def test_jwtsession_expire_days(): class A(spa.Handler): def get(self): return spa.Response(self.request.environ['jwtsession']['foo']) routes = ( ('/', 'a', A), ) app = spa.App(routes) secret = 'foobar' app = JWTSessionMiddleware(app, secret_key=secret, expire_days=1) c = Client(app, spa.Response) tok = jwt.encode({ 'foo': 'bar', 'iat': utc.now() - datetime.timedelta(days=1) }, secret) c.set_cookie('localhost', 'session', tok) with pytest.raises(KeyError): # The handler should fail to read 'foo' from the session, because it # will have been dropped when the middleware saw that its 'iat' # timestamp was too old. c.get('/')
def report_download(self, data, token): """This function is used by 'qwebactionmanager.js' in order to trigger the download of a pdf/controller report. :param data: a javascript array JSON.stringified containg report internal url ([0]) and type [1] :returns: Response with a filetoken cookie and an attachment header """ requestcontent = simplejson.loads(data) url, type = requestcontent[0], requestcontent[1] try: if type == 'qweb-pdf': reportname = url.split('/report/pdf/')[1].split('?')[0] docids = None if '/' in reportname: reportname, docids = reportname.split('/') attach_name = reportname if docids: so_ids = [int(i) for i in docids.split(',')] if reportname.find( 'cebis_sale_order_report.report_sale_order') != -1: cr, uid, context = request.cr, request.uid, request.context so = request.registry['sale.order'].browse( cr, uid, so_ids, context=context)[0] attach_name = so.name # Generic report: response = self.report_routes(reportname, docids=docids, converter='pdf') else: # Particular report: data = url_decode( url.split('?') [1]).items() # decoding the args represented in JSON response = self.report_routes(reportname, converter='pdf', **dict(data)) response.headers.add( 'Content-Disposition', 'attachment; filename=%s.pdf;' % attach_name) response.set_cookie('fileToken', token) return response elif type == 'controller': reqheaders = Headers(request.httprequest.headers) response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True) response.set_cookie('fileToken', token) return response else: return except Exception, e: se = _serialize_exception(e) error = {'code': 200, 'message': "Odoo Server Error", 'data': se} return request.make_response(html_escape(simplejson.dumps(error)))
def report_download(self, data, token): """This function is used by 'qwebactionmanager.js' in order to trigger the download of a pdf/controller report. :param data: a javascript array JSON.stringified containg report internal url ([0]) and type [1] :returns: Response with a filetoken cookie and an attachment header """ requestcontent = json.loads(data) url, type = requestcontent[0], requestcontent[1] try: if type == 'qweb-pdf': reportname = url.split('/report/pdf/')[1].split('?')[0] docids = None if '/' in reportname: reportname, docids = reportname.split('/') if docids: # Generic report: response = self.report_routes(reportname, docids=docids, converter='pdf') else: # Particular report: data = url_decode( url.split('?') [1]).items() # decoding the args represented in JSON response = self.report_routes(reportname, converter='pdf', **dict(data)) cr, uid = request.cr, request.uid report = request.registry['report']._get_report_from_name( cr, uid, reportname) filename = "%s.%s" % (report.name, "pdf") response.headers.add('Content-Disposition', content_disposition(filename)) response.set_cookie('fileToken', token) return response elif type == 'controller': reqheaders = Headers(request.httprequest.headers) response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True) response.set_cookie('fileToken', token) return response else: return except Exception, e: se = _serialize_exception(e) error = { 'code': 200, 'message': "YuanCloud Server Error", 'data': se } return request.make_response(html_escape(json.dumps(error)))
def report_download(self, data, token): """This function is used by 'qwebactionmanager.js' in order to trigger the download of a pdf/controller report. :param data: a javascript array JSON.stringified containg report internal url ([0]) and type [1] :returns: Response with a filetoken cookie and an attachment header """ requestcontent = simplejson.loads(data) url, type = requestcontent[0], requestcontent[1] try: if type == 'qweb-pdf': reportname = url.split('/report/pdf/')[1].split('?')[0] docids = None if '/' in reportname: reportname, docids = reportname.split('/') if docids: # Generic report: response = super(Extension, self).report_routes(reportname, docids=docids, converter='pdf') # response = self.report_routes(reportname, docids=docids, converter='pdf') ##### FIX START: switch reportname with the evaluated attachment attribute of the action if available docids = [int(i) for i in docids.split(',')] report_obj = request.registry['report'] cr, uid, context = request.cr, request.uid, request.context report = report_obj._get_report_from_name(cr, uid, reportname) obj = report_obj.pool[report.model].browse(cr, uid, docids[0]) if hasattr(obj, 'name') and obj.name: reportname = obj.name ##### FIX END else: # Particular report: data = url_decode(url.split('?')[1]).items() # decoding the args represented in JSON response = super(Extension, self).report_routes(reportname, converter='pdf', **dict(data)) # response = self.report_routes(reportname, converter='pdf', **dict(data)) response.headers.add('Content-Disposition', 'attachment; filename=%s.pdf;' % reportname) response.set_cookie('fileToken', token) return response elif type =='controller': reqheaders = Headers(request.httprequest.headers) response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True) response.set_cookie('fileToken', token) return response else: return except Exception, e: se = _serialize_exception(e) error = { 'code': 200, 'message': "Odoo Server Error", 'data': se } return request.make_response(html_escape(simplejson.dumps(error)))
