.0", "2.0"):
raise APIError("Client/server version mismatch: Unsupported version: %r" % server_version)
if server_version != "1.0" and not client:
raise APIError("Client request error: Missing client version identifier.")
referrer = request.META.get("HTTP_REFERER")
if auth_vars:
# We only require a signature if a referrer was not set
# (this is restricted via the CORS headers)
project_ = project_from_auth_vars(auth_vars, data, require_signature=False)
if not project:
project = project_
elif project_ != project:
raise APIError("Project ID mismatch")
elif request.user.is_authenticated() and is_same_domain(request.build_absolute_uri(), referrer):
# authenticated users are simply trusted to provide the right id
project_ = project_from_id(request)
if not project:
project = project_
elif project_ != project:
raise APIError("Project ID mismatch")
else:
raise APIUnauthorized()
if not data.startswith("{"):
data = decode_and_decompress_data(data)
data = safely_load_json_string(data)
try:
validate_data(project, data, client)
except InvalidData, e:
raise APIError(u"Invalid data: %s" % unicode(e))
insert_data_to_database(data)
except APIError, error:
logger.error("Client %r raised API error: %s", client, error, extra={"request": request}, exc_info=True)
response = HttpResponse(unicode(error.msg), status=error.http_status)
def test_invalid_header_defers_to_GET(self):
request = mock.Mock()
request.META = {"HTTP_X_SENTRY_AUTH": "foobar"}
result = extract_auth_vars(request)
self.assertEquals(result, request.GET)
def test_invalid_legacy_header_defers_to_GET(self):
request = mock.Mock()
request.META = {'HTTP_AUTHORIZATION': 'foobar'}
result = extract_auth_vars(request)
self.assertEquals(result, request.GET)
def test_invalid_construct_legacy(self):
request = mock.Mock()
request.META = {'HTTP_AUTHORIZATION': 'foobar'}
result = extract_auth_vars(request)
self.assertEquals(result, None)
def store(request):
"""
The primary endpoint for storing new events.
This will validate the client's authentication and data, and if
successfull pass on the payload to the internal database handler.
Authentication works in three flavors:
1. Explicit signed requests
These are implemented using the documented signed request protocol, and
require an authentication header which is signed using with the project
member's secret key.
2. Explicit trusted requests
Generally used for communications with client-side platforms (such as
JavaScript in the browser), they require the GET variables public_key
and project_id, as well as an HTTP_REFERER to be set from a trusted
domain.
3. Implicit trusted requests
Used by the Sentry core, they are only available from same-domain requests
and do not require any authentication information. They only require that
the user be authenticated, and a project_id be sent in the GET variables.
"""
logger.debug('Inbound %r request from %r', request.method, request.META['REMOTE_ADDR'])
client = '<unknown client>'
try:
if request.method == 'POST':
auth_vars = extract_auth_vars(request)
data = request.raw_post_data
if auth_vars:
server_version = auth_vars.get('sentry_version', '1.0')
client = auth_vars.get('sentry_client')
else:
server_version = request.GET.get('version', '1.0')
client = request.META.get('HTTP_USER_AGENT', request.GET.get('client'))
if server_version not in ('1.0', '2.0'):
raise APIError('Client/server version mismatch: Unsupported version: %r' % server_version)
if server_version != '1.0' and not client:
raise APIError('Client request error: Missing client version identifier.')
referrer = request.META.get('HTTP_REFERER')
if auth_vars:
project = project_from_auth_vars(auth_vars, data)
elif request.GET.get('api_key') and request.GET.get('project_id'):
# public requests only need referrer validation for CSRF
project = project_from_api_key_and_id(request.GET['api_key'], request.GET['project_id'])
if not ProjectDomain.test(project, referrer):
raise APIUnauthorized()
elif request.GET.get('project_id') and request.user.is_authenticated() and \
is_same_domain(request.build_absolute_uri(), referrer):
# authenticated users are simply trusted to provide the right id
project = project_from_id(request)
else:
raise APIUnauthorized()
if not data.startswith('{'):
data = decode_and_decompress_data(data)
data = safely_load_json_string(data)
try:
validate_data(project, data)
except InvalidTimestamp:
# Log the error, remove the timestamp, and revalidate
error_logger.error('Client %r passed an invalid value for timestamp %r' % (
data['timestamp'],
client or '<unknown client>',
))
del data['timestamp']
validate_data(project, data)
insert_data_to_database(data)
except APIError, error:
logging.error('Client %r raised API error: %s' % (client, error), exc_info=True)
response = HttpResponse(unicode(error.msg), status=error.http_status)
def test_invalid_construct(self):
request = mock.Mock()
request.META = {'HTTP_X_SENTRY_AUTH': 'foobar'}
result = extract_auth_vars(request)
self.assertEquals(result, None)
