Пример #1
0
def process(req):
    """Process the welcome page.

       process(req)
    """
    # We import functions "as needed" at this stage, making
    # sure they are private (underscore prefix). The exception
    # is "defs", which are just a bunch of defintions (although
    # any functions defined within it should be made private).
    from manage_kbasix import _is_session, _account_info
    from aux import _make_header, _fill_page
    from defs import kbasix, main
    # Here and in all other modules the module-specific definitions
    # take precedence over the 'kbasix' ones.
    info = {}
    info.update(kbasix)
    info.update(main)
    import logging
    logging.basicConfig(level=getattr(logging, \
                                          info['log_level_'].upper()), \
                            filename=info['log_file_'], \
                            datefmt=info['log_dateformat_'], \
                            format=info['log_format_'])
    if repr(type(req)) != "<type 'mp_request'>":
        logging.critical('Invalid request for main.py')
        info['details'] = '[SYS] Invalid request [%s].' % \
            info['error_blurb_']
        return _fill_page(info['error_page_'], info)
    try:
        session = _is_session(req, required=False)
        info.update(session)
        if session['token']:
            profile = _account_info(info['login_name'], 'profile')
            info.update(profile)
    except Exception as reason:
        # We use 'warn' level because the '_is_session' redirect seems to
        # trigger this (if 'required=True') although it's not a critical
        # error.
        logging.warn(reason)
        info['details'] = '[SYS] Unable to verify session [%s].' % \
            info['error_blurb_']
        return _fill_page(info['error_page_'], info)
    info['main_header'] = _make_header(info)
    try:
        return _initialize(info)
    except Exception as reason:
        logging.critical(reason)
        info['details'] = '[SYS] Unable to initialize the main \
page [%s].' % info['error_blurb_']
        return _fill_page(info['error_page_'], info)
Пример #2
0
def process(req):
    """Process the logout page.

       process(req)
    """
    from manage_kbasix import _is_session, _account_info
    from aux import _make_header, _fill_page
    from defs import kbasix, logout
    info = {}
    info.update(kbasix)
    info.update(logout)
    import logging
    logging.basicConfig(level = getattr(logging, \
                                            info['log_level_'].upper()), \
                            filename = info['log_file_'], \
                            datefmt = info['log_dateformat_'], \
                            format = info['log_format_'])
    if repr(type(req)) != "<type 'mp_request'>":
        logging.critical('Invalid request for logout.py')
        info['details'] = '[SYS] Invalid request [%s].' % \
            info['error_blurb_']
        return _fill_page(info['error_page_'], info)
    try:
        session = _is_session(req, required=False)
        info.update(session)
        if session['token']:
            profile = _account_info(info['login_name'], 'profile')
            info.update(profile)
    except Exception as reason:
        logging.warn(reason)
        info['details'] = '[SYS] Unable to verify session [%s].' % \
            info['error_blurb_']
        return _fill_page(info['error_page_'], info)
    info['main_header'] = _make_header(info)
    if not info['token']:
        info['title'] = 'Logout'
        info['class'] = 'information'
        info['details'] = 'You are not logged in.'
        info['status_button_1'] = ''
        info['status_button_2'] = ''
        return _fill_page(info['status_page_'], info)
    else:
        try:
            return _logout(info['token'], info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Unable to terminate session [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
Пример #3
0
def process(req):
    """Process the logout page.