def report_download(self, data,token): """This function is used by 'qwebactionmanager.js' in order to trigger the download of a pdf/controller report. :param data: a javascript array JSON.stringified containg report internal url ([0]) and type [1] :returns: Response with a filetoken cookie and an attachment header """ requestcontent = simplejson.loads(data) url, type = requestcontent[0], requestcontent[1] try: if type == 'qweb-pdf': reportname = url.split('/report/pdf/')[1].split('?')[0] docids = None if '/' in reportname: reportname, docids = reportname.split('/') if docids: # Generic report: response = self.report_routes(reportname, docids=docids, converter='pdf') else: # Particular report: data = url_decode(url.split('?')[1]).items() # decoding the args represented in JSON response = self.report_routes(reportname, converter='pdf', **dict(data)) if reportname == 'jjuice_fedex.report_print_label': cr, context = request.cr, request.context info = request.registry('create.shipment.fedex').read(cr,SUPERUSER_ID,int(docids),['to_person_name','tracking_number']) str_list = [] str_list.append(time.strftime("%Y-%m-%d")) str_list.append(info.get('to_person_name','unavailable') or 'unavailable') str_list.append(info.get('tracking_number','unavailable') or 'unavailable') label_name = '_'.join(str_list) response.headers.add('Content-Disposition', 'attachment; filename=%s.pdf;' % label_name) else: response.headers.add('Content-Disposition', 'attachment; filename=%s.pdf;' % reportname) response.set_cookie('fileToken', token) return response elif type =='controller': reqheaders = Headers(request.httprequest.headers) response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True) response.set_cookie('fileToken', token) return response else: return except Exception, e: se = _serialize_exception(e) error = { 'code': 200, 'message': "Odoo Server Error", 'data': se } return request.make_response(html_escape(simplejson.dumps(error)))
def report_download(self, data, token): """This function is used by 'qwebactionmanager.js' in order to trigger the download of a pdf/controller report. :param data: a javascript array JSON.stringified containg report internal url ([0]) and type [1] :returns: Response with a filetoken cookie and an attachment header """ requestcontent = simplejson.loads(data) url, type = requestcontent[0], requestcontent[1] try: if type == 'qweb-pdf': reportname = url.split('/report/pdf/')[1].split('?')[0] docids = None if '/' in reportname: reportname, docids = reportname.split('/') if docids: # Generic report: response = self.report_routes(reportname, docids=docids, converter='pdf') else: # Particular report: data = url_decode(url.split('?')[1]).items() # decoding the args represented in JSON response = self.report_routes(reportname, converter='pdf', **dict(data)) cr, uid, context = request.cr, openerp.SUPERUSER_ID, request.context report_obj = request.registry['ir.actions.report.xml'] idreport = report_obj.search(cr, uid, [('report_name', '=', reportname)], context=context) try: report = report_obj.browse(cr, uid, idreport[0], context=context) reportname = report.report_file + '_' + time.strftime('%Y%m%d', time.gmtime()) except IndexError: _logger.error("Can not lookup report %s" % reportname) response.headers.add('Content-Disposition', 'attachment; filename=%s.pdf;' % reportname) response.set_cookie('fileToken', token) return response elif type =='controller': reqheaders = Headers(request.httprequest.headers) response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True) response.set_cookie('fileToken', token) return response else: return except Exception, e: se = _serialize_exception(e) error = { 'code': 200, 'message': "Odoo Server Error", 'data': se } return request.make_response(html_escape(simplejson.dumps(error)))
def report_download(self, data, token): """This function is used by 'qwebactionmanager.js' in order to trigger the download of a pdf/controller report. :param data: a javascript array JSON.stringified containg report internal url ([0]) and type [1] :returns: Response with a filetoken cookie and an attachment header """ requestcontent = simplejson.loads(data) url, type = requestcontent[0], requestcontent[1] try: if type == 'qweb-pdf': reportname = url.split('/report/pdf/')[1].split('?')[0] docids = None if '/' in reportname: reportname, docids = reportname.split('/') print docids,reportname if docids: # Generic report: response = self.report_routes(reportname, docids=docids, converter='pdf') else: # Particular report: data = url_decode(url.split('?')[1]).items() # decoding the args represented in JSON response = self.report_routes(reportname, converter='pdf', **dict(data)) #Rename the pdf's name make it looks kindly. report_ids = request.registry.get('ir.actions.report.xml').search(request.cr,openerp.SUPERUSER_ID,[('report_name','=',reportname)]) if len(report_ids): report_obj = request.registry.get('ir.actions.report.xml').browse(request.cr,openerp.SUPERUSER_ID,report_ids[0]) docids = [int(x) for x in docids.split(',')] reports = request.registry.get(report_obj.model).browse(request.cr,openerp.SUPERUSER_ID,docids) filename = reports[0].name response.headers.add('Content-Disposition', 'attachment; filename=%s.pdf;' % filename) response.set_cookie('fileToken', token) return response elif type =='controller': reqheaders = Headers(request.httprequest.headers) response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True) response.set_cookie('fileToken', token) return response else: return except Exception, e: se = _serialize_exception(e) error = { 'code': 200, 'message': "Odoo Server Error", 'data': se } return request.make_response(html_escape(simplejson.dumps(error)))
