def __call__(self, request, result, encoding): # Don't transform SOAP requests if ISOAPRequest.providedBy(request): return None return super(SoapAwareTransformer, self).__call__(request, result, encoding)
def unauthorized(self): req = self.REQUEST resp = req['RESPONSE'] # If we set the auth cookie before, delete it now. if resp.cookies.has_key(self.cookie_name): del resp.cookies[self.cookie_name] # Redirect if desired. url = self.getLoginURL() # XXX begin monkeypatch if ISOAPRequest.providedBy(req): #no need to redirect if it's a soap request return 0 # XXX end monkeypatch if url is not None: came_from = req.get('came_from', None) if came_from is None: came_from = req.get('ACTUAL_URL', '') query = req.get('QUERY_STRING') if query: if not query.startswith('?'): query = '?' + query came_from = came_from + query else: # If came_from contains a value it means the user # must be coming through here a second time # Reasons could be typos when providing credentials # or a redirect loop (see below) req_url = req.get('ACTUAL_URL', '') if req_url and req_url == url: # Oops... The login_form cannot be reached by the user - # it might be protected itself due to misconfiguration - # the only sane thing to do is to give up because we are # in an endless redirect loop. return 0 if '?' in url: sep = '&' else: sep = '?' url = '%s%scame_from=%s' % (url, sep, quote(came_from)) resp.redirect(url, lock=1) resp.setHeader('Expires', 'Sat, 01 Jan 2000 00:00:00 GMT') resp.setHeader('Cache-Control', 'no-cache') return 1 # Could not challenge. return 0
def unauthorized(self): req = self.REQUEST resp = req['RESPONSE'] # If we set the auth cookie before, delete it now. if self.cookie_name in resp.cookies: del resp.cookies[self.cookie_name] # Redirect if desired. url = self.getLoginURL() if ISOAPRequest.providedBy(req): #no need to redirect if it's a soap request return 0 if url is not None: came_from = req.get('came_from', None) if came_from is None: came_from = req.get('URL', '') query = req.get('QUERY_STRING') if query: if not query.startswith('?'): query = '?' + query came_from = came_from + query else: # If came_from contains a value it means the user # must be coming through here a second time # Reasons could be typos when providing credentials # or a redirect loop (see below) req_url = req.get('URL', '') if req_url and req_url == url: # Oops... The login_form cannot be reached by the user - # it might be protected itself due to misconfiguration - # the only sane thing to do is to give up because we are # in an endless redirect loop. return 0 url = url + '?came_from=%s' % quote(came_from) resp.redirect(url, lock=1) return 1 # Could not challenge. return 0
def publish(request, module_name, after_list, debug=0, call_object=call_object, missing_name=missing_name, dont_publish_class=dont_publish_class, mapply=mapply, ): (bobo_before, bobo_after, object, realm, debug_mode, err_hook, validated_hook, transactions_manager)= get_module_info(module_name) parents=None response=None try: # TODO pass request here once BaseRequest implements IParticipation newInteraction() request.processInputs() request_get=request.get response=request.response # First check for "cancel" redirect: if request_get('SUBMIT', '').strip().lower()=='cancel': cancel=request_get('CANCEL_ACTION', '') if cancel: raise Redirect(cancel) after_list[0]=bobo_after if debug_mode: response.debug_mode=debug_mode if realm and not request.get('REMOTE_USER', None): response.realm=realm if bobo_before is not None: bobo_before() # Get the path list. # According to RFC1738 a trailing space in the path is valid. path=request_get('PATH_INFO') request['PARENTS']=parents=[object] if transactions_manager: transactions_manager.begin() object=request.traverse(path, validated_hook=validated_hook) if transactions_manager: transactions_manager.recordMetaData(object, request) result=mapply(object, request.args, request, call_object, 1, missing_name, dont_publish_class, request, bind=1) if result is not response: response.setBody(result) if transactions_manager: transactions_manager.commit() endInteraction() return response except: # DM: provide nicer error message for FTP sm = None if response is not None: sm = getattr(response, "setMessage", None) if sm is not None: from asyncore import compact_traceback cl, val= sys.exc_info()[:2] sm('%s: %s %s' % ( getattr(cl, '__name__', cl), val, debug_mode and compact_traceback()[-1] or '')) if ISOAPRequest.providedBy(request): if transactions_manager: transactions_manager.abort() endInteraction() if