Python protect 예제들

예제 #1

파일: security.py 프로젝트: espenmn/castle.cms

def afterTraversal(event):
    """
    check it should be blocked by lockout
    """
    request = event.request
    if not ICastleLayer.providedBy(request):
        return

    shield.protect(request)

    resp = request.response

    context = get_context_from_request(request)
    cache_tags = set([
        getattr(context, 'portal_type', '').lower().replace(' ', '-'),
        getattr(context, 'meta_type', '').lower().replace(' ', '-'),
        IUUID(context, ''),
        urlparse(request.URL).netloc.lower().replace('.', '').replace(':', '')
    ])

    resp.setHeader('Cache-Tag', ','.join(t for t in cache_tags if t))

    # Prevent IE and Chrome from incorrectly detecting non-scripts as scripts
    resp.setHeader('X-Content-Type-Options', 'nosniff')
    # prevent some XSS from browser
    resp.setHeader('X-XSS-Protection', '1; mode=block')

예제 #2

파일: test_shield.py 프로젝트: tkimnguyen/castle.cms

 def test_not_raises_redirect_exception_when_shield_active_and_logged_in(
         self):
     login(self.portal, TEST_USER_NAME)
     registry = queryUtility(IRegistry)
     registry['plone.login_shield_setting'] = SHIELD.ALL
     self.request.PARENTS = [self.portal]
     shield.protect(self.request)

예제 #3

    def __call__(self):
        shield.protect(self.request, recheck=True)
        self.notfound = self.context
        self.context = api.portal.get()
        if '++' in self.request.URL:
            self.request.response.setStatus(404)
            try:
                return self.index()
            except Exception:
                logger.warn(
                    "Failed to render 404 template, had to return simple response"
                )
                return "not found"

        archive_storage = archival.Storage(self.context)
        site_url = self.context.absolute_url()
        path = self.request.ACTUAL_URL[len(site_url):].rstrip('/')

        wants_view = False
        if path.endswith('/view'):
            wants_view = True
            path = path.rsplit('/view', 1)[0]

        new_url = None
        if path.startswith('/resolveuid'):
            uid = path.replace('/resolveuid/', '')
            try:
                new_url = archive_storage.get_archive_url_by_uid(uid)
            except Exception:
                pass
        else:
            try:
                new_url = archive_storage.get_archive_url_by_path(
                    path, wants_view)
            except Exception:
                pass
        if new_url:
            # XXX need to force redirect this way since normal redirect
            # gets overridden with 404
            if self.request.environ.get('QUERY_STRING'):
                new_url += '?' + self.request.environ['QUERY_STRING']
            raise Redirect(aws.swap_url(new_url))

        self.attempt_redirect()

        self.request.response.setStatus(404)
        return self.index()

예제 #4

    def __call__(self):
        shield.protect(self.request)

        self.notfound = self.context
        self.context = api.portal.get()
        archive_storage = archival.Storage(self.context)
        site_url = self.context.absolute_url()
        path = self.request.ACTUAL_URL[len(site_url):].rstrip('/')

        wants_view = False
        if path.endswith('/view'):
            wants_view = True
            path = path.rsplit('/view', 1)[0]

        new_url = None
        if path.startswith('/resolveuid'):
            uid = path.replace('/resolveuid/', '')
            try:
                new_url = archive_storage.get_archive_url_by_uid(uid)
            except:
                pass
        else:
            try:
                new_url = archive_storage.get_archive_url_by_path(path, wants_view)
            except:
                pass
        if new_url:
            # XXX need to force redirect this way since normal redirect
            # gets overridden with 404
            if self.request.environ.get('QUERY_STRING'):
                new_url += '?' + self.request.environ['QUERY_STRING']
            raise Redirect(aws.swap_url(new_url))

        # seems this overrides plone.app.redirector handler
        redirector = queryMultiAdapter((self.context, self.request),
                                       name=u'plone_redirector_view')
        if redirector:
            redirector.attempt_redirect()

        return self.index()

예제 #5

파일: security.py 프로젝트: sm2x/castle.cms

def afterTraversal(event):
    """
    check if it should be blocked by lockout
    """
    request = event.request
    if not ICastleLayer.providedBy(request):
        return

    robot_view = shield.protect(request)

    resp = request.response

    if robot_view:
        resp.setBody(robot_view, lock=True)
        resp.setHeader('X-Robots-Tag', 'noindex')

    context = get_context_from_request(request)

    if api.user.is_anonymous():
        if hasattr(context, 'UID'):
            if not api.portal.get_registry_record(
                    'plone.allow_public_in_private_container', default=False):
                try:
                    brain = api.portal.get_tool('portal_catalog')(
                        UID=context.UID())[0]
                    if getattr(brain, 'has_private_parents', False):
                        raise NotFound
                except IndexError:
                    pass  # brain 0 was not found by its UID

    cache_tags = set([
        getattr(context, 'portal_type', '').lower().replace(' ', '-'),
        getattr(context, 'meta_type', '').lower().replace(' ', '-'),
        IUUID(context, ''),
        urlparse(request.URL).netloc.lower().replace('.', '').replace(':', '')
    ])

    resp.setHeader('Cache-Tag', ','.join(t for t in cache_tags if t))

    # Prevent IE and Chrome from incorrectly detecting non-scripts as scripts
    resp.setHeader('X-Content-Type-Options', 'nosniff')
    # prevent some XSS from browser
    resp.setHeader('X-XSS-Protection', '1; mode=block')

예제 #6

파일: test_shield.py 프로젝트: tkimnguyen/castle.cms

 def test_not_raises_redirect_exception_when_shield_not_active(self):
     logout()
     registry = queryUtility(IRegistry)
     registry['plone.login_shield_setting'] = SHIELD.NONE
     self.request.PARENTS = [self.portal]
     shield.protect(self.request)