def parse_cors_request(request, r_dict): # Convert body to dict body = convert_post_body_to_dict(request.body) # 'content' is in body for the IE cors POST if 'content' in body: # Grab what the normal body would be since it's in content (unquote if necessary) str_body = urllib.unquote(body.pop('content')) r_dict['raw_body'] = str_body # Only for statements since document API bodies don't have to be JSON if r_dict['auth']['endpoint'] == '/statements': try: # Should convert to dict if data is in JSON format r_dict['body'] = convert_to_datatype(str_body) except Exception: try: # Convert to dict if data is in form format (foo=bar) r_dict['body'] = QueryDict(str_body).dict() except Exception: raise BadRequest( "Could not parse request body in CORS request") else: # QueryDict will create {'foo':''} key for any string - does not care if valid query string or not for k, v in r_dict['body'].items(): if not v: raise BadRequest( "Could not parse request body in CORS request, no value for: %s" % k) else: r_dict['body'] = str_body # Catch attachments early if 'attachments' in r_dict['body']: raise BadRequest(( "Attachments are not supported in cross origin requests since they require a " "multipart/mixed Content-Type")) # Remove extra headers from body that we already captured in get_headers body.pop('X-Experience-API-Version', None) body.pop('Content-Type', None) body.pop('If-Match', None) body.pop('If-None-Match', None) body.pop('HTTP_AUTHORIZATION', None) body.pop('Authorization', None) # all that should be left are params for the request, we add them to the params object r_dict['params'].update(body) # Add query string params for k in request.GET: # make sure the method param goes in the special method spot if k == 'method': r_dict[k] = request.GET[k].upper() else: r_dict['params'][k] = request.GET[k] #If it is a CORS PUT OR POST make sure it has content if (r_dict['method'] == 'PUT' or r_dict['method'] == 'POST') \ and 'body' not in r_dict: raise BadRequest("CORS PUT or POST both require content parameter") set_agent_param(r_dict)
def parse_cors_request(request, r_dict): # Convert body to dict body = convert_post_body_to_dict(request.body) # 'content' is in body for the IE cors POST if 'content' in body: # Grab what the normal body would be since it's in content (unquote if necessary) str_body = urllib.unquote(body.pop('content')) r_dict['raw_body'] = str_body # Only for statements since document API bodies don't have to be JSON if r_dict['auth']['endpoint'] == '/statements': try: # Should convert to dict if data is in JSON format r_dict['body'] = convert_to_datatype(str_body) except Exception: try: # Convert to dict if data is in form format (foo=bar) r_dict['body'] = QueryDict(str_body).dict() except Exception: raise BadRequest("Could not parse request body in CORS request") else: # QueryDict will create {'foo':''} key for any string - does not care if valid query string or not for k, v in r_dict['body'].items(): if not v: raise BadRequest("Could not parse request body in CORS request, no value for: %s" % k) else: r_dict['body'] = str_body # Catch attachments early if 'attachments' in r_dict['body']: raise BadRequest(("Attachments are not supported in cross origin requests since they require a " "multipart/mixed Content-Type")) # Remove extra headers from body that we already captured in get_headers body.pop('X-Experience-API-Version', None) body.pop('Content-Type', None) body.pop('If-Match', None) body.pop('If-None-Match', None) body.pop('HTTP_AUTHORIZATION', None) body.pop('Authorization', None) # all that should be left are params for the request, we add them to the params object r_dict['params'].update(body) # Add query string params for k in request.GET: # make sure the method param goes in the special method spot if k == 'method': r_dict[k] = request.GET[k].upper() else: r_dict['params'][k] = request.GET[k] #If it is a CORS PUT OR POST make sure it has content if (r_dict['method'] == 'PUT' or r_dict['method'] == 'POST') \ and 'body' not in r_dict: raise BadRequest("CORS PUT or POST both require content parameter") set_agent_param(r_dict)
def set_cors_authorization(request, r_dict): # Not allowed to set request body so this is just a copy body = convert_post_body_to_dict(request.body) if 'HTTP_AUTHORIZATION' not in r_dict['headers'] and 'HTTP_AUTHORIZATION' not in r_dict['headers']: if 'HTTP_AUTHORIZATION' in body: r_dict['headers']['Authorization'] = body.pop('HTTP_AUTHORIZATION') elif 'Authorization' in body: r_dict['headers']['Authorization'] = body.pop('Authorization') else: r_dict['headers']['Authorization'] = None r_dict['auth']['endpoint'] = get_endpoint(request) r_dict['auth']['type'] = 'http'
def set_cors_authorization(request, r_dict): # Not allowed to set request body so this is just a copy body = convert_post_body_to_dict(request.body) if 'HTTP_AUTHORIZATION' not in r_dict[ 'headers'] and 'HTTP_AUTHORIZATION' not in r_dict['headers']: if 'HTTP_AUTHORIZATION' in body: r_dict['headers']['Authorization'] = body.pop('HTTP_AUTHORIZATION') elif 'Authorization' in body: r_dict['headers']['Authorization'] = body.pop('Authorization') else: r_dict['headers']['Authorization'] = None r_dict['auth']['endpoint'] = get_endpoint(request) r_dict['auth']['type'] = 'http'
