def testHandleApiCallNotEnabled(self):
"""Raises if no matching ACL and enabled_by_default=False."""
with test_lib.ConfigOverrider({"API.HandlerACLFile": ""}):
auth_mgr = api_auth_manager.SimpleAPIAuthorizationManager()
self.mock_handler.enabled_by_default = False
with mock.patch.object(api_call_handlers, "API_AUTH_MGR",
auth_mgr):
with self.assertRaises(access_control.UnauthorizedAccess):
api_call_handlers.HandleApiCall(self.mock_handler,
"",
token=self.token)
def testHandleApiCallNotEnabledWithACL(self):
"""Matching ACL and enabled_by_default=False is allowed."""
acls = """
handler: "ApiCallHandler"
users:
- "test"
"""
with mock.patch.object(__builtin__, "open",
mock.mock_open(read_data=acls)):
auth_mgr = api_auth_manager.SimpleAPIAuthorizationManager()
self.mock_handler.enabled_by_default = False
with mock.patch.object(api_call_handlers, "API_AUTH_MGR", auth_mgr):
api_call_handlers.HandleApiCall(self.mock_handler,
"",
token=self.token)
self.mock_handler.Render.assert_called_once_with("", token=self.token)
def testHandleApiCallNotEnabledWithACL(self):
"""Matching ACL and enabled_by_default=False is allowed."""
acls = """
handler: "DummyAuthManagerTestApiHandler"
users:
- "test"
"""
with mock.patch.object(__builtin__, "open",
mock.mock_open(read_data=acls)):
auth_mgr = api_auth_manager.APIAuthorizationManager()
self.mock_handler.enabled_by_default = False
with mock.patch.object(api_call_handlers, "API_AUTH_MGR", auth_mgr):
with mock.patch.object(self.mock_handler, "Handle"):
self.mock_handler.Handle.return_value = None
api_call_handlers.HandleApiCall(self.mock_handler,
None,
token=self.token)
self.mock_handler.Handle.assert_called_once_with(
None, token=self.token)
def RenderHttpResponse(request):
"""Handles given HTTP request with one of the available API handlers."""
handler, route_args = GetHandlerForHttpRequest(request)
strip_type_info = False
if hasattr(request, "GET") and request.GET.get("strip_type_info", ""):
strip_type_info = True
if request.method == "GET":
if handler.args_type:
unprocessed_request = request.GET
if hasattr(unprocessed_request, "dict"):
unprocessed_request = unprocessed_request.dict()
args = handler.args_type()
for type_info in args.type_infos:
if type_info.name in route_args:
args.Set(type_info.name, route_args[type_info.name])
elif type_info.name in unprocessed_request:
args.Set(type_info.name,
unprocessed_request[type_info.name])
if handler.additional_args_types:
if not hasattr(args, "additional_args"):
raise RuntimeError(
"Handler %s defines additional arguments types "
"but its arguments object does not have "
"'additional_args' field." % handler)
if hasattr(handler.additional_args_types, "__call__"):
additional_args_types = handler.additional_args_types()
else:
additional_args_types = handler.additional_args_types
args.additional_args = FillAdditionalArgsFromRequest(
unprocessed_request, additional_args_types)
else:
args = None
elif request.method == "POST":
try:
args = handler.args_type()
for type_info in args.type_infos:
if type_info.name in route_args:
args.Set(type_info.name, route_args[type_info.name])
if request.META["CONTENT_TYPE"].startswith("multipart/form-data;"):
payload = json.loads(request.POST["_params_"])
args.FromDict(payload)
for name, fd in request.FILES.items():
args.Set(name, fd.read())
else:
payload = json.loads(request.body)
if payload:
args.FromDict(payload)
except Exception as e: # pylint: disable=broad-except
logging.exception("Error while parsing POST request %s (%s): %s",
request.path, request.method, e)
return BuildResponse(500, dict(message=str(e)))
else:
raise RuntimeError("Unsupported method: %s." % request.method)
token = BuildToken(request, handler.max_execution_time)
try:
rendered_data = api_call_handlers.HandleApiCall(handler,
args,
token=token)
if strip_type_info:
rendered_data = StripTypeInfo(rendered_data)
return BuildResponse(200, rendered_data)
except access_control.UnauthorizedAccess as e:
logging.exception("Access denied to %s (%s) with %s: %s", request.path,
request.method, handler.__class__.__name__, e)
return BuildResponse(
403,
dict(message="Access denied by ACL: %s" % e.message,
subject=utils.SmartStr(e.subject)))
except Exception as e: # pylint: disable=broad-except
logging.exception("Error while processing %s (%s) with %s: %s",
request.path, request.method,
handler.__class__.__name__, e)
return BuildResponse(500, dict(message=str(e)))
