Exemplo n.º 1
0
    def render_template(self,
                        filepath,
                        iframe_restriction='DENY',
                        redirect_url_on_logout=None):
        """Prepares an HTML response to be sent to the client.

        Args:
            filepath: str. The template filepath.
            iframe_restriction: str or None. Possible values are
                'DENY' and 'SAMEORIGIN':

                DENY: Strictly prevents the template to load in an iframe.
                SAMEORIGIN: The template can only be displayed in a frame
                    on the same origin as the page itself.
            redirect_url_on_logout: str or None. URL to redirect to on logout.
        """
        values = self.values

        scheme, netloc, path, _, _ = urlparse.urlsplit(self.request.uri)

        values.update({
            'ASSET_DIR_PREFIX':
            utils.get_asset_dir_prefix(),
            'BEFORE_END_HEAD_TAG_HOOK':
            jinja2.utils.Markup(BEFORE_END_HEAD_TAG_HOOK.value),
            'DEV_MODE':
            feconf.DEV_MODE,
            'MINIFICATION':
            feconf.IS_MINIFIED,
            'DOMAIN_URL':
            '%s://%s' % (scheme, netloc),
            'ACTIVITY_STATUS_PRIVATE':
            (rights_manager.ACTIVITY_STATUS_PRIVATE),
            'ACTIVITY_STATUS_PUBLIC': (rights_manager.ACTIVITY_STATUS_PUBLIC),
            'GCS_RESOURCE_BUCKET_NAME':
            (app_identity_services.get_gcs_resource_bucket_name()),
            # The 'path' variable starts with a forward slash.
            'FULL_URL':
            '%s://%s%s' % (scheme, netloc, path),
            'INVALID_NAME_CHARS':
            feconf.INVALID_NAME_CHARS,
            'RTE_COMPONENT_SPECS':
            (rte_component_registry.Registry.get_all_specs()),
            'SITE_FEEDBACK_FORM_URL':
            feconf.SITE_FEEDBACK_FORM_URL,
            'SITE_NAME':
            feconf.SITE_NAME,
            'SYSTEM_USERNAMES':
            feconf.SYSTEM_USERNAMES,
            'TEMPLATE_DIR_PREFIX':
            utils.get_template_dir_prefix(),
            'can_create_collections':
            bool(self.role == feconf.ROLE_ID_COLLECTION_EDITOR),
            'username':
            self.username,
            'user_is_logged_in':
            user_services.has_fully_registered(self.user_id),
            'preferred_site_language_code':
            self.preferred_site_language_code,
            'allow_yaml_file_upload':
            feconf.ALLOW_YAML_FILE_UPLOAD
        })
        if feconf.ENABLE_PROMO_BAR:
            promo_bar_enabled = config_domain.PROMO_BAR_ENABLED.value
            promo_bar_message = config_domain.PROMO_BAR_MESSAGE.value
        else:
            promo_bar_enabled = False
            promo_bar_message = ''
        values.update({
            'promo_bar_enabled': promo_bar_enabled,
            'promo_bar_message': promo_bar_message,
        })

        if 'meta_name' not in values:
            values['meta_name'] = 'Personalized Online Learning from Oppia'

        if 'meta_description' not in values:
            values['meta_description'] = (
                'Oppia is a free, open-source learning platform. Join the '
                'community to create or try an exploration today!')

        # nav_mode is used as part of the GLOBALS object in the frontend, but
        # not every backend handler declares a nav_mode. Thus, the following
        # code is a failsafe to ensure that the nav_mode key is added to all
        # page requests.
        if 'nav_mode' not in values:
            values['nav_mode'] = ''

        if redirect_url_on_logout is None:
            redirect_url_on_logout = self.request.uri

        if self.user_id:
            values['login_url'] = None
            values['logout_url'] = (current_user_services.create_logout_url(
                redirect_url_on_logout))
        else:
            target_url = ('/' if self.request.uri.endswith(feconf.SPLASH_URL)
                          else self.request.uri)
            values['login_url'] = (
                current_user_services.create_login_url(target_url))
            values['logout_url'] = None

