def sendStatusResponse(environ, start_response, e):
"""Start a WSGI response for a DAVError or status code."""
status = getHttpStatusString(e)
headers = []
# if 'keep-alive' in environ.get('HTTP_CONNECTION', '').lower():
# headers += [
# ('Connection', 'keep-alive'),
# ]
if e in (HTTP_NOT_MODIFIED, HTTP_NO_CONTENT):
# See paste.lint: these code don't have content
start_response(status, [("Content-Length", "0"),
("Date", getRfc1123Time()),
] + headers)
return [ "" ]
if e in (HTTP_OK, HTTP_CREATED):
e = DAVError(e)
assert isinstance(e, DAVError)
content_type, body = e.getResponsePage()
start_response(status, [("Content-Type", content_type),
("Date", getRfc1123Time()),
("Content-Length", str(len(body))),
] + headers)
assert type(body) is str # If not, Content-Length is wrong!
return [ body ]
def fail(value, context_info=None, src_exception=None, err_condition=None):
"""Wrapper to raise (and log) DAVError."""
if isinstance(value, Exception):
e = as_DAVError(value)
else:
e = DAVError(value, context_info, src_exception, err_condition)
_logger.debug("Raising DAVError {}".format(e.get_user_info()))
raise e
def _fail(self, value, context_info=None, src_exception=None, err_condition=None):
"""Wrapper to raise (and log) DAVError."""
e = DAVError(value, context_info, src_exception, err_condition)
if self.verbose >= 4:
_logger.warning(
"Raising DAVError {}".format(
safe_re_encode(e.get_user_info(), sys.stdout.encoding)
)
)
raise e
def send_status_response(environ, start_response, e, add_headers=None, is_head=False):
"""Start a WSGI response for a DAVError or status code."""
status = get_http_status_string(e)
headers = []
if add_headers:
headers.extend(add_headers)
# if 'keep-alive' in environ.get('HTTP_CONNECTION', '').lower():
# headers += [
# ('Connection', 'keep-alive'),
# ]
if e in (HTTP_NOT_MODIFIED, HTTP_NO_CONTENT):
# See paste.lint: these code don't have content
start_response(
status, [("Content-Length", "0"), ("Date", get_rfc1123_time())] + headers
)
return [b""]
if e in (HTTP_OK, HTTP_CREATED):
e = DAVError(e)
assert isinstance(e, DAVError)
content_type, body = e.get_response_page()
if is_head:
body = compat.b_empty
assert compat.is_bytes(body), body # If not, Content-Length is wrong!
start_response(
status,
[
("Content-Type", content_type),
("Date", get_rfc1123_time()),
("Content-Length", str(len(body))),
]
+ headers,
)
return [body]
def _fail(self, value, contextinfo=None, srcexception=None, errcondition=None):
"""Wrapper to raise (and log) DAVError."""
e = DAVError(value, contextinfo, srcexception, errcondition)
if self._verbose >= 2:
print >>sys.stdout, "Raising DAVError %s" % e.getUserInfo()
raise e
def delete(self):
raise DAVError(HTTP_FORBIDDEN)
def copyMoveSingle(self, destpath, ismove):
raise DAVError(HTTP_FORBIDDEN)
def set_property_value(self, name, value, dry_run=False):
"""Set or remove property value.
See DAVResource.set_property_value()
"""
raise DAVError(HTTP_FORBIDDEN)
def beginWrite(self, contentType=None):
raise DAVError(HTTP_FORBIDDEN)
def _check_write_access(self):
"""Raise HTTP_FORBIDDEN, if resource is unwritable."""
if self.rev is not None:
# Only working directory may be edited
raise DAVError(HTTP_FORBIDDEN)
def parse_xml_body(environ, allow_empty=False):
"""Read request body XML into an etree.Element.
Return None, if no request body was sent.
Raise HTTP_BAD_REQUEST, if something else went wrong.
TODO: this is a very relaxed interpretation: should we raise HTTP_BAD_REQUEST
instead, if CONTENT_LENGTH is missing, invalid, or 0?
