def react_plugin_config(plugin, project, request):
response = client.get(
u"/projects/{}/{}/plugins/{}/".format(project.organization.slug, project.slug, plugin.slug),
request=request,
)
return mark_safe(
"""
<div id="ref-plugin-config"></div>
<script>
$(function(){
ReactDOM.render(React.createFactory(SentryApp.PluginConfig)({
project: %s,
organization: %s,
data: %s
}), document.getElementById('ref-plugin-config'));
});
</script>
"""
% (
json.dumps_htmlsafe(serialize(project, request.user)),
json.dumps_htmlsafe(serialize(project.organization, request.user)),
json.dumps_htmlsafe(response.data),
)
)
def react_plugin_config(plugin, project, request):
response = client.get(
f"/projects/{project.organization.slug}/{project.slug}/plugins/{plugin.slug}/",
request=request,
)
nonce = ""
if hasattr(request, "csp_nonce"):
nonce = f' nonce="{request.csp_nonce}"'
return mark_safe("""
<div id="ref-plugin-config"></div>
<script%s>
$(function(){
ReactDOM.render(React.createFactory(SentryApp.PluginConfig)({
project: %s,
organization: %s,
data: %s
}), document.getElementById('ref-plugin-config'));
});
</script>
""" % (
nonce,
json.dumps_htmlsafe(serialize(project, request.user)),
json.dumps_htmlsafe(serialize(project.organization, request.user)),
json.dumps_htmlsafe(response.data),
))
def react_plugin_config(plugin, project, request):
response = client.get(
'/projects/{}/{}/plugins/{}/'.format(
project.organization.slug,
project.slug,
plugin.slug,
),
request=request
)
return mark_safe(
"""
<div id="ref-plugin-config"></div>
<script>
$(function(){
ReactDOM.render(React.createFactory(Sentry.PluginConfig)({
project: %s,
organization: %s,
data: %s
}), document.getElementById('ref-plugin-config'));
});
</script>
""" % (
json.dumps_htmlsafe(serialize(project, request.user)),
json.dumps_htmlsafe(serialize(project.organization, request.user)),
json.dumps_htmlsafe(response.data)
)
)
def react_plugin_config(plugin, project, request):
response = client.get(
f"/projects/{project.organization.slug}/{project.slug}/plugins/{plugin.slug}/",
request=request,
)
nonce = ""
if hasattr(request, "csp_nonce"):
nonce = f' nonce="{request.csp_nonce}"'
# Pretty sure this is not in use, and if it is, it has been broken since
# https://github.com/getsentry/sentry/pull/13578/files#diff-d17d91cc629f5f2e4582adb6e52d426f654452b751da97bafa25160b78566438L206
return mark_safe("""
<div id="ref-plugin-config"></div>
<script%s>
window.__onSentryInit = window.__onSentryInit || [];
window.__onSentryInit.push({
name: 'renderReact',
component: 'PluginConfig',
container: '#ref-plugin-config',
props: {
project: %s,
organization: %s,
data: %s
},
});
</script>
""" % (
nonce,
json.dumps_htmlsafe(serialize(project, request.user)),
json.dumps_htmlsafe(serialize(project.organization, request.user)),
json.dumps_htmlsafe(response.data),
))
def get_react_config(context):
if 'request' in context:
user = getattr(context['request'], 'user', None) or AnonymousUser()
messages = get_messages(context['request'])
try:
is_superuser = context['request'].is_superuser()
except AttributeError:
is_superuser = False
else:
user = None
messages = []
is_superuser = False
if user:
user = extract_lazy_object(user)
enabled_features = []
if features.has('organizations:create', actor=user):
enabled_features.append('organizations:create')
if auth.has_user_registration():
enabled_features.append('auth:register')
version_info = _get_version_info()
needs_upgrade = False
if is_superuser:
needs_upgrade = _needs_upgrade()
context = {
'singleOrganization': settings.SENTRY_SINGLE_ORGANIZATION,
'supportEmail': get_support_mail(),
'urlPrefix': options.get('system.url-prefix'),
'version': version_info,
'features': enabled_features,
'mediaUrl': get_asset_url('sentry', ''),
'needsUpgrade': needs_upgrade,
'dsn': _get_public_dsn(),
'statuspage': _get_statuspage(),
'messages': [{
'message': msg.message,
'level': msg.tags,
} for msg in messages],
'isOnPremise': settings.SENTRY_ONPREMISE,
'invitesEnabled': settings.SENTRY_ENABLE_INVITES,
'gravatarBaseUrl': settings.SENTRY_GRAVATAR_BASE_URL,
}
if user and user.is_authenticated():
context.update({
'isAuthenticated': True,
'user': serialize(user, user),
})
context['user']['isSuperuser'] = is_superuser
else:
context.update({
'isAuthenticated': False,