        # Create a new csrf token for inclusion in HTML responses. This assumes
        # that tokens generated in one handler will be sent back to a handler
        # with the same page name.
        values['csrf_token'] = ''

        if self.REQUIRE_PAYLOAD_CSRF_CHECK:
            values['csrf_token'] = CsrfTokenManager.create_csrf_token(
                self.user_id)

        self.response.cache_control.no_cache = True
        self.response.cache_control.must_revalidate = True
        self.response.headers['Strict-Transport-Security'] = (
            'max-age=31536000; includeSubDomains')
        self.response.headers['X-Content-Type-Options'] = 'nosniff'

        if iframe_restriction is not None:
            if iframe_restriction in ['SAMEORIGIN', 'DENY']:
                self.response.headers['X-Frame-Options'] = iframe_restriction
            else:
                raise Exception('Invalid X-Frame-Options: %s' %
                                iframe_restriction)

        self.response.expires = 'Mon, 01 Jan 1990 00:00:00 GMT'
        self.response.pragma = 'no-cache'

        self.response.write(
            self.jinja2_env.get_template(filepath).render(**values))
Exemplo n.º 2
0
    def render_template(
            self, filename, iframe_restriction='DENY',
            redirect_url_on_logout=None):
        values = self.values

        scheme, netloc, path, _, _ = urlparse.urlsplit(self.request.uri)

        values.update({
            'ALL_CATEGORIES': feconf.ALL_CATEGORIES,
            'ALL_LANGUAGE_CODES': feconf.ALL_LANGUAGE_CODES,
            'ASSET_DIR_PREFIX': utils.get_asset_dir_prefix(),
            'BEFORE_END_HEAD_TAG_HOOK': jinja2.utils.Markup(
                BEFORE_END_HEAD_TAG_HOOK.value),
            'CAN_SEND_ANALYTICS_EVENTS': feconf.CAN_SEND_ANALYTICS_EVENTS,
            'CATEGORIES_TO_COLORS': feconf.CATEGORIES_TO_COLORS,
            'DEFAULT_LANGUAGE_CODE': feconf.ALL_LANGUAGE_CODES[0]['code'],
            'DEFAULT_CATEGORY_ICON': feconf.DEFAULT_THUMBNAIL_ICON,
            'DEFAULT_COLOR': feconf.DEFAULT_COLOR,
            'DEV_MODE': feconf.DEV_MODE,
            'MINIFICATION': feconf.IS_MINIFIED,
            'DOMAIN_URL': '%s://%s' % (scheme, netloc),
            'ACTIVITY_STATUS_PRIVATE': (
                rights_manager.ACTIVITY_STATUS_PRIVATE),
            'ACTIVITY_STATUS_PUBLIC': (
                rights_manager.ACTIVITY_STATUS_PUBLIC),
            'ACTIVITY_STATUS_PUBLICIZED': (
                rights_manager.ACTIVITY_STATUS_PUBLICIZED),
            # The 'path' variable starts with a forward slash.
            'FULL_URL': '%s://%s%s' % (scheme, netloc, path),
            'INVALID_NAME_CHARS': feconf.INVALID_NAME_CHARS,
            'RTE_COMPONENT_SPECS': (
                rte_component_registry.Registry.get_all_specs()),
            'SITE_FEEDBACK_FORM_URL': feconf.SITE_FEEDBACK_FORM_URL,
            'SITE_NAME': feconf.SITE_NAME,