       process(req)
    """
    from manage_kbasix import _is_session, _account_info
    from aux import _make_header, _fill_page
    from defs import kbasix, logout
    info = {}
    info.update(kbasix)
    info.update(logout)
    import logging
    logging.basicConfig(level = getattr(logging, \
                                            info['log_level_'].upper()), \
                            filename = info['log_file_'], \
                            datefmt = info['log_dateformat_'], \
                            format = info['log_format_'])
    if repr(type(req)) != "<type 'mp_request'>":
        logging.critical('Invalid request for logout.py')
        info['details'] = '[SYS] Invalid request [%s].' % \
            info['error_blurb_']
        return _fill_page(info['error_page_'], info)
    try:
        session = _is_session(req, required=False)
        info.update(session)
        if session['token']:
            profile = _account_info(info['login_name'], 'profile')
            info.update(profile)
    except Exception as reason:
        logging.warn(reason)
        info['details'] = '[SYS] Unable to verify session [%s].' % \
            info['error_blurb_']
        return _fill_page(info['error_page_'], info)
    info['main_header'] = _make_header(info)
    if not info['token']:
        info['title'] = 'Logout'
        info['class'] = 'information'
        info['details'] = 'You are not logged in.'
        info['status_button_1'] = ''
        info['status_button_2'] = ''
        return _fill_page(info['status_page_'], info)
    else:
        try:
            return _logout(info['token'], info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Unable to terminate session [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
Пример #4
0
def process(req):
    """Process the profile page.

       process(req)
    """
    from manage_kbasix import _is_session, _account_info
    from aux import _make_header, _fill_page
    from defs import kbasix, profile
    info = {}
    info.update(kbasix)
    info.update(profile)
    import logging
    logging.basicConfig(level = getattr(logging, \
                                            info['log_level_'].upper()), \
                            filename = info['log_file_'], \
                            datefmt = info['log_dateformat_'], \
                            format = info['log_format_'])
    if repr(type(req)) != "<type 'mp_request'>":
        logging.critical('Invalid request for profile.py')
        info['details'] = '[SYS] Invalid request [%s].' % \
            info['error_blurb_']
        return _fill_page(info['error_page_'], info)
    if not req.is_https():
        info['details'] = 'You cannot edit your profile over an insecure \
connection.'
        return _fill_page(info['error_page_'], info)
    try:
        # We need to holdover (which only takes when "per_request_token" is
        # True) because we want to keep the restricted token generated when
        # a password is forgotten. Note that this check should be added to
        # any module which needs to be restricted.
        if 'token' in req.form and '-all-tk' not in req.form['token']:
            session = _is_session(req, required=True, holdover=True)    
        else:
            session = _is_session(req, required=True)
        info.update(session)
        if session['token']:
            profile = _account_info(info['login_name'], 'profile')
            info.update(profile)
    except Exception as reason:
        logging.warn(reason)
        info['details'] = '[SYS] Unable to verify session [%s].' % \
            info['error_blurb_']
        return _fill_page(info['error_page_'], info)
    info['main_header'] = _make_header(info)
    if 'start' in req.form:
        try:
            return _initialize(info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Unable to initialize profile editor \
[%s].' % info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    elif 'action' not in req.form:
        info['details'] = 'No action specified trying to edit profile.'
        logging.warn(info['details'])
        return _fill_page(info['error_page_'], info)
    elif req.form['action'] == 'update':
        try:
            return _update(req, info)
        except UpdateError as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Unable to update the profile \
[%s].' % info['error_blurb_']
            return _fill_page(info['error_page_'], info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Unable to update the profile [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    else:
        info['details'] = 'Unexpected action trying to update the profile.'
        logging.error(info['details'])
        return _fill_page(info['error_page_'], info)
Пример #5
0
def process(req):
    """Process the registration page.