'user': None,
})
return json.dumps_htmlsafe(context)
def update_build_refresh_date(project: Project, config_id: str) -> None:
serialized_option = project.get_option(
appconnect.APPSTORECONNECT_BUILD_REFRESHES_OPTION, default="{}")
build_refresh_dates = json.loads(serialized_option)
build_refresh_dates[config_id] = datetime.now()
serialized_refresh_dates = json.dumps_htmlsafe(build_refresh_dates)
project.update_option(appconnect.APPSTORECONNECT_BUILD_REFRESHES_OPTION,
serialized_refresh_dates)
def test_escape(self):
res = "<script>alert('&');</script>"
assert json.dumps(res) == '"<script>alert(\'&\');</script>"'
assert json.dumps(
res, escape=True
) == '"\\u003cscript\\u003ealert(\\u0027\u0026\\u0027);\\u003c/script\\u003e"'
assert json.dumps_htmlsafe(
res
) == '"\\u003cscript\\u003ealert(\\u0027\u0026\\u0027);\\u003c/script\\u003e"'
def test_escape(self):
res = "<script>alert('&');</script>"
assert json.dumps(res) == '"<script>alert(\'&\');</script>"'
assert json.dumps(
res, escape=True
) == '"\\u003cscript\\u003ealert(\\u0027\u0026\\u0027);\\u003c/script\\u003e"'
assert json.dumps_htmlsafe(
res
) == '"\\u003cscript\\u003ealert(\\u0027\u0026\\u0027);\\u003c/script\\u003e"'
def dispatch(self, request):
context = {}
embed_config = self.get_embed_config(request)
if embed_config:
context["embed_config"] = json.dumps_htmlsafe(embed_config)
return render_to_response("sentry/500.html",
status=500,
context=context,
request=request)
def test_escape(self):
res = "<script>alert('&');</script>"
assert json.dumps(res) == "\"<script>alert('&');</script>\""
assert (
json.dumps(res, escape=True).encode("utf-8") ==
b'"\\u003cscript\\u003ealert(\\u0027\u0026\\u0027);\\u003c/script\\u003e"'
)
assert (
json.dumps_htmlsafe(res).encode("utf-8") ==
b'"\\u003cscript\\u003ealert(\\u0027\u0026\\u0027);\\u003c/script\\u003e"'
)
def dispatch(self, request):
"""
500 error handler.
Templates: `500.html`
Context: None
"""
context = {"request": request}
embed_config = self.get_embed_config(request)
if embed_config:
context["embed_config"] = json.dumps_htmlsafe(embed_config)
t = loader.get_template("sentry/500.html")
return HttpResponseServerError(t.render(Context(context)))
def dispatch(self, request):
"""
500 error handler.
Templates: `500.html`
Context: None
"""
context = {
'request': request,
}
embed_config = self.get_embed_config(request)
if embed_config:
context['embed_config'] = json.dumps_htmlsafe(embed_config)
t = loader.get_template('sentry/500.html')
return HttpResponseServerError(t.render(Context(context)))
def convert_to_json(obj):
return json.dumps_htmlsafe(obj)
def dispatch(self, request):
try:
event_id = request.GET['eventId']
except KeyError:
return self._smart_response(
request, {'eventId': 'Missing or invalid parameter.'}, status=400)
if event_id and not is_event_id(event_id):
return self._smart_response(
request, {'eventId': 'Missing or invalid parameter.'}, status=400)
key = self._get_project_key(request)
if not key:
return self._smart_response(
request, {'dsn': 'Missing or invalid parameter.'}, status=404)
origin = self._get_origin(request)
if not is_valid_origin(origin, key.project):
return self._smart_response(request, status=403)
if request.method == 'OPTIONS':
return self._smart_response(request)
# customization options
options = DEFAULT_OPTIONS.copy()
for name in six.iterkeys(options):
if name in request.GET:
options[name] = six.text_type(request.GET[name])
# TODO(dcramer): since we cant use a csrf cookie we should at the very
# least sign the request / add some kind of nonce
initial = {
'name': request.GET.get('name'),
'email': request.GET.get('email'),
}
form = UserReportForm(request.POST if request.method == 'POST' else None, initial=initial)
if form.is_valid():
# TODO(dcramer): move this to post to the internal API
report = form.save(commit=False)
report.project = key.project
report.event_id = event_id
try:
event = Event.objects.filter(project_id=report.project.id,
event_id=report.event_id)[0]
except IndexError:
try:
report.group = Group.objects.from_event_id(report.project, report.event_id)
except Group.DoesNotExist:
pass
else:
report.environment = event.get_environment()
report.group = event.group
try:
with transaction.atomic():
report.save()
except IntegrityError:
# There was a duplicate, so just overwrite the existing
# row with the new one. The only way this ever happens is
# if someone is messing around with the API, or doing
# something wrong with the SDK, but this behavior is
# more reasonable than just hard erroring and is more
# expected.
UserReport.objects.filter(
project=report.project,
event_id=report.event_id,
).update(
name=report.name,
email=report.email,
comments=report.comments,
date_added=timezone.now(),
)
else:
if report.group:
report.notify()
user_feedback_received.send(project=report.project, group=report.group, sender=self)
return self._smart_response(request)
elif request.method == 'POST':
return self._smart_response(
request, {
"errors": dict(form.errors),
}, status=400
)
show_branding = ProjectOption.objects.get_value(
project=key.project, key='feedback:branding', default='1'
) == '1'
template = render_to_string(
'sentry/error-page-embed.html', {
'form': form,
'show_branding': show_branding,
'title': options['title'],
'subtitle': options['subtitle'],
'subtitle2': options['subtitle2'],
'name_label': options['labelName'],
'email_label': options['labelEmail'],
'comments_label': options['labelComments'],
'submit_label': options['labelSubmit'],
'close_label': options['labelClose'],
}
)
context = {
'endpoint': mark_safe('*/' + json.dumps(request.build_absolute_uri()) + ';/*'),
'template': mark_safe('*/' + json.dumps(template) + ';/*'),
'strings': json.dumps_htmlsafe({
'generic_error': six.text_type(options['errorGeneric']),
'form_error': six.text_type(options['errorFormEntry']),
'sent_message': six.text_type(options['successMessage']),
}),
}
return render_to_response(
'sentry/error-page-embed.js', context, request, content_type='text/javascript'
)
def dispatch(self, request):
try:
event_id = request.GET['eventId']
except KeyError:
return self._json_response(request, status=400)
if not is_event_id(event_id):
return self._json_response(request, status=400)
key = self._get_project_key(request)
if not key:
return self._json_response(request, status=404)
origin = self._get_origin(request)
if not origin:
return self._json_response(request, status=403)
if not is_valid_origin(origin, key.project):
return HttpResponse(status=403)
if request.method == 'OPTIONS':
return self._json_response(request)
# TODO(dcramer): since we cant use a csrf cookie we should at the very
# least sign the request / add some kind of nonce
initial = {
'name': request.GET.get('name'),
'email': request.GET.get('email'),
}
form = UserReportForm(request.POST if request.method == 'POST' else None,
initial=initial)
if form.is_valid():
# TODO(dcramer): move this to post to the internal API
report = form.save(commit=False)
report.project = key.project
report.event_id = event_id
try:
mapping = EventMapping.objects.get(
event_id=report.event_id,
project_id=key.project_id,
)
except EventMapping.DoesNotExist:
# XXX(dcramer): the system should fill this in later
pass
else:
report.group = Group.objects.get(id=mapping.group_id)
try:
with transaction.atomic():
report.save()
except IntegrityError:
# There was a duplicate, so just overwrite the existing
# row with the new one. The only way this ever happens is
# if someone is messing around with the API, or doing
# something wrong with the SDK, but this behavior is
# more reasonable than just hard erroring and is more
# expected.
UserReport.objects.filter(
project=report.project,
event_id=report.event_id,
).update(
name=report.name,
email=report.email,
comments=report.comments,
date_added=timezone.now(),
)
return self._json_response(request)
elif request.method == 'POST':
return self._json_response(request, {
"errors": dict(form.errors),
}, status=400)
show_branding = ProjectOption.objects.get_value(
project=key.project,
key='feedback:branding',
default='1'
) == '1'
template = render_to_string('sentry/error-page-embed.html', {
'form': form,
'show_branding': show_branding,
})
context = {
'endpoint': mark_safe('*/' + json.dumps(request.build_absolute_uri()) + ';/*'),
'template': mark_safe('*/' + json.dumps(template) + ';/*'),
'strings': json.dumps_htmlsafe({
'generic_error': six.text_type(GENERIC_ERROR),
'form_error': six.text_type(FORM_ERROR),
'sent_message': six.text_type(SENT_MESSAGE),
}),
}
return render_to_response('sentry/error-page-embed.js', context, request,
content_type='text/javascript')
def to_json(obj, request=None):
result = transform(obj, request=request)
return json.dumps_htmlsafe(result)
def get_react_config(context):
if 'request' in context:
request = context['request']
user = getattr(request, 'user', None) or AnonymousUser()
messages = get_messages(request)
session = getattr(request, 'session', None)
is_superuser = is_active_superuser(request)
else:
user = None
messages = []
is_superuser = False
enabled_features = []
if features.has('organizations:create', actor=user):
enabled_features.append('organizations:create')
if auth.has_user_registration():
enabled_features.append('auth:register')
version_info = _get_version_info()
needs_upgrade = False
if is_superuser:
needs_upgrade = _needs_upgrade()
context = {
'singleOrganization':
settings.SENTRY_SINGLE_ORGANIZATION,
'supportEmail':
get_support_mail(),
'urlPrefix':
options.get('system.url-prefix'),
'version':
version_info,
'features':
enabled_features,
'needsUpgrade':
needs_upgrade,
'dsn':
get_public_dsn(),
'statuspage':
_get_statuspage(),
'messages': [{
'message': msg.message,
'level': msg.tags,
} for msg in messages],
'isOnPremise':
settings.SENTRY_ONPREMISE,
'invitesEnabled':
settings.SENTRY_ENABLE_INVITES,
'gravatarBaseUrl':
settings.SENTRY_GRAVATAR_BASE_URL,
'termsUrl':
settings.TERMS_URL,
'privacyUrl':
settings.PRIVACY_URL,
# Note `lastOrganization` should not be expected to update throughout frontend app lifecycle
# It should only be used on a fresh browser nav to a path where an
# organization is not in context
'lastOrganization':
session['activeorg'] if session and 'activeorg' in session else None,
}
if user and user.is_authenticated():
context.update({
'isAuthenticated': True,
'user': serialize(user, user, DetailedUserSerializer()),
})
context['user']['isSuperuser'] = is_superuser
else:
context.update({
'isAuthenticated': False,
'user': None,
})
return json.dumps_htmlsafe(context)
def dispatch(self, request):
try:
event_id = request.GET["eventId"]
except KeyError:
return self._smart_response(
request, {"eventId": "Missing or invalid parameter."},
status=400)
normalized_event_id = normalize_event_id(event_id)
if normalized_event_id:
event_id = normalized_event_id
elif event_id:
return self._smart_response(
request, {"eventId": "Missing or invalid parameter."},
status=400)
key = self._get_project_key(request)
if not key:
return self._smart_response(
request, {"dsn": "Missing or invalid parameter."}, status=404)
origin = self._get_origin(request)
if not is_valid_origin(origin, key.project):
return self._smart_response(request, status=403)
if request.method == "OPTIONS":
return self._smart_response(request)
# customization options
options = DEFAULT_OPTIONS.copy()
for name in options.keys():
if name in request.GET:
options[name] = str(request.GET[name])
# TODO(dcramer): since we cant use a csrf cookie we should at the very
# least sign the request / add some kind of nonce
initial = {
"name": request.GET.get("name"),
"email": request.GET.get("email")
}
form = UserReportForm(
request.POST if request.method == "POST" else None,
initial=initial)
if form.is_valid():
# TODO(dcramer): move this to post to the internal API
report = form.save(commit=False)
report.project_id = key.project_id
report.event_id = event_id
event = eventstore.get_event_by_id(report.project_id,
report.event_id)
if event is not None:
report.environment_id = event.get_environment().id
report.group_id = event.group_id
try:
with transaction.atomic():
report.save()
except IntegrityError:
# There was a duplicate, so just overwrite the existing
# row with the new one. The only way this ever happens is
# if someone is messing around with the API, or doing
# something wrong with the SDK, but this behavior is
# more reasonable than just hard erroring and is more
# expected.
UserReport.objects.filter(project_id=report.project_id,
event_id=report.event_id).update(
name=report.name,
email=report.email,
comments=report.comments,
date_added=timezone.now(),
)
else:
if report.group_id:
report.notify()
user_feedback_received.send(
project=Project.objects.get(id=report.project_id),
sender=self,
)
return self._smart_response(request)
elif request.method == "POST":
return self._smart_response(request, {"errors": dict(form.errors)},
status=400)
show_branding = (ProjectOption.objects.get_value(
project=key.project, key="feedback:branding", default="1") == "1")
template = render_to_string(
"sentry/error-page-embed.html",
context={
"form": form,
"show_branding": show_branding,
"title": options["title"],
"subtitle": options["subtitle"],
"subtitle2": options["subtitle2"],
"name_label": options["labelName"],
"email_label": options["labelEmail"],
"comments_label": options["labelComments"],
"submit_label": options["labelSubmit"],
"close_label": options["labelClose"],
},
)
context = {
"endpoint":
mark_safe("*/" +
json.dumps(absolute_uri(request.get_full_path())) +
";/*"),
"template":
mark_safe("*/" + json.dumps(template) + ";/*"),
"strings":
mark_safe("*/" + json.dumps_htmlsafe(
{
"generic_error": str(options["errorGeneric"]),
"form_error": str(options["errorFormEntry"]),
"sent_message": str(options["successMessage"]),
}) + ";/*"),
}
return render_to_response("sentry/error-page-embed.js",
context,
request,
content_type="text/javascript")
def get_react_config(context):
if 'request' in context:
user = getattr(context['request'], 'user', None) or AnonymousUser()
messages = get_messages(context['request'])
session = getattr(context['request'], 'session', None)
try:
is_superuser = context['request'].is_superuser()
except AttributeError:
is_superuser = False
else:
user = None
messages = []
is_superuser = False
if user:
user = extract_lazy_object(user)
is_superuser = user.is_superuser
enabled_features = []
if features.has('organizations:create', actor=user):
enabled_features.append('organizations:create')
if auth.has_user_registration():
enabled_features.append('auth:register')
version_info = _get_version_info()
needs_upgrade = False
if is_superuser:
needs_upgrade = _needs_upgrade()
context = {
'singleOrganization': settings.SENTRY_SINGLE_ORGANIZATION,
'supportEmail': get_support_mail(),
'urlPrefix': options.get('system.url-prefix'),
'version': version_info,
'features': enabled_features,
'mediaUrl': get_asset_url('sentry', ''),
'needsUpgrade': needs_upgrade,
'dsn': get_public_dsn(),
'statuspage': _get_statuspage(),
'messages': [{
'message': msg.message,
'level': msg.tags,
} for msg in messages],
'isOnPremise': settings.SENTRY_ONPREMISE,
'invitesEnabled': settings.SENTRY_ENABLE_INVITES,
'gravatarBaseUrl': settings.SENTRY_GRAVATAR_BASE_URL,
'termsUrl': settings.TERMS_URL,
'privacyUrl': settings.PRIVACY_URL,
# Note `lastOrganization` should not be expected to update throughout frontend app lifecycle
# It should only be used on a fresh browser nav to a path where an
# organization is not in context
'lastOrganization': session['activeorg'] if session and 'activeorg' in session else None,
}
if user and user.is_authenticated():
context.update({
'isAuthenticated': True,
'user': serialize(user, user, DetailedUserSerializer()),
})
context['user']['isSuperuser'] = is_superuser
else:
context.update({
'isAuthenticated': False,
'user': None,
})
return json.dumps_htmlsafe(context)
def get_react_config(context):
