def create_issue(): """Create a new issue. GET will return an HTML response for reporting issues. POST will create a new issue. Any deceptive requests will be ended as a 400. See https://tools.ietf.org/html/rfc7231#section-6.5.1 """ # changing this from index to /issues/new to retire it, # and sending a 403 if anyone discovers this route abort(403) # Get the User-Agent user_agent = request.headers.get('User-Agent') # GET Requests if request.method == 'GET': bug_form = get_form(user_agent, request) # Note: `src` and `label` are special GET params that can pass # in extra information about a bug report. They're not part of the # HTML <form>, so we stick them in the session cookie so they survive # the scenario where the user decides to do authentication, and they # can then be passed on to form.py return render_template('new-issue.html', form=bug_form) # POST Requests if request.form: # Copy the form to add the full UA string. form = request.form.copy() if not is_valid_issue_form(form): abort(400) else: abort(400) # Feeding the form with request data form['ua_header'] = user_agent # form submission is anonymous! if form.get('submit_type') == PROXY_REPORT: response = report_issue(form, proxy=True) print('response: ', response.status_code) return redirect(url_for('thanks')) else: # if anything wrong, we assume it is a bad forged request abort(400)
def create_issue(): """Create a new issue or prefill a form for submission. * HTTP GET with (optional) parameters * create a form with prefilled data. * parameters: * url: URL of the Web site * src: source of the request (web, addon, etc.) * label: controled list of labels * HTTP POST with a JSON payload * create a form with prefilled data * content-type is application/json * json may include: * title * User agent string * OS identification * labels list * type of bugs * short summary * full description * tested in another browser * body * HTTP POST with an attached form * submit a form to GitHub to create a new issue * form submit type: * authenticated: Github authentification * anonymous: handled by webcompat-bot Any deceptive requests will be ended as a 400. See https://tools.ietf.org/html/rfc7231#section-6.5.1 """ # Starting a logger log = app.logger log.setLevel(logging.INFO) if g.user: get_user_info() # We define which type of requests we are dealing with. request_type = form_type(request) # Form Prefill section if request_type == 'prefill': form_data = prepare_form(request) bug_form = get_form(form_data) session['extra_labels'] = form_data['extra_labels'] return render_template('new-issue.html', form=bug_form) # Issue Creation section elif request_type == 'create': # Check if there is a form if not request.form: log.info('POST request without form.') abort(400) # Adding parameters to the form form = request.form.copy() extra_labels = session.pop('extra_labels', None) if extra_labels: form['extra_labels'] = extra_labels # Logging the ip and url for investigation log.info('{ip} {url}'.format( ip=request.remote_addr, url=form['url'].encode('utf-8'))) # Checking blacklisted domains if is_blacklisted_domain(form['url']): msg = (u'Anonymous reporting for domain {0} ' 'is temporarily disabled. Please contact ' '[email protected] ' 'for more details.').format(form['url']) flash(msg, 'notimeout') return redirect(url_for('index')) # Check if the form is valid if not is_valid_issue_form(form): abort(400) # Anonymous reporting if form.get('submit_type') == PROXY_REPORT: json_response = report_issue(form, proxy=True) session['show_thanks'] = True return redirect( url_for('show_issue', number=json_response.get('number'))) # Authenticated reporting if form.get('submit_type') == AUTH_REPORT: if g.user: # If you're already authed, submit the bug. json_response = report_issue(form) session['show_thanks'] = True return redirect(url_for('show_issue', number=json_response.get('number'))) else: # Stash form data into session, go do GitHub auth session['form'] = form return redirect(url_for('login')) else: abort(400)
