def _assert_if_none_match(request: web.Request, etag: T.Union[None, bool, str], require: bool): # The If-None-Match: header is used in two scenarios: # 1. GET requests by a caching client. In this case, the client will # normally provide a list of (cached) ETags. # 2. PUT requests, where the client intends to create a new resource and # wants to avoid overwriting an existing resource. In this case, the # client will normally provide only the asterisk "*" character. etags = _parse_if_header(request, 'If-None-Match') if require and etags is None: raise web.HTTPPreconditionRequired(text='If-None-Match') if etags is None or etag is False or etag is None: return if etags is _STAR: raise web.HTTPPreconditionFailed() # From here on, we know that etags is a set of strings. if etag is True: raise web.HTTPPreconditionFailed( text="Resource doesn't support ETags.") # From here on, we know that etag is a string: if etag in etags: if request.method in {'GET', 'HEAD'}: raise web.HTTPNotModified() else: raise web.HTTPPreconditionFailed()
def _assert_if_match(request: web.Request, etag: T.Union[None, bool, str], require: bool): # The If-Match: header is commonly used in non-safe HTTP requests to prevent # lost update problems. etags = _parse_if_header(request, 'If-Match') if etags is None: if require: raise web.HTTPPreconditionRequired(text='If-Match') return if etags is _STAR: if etag is None or etag is False: raise web.HTTPPreconditionFailed() if etag is True or require is False: return raise web.HTTPPreconditionRequired( text='If-Match: * is too generic for this resource.') # From here on, `etags` can only be a set(). if etag is True or etag is False: raise web.HTTPPreconditionFailed( text="Resource doesn't support If-Match header.") # From here on, `etag` can only be `None` or a valid ETag string: if etag is None: raise web.HTTPNotFound() if etag not in etags: raise web.HTTPPreconditionFailed()
async def put(self): if_match = self.request.headers.get('if-match', '') if_none_match = self.request.headers.get('if-none-match', '') if if_match == '' and if_none_match == '': raise web.HTTPPreconditionRequired() assert_preconditions(self.request, await self.etag()) if not re.match(r'application/(?:hal\+)?json(?:$|;)', self.request.content_type): raise web.HTTPUnsupportedMediaType() try: request_body_json = json_loads(await self.request.text()) except: raise web.HTTPBadRequest() # self.request.app['swagger'].validate_definition('Account', request_body_json) existing_roles = set( self.request.app['config']['authz_admin']['roles'].keys()) try: roles = request_body_json['_links']['role'] assert isinstance(roles, list) except: raise web.HTTPBadRequest( text="No '#/_links/role' array in request.") from None new_roles = set() try: for link_object in roles: role = web.URL(link_object['href']).name assert role in existing_roles new_roles.add(role) except: raise web.HTTPBadRequest( text= "Not all roles are valid HALJSON link objects to an existing role." ) from None if await self.data() is None: try: log_id = await database.create_account(self.request, self['account'], new_roles) except database.PreconditionFailed: raise web.HTTPPreconditionFailed() from None status = 201 headers = { 'Location': self.rel_url.raw_path, 'ETag': etag_from_int(log_id) } else: try: log_id = await database.update_account(self.request, self, new_roles) except database.PreconditionFailed: raise web.HTTPPreconditionFailed() from None status = 204 headers = {'ETag': etag_from_int(log_id)} return web.Response(status=status, headers=headers)
def _assert_if_none_match(request: web.Request, etag: T.Union[None, bool, str], allow_weak: bool) -> bool: # language=rst """ Todo: Evert lammerts schreef: Documenteren. Ik vind _assert_if_none_match niet makkelijk te lezen zonder docs voor de parameters. Bv: etag heeft als type None, bool, of str. En if etag is True: PreconditionFailed. Die semantiek is vast logisch in context maar niet op zichzelf. The If-None-Match: header is used in two scenarios: 1. GET requests by a caching client. In this case, the client will normally provide a list of (cached) ETags. 