response is None: response = SOAPResponse(request.response) response.exception() return response if err_hook is not None: if parents: parents=parents[0] try: try: return err_hook(parents, request, sys.exc_info()[0], sys.exc_info()[1], sys.exc_info()[2], ) except Retry: if not request.supports_retry(): return err_hook(parents, request, sys.exc_info()[0], sys.exc_info()[1], sys.exc_info()[2], ) finally: if transactions_manager: transactions_manager.abort() endInteraction() # Only reachable if Retry is raised and request supports retry. newrequest=request.retry() request.close() # Free resources held by the request. # Set the default layer/skin on the newly generated request setDefaultSkin(newrequest) try: return publish(newrequest, module_name, after_list, debug) finally: newrequest.close() else: if transactions_manager: transactions_manager.abort() endInteraction() raise
def publish(request, module_name, after_list, debug=0, # Optimize: call_object=call_object, missing_name=missing_name, dont_publish_class=dont_publish_class, mapply=mapply, ): (bobo_before, bobo_after, object, realm, debug_mode, err_hook, validated_hook, transactions_manager)= get_module_info(module_name) parents=None response=None try: notify(PubStart(request)) # TODO pass request here once BaseRequest implements IParticipation newInteraction() request.processInputs() request_get=request.get response=request.response # First check for "cancel" redirect: if request_get('SUBMIT','').strip().lower()=='cancel': cancel=request_get('CANCEL_ACTION','') if cancel: raise Redirect, cancel after_list[0]=bobo_after if debug_mode: response.debug_mode=debug_mode if realm and not request.get('REMOTE_USER',None): response.realm=realm if bobo_before is not None: bobo_before() # Get the path list. # According to RFC1738 a trailing space in the path is valid. path=request_get('PATH_INFO') request['PARENTS']=parents=[object] if transactions_manager: transactions_manager.begin() object=request.traverse(path, validated_hook=validated_hook) notify(PubAfterTraversal(request)) if transactions_manager: transactions_manager.recordMetaData(object, request) result=mapply(object, request.args, request, call_object,1, missing_name, dont_publish_class, request, bind=1) if result is not response: response.setBody(result) notify(PubBeforeCommit(request)) if transactions_manager: transactions_manager.commit() endInteraction() notify(PubSuccess(request)) return response except: # save in order to give 'PubFailure' the original exception info exc_info = sys.exc_info() # DM: provide nicer error message for FTP sm = None if response is not None: sm = getattr(response, "setMessage", None) if sm is not None: from asyncore import compact_traceback cl,val= sys.exc_info()[:2] sm('%s: %s %s' % ( getattr(cl,'__name__',cl), val, debug_mode and compact_traceback()[-1] or '')) # debug is just used by tests (has nothing to do with debug_mode!) # XXX begin monkeypatch if ISOAPRequest.providedBy(request): if transactions_manager: transactions_manager.abort() endInteraction() if response is None: response = SOAPResponse(request.response) if isinstance(exc_info[1], Unauthorized): response._unauthorized() else: response.exception() return response # XXX end monkeypatch if not debug and err_hook is not None: retry = False if parents: parents=parents[0] try: try: return err_hook(parents, request, sys.exc_info()[0], sys.exc_info()[1], sys.exc_info()[2], ) except Retry: if not request.supports_retry(): return err_hook(parents, request, sys.exc_info()[0], sys.exc_info()[1], sys.exc_info()[2], ) retry = True finally: # Note: 'abort's can fail. Nevertheless, we want end request handling try: try: notify(PubBeforeAbort(request, exc_info, retry)) finally: if transactions_manager: transactions_manager.abort() finally: endInteraction() notify(PubFailure(request, exc_info, retry)) # Only reachable if Retry is raised and request supports retry. newrequest=request.retry() request.close() # Free resources held by the request. # Set the default layer/skin on the newly generated request if ISkinnable.providedBy(newrequest): setDefaultSkin(newrequest) try: return publish(newrequest, module_name, after_list, debug) finally: newrequest.close() else: # Note: 'abort's can fail. Nevertheless, we want end request handling try: try: notify(PubBeforeAbort(request, exc_info, False)) finally: if transactions_manager: transactions_manager.abort() finally: endInteraction() notify(PubFailure(request, exc_info, False)) raise