            'SUPPORTED_SITE_LANGUAGES': feconf.SUPPORTED_SITE_LANGUAGES,
            'SYSTEM_USERNAMES': feconf.SYSTEM_USERNAMES,
            'TEMPLATE_DIR_PREFIX': utils.get_template_dir_prefix(),
            'can_create_collections': (
                self.username and self.username in
                config_domain.WHITELISTED_COLLECTION_EDITOR_USERNAMES.value
            ),
            'username': self.username,
            'user_is_logged_in': user_services.has_fully_registered(
                self.user_id),
            'preferred_site_language_code': self.preferred_site_language_code
        })
        if feconf.ENABLE_PROMO_BAR:
            promo_bar_enabled = config_domain.PROMO_BAR_ENABLED.value
            promo_bar_message = config_domain.PROMO_BAR_MESSAGE.value
        else:
            promo_bar_enabled = False
            promo_bar_message = ''
        values.update({
            'promo_bar_enabled': promo_bar_enabled,
            'promo_bar_message': promo_bar_message,
        })

        if 'meta_name' not in values:
            values['meta_name'] = 'Personalized Online Learning from Oppia'

        if 'meta_description' not in values:
            values['meta_description'] = (
                'Oppia is a free, open-source learning platform. Join the '
                'community to create or try an exploration today!')

        # nav_mode is used as part of the GLOBALS object in the frontend, but
        # not every backend handler declares a nav_mode. Thus, the following
        # code is a failsafe to ensure that the nav_mode key is added to all
        # page requests.
        if 'nav_mode' not in values:
            values['nav_mode'] = ''

        if redirect_url_on_logout is None:
            redirect_url_on_logout = self.request.uri

        if self.user_id:
            values['login_url'] = None
            values['logout_url'] = (
                current_user_services.create_logout_url(
                    redirect_url_on_logout))
        else:
            target_url = (
                '/' if self.request.uri.endswith(feconf.SPLASH_URL)
                else self.request.uri)
            values['login_url'] = (
                current_user_services.create_login_url(target_url))
            values['logout_url'] = None

        # Create a new csrf token for inclusion in HTML responses. This assumes
        # that tokens generated in one handler will be sent back to a handler
        # with the same page name.
        values['csrf_token'] = ''

        if self.REQUIRE_PAYLOAD_CSRF_CHECK:
            values['csrf_token'] = CsrfTokenManager.create_csrf_token(
                self.user_id)

        self.response.cache_control.no_cache = True
        self.response.cache_control.must_revalidate = True
        self.response.headers['Strict-Transport-Security'] = (
            'max-age=31536000; includeSubDomains')
        self.response.headers['X-Content-Type-Options'] = 'nosniff'

        if iframe_restriction is not None:
            if iframe_restriction in ['SAMEORIGIN', 'DENY']:
                self.response.headers['X-Frame-Options'] = iframe_restriction
            else:
                raise Exception(
                    'Invalid X-Frame-Options: %s' % iframe_restriction)

        self.response.expires = 'Mon, 01 Jan 1990 00:00:00 GMT'
        self.response.pragma = 'no-cache'

        self.response.write(
            self.jinja2_env.get_template(filename).render(**values))
Exemplo n.º 3
0
    def render_template(self,
                        filename,
                        iframe_restriction='DENY',
                        redirect_url_on_logout=None):
        values = self.values

        scheme, netloc, path, _, _ = urlparse.urlsplit(self.request.uri)