       process(req)
    """
    from manage_kbasix import _is_session, _account_info
    from aux import _make_header, _fill_page
    from defs import kbasix, register
    info = {}
    info.update(kbasix)
    info.update(register)
    import logging
    logging.basicConfig(level = getattr(logging, \
                                            info['log_level_'].upper()), \
                            filename = info['log_file_'], \
                            datefmt = info['log_dateformat_'], \
                            format = info['log_format_'])
    if repr(type(req)) != "<type 'mp_request'>":
        logging.critical('Invalid request for register.py')
        info['details'] = '[SYS] Invalid request [%s].' % \
            info['error_blurb_']
        return _fill_page(info['error_page_'], info)
    if not req.is_https():
        info['details'] = 'You cannot register over an insecure connection.'
        logging.info('Disallowed insecure access to register.py')
        return _fill_page(info['error_page_'], info)
    try:
        session = _is_session(req, required=False)
        info.update(session)
        if session['token']:
            profile = _account_info(info['login_name'], 'profile')
            info.update(profile)
    except Exception as reason:
        logging.warn(reason)
        info['details'] = '[SYS] Unable to verify session [%s].' % \
            info['error_blurb_']
        return _fill_page(info['error_page_'], info)
    info['main_header'] = _make_header(info)
    if 'start' in req.form:
        try:
            return _initialize(info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Unable to initialize registration \
[%s].' % info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    elif 'action' not in req.form:
        info['details'] = 'No action specified trying to register.'
        logging.warn(info['details'])
        return _fill_page(info['error_page_'], info)
    elif req.form['action'] == 'register':
        try:
            return _register(req, info)
        except RegisterError as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Unable to register [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Unable to register [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    else:
        info['details'] = 'Unexpected action trying to register.'
        logging.error(info['details'])
        return _fill_page(info['error_page_'], info)
Пример #6
0
def process(req):
    """Process the file manager page.

       process(req)
    """
    from manage_kbasix import _is_session, _account_info
    from aux import _make_header, _fill_page
    from defs import kbasix, file_manager
    info = {}
    info.update(kbasix)
    info.update(file_manager)
    import logging
    logging.basicConfig(level = getattr(logging, \
                                            info['log_level_'].upper()), \
                            filename = info['log_file_'], \
                            datefmt = info['log_dateformat_'], \
                            format = info['log_format_'])
    if repr(type(req)) != "<type 'mp_request'>":
        logging.critical('Invalid request for file_manager.py')
        info['details'] = '[SYS] Invalid request [%s].' % \
            info['error_blurb_']
        return _fill_page(info['error_page_'], info)
    if not req.is_https():
        info['details'] = 'You cannot manage your file over an insecure \
connection.'

        logging.info('Disallowed insecure access to file_manager.py')
        return _fill_page(info['error_page_'], info)
    try:
        # The holdover is required if "per_request_token" is True, and
        # has no effect otherwise. This is needed due to the
        # client-generated download window (which has no concept of the
        # new request token).
        if 'action' in req.form and req.form['action'] == 'download':
            session = _is_session(req, required=True, holdover=True)
        else:
            session = _is_session(req, required=True)
        info.update(session)
        if session['token']:
            profile = _account_info(info['login_name'], 'profile')
            info.update(profile)
    except Exception as reason:
        logging.warn(reason)
        info['details'] = '[SYS] Unable to verify session [%s].' % \
            info['error_blurb_']
        return _fill_page(info['error_page_'], info)
    info['main_header'] = _make_header(info)
    info['filter'] = False
    if 'start' in req.form:
        try:
            return _initialize(req, info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Unable to initialize the file manager \
[%s].' % info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    elif 'action' not in req.form:
        info['details'] = 'No action specified within the file manager.'
        logging.warn(info['details'])
        return _fill_page(info['error_page_'], info)
    elif req.form['action'] == 'filter':
        try:
            info['filter'] = True
            return _initialize(req, info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] File manager error [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    elif req.form['action'] == 'copy_file':
        try:
            return _copy_file(req, info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] File manager error [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    elif req.form['action'] == 'confirm_delete':
        try:
            return _confirm_delete(req, info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] File manager error [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    elif req.form['action'] == 'delete':
        try:
            return _delete_file(req, info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Error deleting file [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    elif req.form['action'] == 'confirm_bulk_delete':
        try:
            return _confirm_bulk_delete(req, info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Error deleting files [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    elif req.form['action'] == 'download':
        try:
            return _download_file(req, info)
        except Exception as reason:
            # Not critical... user-end problem maybe?
            logging.error(reason)
            info['details'] = '[SYS] Unable to download file [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    else:
        info['details'] = 'Unexpected file manager action.'
        logging.error(info['details'])
        return _fill_page(info['error_page_'], info)
Пример #7
0
def process(req):
    """Process the upload page.

