def zulip_finish(self, result_dict: Dict[str, Any], old_request: HttpRequest, apply_markdown: bool) -> None: # Function called when we want to break a long-polled # get_events request and return a response to the client. # Marshall the response data from result_dict. if result_dict[ 'result'] == 'success' and 'messages' in result_dict and apply_markdown: for msg in result_dict['messages']: if msg['content_type'] != 'text/html': self.set_status(500) self.finish('Internal error: bad message format') if result_dict['result'] == 'error': self.set_status(400) # The `result` dictionary contains the data we want to return # to the client. We want to do so in a proper Tornado HTTP # response after running the Django response middleware (which # does things like log the request, add rate-limit headers, # etc.). The Django middleware API expects to receive a fresh # HttpRequest object, and so to minimize hacks, our strategy # is to create a duplicate Django HttpRequest object, tagged # to automatically return our data in its response, and call # Django's main self.get_response() handler to generate an # HttpResponse with all Django middleware run. request = self.convert_tornado_request_to_django_request() # Add to this new HttpRequest logging data from the processing of # the original request; we will need these for logging. # # TODO: Design a cleaner way to manage these attributes, # perhaps via creating a ZulipHttpRequest class that contains # these attributes with a copy method. request._log_data = old_request._log_data if hasattr(request, "_rate_limit"): request._rate_limit = old_request._rate_limit request._email = old_request._email request.user = old_request.user request.client = old_request.client # The saved_response attribute, if present, causes # rest_dispatch to return the response immediately before # doing any work. This arrangement allows Django's full # request/middleware system to run unmodified while avoiding # running expensive things like Zulip's authentication code a # second time. request.saved_response = json_response(res_type=result_dict['result'], data=result_dict, status=self.get_status()) try: response = self.get_response(request) finally: # Tell Django we're done processing this request # # TODO: Investigate whether this (and other call points in # this file) should be using response.close() instead. signals.request_finished.send(sender=self.__class__) self.write_django_response_as_tornado_response(response)
def zulip_finish(self, response, request, apply_markdown): # type: (HttpResponse, HttpRequest, bool) -> None # Make sure that Markdown rendering really happened, if requested. # This is a security issue because it's where we escape HTML. # c.f. ticket #64 # # apply_markdown=True is the fail-safe default. if response[ 'result'] == 'success' and 'messages' in response and apply_markdown: for msg in response['messages']: if msg['content_type'] != 'text/html': self.set_status(500) self.finish('Internal error: bad message format') if response['result'] == 'error': self.set_status(400) # Call the Django response middleware on our object so that # e.g. our own logging code can run; but don't actually use # the headers from that since sending those to Tornado seems # tricky; instead just send the (already json-rendered) # content on to Tornado django_response = json_response(res_type=response['result'], data=response, status=self.get_status()) django_response = self.apply_response_middleware( request, django_response, request._resolver) # Pass through the content-type from Django, as json content should be # served as application/json self.set_header("Content-Type", django_response['Content-Type']) self.finish(django_response.content)
def process_exception(self, request: HttpRequest, exception: Exception) -> Optional[HttpResponse]: if isinstance(exception, MissingAuthenticationError): if "text/html" in request.META.get("HTTP_ACCEPT", ""): # If this looks like a request from a top-level page in a # browser, send the user to the login page. # # TODO: The next part is a bit questionable; it will # execute the likely intent for intentionally visiting # an API endpoint without authentication in a browser, # but that's an unlikely to be done intentionally often. return HttpResponseRedirect( f"{settings.HOME_NOT_LOGGED_IN}?next={request.path}") if request.path.startswith("/api"): # For API routes, ask for HTTP basic auth (email:apiKey). return json_unauthorized() else: # For /json routes, ask for session authentication. return json_unauthorized(www_authenticate="session") if isinstance(exception, JsonableError): return json_response_from_error(exception) if get_request_notes(request).error_format == "JSON": capture_exception(exception) json_error_logger = logging.getLogger( "zerver.middleware.json_error_handler") json_error_logger.error(traceback.format_exc(), extra=dict(request=request)) return json_response(res_type="error", msg=_("Internal server error"), status=500) return None