RFC: For compatibility with HTTP/1.0 applications, HTTP/1.1 requests containing
a message-body MUST include a valid Content-Length header field unless the
server is known to be HTTP/1.1 compliant.
If a request contains a message-body and a Content-Length is not given, the
server SHOULD respond with 400 (bad request) if it cannot determine the
length of the message, or with 411 (length required) if it wishes to insist
on receiving a valid Content-Length."
So I'd say, we should accept a missing CONTENT_LENGTH, and try to read the
content anyway.
But WSGI doesn't guarantee to support input.read() without length(?).
At least it locked, when I tried it with a request that had a missing
content-type and no body.
Current approach: if CONTENT_LENGTH is
- valid and >0:
read body (exactly <CONTENT_LENGTH> bytes) and parse the result.
- 0:
Assume empty body and return None or raise exception.
- invalid (negative or not a number:
raise HTTP_BAD_REQUEST
- missing:
NOT: Try to read body until end and parse the result.
BUT: assume '0'
- empty string:
WSGI allows it to be empty or absent: treated like 'missing'.
"""
#
clHeader = environ.get("CONTENT_LENGTH", "").strip()
# content_length = -1 # read all of stream
if clHeader == "":
# No Content-Length given: read to end of stream
# TODO: etree.parse() locks, if input is invalid?
# pfroot = etree.parse(environ["wsgi.input"]).getroot()
# requestbody = environ["wsgi.input"].read() # TODO: read() should be
# called in a loop?
requestbody = ""
else:
try:
content_length = int(clHeader)
if content_length < 0:
raise DAVError(HTTP_BAD_REQUEST, "Negative content-length.")
except ValueError:
raise DAVError(HTTP_BAD_REQUEST, "content-length is not numeric.")
if content_length == 0:
requestbody = ""
else:
requestbody = environ["wsgi.input"].read(content_length)
environ["wsgidav.all_input_read"] = 1
if requestbody == "":
if allow_empty:
return None
else:
raise DAVError(HTTP_BAD_REQUEST, "Body must not be empty.")
try:
rootEL = etree.fromstring(requestbody)
except Exception as e:
raise DAVError(HTTP_BAD_REQUEST,
"Invalid XML format.",
src_exception=e)
# If dumps of the body are desired, then this is the place to do it pretty:
if environ.get("wsgidav.dump_request_body"):
_logger.info("{} XML request body:\n{}".format(
environ["REQUEST_METHOD"],
compat.to_native(xml_to_bytes(rootEL, pretty_print=True)),
))
environ["wsgidav.dump_request_body"] = False
return rootEL
def evaluate_http_conditionals(dav_res, last_modified, entitytag, environ):
"""Handle 'If-...:' headers (but not 'If:' header).
If-Match
@see: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.24
Only perform the action if the client supplied entity matches the
same entity on the server. This is mainly for methods like
PUT to only update a resource if it has not been modified since the
user last updated it.
If-Match: "737060cd8c284d8af7ad3082f209582d"
If-Modified-Since
@see: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.25
Allows a 304 Not Modified to be returned if content is unchanged
If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT
If-None-Match
@see: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.26
Allows a 304 Not Modified to be returned if content is unchanged,
see HTTP ETag
If-None-Match: "737060cd8c284d8af7ad3082f209582d"
If-Unmodified-Since
@see: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.28
Only send the response if the entity has not been modified since a
specific time.
"""
if not dav_res:
return
# Conditions
# An HTTP/1.1 origin server, upon receiving a conditional request that includes both a
# Last-Modified date (e.g., in an If-Modified-Since or If-Unmodified-Since header field) and
# one or more entity tags (e.g., in an If-Match, If-None-Match, or If-Range header field) as
# cache validators, MUST NOT return a response status of 304 (Not Modified) unless doing so
# is consistent with all of the conditional header fields in the request.
if "HTTP_IF_MATCH" in environ and dav_res.support_etag():
ifmatchlist = environ["HTTP_IF_MATCH"].split(",")
for ifmatchtag in ifmatchlist:
ifmatchtag = ifmatchtag.strip(' "\t')
if ifmatchtag == entitytag or ifmatchtag == "*":
break
raise DAVError(HTTP_PRECONDITION_FAILED,
"If-Match header condition failed")
# TODO: after the refactoring
ifModifiedSinceFailed = False
if "HTTP_IF_MODIFIED_SINCE" in environ and dav_res.support_modified():
ifmodtime = parse_time_string(environ["HTTP_IF_MODIFIED_SINCE"])
if ifmodtime and ifmodtime > last_modified:
ifModifiedSinceFailed = True
# If-None-Match
# If none of the entity tags match, then the server MAY perform the requested method as if the
# If-None-Match header field did not exist, but MUST also ignore any If-Modified-Since header
# field (s) in the request. That is, if no entity tags match, then the server MUST NOT return
# a 304 (Not Modified) response.
ignoreIfModifiedSince = False
if "HTTP_IF_NONE_MATCH" in environ and dav_res.support_etag():
ifmatchlist = environ["HTTP_IF_NONE_MATCH"].split(",")
for ifmatchtag in ifmatchlist:
ifmatchtag = ifmatchtag.strip(' "\t')
if ifmatchtag == entitytag or ifmatchtag == "*":
# ETag matched. If it's a GET request and we don't have an
# conflicting If-Modified header, we return NOT_MODIFIED
if (environ["REQUEST_METHOD"] in ("GET", "HEAD")
and not ifModifiedSinceFailed):
raise DAVError(HTTP_NOT_MODIFIED,
"If-None-Match header failed")
raise DAVError(HTTP_PRECONDITION_FAILED,
"If-None-Match header condition failed")
ignoreIfModifiedSince = True
if "HTTP_IF_UNMODIFIED_SINCE" in environ and dav_res.support_modified():
ifunmodtime = parse_time_string(environ["HTTP_IF_UNMODIFIED_SINCE"])
if ifunmodtime and ifunmodtime < last_modified:
raise DAVError(HTTP_PRECONDITION_FAILED,
"If-Unmodified-Since header condition failed")
if ifModifiedSinceFailed and not ignoreIfModifiedSince:
raise DAVError(HTTP_NOT_MODIFIED,
"If-Modified-Since header condition failed")
return
def check_write_permission(self, url, depth, token_list, principal):
"""Check, if <principal> can modify <url>, otherwise raise HTTP_LOCKED.
If modifying <url> is prevented by a lock, DAVError(HTTP_LOCKED) is
raised. An embedded DAVErrorCondition contains the conflicting locks.
<url> may be modified by <principal>, if it is not currently locked
directly or indirectly (i.e. by a locked parent).
For depth-infinity operations, <url> also must not have locked children.
It is not enough to check whether a lock is owned by <principal>, but
also the token must be passed with the request. Because <principal> may
run two different applications.
See http://www.webdav.org/specs/rfc4918.html#lock-model
http://www.webdav.org/specs/rfc4918.html#rfc.section.7.4
TODO: verify assumptions:
- Parent locks WILL NOT be conflicting, if they are depth-0.
- Exclusive child locks WILL be conflicting, even if they are owned by <principal>.