       process(req)
    """
    # Note that upload sizes can be configured via "LimitRequestBody"
    # either in .htaccess or httpd.conf (the latter requires an httpd
    # restart). However, doing so results in mod_python spitting out a
    # nasty error message ("Request Entity Too Large") upon hitting said
    # limit. See:
    #
    #   http://www.mail-archive.com/[email protected]/msg87503.html
    #
    # We can somewhat gracefully bypass this behaviour by adding the
    # following to .htaccess (using 10485760 as an example, and keeping in
    # mind that on a production server PythonDebug should be Off in
    # python.conf):
    #
    #  PythonDebug Off
    #  LimitRequestBody 10485760
    #  ErrorDocument 413 /path/upload.py/process?file_limit=10485760
    #  ErrorDocument 500 "An error was encountered"
    #
    # Note that the ErrorDocument message should be small (see below), and
    # that the paths are relative to DocumentRoot.
    #
    # Now, this approach has the following issue: the file is _not_
    # uploaded to the server, but instead seems to be stored on the client
    # side and for some reason takes a long time to process there
    # (strangely so, as it's not being transferred). This method seems to
    # work well for medium-sized files above LimitRequestBody, but then for
    # huge files the client shows a connection reset error, explained here:
    #
    #   http://stackoverflow.com/questions/4467443/limitrequestbody-doesnt-respond-with-413-for-large-file25mb
    #
    # In spite of the fact that the client feedback is slow (and that the
    # connection is reset on large files) it may be worthwhile to keep
    # since at least this does limit the resources used on the server,
    # including avoiding the "phantom file" space usage on /tmp (downloads
    # are stored in /tmp as a "phantom file", its usage can be obtained via
    # "df", freeing it requires an httpd restart if the upload happens to
    # die in one of the "file too large" manners [just closing the tab does
    # not cause this]).
    #
    # In short:
    #
    #   0                < size <  LimitRequestBody: Upload success ful (OK)
    #   LimitRequestBody < size <  ~1GB            : Upload limit message
    #                                                                   (OK)
    #   ~1GB             < size <  ~2GB            : Connection reset (file
    #                                                             too large)
    #   ~2GB             < size                    : Browsers barf (file
    #                                                             too large)

    from manage_kbasix import _is_session, _account_info
    from aux import _make_header, _fill_page, _fill_str, _go_back_button
    from defs import kbasix, upload
    info = {}
    info.update(kbasix)
    info.update(upload)
    import logging
    logging.basicConfig(level = getattr(logging, \
                                            info['log_level_'].upper()), \
                            filename = info['log_file_'], \
                            datefmt = info['log_dateformat_'], \
                            format = info['log_format_'])
    if repr(type(req)) != "<type 'mp_request'>":
        logging.critical('Invalid request for upload.py')
        info['details'] = '[SYS] Invalid request [%s].' % \
            info['error_blurb_']
        return _fill_page(info['error_page_'], info)

    # The following 'file_limit' comes from the 413 error redirect in
    # .htaccess. We disallow sneakiness by making sure the only argument
    # is an integer. Furthermore we note that no session handling is done
    # by this point (so, although the error page has no tokens, the browser
    # "Back" button will take us to our upload page, regardless of whether
    # the tokens are per-request). Since it's a dead-end error page with
    # no user-data it shouldn't affect the fact it lives outside a session's
    # scope.