def zulip_finish(self, response, request, apply_markdown): # type: (Dict[str, Any], HttpRequest, bool) -> None # Make sure that Markdown rendering really happened, if requested. # This is a security issue because it's where we escape HTML. # c.f. ticket #64 # # apply_markdown=True is the fail-safe default. if response['result'] == 'success' and 'messages' in response and apply_markdown: for msg in response['messages']: if msg['content_type'] != 'text/html': self.set_status(500) self.finish('Internal error: bad message format') if response['result'] == 'error': self.set_status(400) # Call the Django response middleware on our object so that # e.g. our own logging code can run; but don't actually use # the headers from that since sending those to Tornado seems # tricky; instead just send the (already json-rendered) # content on to Tornado django_response = json_response(res_type=response['result'], data=response, status=self.get_status()) django_response = self.apply_response_middleware(request, django_response, request._resolver) # Pass through the content-type from Django, as json content should be # served as application/json self.set_header("Content-Type", django_response['Content-Type']) self.finish(django_response.content)
def zulip_finish(self, result_dict: Dict[str, Any], request: HttpRequest, apply_markdown: bool) -> None: # Make sure that Markdown rendering really happened, if requested. # This is a security issue because it's where we escape HTML. # c.f. ticket #64 # # apply_markdown=True is the fail-safe default. if result_dict[ 'result'] == 'success' and 'messages' in result_dict and apply_markdown: for msg in result_dict['messages']: if msg['content_type'] != 'text/html': self.set_status(500) self.finish('Internal error: bad message format') if result_dict['result'] == 'error': self.set_status(400) # Call the Django response middleware on our object so that # e.g. our own logging code can run; but don't actually use # the headers from that since sending those to Tornado seems # tricky; instead just send the (already json-rendered) # content on to Tornado django_response = json_response(res_type=result_dict['result'], data=result_dict, status=self.get_status()) django_response = self.apply_response_middleware( request, django_response, request._resolver) self.write_django_response_as_tornado_response(django_response)
def stream_exists_backend(request, user_profile, stream_name, autosubscribe): if not valid_stream_name(stream_name): return json_error("Invalid characters in stream name") stream = get_stream(stream_name, user_profile.realm) result = {"exists": bool(stream)} if stream is not None: recipient = get_recipient(Recipient.STREAM, stream.id) if autosubscribe: bulk_add_subscriptions([stream], [user_profile]) result["subscribed"] = Subscription.objects.filter( user_profile=user_profile, recipient=recipient, active=True).exists() return json_success(result) # results are ignored for HEAD requests return json_response(data=result, status=404)
def stream_exists_backend(request, user_profile, stream_name, autosubscribe): if not valid_stream_name(stream_name): return json_error("Invalid characters in stream name") stream = get_stream(stream_name, user_profile.realm) result = {"exists": bool(stream)} if stream is not None: recipient = get_recipient(Recipient.STREAM, stream.id) if autosubscribe: bulk_add_subscriptions([stream], [user_profile]) result["subscribed"] = Subscription.objects.filter(user_profile=user_profile, recipient=recipient, active=True).exists() return json_success(result) # results are ignored for HEAD requests return json_response(data=result, status=404)
def stream_exists_backend(request, user_profile, stream_name, autosubscribe): # type: (HttpRequest, UserProfile, text_type, bool) -> HttpResponse if not valid_stream_name(stream_name): return json_error(_("Invalid characters in stream name")) stream = get_stream(stream_name, user_profile.realm) result = {"exists": bool(stream)} if stream is not None: recipient = get_recipient(Recipient.STREAM, stream.id) if autosubscribe: bulk_add_subscriptions([stream], [user_profile]) result["subscribed"] = is_active_subscriber(user_profile=user_profile, recipient=recipient) return json_success(result) # results are ignored for HEAD requests return json_response(data=result, status=404)
def stream_exists_backend(request, user_profile, stream_name, autosubscribe): # type: (HttpRequest, UserProfile, text_type, bool) -> HttpResponse if not valid_stream_name(stream_name): return json_error(_("Invalid characters in stream name")) stream = get_stream(stream_name, user_profile.realm) result = {"exists": bool(stream)} if stream is not None: recipient = get_recipient(Recipient.STREAM, stream.id) if autosubscribe: bulk_add_subscriptions([stream], [user_profile]) result["subscribed"] = is_active_subscriber( user_profile=user_profile, recipient=recipient) return json_success(result) # results are ignored for HEAD requests return json_response(data=result, status=404)
def stream_exists_backend(request, user_profile, stream_id, autosubscribe): # type: (HttpRequest, UserProfile, int, bool) -> HttpResponse try: stream = get_and_validate_stream_by_id(stream_id, user_profile.realm) except JsonableError: stream = None result = {"exists": bool(stream)} if stream is not None: recipient = get_recipient(Recipient.STREAM, stream.id) if autosubscribe: bulk_add_subscriptions([stream], [user_profile]) result["subscribed"] = is_active_subscriber(user_profile=user_profile, recipient=recipient) return json_success(result) # results are ignored for HEAD requests return json_response(data=result, status=404)