def report_download(self, data, token): """This function is used by 'qwebactionmanager.js' in order to trigger the download of a pdf/controller report. :param data: a javascript array JSON.stringified containg report internal url ([0]) and type [1] :returns: Response with a filetoken cookie and an attachment header """ requestcontent = json.loads(data) url, type = requestcontent[0], requestcontent[1] try: if type == 'qweb-pdf': reportname = url.split('/report/pdf/')[1].split('?')[0] docids = None if '/' in reportname: reportname, docids = reportname.split('/') if docids: # Generic report: response = self.report_routes(reportname, docids=docids, converter='pdf') else: # Particular report: data = url_decode(url.split('?')[1]).items() # decoding the args represented in JSON response = self.report_routes(reportname, converter='pdf', **dict(data)) cr, uid = request.cr, request.uid report = request.registry['report']._get_report_from_name(cr, uid, reportname) filename = "%s.%s" % (report.name, "pdf") if docids: ids = [int(x) for x in docids.split(",")] obj = request.env[report.model].browse(ids) if report.print_report_name and not len(obj) > 1: filename = eval(report.print_report_name, {'object': obj, 'time': time}) response.headers.add('Content-Disposition', content_disposition(filename)) response.set_cookie('fileToken', token) return response elif type =='controller': reqheaders = Headers(request.httprequest.headers) response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True) response.set_cookie('fileToken', token) return response else: return except Exception, e: se = _serialize_exception(e) error = { 'code': 200, 'message': "Odoo Server Error", 'data': se } return request.make_response(html_escape(json.dumps(error)))
def test_empty_header_blocked(): class A(spa.Handler): def post(self): return spa.Response('hello world') routes = ( ('/', 'a', A), ) app = ApiCSRFMiddleware(spa.App(routes)) c = Client(app, spa.Response) c.set_cookie('localhost', 'api_csrf', 'foobar') resp = c.post('/') assert resp.status_code == 403
def test_mismatched_tokens_blocked(): class A(spa.Handler): def post(self): return spa.Response('hello world') routes = ( ('/', 'a', A), ) app = ApiCSRFMiddleware(spa.App(routes)) c = Client(app, spa.Response) c.set_cookie('localhost', 'api_csrf', 'foobar') resp = c.post('/', headers={'X-Api-CSRF': 'barfoo'}) assert resp.status_code == 403
def report_download(self, data, token): requestcontent = json.loads(data) url, type = requestcontent[0], requestcontent[1] try: if type == 'controller': reqheaders = Headers(request.httprequest.headers) response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True) response.set_cookie('fileToken', token) return response except Exception as e: se = _serialize_exception(e) error = {'code': 200, 'message': "Odoo Server Error", 'data': se} return request.make_response(html_escape(json.dumps(error))) return super(ReportControllerExtend, self).report_download(data, token)
def report_download(self, data, token): """This function is used by 'qwebactionmanager.js' in order to trigger the download of a pdf/controller report. :param data: a javascript array JSON.stringified containg report internal url ([0]) and type [1] :returns: Response with a filetoken cookie and an attachment header """ requestcontent = simplejson.loads(data) url, type = requestcontent[0], requestcontent[1] if type == 'qweb-pdf': reportname = url.split('/report/pdf/')[1].split('?')[0] docids = None if '/' in reportname: reportname, docids = reportname.split('/') if docids: # Generic report: response = self.report_routes(reportname, docids=docids, converter='pdf') else: # Particular report: data = url_decode(url.split( '?')[1]).items() # decoding the args represented in JSON response = self.report_routes(reportname, converter='pdf', **dict(data)) response.headers.add('Content-Disposition', 'attachment; filename=%s.pdf;' % reportname) response.set_cookie('fileToken', token) return response elif type == 'controller': reqheaders = Headers(request.httprequest.headers) response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True) response.set_cookie('fileToken', token) return response else: return
def report_download(self, data, token): """This function is used by 'qwebactionmanager.js' in order to trigger the download of a pdf/controller report. :param data: a javascript array JSON.stringified containg report internal url ([0]) and type [1] :returns: Response with a filetoken cookie and an attachment header """ requestcontent = json.loads(data) url, type = requestcontent[0], requestcontent[1] try: if type == "qweb-pdf": reportname = url.split("/report/pdf/")[1].split("?")[0] docids = None if "/" in reportname: reportname, docids = reportname.split("/") if docids: # Generic report: response = self.report_routes(reportname, docids=docids, converter="pdf") else: # Particular report: data = url_decode(url.split("?")[1]).items() # decoding the args represented in JSON response = self.report_routes(reportname, converter="pdf", **dict(data)) cr, uid = request.cr, request.uid report = request.registry["report"]._get_report_from_name(cr, uid, reportname) filename = "%s.%s" % (report.name, "pdf") response.headers.add("Content-Disposition", content_disposition(filename)) response.set_cookie("fileToken", token) return response elif type == "controller": reqheaders = Headers(request.httprequest.headers) response = Client(request.httprequest.app, BaseResponse).get( url, headers=reqheaders, follow_redirects=True ) response.set_cookie("fileToken", token) return response else: return except Exception, e: se = _serialize_exception(e) error = {"code": 200, "message": "Odoo Server Error", "data": se} return request.make_response(html_escape(json.dumps(error)))
