def pre_process_request(self, req, handler):
for path in self.paths:
if req.perm is None:
# at least in Trac 0.10.2 req.perm seems to be always None ...
raise TracError("To use the RestrictedAreaPlugin you need at least Trac 0.10.3.")
if (req.path_info == path or req.path_info.startswith(path + '/')) and not req.perm.has_permission(self.__action_name):
raise HTTPForbidden(to_unicode(PermissionError(self.__action_name)))
return handler
def process_request(self, req):
if req.environ.get('wsgi.multiprocess'):
raise TracError('Dozer middlewar is not usable in a multi-process environment')
path_info = req.path_info[17:]
if '/' in path_info:
path_info = path_info[:path_info.find('/')]
if not path_info:
path_info = 'index'
method = getattr(self, path_info, None)
if method is None:
raise HTTPNotFound('Nothing could be found to match %s' % path_info)
if not getattr(method, 'exposed', False):
raise HTTPForbidden('Access to %s is forbidden' % path_info)
add_stylesheet(req, 'dozer/main.css')
return method(req)
def dispatch(self, req):
"""Find a registered handler that matches the request and let
it process it.
In addition, this method initializes the data dictionary
passed to the the template and adds the web site chrome.
"""
self.log.debug('Dispatching %r', req)
chrome = Chrome(self.env)
# Setup request callbacks for lazily-evaluated properties
req.callbacks.update({
'authname': self.authenticate,
'chrome': chrome.prepare_request,
'perm': self._get_perm,
'session': self._get_session,
'locale': self._get_locale,
'lc_time': self._get_lc_time,
'tz': self._get_timezone,
'form_token': self._get_form_token,
'use_xsendfile': self._get_use_xsendfile,
'xsendfile_header': self._get_xsendfile_header,
})
try:
try:
# Select the component that should handle the request
chosen_handler = None
try:
for handler in self._request_handlers.values():
if handler.match_request(req):
chosen_handler = handler
break
if not chosen_handler and \
(not req.path_info or req.path_info == '/'):
chosen_handler = self._get_valid_default_handler(req)
# pre-process any incoming request, whether a handler
# was found or not
self.log.debug("Chosen handler is %s", chosen_handler)
chosen_handler = \
self._pre_process_request(req, chosen_handler)
except TracError as e:
raise HTTPInternalError(e)
if not chosen_handler:
if req.path_info.endswith('/'):
# Strip trailing / and redirect
target = unicode_quote(req.path_info.rstrip('/'))
if req.query_string:
target += '?' + req.query_string
req.redirect(req.href + target, permanent=True)
raise HTTPNotFound('No handler matched request to %s',
req.path_info)
req.callbacks['chrome'] = partial(chrome.prepare_request,
handler=chosen_handler)
# Protect against CSRF attacks: we validate the form token
# for all POST requests with a content-type corresponding
# to form submissions
if req.method == 'POST':
ctype = req.get_header('Content-Type')
if ctype:
ctype, options = cgi.parse_header(ctype)
if ctype in ('application/x-www-form-urlencoded',
'multipart/form-data') and \
req.args.get('__FORM_TOKEN') != req.form_token:
if self.env.secure_cookies and req.scheme == 'http':
msg = _('Secure cookies are enabled, you must '
'use https to submit forms.')
else:
msg = _('Do you have cookies enabled?')
raise HTTPBadRequest(
_('Missing or invalid form token.'
' %(msg)s',
msg=msg))
# Process the request and render the template
resp = chosen_handler.process_request(req)
if resp:
if len(resp) == 2: # old Clearsilver template and HDF data
self.log.error(
"Clearsilver template are no longer "
"supported (%s)", resp[0])
raise TracError(
_("Clearsilver templates are no longer supported, "
"please contact your Trac administrator."))
# Genshi
template, data, content_type, method = \
self._post_process_request(req, *resp)
if 'hdfdump' in req.args:
req.perm.require('TRAC_ADMIN')
# debugging helper - no need to render first
out = io.BytesIO()
pprint(data, out)
req.send(out.getvalue(), 'text/plain')
self.log.debug("Rendering response from handler")
output = chrome.render_template(
req,
template,
data,
content_type,
method=method,
iterable=chrome.use_chunked_encoding)
req.send(output, content_type or 'text/html')
else:
self.log.debug("Empty or no response from handler. "
"Entering post_process_request.")
self._post_process_request(req)
except RequestDone:
raise
except:
# post-process the request in case of errors
err = sys.exc_info()
try:
self._post_process_request(req)
except RequestDone:
raise
except Exception as e:
self.log.error(
"Exception caught while post-processing"
" request: %s", exception_to_unicode(e,
traceback=True))
raise err[0], err[1], err[2]
except PermissionError as e:
raise HTTPForbidden(e)
except ResourceNotFound as e:
raise HTTPNotFound(e)
except TracError as e:
raise HTTPInternalError(e)
def dispatch(self, req):
"""Find a registered handler that matches the request and let
it process it.