2. PUT requests, where the client intends to create a new resource and wants to avoid overwriting an existing resource. In this case, the client will normally provide only the asterisk "*" character. Returns: bool: indicates if an ``If-None-Match`` header was provided. Raises: web.HTTPBadRequest: If the request header is syntactically incorrect. web.HTTPPreconditionRequired: If parameter `require` is ``True`` and no precondition was provided by the client. web.HTTPPreconditionFailed: If the precondition failed and the request is *unsafe*. web.HTTPNotModified: If the precondition failed and the request is *safe*. """ etags = _parse_if_header(request, _IF_NONE_MATCH) if etags is None: # if require and request.method in unsafe_methods: # raise web.HTTPPreconditionRequired(text=_IF_NONE_MATCH) return False if etag is False or etag is None: return True if etags is _STAR: raise web.HTTPPreconditionFailed(text=_IF_NONE_MATCH) # From here on, we know that etags is a set of strings. if etag is True: raise web.HTTPPreconditionFailed(text="Resource doesn't have an ETag.") # From here on, we know that etag is a string: if _match_etags(etag, etags, allow_weak): if request.method in {hdrs.METH_GET, hdrs.METH_HEAD}: raise web.HTTPNotModified() else: raise web.HTTPPreconditionFailed(text=_IF_NONE_MATCH) return True
def _assert_if_match(request: web.Request, etag: T.Union[None, bool, str], deny_asterisk: bool, allow_weak: bool) -> bool: # language=rst """Assert ETag validity in the ``If-Match`` header. Returns: bool: indicates if an ``If-Match`` header with at least one ETag was provided. Raises: web.HTTPPreconditionRequired: If parameter `require` is ``True`` and no precondition was provided by the client. web.HTTPBadRequest: Either - the request header is syntactically incorrect, or - parameter `deny_star` is ``True`` and the client provided an asterisk instead of a valid ETag. web.HTTPPreconditionFailed: """ etags = _parse_if_header(request, _IF_MATCH) if etags is None: # if require and request.method in unsafe_methods: # raise web.HTTPPreconditionRequired( # text=_IF_MATCH # ) return False if etags is _STAR: if deny_asterisk: raise web.HTTPBadRequest( text= "If-Match: * is not allowed for this request. Use a specific ETag instead." ) if etag is None or etag is False: raise web.HTTPPreconditionFailed(text=_IF_MATCH) return False # From here on, `etags` can only be a set(). if etag is True: raise web.HTTPPreconditionFailed(text="Resource doesn't have an ETag.") if (etag is True # the resource exists, but doesn't have a specific ETag or etag is False # the resource doesn't exist or etag is None # the resource doesn't exist # the resource has a different ETag: or not _match_etags(etag, etags, allow_weak)): raise web.HTTPPreconditionFailed(text=_IF_MATCH) return True
async def error_middleware(request, handler): resp = web.HTTPInternalServerError() try: resp = await handler(request) except web.HTTPException as ex: resp = ex except: traceback.print_exc() resp = web.HTTPInternalServerError() if resp is None or resp.status < 400: return resp if resp.status == 403: raise web.HTTPForbidden(text='( ・∀・)つ=≡≡ξ)Д`) 403') if resp.status == 404: raise web.HTTPNotFound(text='(゚ペ) 404') if resp.status == 412: raise web.HTTPPreconditionFailed(text='Not started yet. 412') if resp.status < 500: raise web.HTTPBadRequest(text='¯\_༼ ಥ ‿ ಥ ༽_/¯ 500') if resp.status == 503: raise web.HTTPServiceUnavailable( text='' 'Congrats\n' 'You might have crashed the server.\n' 'There is no flag on this server now.\n' '(σ゚∀゚)σ゚∀゚)σ゚∀゚)σ\n' '(σ゚∀゚)σ゚∀゚)σ゚∀゚)σ\n' '(σ゚∀゚)σ゚∀゚)σ゚∀゚)σ\n' '(σ゚∀゚)σ゚∀゚)σ゚∀゚)σ\n' '\n' 'Please contact admin if you stop all your exploits\n' 'but the problem still exists in the next round.\n') raise web.HTTPInternalServerError(text='((((;゚Д゚))) wtf')
async def switch_workspace(request): overwrite_to = request.headers.get('Overwrite', '') request.is_overwritten = False all_workspaces = [overwrite_to] try: calling_workspace = None if overwrite_to: with suppress(AttributeError): all_workspaces = request.session.workspaces if overwrite_to not in all_workspaces: raise web.HTTPPreconditionFailed( reason='Workspace not found or outside of scope') with suppress(AttributeError): calling_workspace = request.session.workspace request.is_overwritten = True request.session._session_ctxt['workspace'] = overwrite_to for before_handler in request.app.config.before_request_hooks: await before_handler(request) yield request finally: if calling_workspace: # session exists AND Overwrite header has been used request.session._session_ctxt['workspace'] = calling_workspace for after_handler in request.app.config.after_request_hooks: await after_handler(request)