def report_download(self, data, token): """This function is used by 'qwebactionmanager.js' in order to trigger the download of a pdf/controller report. :param data: a javascript array JSON.stringified containg report internal url ([0]) and type [1] :returns: Response with a filetoken cookie and an attachment header """ requestcontent = simplejson.loads(data) url, type = requestcontent[0], requestcontent[1] try: if type == 'qweb-pdf': reportname = url.split('/report/pdf/')[1].split('?')[0] docids = None if '/' in reportname: reportname, docids = reportname.split('/') if docids: # Generic report: response = self.report_routes(reportname, docids=docids, converter='pdf') else: # Particular report: data = url_decode(url.split('?')[1]).items() # decoding the args represented in JSON response = self.report_routes(reportname, converter='pdf', **dict(data)) response.headers.add('Content-Disposition', 'attachment; filename=%s.pdf;' % reportname) response.set_cookie('fileToken', token) return response elif type =='controller': reqheaders = Headers(request.httprequest.headers) response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True) response.set_cookie('fileToken', token) return response else: return except osv.except_osv, e: se = _serialize_exception(e) error = { 'code': 200, 'message': "Odoo Server Error", 'data': se } return request.make_response(simplejson.dumps(error))
def replay_url(self, url, wsgi_application=None, follow_redirects=True): """ Given a URL contained in this WARC, return a werkzeug BaseResponse for the URL as played back by pywb. """ # By default, play back from our pywb wsgi app. if not wsgi_application: from warc_server.app import application as pywb_application # local to avoid circular imports wsgi_application = pywb_application # Set up a werkzeug wsgi client. client = Client(wsgi_application, BaseResponse) # Set a cookie to allow replay of private links. if self.is_private: client.set_cookie('localhost', self.guid, self.create_access_token()) # Return pywb's response as a BaseResponse. full_url = '/%s/%s' % (self.guid, url) return client.get(full_url, follow_redirects=follow_redirects)
def test_read_session_cookie(): class A(spa.Handler): def get(self): return spa.Response(self.request.environ['jwtsession']['foo']) routes = ( ('/', 'a', A), ) app = spa.App(routes) secret = 'foobar' app = JWTSessionMiddleware(app, secret_key=secret) c = Client(app, spa.Response) c.set_cookie('localhost', 'session', jwt.encode({'foo': 'bar', 'iat': utc.now()}, secret)) resp = c.get('/') assert resp.data == b'bar'
def test_cookie_forging(): c = Client(cookie_app) c.set_cookie("localhost", "foo", "bar") response = c.open() assert response.data == b"foo=bar"
def report_download(self, data, token): """This function is used by 'qwebactionmanager.js' in order to trigger the download of a pdf/controller report. :param data: a javascript array JSON.stringified containg report internal url ([0]) and type [1] :returns: Response with a filetoken cookie and an attachment header """ requestcontent = simplejson.loads(data) url, type = requestcontent[0], requestcontent[1] try: if type == 'qweb-pdf': reportname = url.split('/report/pdf/')[1].split('?')[0] docids = None if '/' in reportname: reportname, docids = reportname.split('/') print docids, reportname if docids: # Generic report: response = self.report_routes(reportname, docids=docids, converter='pdf') else: # Particular report: data = url_decode( url.split('?') [1]).items() # decoding the args represented in JSON response = self.report_routes(reportname, converter='pdf', **dict(data)) #Rename the pdf's name make it looks kindly. report_ids = request.registry.get( 'ir.actions.report.xml').search( request.cr, openerp.SUPERUSER_ID, [('report_name', '=', reportname)]) if len(report_ids): report_obj = request.registry.get( 'ir.actions.report.xml').browse( request.cr, openerp.SUPERUSER_ID, report_ids[0]) docids = [int(x) for x in docids.split(',')] reports = request.registry.get(report_obj.model).browse( request.cr, openerp.SUPERUSER_ID, docids) filename = reports[0].name response.headers.add('Content-Disposition', 'attachment; filename=%s.pdf;' % filename) response.set_cookie('fileToken', token) return response elif type == 'controller': reqheaders = Headers(request.httprequest.headers) response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True) response.set_cookie('fileToken', token) return response else: return except Exception, e: se = _serialize_exception(e) error = {'code': 200, 'message': "Odoo Server Error", 'data': se} return request.make_response(html_escape(simplejson.dumps(error)))
def test_cookie_forging(self): c = Client(cookie_app) c.set_cookie('localhost', 'foo', 'bar') appiter, code, headers = c.open() assert list(appiter) == ['foo=bar']
def test_cookie_forging(): c = Client(cookie_app) c.set_cookie('localhost', 'foo', 'bar') appiter, code, headers = c.open() strict_eq(list(appiter), [b'foo=bar'])
def test_cookie_forging(): """Test that cookie forging works.""" c = Client(cookie_app) c.set_cookie('localhost', 'foo', 'bar') appiter, code, headers = c.open() assert list(appiter) == ['foo=bar']