    # Although the uploads page is session-protected the upload-limit error
    # message has to be public as we can't get the token from
    # .htaccess. Furthermore, it seems this message has to be pretty small
    # (returning "status_page_" gives "Request Entity Too Large"). Note
    # that the user temporarily loses their token, but has no other option
    # other than to browse "Back", recovering their token (also important
    # because HTTPS isn't required either).

    if 'file_limit' in req.form:
        file_limit = req.form['file_limit'].value
        try:
            max_size = int(file_limit)
        except:
            info['details'] = 'Non-numerical upload size'
            logging.error(info['details'] + ': %s' % file_limit)
            return _fill_page(info['error_page_'], info)
        info['details'] = 'The file you are trying to upload is too \
large (max size = %s bytes).' % max_size
        logging.warn(info['details'])
        return _fill_page(info['error_page_'], info)
    if not req.is_https():
        info['details'] = 'You cannot upload over an insecure connection.'
        logging.info(info['details'])
        return _fill_page(info['error_page_'], info)
    try:
        session = _is_session(req, required=True)
        info.update(session)
        if session['token']:
            profile = _account_info(info['login_name'], 'profile')
            info.update(profile)
    except Exception as reason:
        logging.warn(reason)
        info['details'] = '[SYS] Unable to verify session [%s].' % \
            info['error_blurb_']
        return _fill_page(info['error_page_'], info)
    info['main_header'] = _make_header(info)
    # User cannot upload if over-quota.
    try:
        (info['user_dir_size'], over_page) = \
            _check_quota(req, 'upload', info)
    except Exception as reason:
        logging.critical(reason)
        info['details'] = '[SYS] Unable to determine quota [%s].' % \
            info['error_blurb_']
        return _fill_page(info['error_page_'], info)
    if info['user_dir_size'] < 0:
        return over_page
    if 'start' in req.form:
        try:
            return _initialize(req, info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Unable to initialize upload [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    elif 'action' not in req.form:
        info['details'] = 'No action specified trying to upload.'
        logging.warn(info['details'])
        return _fill_page(info['error_page_'], info)
    elif req.form['action'] == 'upload_file':
        try:
            return _get_file(req, info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Error uploading file [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    else:
        info['details'] = 'Unexpected action trying to upload.'
        logging.error(info['details'])
        return _fill_page(info['error_page_'], info)
Пример #8
0
def process(req):
    """Process the registration page.

       process(req)
    """
    from manage_kbasix import _is_session, _account_info
    from aux import _make_header, _fill_page
    from defs import kbasix, register
    info = {}
    info.update(kbasix)
    info.update(register)
    import logging
    logging.basicConfig(level = getattr(logging, \
                                            info['log_level_'].upper()), \
                            filename = info['log_file_'], \
                            datefmt = info['log_dateformat_'], \
                            format = info['log_format_'])
    if repr(type(req)) != "<type 'mp_request'>":
        logging.critical('Invalid request for register.py')
        info['details'] = '[SYS] Invalid request [%s].' % \
            info['error_blurb_']
        return _fill_page(info['error_page_'], info)
    if not req.is_https():
        info['details'] = 'You cannot register over an insecure connection.'
        logging.info('Disallowed insecure access to register.py')
        return _fill_page(info['error_page_'], info)
    try:
        session = _is_session(req, required=False)
        info.update(session)
        if session['token']:
            profile = _account_info(info['login_name'], 'profile')
            info.update(profile)
    except Exception as reason:
        logging.warn(reason)
        info['details'] = '[SYS] Unable to verify session [%s].' % \
            info['error_blurb_']
        return _fill_page(info['error_page_'], info)
    info['main_header'] = _make_header(info)
    if 'start' in req.form:
        try:
            return _initialize(info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Unable to initialize registration \
[%s].' % info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    elif 'action' not in req.form:
        info['details'] = 'No action specified trying to register.'
        logging.warn(info['details'])
        return _fill_page(info['error_page_'], info)
    elif req.form['action'] == 'register':
        try:
            return _register(req, info)
        except RegisterError as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Unable to register [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Unable to register [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    else:
        info['details'] = 'Unexpected action trying to register.'
        logging.error(info['details'])
        return _fill_page(info['error_page_'], info)
Пример #9
0
def process(req):
    """Process the file manager page.