def stream_exists_backend(request, user_profile, stream_id, autosubscribe): # type: (HttpRequest, UserProfile, int, bool) -> HttpResponse try: stream = get_and_validate_stream_by_id(stream_id, user_profile.realm) except JsonableError: stream = None result = {"exists": bool(stream)} if stream is not None: recipient = get_recipient(Recipient.STREAM, stream.id) if autosubscribe: bulk_add_subscriptions([stream], [user_profile]) result["subscribed"] = is_active_subscriber( user_profile=user_profile, recipient=recipient) return json_success(result) # results are ignored for HEAD requests return json_response(data=result, status=404)
def delete_group_message(request): if request.method != 'DELETE': return json_error("Wrong method") json_data = simplejson.loads(request.body) group_id = json_data['group_id'] #check ownership of the group group = Group.objects.get(id=group_id) if (request.user.id != group.owner.id): return json_error("You are not the owner of this group") #user_id = json_date['user_id'] try: #if user_id > 0: #user_profile = UserProfile.objects.get(id=user_id) recipient = Recipient.objects.get(type_id=group_id, type=Recipient.GROUP) except: return json_error("No such group or user") messages = Message.objects.filter(recipient=recipient) #messages_ids = messages.values('id') user_messages = UserMessage.objects.filter(message__in = messages) #delete related messages in UserMessage user_messages.delete() #delete related messages in Message messages.delete() return json_response(res_type="success", msg="All group messages are deleted!")
def test_function(request): # type: (HttpRequest) -> HttpResponse return json_response(msg=u'from_test_function') # nocoverage. isn't meant to be called
def zulip_finish(self, result_dict: Dict[str, Any], old_request: HttpRequest, apply_markdown: bool) -> None: # Function called when we want to break a long-polled # get_events request and return a response to the client. # Marshall the response data from result_dict. if result_dict[ "result"] == "success" and "messages" in result_dict and apply_markdown: for msg in result_dict["messages"]: if msg["content_type"] != "text/html": self.set_status(500) self.finish("Internal error: bad message format") if result_dict["result"] == "error": self.set_status(400) # The `result` dictionary contains the data we want to return # to the client. We want to do so in a proper Tornado HTTP # response after running the Django response middleware (which # does things like log the request, add rate-limit headers, # etc.). The Django middleware API expects to receive a fresh # HttpRequest object, and so to minimize hacks, our strategy # is to create a duplicate Django HttpRequest object, tagged # to automatically return our data in its response, and call # Django's main self.get_response() handler to generate an # HttpResponse with all Django middleware run. request = self.convert_tornado_request_to_django_request() # We import RequestNotes during runtime to avoid # cyclic import from zerver.lib.request import RequestNotes request_notes = RequestNotes.get_notes(request) old_request_notes = RequestNotes.get_notes(old_request) # Add to this new HttpRequest logging data from the processing of # the original request; we will need these for logging. request_notes.log_data = old_request_notes.log_data if request_notes.rate_limit is not None: request_notes.rate_limit = old_request_notes.rate_limit if request_notes.requestor_for_logs is not None: request_notes.requestor_for_logs = old_request_notes.requestor_for_logs request.user = old_request.user request_notes.client = old_request_notes.client request_notes.client_name = old_request_notes.client_name request_notes.client_version = old_request_notes.client_version # The saved_response attribute, if present, causes # rest_dispatch to return the response immediately before # doing any work. This arrangement allows Django's full # request/middleware system to run unmodified while avoiding # running expensive things like Zulip's authentication code a # second time. request_notes.saved_response = json_response( res_type=result_dict["result"], data=result_dict, status=self.get_status()) response = self.get_response(request) try: # Explicitly mark requests as varying by cookie, since the # middleware will not have seen a session access patch_vary_headers(response, ("Cookie", )) assert isinstance(response, HttpResponse) self.write_django_response_as_tornado_response(response) finally: # Tell Django we're done processing this request response.close()
def lookup_endpoints_for_user(request, email=REQ()): try: return json_response(realm_for_email(email).deployment.endpoints) except AttributeError: return json_error("Cannot determine endpoint for user.", status=404)
def test_function(request): # type: (HttpRequest) -> HttpResponse return json_response(msg=u'from_test_function')