def test_cookie_forging(): c = Client(cookie_app) c.set_cookie("localhost", "foo", "bar") appiter, code, headers = c.open() strict_eq(list(appiter), [b"foo=bar"])
def report_download(self, data, token): requestcontent = json.loads(data) url, type = requestcontent[0], requestcontent[1] try: if type == 'qweb-pdf': reportname = url.split('/report/pdf/')[1].split('?')[0] docids = None if '/' in reportname: reportname, docids = reportname.split('/') if docids: # Generic report: response = self.report_routes(reportname, docids=docids, converter='pdf') else: # Particular report: data = url_decode(url.split( '?')[1]) # decoding the args represented in JSON response = self.report_routes(reportname, converter='pdf', **dict(data)) temp_dict = {} temp_dict.update(json.loads(dict(data).pop('options'))) if 'skit_report_type' in temp_dict.keys( ) and temp_dict['skit_report_type'] == 'XLS': report = request.env[ 'ir.actions.report']._get_report_from_name( reportname) filename = "%s.%s" % (report.name, "xls") # Customize the report name must be what we want # from print xls report ,pass the report_name and customize it. # code added for skit.event.report module execute same model for all event report if 'report_name' in temp_dict.keys( ) and temp_dict['skit_report_type'] == 'XLS': filename = "%s.%s" % (temp_dict['report_name'], "xls") response.headers.add('Content-Disposition', content_disposition(filename)) response.set_cookie('fileToken', token) return response report = request.env[ 'ir.actions.report']._get_report_from_name(reportname) filename = "%s.%s" % (report.name, "pdf") response.headers.add('Content-Disposition', content_disposition(filename)) response.set_cookie('fileToken', token) return response elif type == 'controller': reqheaders = Headers(request.httprequest.headers) response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True) response.set_cookie('fileToken', token) return response else: return except Exception as e: se = _serialize_exception(e) error = {'code': 200, 'message': "Odoo Server Error", 'data': se} return request.make_response(html_escape(json.dumps(error)))
def report_download(self, data, token): """This function is used by 'qwebactionmanager.js' in order to trigger the download of a pdf/controller report. :param data: a javascript array JSON.stringified containg report internal url ([0]) and type [1] :returns: Response with a filetoken cookie and an attachment header """ requestcontent = simplejson.loads(data) url, type = requestcontent[0], requestcontent[1] try: if type == 'qweb-pdf': reportname = url.split('/report/pdf/')[1].split('?')[0] docids = None if '/' in reportname: reportname, docids = reportname.split('/') if docids: # Generic report: response = self.report_routes(reportname, docids=docids, converter='pdf') ##### FIX START: switch reportname with the evaluated attachment attribute of the action if available docids = [int(i) for i in docids.split(',')] report_obj = request.registry['report'] cr, uid, context = request.cr, request.uid, request.context report = report_obj._get_report_from_name( cr, uid, reportname) if report.attachment: obj = report_obj.pool[report.model].browse( cr, uid, docids[0]) reportname = eval(report.attachment, { 'object': obj }).split('.pdf')[0] ##### FIX END else: # Particular report: data = url_decode( url.split('?') [1]).items() # decoding the args represented in JSON response = self.report_routes(reportname, converter='pdf', **dict(data)) response.headers.add( 'Content-Disposition', 'attachment; filename=%s.pdf;' % reportname) response.set_cookie('fileToken', token) return response elif type == 'controller': reqheaders = Headers(request.httprequest.headers) response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True) response.set_cookie('fileToken', token) return response else: return except osv.except_osv, e: se = _serialize_exception(e) error = {'code': 200, 'message': "Odoo Server Error", 'data': se} return request.make_response(simplejson.dumps(error))
def report_download(self, data, token): """This function is used by 'qwebactionmanager.js' in order to trigger the download of a pdf/controller report. :param data: a javascript array JSON.stringified containg report internal url ([0]) and type [1] :returns: Response with a filetoken cookie and an attachment header """ requestcontent = simplejson.loads(data) url, type = requestcontent[0], requestcontent[1] try: if type == 'qweb-pdf': reportname = url.split('/report/pdf/')[1].split('?')[0] docids = None if '/' in reportname: reportname, docids = reportname.split('/') if docids: # Generic report: response = self.report_routes(reportname, docids=docids, converter='pdf') else: # Particular report: data = url_decode(url.split('?')[1]).items() # decoding the args represented in JSON response = self.report_routes(reportname, converter='pdf', **dict(data)) #################### TO CHANGE NAME OF THE QWEB REPORT PDF FILE ################## if docids: if reportname == "account.report_invoice": inv_obj = request.registry['account.invoice'] lst_inv = [] lst_inv = docids.split(",") for ele_inv in lst_inv: inv_browse = inv_obj.browse(request.cr, request.uid, [int(ele_inv)]) if inv_browse[0].type == 'out_invoice' or inv_browse[0].type == 'in_invoice': if inv_browse[0].number: reportname = 'Invoice' + '(' + str(inv_browse[0].number or '') + ')' else: reportname = 'Invoice' else: if inv_browse[0].number: reportname = "Refund" + '(' + str(inv_browse[0].number or '') + ')' else: reportname = 'Refund' if reportname == "sale.report_saleorder": sale_obj = request.registry['sale.order'] lst = [] lst = docids.split(",") for ele in lst: sale_browse = sale_obj.browse(request.cr, request.uid, [int(ele)]) if sale_browse[0].state in ['draft', 'sent']: if sale_browse[0].name: reportname = "Quotation" + '(' + str(sale_browse[0].name) + ')' else: reportname = "Quotation" else : if sale_browse[0].name: reportname = "Order" + '(' + str(sale_browse[0].name) + ')' else: reportname = "Order" if reportname == "purchase.report_purchaseorder": purchase_obj = request.registry['purchase.order'] lst = [] lst = docids.split(",") for ele in lst: purchase_browse = purchase_obj.browse(request.cr, request.uid, [int(ele)]) if purchase_browse[0].state in ['draft', 'sent']: if purchase_browse[0].name: reportname = "Purchase Order" + '(' + str(purchase_browse[0].name) + ')' else: reportname = "Purchase Order" else : if purchase_browse[0].name: reportname = "Purchase Order" + '(' + str(purchase_browse[0].name) + ')' else: reportname = "Purchase Order" #################################################################################### response.headers.add('Content-Disposition', 'attachment; filename=%s.pdf;' % reportname) response.set_cookie('fileToken', token) return response elif type =='controller': reqheaders = Headers(request.httprequest.headers) response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True) response.set_cookie('fileToken', token) return response else: return except Exception, e: se = _serialize_exception(e) error = { 'code': 200, 'message': "Odoo Server Error", 'data': se } return request.make_response(html_escape(simplejson.dumps(error)))
def test_cookie_forging(): c = Client(cookie_app) c.set_cookie("localhost", "foo", "bar") appiter, code, headers = c.open() assert list(appiter) == [b"foo=bar"]
def report_download(self, data, token): """This function is used by 'qwebactionmanager.js' in order to trigger the download of a pdf/controller report. :param data: a javascript array JSON.stringified containg report internal url ([0]) and type [1] :returns: Response with a filetoken cookie and an attachment header """ requestcontent = simplejson.loads(data) url, type = requestcontent[0], requestcontent[1] try: if type == 'qweb-pdf': reportname = url.split('/report/pdf/')[1].split('?')[0] docids = None if '/' in reportname: reportname, docids = reportname.split('/') if docids: # Generic report: response = self.report_routes(reportname, docids=docids, converter='pdf') else: # Particular report: data = url_decode( url.split('?') [1]).items() # decoding the args represented in JSON response = self.report_routes(reportname, converter='pdf', **dict(data)) if reportname == 'jjuice_fedex.report_print_label': cr, context = request.cr, request.context info = request.registry('create.shipment.fedex').read( cr, SUPERUSER_ID, int(docids), ['to_person_name', 'tracking_number']) str_list = [] str_list.append(time.strftime("%Y-%m-%d")) str_list.append( info.get('to_person_name', 'unavailable') or 'unavailable') str_list.append( info.get('tracking_number', 'unavailable') or 'unavailable') label_name = '_'.join(str_list) response.headers.add( 'Content-Disposition', 'attachment; filename=%s.pdf;' % label_name) else: response.headers.add( 'Content-Disposition', 'attachment; filename=%s.pdf;' % reportname) response.set_cookie('fileToken', token) return response elif type == 'controller': reqheaders = Headers(request.httprequest.headers) response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True) response.set_cookie('fileToken', token) return response else: return except Exception, e: se = _serialize_exception(e) error = {'code': 200, 'message': "Odoo Server Error", 'data': se} return request.make_response(html_escape(simplejson.dumps(error)))
def report_download(self, data, token): """This function is used by 'qwebactionmanager.js' in order to trigger the download of a pdf/controller report. :param data: a javascript array JSON.stringified containg report internal url ([0]) and type [1] :returns: Response with a filetoken cookie and an attachment header """ requestcontent = simplejson.loads(data) url, type = requestcontent[0], requestcontent[1] try: if type == 'qweb-pdf': reportname = url.split('/report/pdf/')[1].split('?')[0] docids = None if '/' in reportname: reportname, docids = reportname.split('/') if docids: # Generic report: response = self.report_routes(reportname, docids=docids, converter='pdf') #switch reportname with the evaluated attachment attribute of the action if available docids = [int(i) for i in docids.split(',')] report_obj = request.registry['report'] cr, uid, context = request.cr, request.uid, request.context report = report_obj._get_report_from_name( cr, uid, reportname) report_ename = "%s_" % (report.name) obj = report_obj.pool[report.model].browse( cr, uid, docids[0]) if len(docids ) > 1: # if more than one reports for printing prefex = "(time.strftime('%d/%m/%Y')) + ('.pdf')" else: prefex_name = "" try: if obj.name: prefex_name = "(object.name)+'_'" except: pass prefex_state = "" try: if obj.state: prefex_state = "'_'+(object.state)+'_'" except: pass prefex = prefex_name + prefex_state + " + (time.strftime('%d/%m/%Y')) + ('.pdf')" #_logger.warning("prefex : %s", prefex ) try: reportname = eval(prefex, { 'object': obj, 'time': time }).split('.pdf')[0] except: pass reportname = report_ename reportname = report_ename + reportname # Remove all non-word characters (everything except numbers and letters) reportname = re.sub(r"[^\w\s]", '', reportname) # Replace all runs of whitespace with a single dash reportname = re.sub(r"\s+", '-', reportname) #_logger.warning("reportname-1 : %s", reportname ) else: # Particular report: data = url_decode( url.split('?') [1]).items() # decoding the args represented in JSON response = self.report_routes(reportname, converter='pdf', **dict(data)) #_logger.warning("reportname-2 : %s", reportname ) response.headers.add( 'Content-Disposition', 'attachment; filename=%s.pdf;' % reportname) response.set_cookie('fileToken', token) return response elif type == 'controller': reqheaders = Headers(request.httprequest.headers) response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True) response.set_cookie('fileToken', token) return response else: return except Exception, e: se = _serialize_exception(e) error = {'code': 200, 'message': "Odoo Server Error", 'data': se} return request.make_response(html_escape(simplejson.dumps(error)))
