コード例 #1
0
ファイル: middlewares.py プロジェクト: jaydave/wazuh
async def response_postprocessing(request, handler):
    """Remove unwanted fields from error responses like 400 or 403.

    Additionally, it cleans the output given by connexion's exceptions. If no exception is raised during the
    'await handler(request) it means the output will be a 200 response and no fields needs to be removed."""
    def cleanup_detail_field(detail):
        return ' '.join(
            str(detail).replace("\n\n", ". ").replace("\n", "").split())

    def remove_unwanted_fields(fields_to_remove=['status', 'type']):
        for field in fields_to_remove:
            if field in problem.body:
                del problem.body[field]
        if 'detail' in problem.body and problem.body['detail'] == '':
            del problem.body['detail']
        if 'code' in problem.body:
            problem.body['error'] = problem.body.pop('code')

    problem = None

    try:
        return await handler(request)

    except ProblemException as ex:
        problem = connexion_problem(
            ex.__dict__['status'],
            ex.__dict__['title'] if 'title' in ex.__dict__
            and ex.__dict__['title'] else 'Bad Request',
            type=ex.__dict__['type']
            if 'type' in ex.__dict__ else 'about:blank',
            detail=cleanup_detail_field(ex.__dict__['detail'])
            if 'detail' in ex.__dict__ else '',
            ext=ex.__dict__['ext'] if 'ext' in ex.__dict__ else None)
    except HTTPException as ex:
        problem = connexion_problem(ex.status,
                                    ex.reason if ex.reason else '',
                                    type=ex.reason if ex.reason else '',
                                    detail=ex.text if ex.text else '')
    except (OAuthProblem, Unauthorized):
        if request.path == '/security/user/authenticate' and request.method in [
                'GET', 'POST'
        ]:
            await prevent_bruteforce_attack(
                request=request,
                attempts=api_conf['access']['max_login_attempts'])
            problem = connexion_problem(401,
                                        "Unauthorized",
                                        type="about:blank",
                                        detail="Invalid credentials")
        else:
            problem = connexion_problem(
                401,
                "Unauthorized",
                type="about:blank",
                detail="No authorization token provided")
    finally:
        problem and remove_unwanted_fields()

    return problem
コード例 #2
0
async def response_postprocessing(request, handler):
    """Remove unwanted fields from error responses like 400 or 403.

    Additionally, it cleans the output given by connexion's exceptions. If no exception is raised during the
    'await handler(request) it means the output will be a 200 response and no fields needs to be removed."""
    def cleanup_detail_field(detail):
        return ' '.join(
            str(detail).replace("\n\n", ". ").replace("\n", "").split())

    def remove_unwanted_fields(fields_to_remove=['status', 'type']):
        for field in fields_to_remove:
            if field in problem.body:
                del problem.body[field]
        if 'detail' in problem.body and problem.body['detail'] == '':
            del problem.body['detail']

    problem = None

    try:
        return await handler(request)
    except ProblemException as ex:
        problem = connexion_problem(
            ex.__dict__['status'],
            ex.__dict__['title'] if 'title' in ex.__dict__
            and ex.__dict__['title'] else 'Bad Request',
            type=ex.__dict__['type']
            if 'type' in ex.__dict__ else 'about:blank',
            detail=cleanup_detail_field(ex.__dict__['detail'])
            if 'detail' in ex.__dict__ else '',
            ext=ex.__dict__['ext'] if 'ext' in ex.__dict__ else None)
    except OAuthProblem:
        problem = connexion_problem(401,
                                    "Unauthorized",
                                    type="about:blank",
                                    detail="No authorization token provided")
    finally:
        if problem:
            remove_unwanted_fields()
            return problem