       process(req)
    """
    from manage_kbasix import _is_session, _account_info
    from aux import _make_header, _fill_page
    from defs import kbasix, file_manager
    info = {}
    info.update(kbasix)
    info.update(file_manager)
    import logging
    logging.basicConfig(level = getattr(logging, \
                                            info['log_level_'].upper()), \
                            filename = info['log_file_'], \
                            datefmt = info['log_dateformat_'], \
                            format = info['log_format_'])
    if repr(type(req)) != "<type 'mp_request'>":
        logging.critical('Invalid request for file_manager.py')
        info['details'] = '[SYS] Invalid request [%s].' % \
            info['error_blurb_']
        return _fill_page(info['error_page_'], info)
    if not req.is_https():
        info['details'] = 'You cannot manage your file over an insecure \
connection.'
        logging.info('Disallowed insecure access to file_manager.py')
        return _fill_page(info['error_page_'], info)
    try:
        # The holdover is required if "per_request_token" is True, and
        # has no effect otherwise. This is needed due to the
        # client-generated download window (which has no concept of the
        # new request token).
        if 'action' in req.form and req.form['action'] == 'download':
            session = _is_session(req, required=True, holdover=True)
        else:
            session = _is_session(req, required=True)
        info.update(session)
        if session['token']:
            profile = _account_info(info['login_name'], 'profile')
            info.update(profile)
    except Exception as reason:
        logging.warn(reason)
        info['details'] = '[SYS] Unable to verify session [%s].' % \
            info['error_blurb_']
        return _fill_page(info['error_page_'], info)
    info['main_header'] = _make_header(info)
    info['filter'] = False
    if 'start' in req.form:
        try:
            return _initialize(req, info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Unable to initialize the file manager \
[%s].' % info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    elif 'action' not in req.form:
        info['details'] = 'No action specified within the file manager.'
        logging.warn(info['details'])
        return _fill_page(info['error_page_'], info)
    elif req.form['action'] == 'filter':
        try:
            info['filter'] = True
            return _initialize(req, info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] File manager error [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    elif req.form['action'] == 'copy_file':
        try:
            return _copy_file(req, info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] File manager error [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    elif req.form['action'] == 'confirm_delete':
        try:
            return _confirm_delete(req, info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] File manager error [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    elif req.form['action'] == 'delete':
        try:
            return _delete_file(req, info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Error deleting file [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    elif req.form['action'] == 'confirm_bulk_delete':
        try:
            return _confirm_bulk_delete(req, info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Error deleting files [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    elif req.form['action'] == 'download':
        try:
            return _download_file(req, info)
        except Exception as reason:
            # Not critical... user-end problem maybe?
            logging.error(reason)
            info['details'] = '[SYS] Unable to download file [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    else:
        info['details'] = 'Unexpected file manager action.'
        logging.error(info['details'])
        return _fill_page(info['error_page_'], info)
Пример #10
0
def process(req):
    """Process the login page.