def parse(request, more_id=None): r_dict = {} # Build headers from request in request dict r_dict['headers'] = get_headers(request.META) # Traditional authorization should be passed in headers r_dict['auth'] = {} if 'Authorization' in r_dict['headers']: # OAuth will always be dict, not http auth. Set required fields for oauth module and type for authentication # module set_authorization(r_dict, request) elif 'Authorization' in request.body or 'HTTP_AUTHORIZATION' in request.body: # Authorization could be passed into body if cross origin request r_dict['auth']['type'] = 'http' else: raise BadRequest("Request has no authorization") r_dict['params'] = {} # lookin for weird IE CORS stuff.. it'll be a post with a 'method' url param if request.method == 'POST' and 'method' in request.GET: bdy = convert_post_body_to_dict(request.body) # 'content' is in body for the IE cors POST if 'content' in bdy: r_dict['body'] = urllib.unquote(bdy.pop('content')) # headers are in the body too for IE CORS, we removes them r_dict['headers'].update(get_headers(bdy)) for h in r_dict['headers']: bdy.pop(h, None) # remove extras from body bdy.pop('X-Experience-API-Version', None) bdy.pop('Content-Type', None) bdy.pop('If-Match', None) bdy.pop('If-None-Match', None) # all that should be left are params for the request, # we adds them to the params object r_dict['params'].update(bdy) for k in request.GET: if k == 'method': # make sure the method param goes in the special method spot r_dict[k] = request.GET[k] else: r_dict['params'][k] = request.GET[k] # Just parse body for all non IE CORS stuff else: r_dict = parse_body(r_dict, request) # Update dict with any GET data r_dict['params'].update(request.GET.dict()) # Method gets set for cors already if 'method' not in r_dict: # Differentiate GET and POST if request.method == "POST" and (request.path[6:] == 'statements' or request.path[6:] == 'statements/'): # Can have empty body for POST (acts like GET) if 'body' in r_dict: # If body is a list, it's a post if not isinstance(r_dict['body'], list): if not isinstance(r_dict['body'], dict): raise BadRequest("Cannot evaluate data into dictionary to parse -- Error: %s" % r_dict['body']) # If actor verb and object not in body - means it's a GET or invalid POST if not ('actor' in r_dict['body'] and 'verb' in r_dict['body'] and 'object' in r_dict['body']): # If body keys are in get params - GET - else invalid request if set(r_dict['body'].keys()).issubset(['statementId', 'voidedStatementId', 'agent', 'verb', 'activity', 'registration', 'related_activities', 'related_agents', 'since', 'until', 'limit', 'format', 'attachments', 'ascending']): r_dict['method'] = 'GET' else: raise BadRequest("Statement is missing actor, verb, or object") else: r_dict['method'] = 'POST' else: r_dict['method'] = 'POST' else: r_dict['method'] = 'GET' else: r_dict['method'] = request.method # Set if someone is hitting the statements/more endpoint if more_id: r_dict['more_id'] = more_id return r_dict
def parse(request, more_id=None): r_dict = {} # Build headers from request in request dict r_dict['headers'] = get_headers(request.META) # Traditional authorization should be passed in headers r_dict['auth'] = {} if 'Authorization' in r_dict['headers']: # OAuth will always be dict, not http auth. Set required fields for oauth module and type for authentication # module set_authorization(r_dict, request) elif 'Authorization' in request.body or 'HTTP_AUTHORIZATION' in request.body: # Authorization could be passed into body if cross origin request r_dict['auth']['type'] = 'http' else: raise BadRequest("Request has no authorization") r_dict['params'] = {} # lookin for weird IE CORS stuff.. it'll be a post with a 'method' url param if request.method == 'POST' and 'method' in request.GET: bdy = convert_post_body_to_dict(request.body) # 'content' is in body for the IE cors POST if 'content' in bdy: r_dict['body'] = urllib.unquote(bdy.pop('content')) # headers are in the body too for IE CORS, we removes them r_dict['headers'].update(get_headers(bdy)) for h in r_dict['headers']: bdy.pop(h, None) # remove extras from body bdy.pop('X-Experience-API-Version', None) bdy.pop('Content-Type', None) bdy.pop('If-Match', None) bdy.pop('If-None-Match', None) # all that should be left are params for the request, # we adds them to the params object r_dict['params'].update(bdy) for k in request.GET: if k == 'method': # make sure the method param goes in the special method spot r_dict[k] = request.GET[k] else: r_dict['params'][k] = request.GET[k] # Just parse body for all non IE CORS stuff else: r_dict = parse_body(r_dict, request) # Update dict with any GET data r_dict['params'].update(request.GET.dict()) # Method gets set for cors already if 'method' not in r_dict: # Differentiate GET and POST if request.method == "POST" and (request.path[6:] == 'statements' or request.path[6:] == 'statements/'): # Can have empty body for POST (acts like GET) if 'body' in r_dict: # If body is a list, it's a post if not isinstance(r_dict['body'], list): if not isinstance(r_dict['body'], dict): raise BadRequest( "Cannot evaluate data into dictionary to parse -- Error: %s" % r_dict['body']) # If actor verb and object not in body - means it's a GET or invalid POST if not ('actor' in r_dict['body'] and 'verb' in r_dict['body'] and 'object' in r_dict['body']): # If body keys are in get params - GET - else invalid request if set(r_dict['body'].keys()).issubset([ 'statementId', 'voidedStatementId', 'agent', 'verb', 'activity', 'registration', 'related_activities', 'related_agents', 'since', 'until', 'limit', 'format', 'attachments', 'ascending' ]): r_dict['method'] = 'GET' else: raise BadRequest( "Statement is missing actor, verb, or object") else: r_dict['method'] = 'POST' else: r_dict['method'] = 'POST' else: r_dict['method'] = 'GET' else: r_dict['method'] = request.method # Set if someone is hitting the statements/more endpoint if more_id: r_dict['more_id'] = more_id return r_dict