In addition, this method initializes the data dictionary
passed to the the template and adds the web site chrome.
"""
self.log.debug('Dispatching %r', req)
chrome = Chrome(self.env)
try:
# Select the component that should handle the request
chosen_handler = None
for handler in self._request_handlers.values():
if handler.match_request(req):
chosen_handler = handler
break
if not chosen_handler and req.path_info in ('', '/'):
chosen_handler = self._get_valid_default_handler(req)
# pre-process any incoming request, whether a handler
# was found or not
self.log.debug("Chosen handler is %s", chosen_handler)
chosen_handler = self._pre_process_request(req, chosen_handler)
if not chosen_handler:
if req.path_info.endswith('/'):
# Strip trailing / and redirect
target = unicode_quote(req.path_info.rstrip('/'))
if req.query_string:
target += '?' + req.query_string
req.redirect(req.href + target, permanent=True)
raise HTTPNotFound('No handler matched request to %s',
req.path_info)
req.callbacks['chrome'] = partial(chrome.prepare_request,
handler=chosen_handler)
# Protect against CSRF attacks: we validate the form token
# for all POST requests with a content-type corresponding
# to form submissions
if req.method == 'POST':
ctype = req.get_header('Content-Type')
if ctype:
ctype, options = cgi.parse_header(ctype)
if ctype in ('application/x-www-form-urlencoded',
'multipart/form-data') and \
req.args.get('__FORM_TOKEN') != req.form_token:
if self.env.secure_cookies and req.scheme == 'http':
msg = _('Secure cookies are enabled, you must '
'use https to submit forms.')
else:
msg = _('Do you have cookies enabled?')
raise HTTPBadRequest(_('Missing or invalid form token.'
' %(msg)s', msg=msg))
# Process the request and render the template
resp = chosen_handler.process_request(req)
if resp:
template, data, metadata = \
self._post_process_request(req, *resp)
if 'hdfdump' in req.args:
req.perm.require('TRAC_ADMIN')
# debugging helper - no need to render first
out = io.BytesIO()
pprint({'template': template,
'metadata': metadata,
'data': data}, out)
req.send(out.getvalue(), 'text/plain')
self.log.debug("Rendering response with template %s", template)
metadata.setdefault('iterable', chrome.use_chunked_encoding)
content_type = metadata.get('content_type')
output = chrome.render_template(req, template, data, metadata)
req.send(output, content_type or 'text/html')
else:
self.log.debug("Empty or no response from handler. "
"Entering post_process_request.")
self._post_process_request(req)
except RequestDone:
raise
except Exception as e:
# post-process the request in case of errors
err = sys.exc_info()
try:
self._post_process_request(req)
except RequestDone:
raise
except TracError as e2:
self.log.warning("Exception caught while post-processing"
" request: %s", exception_to_unicode(e2))
except Exception as e2:
if not (type(e) is type(e2) and e.args == e2.args):
self.log.error("Exception caught while post-processing"
" request: %s",
exception_to_unicode(e2, traceback=True))
if isinstance(e, PermissionError):
raise HTTPForbidden(e)
if isinstance(e, ResourceNotFound):
raise HTTPNotFound(e)
if isinstance(e, NotImplementedError):
tb = traceback.extract_tb(err[2])[-1]
self.log.warning("%s caught from %s:%d in %s: %s",
e.__class__.__name__, tb[0], tb[1], tb[2],
to_unicode(e) or "(no message)")
raise HTTPInternalServerError(TracNotImplementedError(e))
if isinstance(e, TracError):
raise HTTPInternalServerError(e)
raise err[0], err[1], err[2]
raise
except:
# post-process the request in case of errors
err = sys.exc_info()
try:
self._post_process_request(req)
except RequestDone:
raise
except Exception, e:
self.log.error(
"Exception caught while post-processing"
" request: %s", exception_to_unicode(e,
traceback=True))
raise err[0], err[1], err[2]
except PermissionError, e:
raise HTTPForbidden(e)
except ResourceNotFound, e:
raise HTTPNotFound(e)
except NotImplementedError, e:
tb = traceback.extract_tb(err[2])[-1]
self.log.warning("%s caught from %s:%d in %s: %s",
e.__class__.__name__, tb[0], tb[1], tb[2],
to_unicode(e) or "(no message)")
raise HTTPInternalError(TracNotImplementedError(e))
except TracError, e:
raise HTTPInternalError(e)
# Internal methods
def _get_perm(self, req):
if isinstance(req.session, FakeSession):