def abort(code): if code == 400: return web.HTTPBadRequest() elif code == 401: return web.HTTPUnauthorized() elif code == 402: return web.HTTPPaymentRequired() elif code == 403: return web.HTTPForbidden() elif code == 404: return web.HTTPNotFound() elif code == 405: return web.HTTPMethodNotAllowed() elif code == 406: return web.HTTPNotAcceptable() elif code == 407: return web.HTTPProxyAuthenticationRequired() elif code == 408: return web.HTTPRequestTimeout() elif code == 409: return web.HTTPConflict() elif code == 410: return web.HTTPGone() elif code == 411: return web.HTTPLengthRequired() elif code == 412: return web.HTTPPreconditionFailed() elif code == 413: return web.HTTPRequestEntityTooLarge() elif code == 414: return web.HTTPRequestURITooLong() elif code == 415: return web.HTTPUnsupportedMediaType() elif code == 416: return web.HTTPRequestRangeNotSatisfiable() elif code == 417: return web.HTTPExpectationFailed() elif code == 421: return web.HTTPMisdirectedRequest() elif code == 422: return web.HTTPUnprocessableEntity() elif code == 424: return web.HTTPFailedDependency() elif code == 426: return web.HTTPUpgradeRequired() elif code == 428: return web.HTTPPreconditionRequired() elif code == 429: return web.HTTPTooManyRequests() elif code == 431: return web.HTTPRequestHeaderFieldsTooLarge() elif code == 451: return web.HTTPUnavailableForLegalReasons() else: return web.HTTPBadRequest()
async def delete(self) -> web.Response: assert_preconditions(self.request, await self.etag(), require_if_match=True) try: await database.delete_account(self.request, self) except database.PreconditionFailed: raise web.HTTPPreconditionFailed() from None return web.Response(status=204)
async def login(request): query = request.rel_url.query param_list = ['email', 'password'] if all(param in query.keys() for param in param_list): try: email, password = str(query['email']), str(query['password']) except: raise web.HTTPPreconditionFailed( text='Неправильные значения параметров') res = await AuthMS.make_request('login', data={ 'email': email, 'password': password }) res_dict = json.loads(res) if res_dict['status'] == 'error': raise web.HTTPBadRequest(body=res) else: raise web.HTTPPreconditionFailed(text='Неправльные параметры') return web.Response(text=res)
async def search(request): query = request.rel_url.query param_list = ['q', 'limit', 'offset'] if all(param in query.keys() for param in param_list): try: q, limit, offset = str(query['q']), int(query['limit']), int( query['offset']) if limit > 100: raise web.HTTPPreconditionFailed( text='Неправильные значения параметров') except: raise web.HTTPPreconditionFailed( text='Неправильные значения параметров') res = await CrawlerMS.make_request('search', data={ 'q': q, 'limit': limit, 'offset': offset }) else: raise web.HTTPPreconditionFailed(text='Неправльные параметры') return web.Response(text=res)
async def index(request): query = request.rel_url.query if 'X-Token' in request.headers: token = request.headers['X-Token'] try: domain = str(query['domain']) except: raise web.HTTPPreconditionFailed( text='Неправильные значения параметров') res = await CrawlerMS.make_request('index', data={ 'domain': domain, 'token': token }) return web.Response(text=res) else: raise web.HTTPForbidden(text='forbidden')
async def chat_websocket(request): session = await get_session(request) userid = session['userid'] username = session['name'] convid = request.app['db'].get_user(userid)['curconv'] if not convid: raise web.HTTPPreconditionFailed() userdata = {'userid': userid, 'username': username, 'convid': convid} ws = web.WebSocketResponse() await ws.prepare(request) CONV_CONNECTIONS[convid].add(ws) ALL_CONNECTIONS.add(ws) try: async for msg in ws: dispatch_message(request, ws, msg, userdata) finally: CONV_CONNECTIONS[convid].remove(ws) ALL_CONNECTIONS.remove(ws) return ws