        values.update({
            'ALL_CATEGORIES':
            feconf.ALL_CATEGORIES,
            'ALL_LANGUAGE_CODES':
            feconf.ALL_LANGUAGE_CODES,
            'ASSET_DIR_PREFIX':
            utils.get_asset_dir_prefix(),
            'BEFORE_END_HEAD_TAG_HOOK':
            jinja2.utils.Markup(BEFORE_END_HEAD_TAG_HOOK.value),
            'CAN_SEND_ANALYTICS_EVENTS':
            feconf.CAN_SEND_ANALYTICS_EVENTS,
            'DEFAULT_LANGUAGE_CODE':
            feconf.ALL_LANGUAGE_CODES[0]['code'],
            'DEV_MODE':
            feconf.DEV_MODE,
            'MINIFICATION':
            feconf.IS_MINIFIED,
            'DOMAIN_URL':
            '%s://%s' % (scheme, netloc),
            'ACTIVITY_STATUS_PRIVATE':
            (rights_manager.ACTIVITY_STATUS_PRIVATE),
            'ACTIVITY_STATUS_PUBLIC': (rights_manager.ACTIVITY_STATUS_PUBLIC),
            'ACTIVITY_STATUS_PUBLICIZED':
            (rights_manager.ACTIVITY_STATUS_PUBLICIZED),
            # The 'path' variable starts with a forward slash.
            'FULL_URL':
            '%s://%s%s' % (scheme, netloc, path),
            'INVALID_NAME_CHARS':
            feconf.INVALID_NAME_CHARS,
            'RTE_COMPONENT_SPECS':
            (rte_component_registry.Registry.get_all_specs()),
            'SITE_FEEDBACK_FORM_URL':
            SITE_FEEDBACK_FORM_URL.value,
            'SITE_NAME':
            SITE_NAME.value,
            'SUPPORTED_SITE_LANGUAGES':
            feconf.SUPPORTED_SITE_LANGUAGES,
            'SYSTEM_USERNAMES':
            feconf.SYSTEM_USERNAMES,
            'TEMPLATE_DIR_PREFIX':
            utils.get_template_dir_prefix(),
            'can_create_collections':
            (self.username and self.username
             in config_domain.WHITELISTED_COLLECTION_EDITOR_USERNAMES.value),
            'user_is_logged_in':
            user_services.has_fully_registered(self.user_id),
            'preferred_site_language_code':
            self.preferred_site_language_code
        })

        if 'meta_name' not in values:
            values['meta_name'] = 'Personalized Online Learning from Oppia'

        if 'meta_description' not in values:
            values['meta_description'] = (
                'Oppia is a free, open-source learning platform. Join the '
                'community to create or try an exploration today!')

        # nav_mode is used as part of the GLOBALS object in the frontend, but
        # not every backend handler declares a nav_mode. Thus, the following
        # code is a failsafe to ensure that the nav_mode key is added to all
        # page requests.
        if 'nav_mode' not in values:
            values['nav_mode'] = ''

        if redirect_url_on_logout is None:
            redirect_url_on_logout = self.request.uri
        if self.user_id:
            values['logout_url'] = (current_user_services.create_logout_url(
                redirect_url_on_logout))
        else:
            target_url = ('/' if self.request.uri.endswith(feconf.SPLASH_URL)
                          else self.request.uri)
            values['login_url'] = (
                current_user_services.create_login_url(target_url))

        # Create a new csrf token for inclusion in HTML responses. This assumes
        # that tokens generated in one handler will be sent back to a handler
        # with the same page name.
        values['csrf_token'] = ''

        if self.REQUIRE_PAYLOAD_CSRF_CHECK:
            values['csrf_token'] = CsrfTokenManager.create_csrf_token(
                self.user_id)

        self.response.cache_control.no_cache = True
        self.response.cache_control.must_revalidate = True
        self.response.headers['Strict-Transport-Security'] = (
            'max-age=31536000; includeSubDomains')
        self.response.headers['X-Content-Type-Options'] = 'nosniff'

        if iframe_restriction is not None:
            if iframe_restriction in ['SAMEORIGIN', 'DENY']:
                self.response.headers['X-Frame-Options'] = iframe_restriction
            else:
                raise Exception('Invalid X-Frame-Options: %s' %
                                iframe_restriction)

        self.response.expires = 'Mon, 01 Jan 1990 00:00:00 GMT'
        self.response.pragma = 'no-cache'

        self.response.write(
            self.jinja2_env.get_template(filename).render(**values))
Exemplo n.º 4
0
    def render_template(
            self, filename, values=None, iframe_restriction='DENY',
            redirect_url_on_logout=None):
        if values is None:
            values = self.values

        scheme, netloc, path, _, _ = urlparse.urlsplit(self.request.uri)