def create_issue(): """Create a new issue or prefill a form for submission. * HTTP GET with (optional) parameters * create a form with prefilled data. * parameters: * url: URL of the Web site * src: source of the request (web, addon, etc.) * label: controled list of labels * HTTP POST with a JSON payload * create a form with prefilled data * content-type is application/json * json may include: * title * User agent string * OS identification * labels list * type of bugs * short summary * full description * tested in another browser * body * utm_ params for Google Analytics * HTTP POST with an attached form * submit a form to GitHub to create a new issue * form submit type: * authenticated: Github authentification * anonymous: handled by webcompat-bot Any deceptive requests will be ended as a 400. See https://tools.ietf.org/html/rfc7231#section-6.5.1 """ push('/css/dist/webcompat.min.css', **{'as': 'style', 'rel': 'preload'}) push(bust_cache('/js/dist/webcompat.min.js'), **{ 'as': 'script', 'rel': 'preload' }) # Starting a logger log = app.logger log.setLevel(logging.INFO) if g.user: get_user_info() # We define which type of requests we are dealing with. request_type = form_type(request) # Form Prefill section if request_type == 'prefill': form_data = prepare_form(request) # XXXTemp Hack: if the user clicked on Report Site Issue from Release, # we want to redirect them somewhere else and forget all their data. # See https://bugzilla.mozilla.org/show_bug.cgi?id=1513541 if form_data == 'release': return render_template('thanks.html') bug_form = get_form(form_data) session['extra_labels'] = form_data['extra_labels'] source = form_data.pop('utm_source', None) campaign = form_data.pop('utm_campaign', None) return render_template('new-issue.html', form=bug_form, source=source, campaign=campaign, nonce=request.nonce) # Issue Creation section elif request_type == 'create': # Check if there is a form if not request.form: log.info('POST request without form.') abort(400) # Adding parameters to the form form = request.form.copy() extra_labels = session.pop('extra_labels', None) if extra_labels: form['extra_labels'] = extra_labels # Logging the ip and url for investigation log.info('{ip} {url}'.format(ip=request.remote_addr, url=form['url'].encode('utf-8'))) # Check if the form is valid if not is_valid_issue_form(form): abort(400) if form.get('submit_type') == PROXY_REPORT: # Checking blacklisted domains domain = urlparse.urlsplit(form['url']).hostname if is_blacklisted_domain(domain): msg = app.config['IS_BLACKLISTED_DOMAIN'].format(form['url']) flash(msg, 'notimeout') return redirect(url_for('index')) # Anonymous reporting json_response = report_issue(form, proxy=True) session['show_thanks'] = True return redirect( url_for('show_issue', number=json_response.get('number'))) # Authenticated reporting if form.get('submit_type') == AUTH_REPORT: if g.user: # If you're already authed, submit the bug. json_response = report_issue(form) session['show_thanks'] = True return redirect( url_for('show_issue', number=json_response.get('number'))) else: # Stash form data into session, go do GitHub auth session['form'] = form return redirect(url_for('login')) else: abort(400)
def create_issue(): """Create a new issue. GET will return an HTML response for reporting issues. POST will create a new issue. Any deceptive requests will be ended as a 400. See https://tools.ietf.org/html/rfc7231#section-6.5.1 """ # Starting a logger log = app.logger log.setLevel(logging.INFO) # Get the User-Agent user_agent = request.headers.get('User-Agent') # GET Requests if request.method == 'GET': bug_form = get_form(user_agent) if g.user: get_user_info() # Note: `src` and `label` are special GET params that can pass # in extra information about a bug report. They're not part of the # HTML <form>, so we stick them in the session cookie so they survive # the scenario where the user decides to do authentication, and they # can then be passed on to form.py if request.args.get('src'): session['src'] = request.args.get('src') if request.args.get('label'): session['label'] = request.args.getlist('label') return render_template('new-issue.html', form=bug_form) # POST Requests if request.form: # Copy the form to add the full UA string. form = request.form.copy() if not is_valid_issue_form(form): abort(400) else: log.info('POST request without form.') abort(400) # Logging the ip and url for investigation