def error(self, request: web.Request = None, response: dict = {}, exception: Exception = None, state: int = 400, headers: dict = {}, **kwargs) -> web.Response: # TODO: process the exception object response_obj = {"status": "Failed"} if not request: request = self.request if exception: response_obj["reason"] = str(exception) args = {**kwargs} if isinstance(response, dict): response_obj = {**response_obj, **response} args["content_type"] = "application/json" args["text"] = json.dumps(response_obj) else: args["body"] = response # defining the error if state == 400: # bad request obj = web.HTTPBadRequest(**args) elif state == 401: # unauthorized obj = web.HTTPUnauthorized(**args) elif state == 403: # forbidden obj = web.HTTPForbidden(**args) elif state == 404: # not found obj = web.HTTPNotFound(**args) elif state == 406: obj = web.HTTPNotAcceptable(**args) elif state == 412: obj = web.HTTPPreconditionFailed(**args) elif state == 428: obj = web.HTTPPreconditionRequired(**args) else: obj = web.HTTPBadRequest(**args) for header, value in headers.items(): obj.headers[header] = value return obj
async def resolve(self, request): raise web.HTTPPreconditionFailed()
async def put(request: web.Request): hooks = request.app.hooks scopes = request.authz_scopes is_redact_only = 'CAT/W' not in scopes # Grab the document from the request body and canonicalize it. try: doc = await request.json() except json.decoder.JSONDecodeError: raise web.HTTPBadRequest(text='invalid json') doc['ams:modifiedby'] = request.authz_subject canonical_doc = await hooks.mds_canonicalize(app=request.app, data=doc) if is_redact_only and canonical_doc['ams:status'] == 'beschikbaar': raise web.HTTPForbidden() # Make sure the docid in the path corresponds to the ids given in the # document, if any. The assumption is that request.path (which corresponds # to the path part of the incoming HTTP request) is the path as seen by # the client. This is not necessarily true. doc_id = request.match_info['dataset'] # Let the metadata plugin grab the full-text search representation searchable_text = await hooks.mds_full_text_search_representation( data=canonical_doc) # Figure out the mode (insert / update) of the request. etag_if_match = conditional.parse_if_header(request, conditional.HEADER_IF_MATCH) etag_if_none_match = conditional.parse_if_header( request, conditional.HEADER_IF_NONE_MATCH) # Can't accept a value in both headers if etag_if_match is not None and etag_if_none_match is not None: raise web.HTTPBadRequest( body='Endpoint supports either If-Match or If-None-Match in a ' 'single request, not both') # If-Match: {etag, ...} is for updates if etag_if_match is not None: if etag_if_match == '*': raise web.HTTPBadRequest( body='Endpoint does not support If-Match: *. Must provide one ' 'or more Etags.') try: old_doc, _etag = await hooks.storage_retrieve(app=request.app, docid=doc_id, etags=None) except KeyError: _logger.exception('precondition failed') raise web.HTTPPreconditionFailed() canonical_doc = await hooks.mds_before_storage(app=request.app, data=canonical_doc, old_data=old_doc) try: new_etag = await hooks.storage_update( app=request.app, docid=doc_id, doc=canonical_doc, searchable_text=searchable_text, etags=etag_if_match, iso_639_1_code="nl") except ValueError: _logger.exception('precondition failed') raise web.HTTPPreconditionFailed() await notify_data_changed(request.app) retval = web.Response(status=204, headers={'Etag': new_etag}) else: # If-None-Match: * is for creates if etag_if_none_match != '*': raise web.HTTPBadRequest( body='For inserts of new documents, provide If-None-Match: *') canonical_doc = await hooks.mds_before_storage(app=request.app, data=canonical_doc) try: new_etag = await hooks.storage_create( app=request.app, docid=doc_id, doc=canonical_doc, searchable_text=searchable_text, iso_639_1_code="nl") except KeyError: _logger.exception('precondition failed') raise web.HTTPPreconditionFailed() await notify_data_changed(request.app) retval = web.Response(status=201, headers={'Etag': new_etag}, content_type='text/plain') return retval
def function27(self, arg236): raise web.HTTPPreconditionFailed()
def check_flag(): if round < 0: raise web.HTTPPreconditionFailed() if flag is None or key is None: raise web.HTTPServiceUnavailable()