        values.update({
            'ALL_CATEGORIES': feconf.ALL_CATEGORIES,
            'ALL_LANGUAGE_CODES': feconf.ALL_LANGUAGE_CODES,
            'ASSET_DIR_PREFIX': utils.get_asset_dir_prefix(),
            'BEFORE_END_HEAD_TAG_HOOK': jinja2.utils.Markup(
                BEFORE_END_HEAD_TAG_HOOK.value),
            'CAN_SEND_ANALYTICS_EVENTS': feconf.CAN_SEND_ANALYTICS_EVENTS,
            'DEFAULT_LANGUAGE_CODE': feconf.ALL_LANGUAGE_CODES[0]['code'],
            'DEV_MODE': feconf.DEV_MODE,
            'MINIFICATION': feconf.IS_MINIFIED,
            'DOMAIN_URL': '%s://%s' % (scheme, netloc),
            'ACTIVITY_STATUS_PRIVATE': (
                rights_manager.ACTIVITY_STATUS_PRIVATE),
            'ACTIVITY_STATUS_PUBLIC': (
                rights_manager.ACTIVITY_STATUS_PUBLIC),
            'ACTIVITY_STATUS_PUBLICIZED': (
                rights_manager.ACTIVITY_STATUS_PUBLICIZED),
            # The 'path' variable starts with a forward slash.
            'FULL_URL': '%s://%s%s' % (scheme, netloc, path),
            'INVALID_NAME_CHARS': feconf.INVALID_NAME_CHARS,
            'RTE_COMPONENT_SPECS': (
                rte_component_registry.Registry.get_all_specs()),
            'SITE_FEEDBACK_FORM_URL': SITE_FEEDBACK_FORM_URL.value,
            'SITE_NAME': SITE_NAME.value,
            'SUPPORTED_SITE_LANGUAGES': feconf.SUPPORTED_SITE_LANGUAGES,
            'SYSTEM_USERNAMES': feconf.SYSTEM_USERNAMES,
            'TEMPLATE_DIR_PREFIX': utils.get_template_dir_prefix(),
            'can_create_collections': (
                self.username and self.username in
                config_domain.WHITELISTED_COLLECTION_EDITOR_USERNAMES.value
            ),
            'user_is_logged_in': user_services.has_fully_registered(
                self.user_id),
            'preferred_site_language_code': self.preferred_site_language_code
        })

        if 'meta_name' not in values:
            values['meta_name'] = 'Personalized Online Learning from Oppia'

        if 'meta_description' not in values:
            values['meta_description'] = (
                'Oppia is a free, open-source learning platform. Join the '
                'community to create or try an exploration today!')

        if redirect_url_on_logout is None:
            redirect_url_on_logout = self.request.uri
        if self.user_id:
            values['logout_url'] = (
                current_user_services.create_logout_url(
                    redirect_url_on_logout))
        else:
            target_url = (
                '/' if self.request.uri.endswith(feconf.SPLASH_URL)
                else self.request.uri)
            values['login_url'] = (
                current_user_services.create_login_url(target_url))

        # Create a new csrf token for inclusion in HTML responses. This assumes
        # that tokens generated in one handler will be sent back to a handler
        # with the same page name.
        values['csrf_token'] = ''

        if self.REQUIRE_PAYLOAD_CSRF_CHECK:
            values['csrf_token'] = CsrfTokenManager.create_csrf_token(
                self.user_id)

        self.response.cache_control.no_cache = True
        self.response.cache_control.must_revalidate = True
        self.response.headers['Strict-Transport-Security'] = (
            'max-age=31536000; includeSubDomains')
        self.response.headers['X-Content-Type-Options'] = 'nosniff'

        if iframe_restriction is not None:
            if iframe_restriction in ['SAMEORIGIN', 'DENY']:
                self.response.headers['X-Frame-Options'] = iframe_restriction
            else:
                raise Exception(
                    'Invalid X-Frame-Options: %s' % iframe_restriction)

        self.response.expires = 'Mon, 01 Jan 1990 00:00:00 GMT'
        self.response.pragma = 'no-cache'

        self.response.write(self.jinja2_env.get_template(
            filename).render(**values))

        # Calculate the processing time of this request.
        duration = datetime.datetime.utcnow() - self.start_time
        processing_time = duration.seconds + duration.microseconds / 1E6

        counters.HTML_RESPONSE_TIME_SECS.inc(increment=processing_time)
        counters.HTML_RESPONSE_COUNT.inc()