log.info('{ip} {url}'.format( ip=request.remote_addr, url=form['url'].encode('utf-8'))) # Checking blacklisted domains if is_blacklisted_domain(form['url']): msg = (u'Anonymous reporting for domain {0} ' 'is temporarily disabled. Please contact ' '[email protected] ' 'for more details.').format(form['url']) flash(msg, 'notimeout') return redirect(url_for('index')) # Feeding the form with request data form['ua_header'] = user_agent form['reported_with'] = session.pop('src', 'web') # Reminder: label is a list, if it exists form['extra_labels'] = session.pop('label', None) # form submission for 3 scenarios: authed, to be authed, anonymous if form.get('submit_type') == AUTH_REPORT: if g.user: # If you're already authed, submit the bug. json_response = report_issue(form) session['show_thanks'] = True return redirect(url_for('show_issue', number=json_response.get('number'))) else: # Stash form data into session, go do GitHub auth session['form_data'] = form return redirect(url_for('login')) elif form.get('submit_type') == PROXY_REPORT: json_response = report_issue(form, proxy=True) session['show_thanks'] = True return redirect(url_for('show_issue', number=json_response.get('number'))) else: # if anything wrong, we assume it is a bad forged request abort(400)
def create_issue(): """Create a new issue or prefill a form for submission. * HTTP GET with (optional) parameters * create a form with prefilled data. * parameters: * url: URL of the Web site * src: source of the request (web, addon, etc.) * label: controled list of labels * HTTP POST with a JSON payload * create a form with prefilled data * content-type is application/json * json may include: * title * User agent string * OS identification * labels list * type of bugs * short summary * full description * tested in another browser * body * utm_ params for Google Analytics * HTTP POST with an attached form * submit a form to GitHub to create a new issue * form submit type: * authenticated: Github authentification * anonymous: handled by webcompat-bot Any deceptive requests will be ended as a 400. See https://tools.ietf.org/html/rfc7231#section-6.5.1 """ push('/css/dist/webcompat.min.css', **{ 'as': 'style', 'rel': 'preload' }) push(bust_cache('/js/dist/webcompat.min.js'), **{ 'as': 'script', 'rel': 'preload' }) # Starting a logger log = app.logger log.setLevel(logging.INFO) if g.user: get_user_info() # We define which type of requests we are dealing with. request_type = form_type(request) # Form Prefill section if request_type == 'prefill': form_data = prepare_form(request) bug_form = get_form(form_data) session['extra_labels'] = form_data['extra_labels'] source = form_data.pop('utm_source', None) campaign = form_data.pop('utm_campaign', None) return render_template('new-issue.html', form=bug_form, source=source, campaign=campaign, nonce=request.nonce) # Issue Creation section elif request_type == 'create': # Check if there is a form if not request.form: log.info('POST request without form.') abort(400) # Adding parameters to the form form = request.form.copy() extra_labels = session.pop('extra_labels', None) if extra_labels: form['extra_labels'] = extra_labels # Logging the ip and url for investigation log.info('{ip} {url}'.format( ip=request.remote_addr, url=form['url'].encode('utf-8'))) # Check if the form is valid if not is_valid_issue_form(form): abort(400) if form.get('submit_type') == PROXY_REPORT: # Checking blacklisted domains domain = urlparse.urlsplit(form['url']).hostname if is_blacklisted_domain(domain): msg = app.config['IS_BLACKLISTED_DOMAIN'].format(form['url']) flash(msg, 'notimeout') return redirect(url_for('index')) # Anonymous reporting json_response = report_issue(form, proxy=True) session['show_thanks'] = True return redirect( url_for('show_issue', number=json_response.get('number'))) # Authenticated reporting if form.get('submit_type') == AUTH_REPORT: if g.user: # If you're already authed, submit the bug. json_response = report_issue(form) session['show_thanks'] = True return redirect(url_for('show_issue', number=json_response.get('number'))) else: # Stash form data into session, go do GitHub auth session['form'] = form return redirect(url_for('login')) else: abort(400)