def report_download(self, data, token): """This function is used by 'qwebactionmanager.js' in order to trigger the download of a pdf/controller report. :param data: a javascript array JSON.stringified containg report internal url ([0]) and type [1] :returns: Response with a filetoken cookie and an attachment header """ requestcontent = json.loads(data) url, type = requestcontent[0], requestcontent[1] try: if type == 'qweb-pdf': reportname = url.split('/report/pdf/')[1].split('?')[0] docids = None if '/' in reportname: reportname, docids = reportname.split('/') if docids: # Generic report: response = self.report_routes(reportname, docids=docids, converter='pdf') else: # Particular report: data = url_decode(url.split('?')[1]).items() # decoding the args represented in JSON response = self.report_routes(reportname, converter='pdf', **dict(data)) report = request.env['report']._get_report_from_name(reportname) filename = "%s.%s" % (report.name, "pdf") #Sale Order if report.report_name == 'solum_sale.sol_quotation_report_template_id': so_pool = request.env['sale.order'] lst_so = [] lst_so = docids.split(",") for ele_inv in lst_so: so_obj = so_pool.browse([int(ele_inv)]) filename = so_obj.name +'-'+'Sol Luminaire' if report.report_name == 'solum_sale.idesign_quotation_report_template_id': so_pool = request.env['sale.order'] lst_so = [] lst_so = docids.split(",") for ele_inv in lst_so: so_obj = so_pool.browse([int(ele_inv)]) filename = so_obj.name +'-'+'iDesign' #Invoice if report.report_name == 'solum_invoice.sol_invoice_report_template_id': inv_pool = request.env['account.invoice'] lst_inv = [] lst_inv = docids.split(",") for ele_inv in lst_inv: inv_obj = inv_pool.browse([int(ele_inv)]) if inv_obj.number: filename = inv_obj.number +'-'+'Sol Luminaire Customer' else: filename = inv_obj.partner_id.name +'-'+'Sol Luminaire Customer' if report.report_name == 'solum_invoice.idesign_invoice_report_template_id': inv_pool = request.env['account.invoice'] lst_inv = [] lst_inv = docids.split(",") for ele_inv in lst_inv: inv_obj = inv_pool.browse([int(ele_inv)]) if inv_obj.number: filename = inv_obj.number +'-'+'iDesign' else: filename = inv_obj.partner_id.name +'-'+'iDesign' if report.report_name == 'solum_invoice.sol_commission_invoice_report_template_id': inv_pool = request.env['account.invoice'] lst_inv = [] lst_inv = docids.split(",") for ele_inv in lst_inv: inv_obj = inv_pool.browse([int(ele_inv)]) if inv_obj.number: filename = inv_obj.number +'-'+'Sol Luminaire Commission' else: filename = inv_obj.partner_id.name +'-'+'Sol Luminaire Commission' #Delivery Order if report.report_name == 'solum_delivery_order.sol_do_report_template_id': picking_pool = request.env['stock.picking'] lst_picking = [] lst_picking = docids.split(",") for ele_picking in lst_picking: picking_obj = picking_pool.browse([int(ele_picking)]) filename = picking_obj.name +'-'+'Sol Luminaire' if report.report_name == 'solum_delivery_order.idesign_do_report_template_id': picking_pool = request.env['stock.picking'] lst_picking = [] lst_picking = docids.split(",") for ele_picking in lst_picking: picking_obj = picking_pool.browse([int(ele_picking)]) filename = picking_obj.name +'-'+'iDesign' filename = "%s.%s" % (filename, "pdf") if docids: ids = [int(x) for x in docids.split(",")] obj = request.env[report.model].browse(ids) if report.print_report_name and not len(obj) > 1: filename = safe_eval(report.print_report_name, {'object': obj, 'time': time}) response.headers.add('Content-Disposition', content_disposition(filename)) response.set_cookie('fileToken', token) return response elif type == 'controller': reqheaders = Headers(request.httprequest.headers) response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True) response.set_cookie('fileToken', token) return response else: return except Exception, e: se = _serialize_exception(e) error = { 'code': 200, 'message': "Odoo Server Error", 'data': se } return request.make_response(html_escape(json.dumps(error)))
def report_download(self, data, token): """This function is used by 'qwebactionmanager.js' in order to trigger the download of a pdf/controller report. :param data: a javascript array JSON.stringified containg report internal url ([0]) and type [1] :returns: Response with a filetoken cookie and an attachment header """ requestcontent = json.loads(data) url, type = requestcontent[0], requestcontent[1] try: if type == "qweb-pdf": reportname = url.split("/report/pdf/")[1].split("?")[0] docids = None if "/" in reportname: reportname, docids = reportname.split("/") if docids: # Generic report: response = self.report_routes( reportname, docids=docids, converter="pdf" ) else: # Particular report: data = url_decode( url.split("?")[1] ).items() # decoding the args represented in JSON response = self.report_routes( reportname, converter="pdf", **dict(data) ) cr, uid = request.cr, request.uid report = request.registry["report"]._get_report_from_name( cr, uid, reportname ) filename = "%s.