       process(req)
    """
    from manage_kbasix import _is_session, _account_info
    from aux import _make_header, _fill_page
    from defs import kbasix, login
    info = {}
    info.update(kbasix)
    info.update(login)
    import logging
    logging.basicConfig(level = getattr(logging, \
                                            info['log_level_'].upper()), \
                            filename = info['log_file_'], \
                            datefmt = info['log_dateformat_'], \
                            format = info['log_format_'])
    if repr(type(req)) != "<type 'mp_request'>":
        logging.critical('Invalid request for login.py')
        info['details'] = '[SYS] Invalid request [%s].' % \
            info['error_blurb_']
        return _fill_page(info['error_page_'], info)
    if not req.is_https():
        info['details'] = 'You cannot login over an insecure connection.'
        logging.info('Disallowed insecure access to login.py')
        return _fill_page(info['error_page_'], info)
    try:
        session = _is_session(req, required=False)
        info.update(session)
        if session['token']:
            profile = _account_info(info['login_name'], 'profile')
            info.update(profile)
    except Exception as reason:
        logging.warn(reason)
        info['details'] = '[SYS] Unable to verify session [%s].' % \
            info['error_blurb_']
        return _fill_page(info['error_page_'], info)
    # This page should not appear to people who are already logged in.
    if info['token']:
        info['details'] = 'You are already logged in as "%s".' % \
            info['user_name']
        logging.debug(info['details'])
        return _fill_page(info['error_page_'], info)
    info['main_header'] = _make_header(info)
    # When a page requires a user to be logged-in it sends its name as
    # "referrer", which is obtained from "req.canonical_filename", and
    # spoofing it shouldn't gain anything other than attempting to access
    # a different URL (which can be done by editing the URL directly
    # anyways).
    if 'referrer' not in req.form:
        info['referrer'] = 'main.py'
    else:
        info['referrer'] = req.form['referrer'].value
    if 'start' in req.form:
        try:
            return _initialize(info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Unable to open login page [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    elif 'action' not in req.form:
        info['details'] = 'No action specified trying to login.'
        logging.warn(info['details'])
        return _fill_page(info['error_page_'], info)
    elif req.form['action'] == 'login':
        try:
            if not req.form['user_name']:
                info['details'] = 'You must input your user name.'
                return _fill_page(info['error_page_'], info)
            else:
                info['user_name'] = req.form['user_name'].value
                info['login_name'] = info['user_name'].lower()
            return _login(req, info)
        except SendTokenError as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Unable to email new token [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
        except LoginError as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Unable to login [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Unable to login [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    else:
        info['details'] = 'Unexpected action trying to login.'
        logging.error(info['details'])
        return _fill_page(info['error_page_'], info)
Пример #11
0
def process(req):
    """Process the profile page.

       process(req)
    """
    from manage_kbasix import _is_session, _account_info
    from aux import _make_header, _fill_page
    from defs import kbasix, profile
    info = {}
    info.update(kbasix)
    info.update(profile)
    import logging
    logging.basicConfig(level = getattr(logging, \
                                            info['log_level_'].upper()), \
                            filename = info['log_file_'], \
                            datefmt = info['log_dateformat_'], \
                            format = info['log_format_'])
    if repr(type(req)) != "<type 'mp_request'>":
        logging.critical('Invalid request for profile.py')
        info['details'] = '[SYS] Invalid request [%s].' % \
            info['error_blurb_']
        return _fill_page(info['error_page_'], info)
    if not req.is_https():
        info['details'] = 'You cannot edit your profile over an insecure \
connection.'

        return _fill_page(info['error_page_'], info)
    try:
        # We need to holdover (which only takes when "per_request_token" is
        # True) because we want to keep the restricted token generated when
        # a password is forgotten. Note that this check should be added to
        # any module which needs to be restricted.
        if 'token' in req.form and '-all-tk' not in req.form['token']:
            session = _is_session(req, required=True, holdover=True)
        else:
            session = _is_session(req, required=True)
        info.update(session)
        if session['token']:
            profile = _account_info(info['login_name'], 'profile')
            info.update(profile)
    except Exception as reason:
        logging.warn(reason)
        info['details'] = '[SYS] Unable to verify session [%s].' % \
            info['error_blurb_']
        return _fill_page(info['error_page_'], info)
    info['main_header'] = _make_header(info)
    if 'start' in req.form:
        try:
            return _initialize(info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Unable to initialize profile editor \
[%s].' % info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    elif 'action' not in req.form:
        info['details'] = 'No action specified trying to edit profile.'
        logging.warn(info['details'])
        return _fill_page(info['error_page_'], info)
    elif req.form['action'] == 'update':
        try:
            return _update(req, info)
        except UpdateError as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Unable to update the profile \
[%s].' % info['error_blurb_']
            return _fill_page(info['error_page_'], info)
        except Exception as reason:
            logging.critical(reason)
            info['details'] = '[SYS] Unable to update the profile [%s].' % \
                info['error_blurb_']
            return _fill_page(info['error_page_'], info)
    else:
        info['details'] = 'Unexpected action trying to update the profile.'
        logging.error(info['details'])
        return _fill_page(info['error_page_'], info)