if 'request' in context:
request = context['request']
user = getattr(request, 'user', None) or AnonymousUser()
messages = get_messages(request)
session = getattr(request, 'session', None)
is_superuser = is_active_superuser(request)
language_code = getattr(request, 'LANGUAGE_CODE', 'en')
else:
user = None
messages = []
is_superuser = False
language_code = 'en'
# User identity is used by the sentry SDK
if request and user:
user_identity = {'ip_address': request.META['REMOTE_ADDR']}
if user and user.is_authenticated():
user_identity.update({
'email': user.email,
'id': user.id,
})
if user.name:
user_identity['name'] = user.name
else:
user_identity = {}
enabled_features = []
if features.has('organizations:create', actor=user):
enabled_features.append('organizations:create')
if auth.has_user_registration():
enabled_features.append('auth:register')
version_info = _get_version_info()
needs_upgrade = False
if is_superuser:
needs_upgrade = _needs_upgrade()
context = {
'singleOrganization': settings.SENTRY_SINGLE_ORGANIZATION,
'supportEmail': get_support_mail(),
'urlPrefix': options.get('system.url-prefix'),
'version': version_info,
'features': enabled_features,
'distPrefix': get_asset_url('sentry', 'dist/'),
'needsUpgrade': needs_upgrade,
'dsn': _get_public_dsn(),
'statuspage': _get_statuspage(),
'messages': [{
'message': msg.message,
'level': msg.tags,
} for msg in messages],
'isOnPremise': settings.SENTRY_ONPREMISE,
'invitesEnabled': settings.SENTRY_ENABLE_INVITES,
'gravatarBaseUrl': settings.SENTRY_GRAVATAR_BASE_URL,
'termsUrl': settings.TERMS_URL,
'privacyUrl': settings.PRIVACY_URL,
# Note `lastOrganization` should not be expected to update throughout frontend app lifecycle
# It should only be used on a fresh browser nav to a path where an
# organization is not in context
'lastOrganization': session['activeorg'] if session and 'activeorg' in session else None,
'languageCode': language_code,
'userIdentity': user_identity,
'csrfCookieName': settings.CSRF_COOKIE_NAME,
'sentryConfig': {
'dsn': _get_public_dsn(),
'release': version_info['build'],
'whitelistUrls': list(settings.ALLOWED_HOSTS),
},
}
if user and user.is_authenticated():
context.update({
'isAuthenticated': True,
'user': serialize(user, user, DetailedUserSerializer()),
})
context['user']['isSuperuser'] = is_superuser
else:
context.update({
'isAuthenticated': False,
'user': None,
})
return json.dumps_htmlsafe(context)
def dispatch(self, request):
try:
event_id = request.GET['eventId']
except KeyError:
return self._json_response(request, status=400)
if not is_event_id(event_id):
return self._json_response(request, status=400)
key = self._get_project_key(request)
if not key:
return self._json_response(request, status=404)
origin = self._get_origin(request)
if not origin:
return self._json_response(request, status=403)
if not is_valid_origin(origin, key.project):
return HttpResponse(status=403)
if request.method == 'OPTIONS':
return self._json_response(request)
# TODO(dcramer): since we cant use a csrf cookie we should at the very
# least sign the request / add some kind of nonce
initial = {
'name': request.GET.get('name'),
'email': request.GET.get('email'),
}
form = UserReportForm(
request.POST if request.method == 'POST' else None,
initial=initial)
if form.is_valid():
# TODO(dcramer): move this to post to the internal API
report = form.save(commit=False)
report.project = key.project
report.event_id = event_id
try:
mapping = EventMapping.objects.get(
event_id=report.event_id,
project_id=key.project_id,
)
except EventMapping.DoesNotExist:
# XXX(dcramer): the system should fill this in later
pass
else:
report.group = Group.objects.get(id=mapping.group_id)
try:
with transaction.atomic():
report.save()
except IntegrityError:
# There was a duplicate, so just overwrite the existing
# row with the new one. The only way this ever happens is
# if someone is messing around with the API, or doing
# something wrong with the SDK, but this behavior is
# more reasonable than just hard erroring and is more
# expected.
UserReport.objects.filter(
project=report.project,
event_id=report.event_id,
).update(
name=report.name,
email=report.email,
comments=report.comments,
date_added=timezone.now(),
)
user_feedback_received.send(project=report.project,
group=report.group,
sender=self)
return self._json_response(request)
elif request.method == 'POST':
return self._json_response(request, {
"errors": dict(form.errors),
},
status=400)
show_branding = ProjectOption.objects.get_value(
project=key.project, key='feedback:branding', default='1') == '1'
template = render_to_string('sentry/error-page-embed.html', {
'form': form,
'show_branding': show_branding,
})
context = {
'endpoint':
mark_safe('*/' + json.dumps(request.build_absolute_uri()) + ';/*'),
'template':
mark_safe('*/' + json.dumps(template) + ';/*'),
'strings':
json.dumps_htmlsafe({
'generic_error': six.text_type(GENERIC_ERROR),
'form_error': six.text_type(FORM_ERROR),
'sent_message': six.text_type(SENT_MESSAGE),
}),
}
return render_to_response('sentry/error-page-embed.js',
context,
request,
content_type='text/javascript')
def convert_to_json(obj):
return json.dumps_htmlsafe(obj)
def to_json(obj, request=None):
result = transform(obj, request=request)
return json.dumps_htmlsafe(result)
def dispatch(self, request):
try:
event_id = request.GET['eventId']
except KeyError:
return self._smart_response(
request, {'eventId': 'Missing or invalid parameter.'},
status=400)
if event_id and not is_event_id(event_id):
return self._smart_response(
request, {'eventId': 'Missing or invalid parameter.'},
status=400)
# XXX(dcramer): enforce case insensitivty by coercing this to a lowercase string
event_id = event_id.lower()
key = self._get_project_key(request)
if not key:
return self._smart_response(
request, {'dsn': 'Missing or invalid parameter.'}, status=404)
origin = self._get_origin(request)
if not is_valid_origin(origin, key.project):
return self._smart_response(request, status=403)
if request.method == 'OPTIONS':
return self._smart_response(request)
# customization options
options = DEFAULT_OPTIONS.copy()
for name in six.iterkeys(options):
if name in request.GET:
options[name] = six.text_type(request.GET[name])
# TODO(dcramer): since we cant use a csrf cookie we should at the very
# least sign the request / add some kind of nonce
initial = {
'name': request.GET.get('name'),
'email': request.GET.get('email'),
}
form = UserReportForm(
request.POST if request.method == 'POST' else None,
initial=initial)
if form.is_valid():
# TODO(dcramer): move this to post to the internal API
report = form.save(commit=False)
report.project = key.project
report.event_id = event_id
try:
event = Event.objects.filter(project_id=report.project.id,
event_id=report.event_id)[0]
except IndexError:
try:
report.group = Group.objects.from_event_id(
report.project, report.event_id)
except Group.DoesNotExist:
pass
else:
Event.objects.bind_nodes([event])
report.environment = event.get_environment()
report.group = event.group
try:
with transaction.atomic():
report.save()
except IntegrityError:
# There was a duplicate, so just overwrite the existing
# row with the new one. The only way this ever happens is
# if someone is messing around with the API, or doing
# something wrong with the SDK, but this behavior is
# more reasonable than just hard erroring and is more
# expected.
UserReport.objects.filter(
project=report.project,
event_id=report.event_id,
).update(
name=report.name,
email=report.email,
comments=report.comments,
date_added=timezone.now(),
)
else:
if report.group:
report.notify()
user_feedback_received.send(project=report.project,
group=report.group,
sender=self)
return self._smart_response(request)
elif request.method == 'POST':
return self._smart_response(request, {
"errors": dict(form.errors),
},
status=400)
show_branding = ProjectOption.objects.get_value(
project=key.project, key='feedback:branding', default='1') == '1'
template = render_to_string(
'sentry/error-page-embed.html', {
'form': form,
'show_branding': show_branding,
'title': options['title'],
'subtitle': options['subtitle'],
'subtitle2': options['subtitle2'],
'name_label': options['labelName'],
'email_label': options['labelEmail'],
'comments_label': options['labelComments'],
'submit_label': options['labelSubmit'],
'close_label': options['labelClose'],
})
context = {
'endpoint':
mark_safe('*/' + json.dumps(request.build_absolute_uri()) + ';/*'),
'template':
mark_safe('*/' + json.dumps(template) + ';/*'),
'strings':
json.dumps_htmlsafe({
'generic_error':
six.text_type(options['errorGeneric']),
'form_error':
six.text_type(options['errorFormEntry']),
'sent_message':
six.text_type(options['successMessage']),
}),
}
return render_to_response('sentry/error-page-embed.js',
context,
request,
content_type='text/javascript')
def serialize(context, value):
value = serialize_func(value, context['request'].user)
return json.dumps_htmlsafe(value)
def to_json(obj, request=None):
return json.dumps_htmlsafe(obj)
def get_react_config(context):
context = get_client_config(context.get('request', None))
return json.dumps_htmlsafe(context)