@param url: URL that shall be modified, created, moved, or deleted
@param depth: "0"|"infinity"
@param token_list: list of lock tokens, that the principal submitted in If: header
@param principal: name of the principal requesting a lock
@return: None or raise error
"""
assert compat.is_native(url)
assert depth in ("0", "infinity")
_logger.debug("check_write_permission({}, {}, {}, {})".format(
url, depth, token_list, principal))
# Error precondition to collect conflicting URLs
errcond = DAVErrorCondition(PRECONDITION_CODE_LockConflict)
self._lock.acquire_read()
try:
# Check url and all parents for conflicting locks
u = url
while u:
ll = self.get_url_lock_list(u)
_logger.debug(" checking {}".format(u))
for l in ll:
_logger.debug(" l={}".format(lock_string(l)))
if u != url and l["depth"] != "infinity":
# We only consider parents with Depth: inifinity
continue
elif principal == l["principal"] and l[
"token"] in token_list:
# User owns this lock
continue
else:
# Token is owned by principal, but not passed with lock list
_logger.debug(
" -> DENIED due to locked parent {}".format(
lock_string(l)))
errcond.add_href(l["root"])
u = util.get_uri_parent(u)
if depth == "infinity":
# Check child URLs for conflicting locks
childLocks = self.storage.get_lock_list(url,
include_root=False,
include_children=True,
token_only=False)
for l in childLocks:
assert util.is_child_uri(url, l["root"])
# if util.is_child_uri(url, l["root"]):
_logger.debug(" -> DENIED due to locked child {}".format(
lock_string(l)))
errcond.add_href(l["root"])
finally:
self._lock.release()
# If there were conflicts, raise HTTP_LOCKED for <url>, and pass
# conflicting resource with 'no-conflicting-lock' precondition
if len(errcond.hrefs) > 0:
raise DAVError(HTTP_LOCKED, err_condition=errcond)
return
def _check_lock_permission(self, url, lock_type, lock_scope, lock_depth,
token_list, principal):
"""Check, if <principal> can lock <url>, otherwise raise an error.
If locking <url> would create a conflict, DAVError(HTTP_LOCKED) is
raised. An embedded DAVErrorCondition contains the conflicting resource.
@see http://www.webdav.org/specs/rfc4918.html#lock-model
- Parent locks WILL NOT be conflicting, if they are depth-0.
- Exclusive depth-infinity parent locks WILL be conflicting, even if
they are owned by <principal>.
- Child locks WILL NOT be conflicting, if we request a depth-0 lock.
- Exclusive child locks WILL be conflicting, even if they are owned by
<principal>. (7.7)
- It is not enough to check whether a lock is owned by <principal>, but
also the token must be passed with the request. (Because <principal>
may run two different applications on his client.)
- <principal> cannot lock-exclusive, if he holds a parent shared-lock.
(This would only make sense, if he was the only shared-lock holder.)
- TODO: litmus tries to acquire a shared lock on one resource twice
(locks: 27 'double_sharedlock') and fails, when we return HTTP_LOCKED.
So we allow multi shared locks on a resource even for the same
principal.
@param url: URL that shall be locked
@param lock_type: "write"
@param lock_scope: "shared"|"exclusive"
@param lock_depth: "0"|"infinity"
@param token_list: list of lock tokens, that the user submitted in If: header
@param principal: name of the principal requesting a lock
@return: None (or raise)
"""
assert lock_type == "write"
assert lock_scope in ("shared", "exclusive")
assert lock_depth in ("0", "infinity")
_logger.debug("checkLockPermission({}, {}, {}, {})".format(
url, lock_scope, lock_depth, principal))
# Error precondition to collect conflicting URLs
errcond = DAVErrorCondition(PRECONDITION_CODE_LockConflict)
self._lock.acquire_read()
try:
# Check url and all parents for conflicting locks
u = url
while u:
ll = self.get_url_lock_list(u)
for l in ll:
_logger.debug(" check parent {}, {}".format(
u, lock_string(l)))
if u != url and l["depth"] != "infinity":
# We only consider parents with Depth: infinity
continue
elif l["scope"] == "shared" and lock_scope == "shared":
# Only compatible with shared locks (even by same
# principal)
continue
# Lock conflict
_logger.debug(" -> DENIED due to locked parent {}".format(
lock_string(l)))
errcond.add_href(l["root"])
u = util.get_uri_parent(u)
if lock_depth == "infinity":
# Check child URLs for conflicting locks
childLocks = self.storage.get_lock_list(url,
include_root=False,
include_children=True,
token_only=False)
for l in childLocks:
assert util.is_child_uri(url, l["root"])
# if util.is_child_uri(url, l["root"]):
_logger.debug(" -> DENIED due to locked child {}".format(
lock_string(l)))
errcond.add_href(l["root"])
finally:
self._lock.release()
# If there were conflicts, raise HTTP_LOCKED for <url>, and pass
# conflicting resource with 'no-conflicting-lock' precondition
if len(errcond.hrefs) > 0:
raise DAVError(HTTP_LOCKED, err_condition=errcond)
return