%s" % (report.name, "pdf") if docids: ids = [int(x) for x in docids.split(",")] obj = request.env[report.model].browse(ids) if report.attachment and not len(obj) > 1: filename = safe_eval( report.attachment, {"object": obj, "time": time} ) response.headers.add( "Content-Disposition", content_disposition(filename) ) response.set_cookie("fileToken", token) return response elif type == "controller": reqheaders = Headers(request.httprequest.headers) response = Client(request.httprequest.app, BaseResponse).get( url, headers=reqheaders, follow_redirects=True ) response.set_cookie("fileToken", token) return response else: return except Exception as e: se = _serialize_exception(e) error = {"code": 200, "message": "Odoo Server Error", "data": se} return request.make_response(html_escape(json.dumps(error)))
def report_download(self, data, token): """This function is used by 'qwebactionmanager.js' in order to trigger the download of a pdf/controller report. :param data: a javascript array JSON.stringified containg report internal url ([0]) and type [1] :returns: Response with a filetoken cookie and an attachment header """ requestcontent = json.loads(data) url, type = requestcontent[0], requestcontent[1] try: if type == 'qweb-pdf': reportname = url.split('/report/pdf/')[1].split('?')[0] docids = None if '/' in reportname: reportname, docids = reportname.split('/') if docids: # Generic report: response = self.report_routes(reportname, docids=docids, converter='pdf') else: # Particular report: data = url_decode( url.split('?') [1]).items() # decoding the args represented in JSON response = self.report_routes(reportname, converter='pdf', **dict(data)) report = request.env['report']._get_report_from_name( reportname) filename = "%s.%s" % (report.name, "pdf") if docids: ids = [int(x) for x in docids.split(",")] obj = request.env[report.model].browse(ids) if report.model == "sale.order": filename = "%s.%s" % (obj.name, "pdf") elif report.model == "account.invoice": filename = "%s.%s" % (obj.number, "pdf") else: if report.print_report_name and not len(obj) > 1: filename = safe_eval(report.print_report_name, { 'object': obj, 'time': time }) response.headers.add('Content-Disposition', content_disposition(filename)) response.set_cookie('fileToken', token) return response elif type == 'controller': reqheaders = Headers(request.httprequest.headers) response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True) response.set_cookie('fileToken', token) return response else: return except Exception, e: se = _serialize_exception(e) error = {'code': 200, 'message': "Odoo Server Error", 'data': se} return request.make_response(html_escape(json.dumps(error)))
def test_cookie_forging(self): c = Client(cookie_app) c.set_cookie('localhost', 'foo', 'bar') appiter, code, headers = c.open() self.assert_strict_equal(list(appiter), [b'foo=bar'])
def report_download(self, data, token): """This function is used by 'qwebactionmanager.js' in order to trigger the download of a pdf/controller report. :param data: a javascript array JSON.stringified containg report internal url ([0]) and type [1] :returns: Response with a filetoken cookie and an attachment header """ requestcontent = simplejson.loads(data) url, type = requestcontent[0], requestcontent[1] try: if type == 'qweb-pdf': reportname = url.split('/report/pdf/')[1].split('?')[0] docids = None if '/' in reportname: reportname, docids = reportname.split('/') if docids: # Generic report: response = self.report_routes(reportname, docids=docids, converter='pdf') #switch reportname with the evaluated attachment attribute of the action if available docids = [int(i) for i in docids.split(',')] report_obj = request.registry['report'] cr, uid, context = request.cr, request.uid, request.context report = report_obj._get_report_from_name(cr, uid, reportname) report_ename = "%s_" % (report.name) obj = report_obj.pool[report.model].browse(cr, uid, docids[0]) if len(docids) > 1: # if more than one reports for printing prefex = "(time.strftime('%d/%m/%Y')) + ('.pdf')" else: prefex_name = "" try: if obj.name: prefex_name = "(object.name)+'_'" except: pass prefex_state = "" try: if obj.state: prefex_state = "'_'+(object.state)+'_'" except: pass prefex = prefex_name + prefex_state + " + (time.strftime('%d/%m/%Y')) + ('.pdf')" #_logger.warning("prefex : %s", prefex ) try: reportname = eval(prefex, {'object': obj, 'time': time}).split('.pdf')[0] except: pass reportname = report_ename reportname = report_ename+reportname # Remove all non-word characters (everything except numbers and letters) reportname = re.sub(r"[^\w\s]", '', reportname) # Replace all runs of whitespace with a single dash reportname = re.sub(r"\s+", '-', reportname) #_logger.warning("reportname-1 : %s", reportname ) else: # Particular report: data = url_decode(url.split('?')[1]).items() # decoding the args represented in JSON response = self.report_routes(reportname, converter='pdf', **dict(data)) #_logger.warning("reportname-2 : %s", reportname ) response.headers.add('Content-Disposition', 'attachment; filename=%s.pdf;' % reportname) response.set_cookie('fileToken', token) return response elif type =='controller': reqheaders = Headers(request.httprequest.headers) response = Client(request.httprequest.app, BaseResponse).get(url, headers=reqheaders, follow_redirects=True) response.set_cookie('fileToken', token) return response else: return except Exception, e: se = _serialize_exception(e) error = { 'code': 200, 'message': "Odoo Server Error", 'data': se } return request.make_response(html_escape(simplejson.dumps(error)))