def dispatch(self, request, *args, **kwargs): """ Root view of the package index, handle incoming actions from distutils or redirect to a more user friendly view """ if not request.user.is_authenticated(): user = login_basic_auth(request) if user: login(request, user) if request.method == 'POST': if request.META['CONTENT_TYPE'] == 'text/xml': log.debug('XMLRPC request received') return parse_xmlrpc_request(request) log.debug('Distutils request received') parse_distutils_request(request) action = request.POST.get(':action', '') else: action = request.GET.get(':action', '') if action == 'submit': return RegisterView.as_view()(request, *args, **kwargs) elif action == 'file_upload': return UploadView.as_view()(request, *args, **kwargs) elif action == 'list_classifiers': return ClassifierView.as_view()(request, *args, **kwargs) elif action == '': return ReleaseIndex.as_view()(request, *args, **kwargs) else: log.error('Invalid action encountered: `%s`', action) return HttpResponseNotAllowed(action)
def distro_serve(request, path, document_root=None, show_indexes=False): filename = os.path.basename(path) distro = Distribution.objects.get(content=path) if not request.user.is_authenticated(): user = login_basic_auth(request) if user: login(request, user) logger.debug( "User `{0.user}` dowdloads distro `{1}` of package {2}".format(request, filename, distro.release.package)) if user_can_download(request, distro): logger.debug("User `{0.user}` download distro `{1}` of package {2}".format(request, filename, distro.release.package)) return static.serve(request, path, document_root) logger.error("User `{0.user}` cannot access to distro `{1}` of package {2}".format(request, filename, distro.release.package)) return HttpResponseForbidden()
def dispatch(self, request, *args, **kwargs): if request.user.is_authenticated(): log.info('User `{request.user}` logged in'.format(**locals())) return super(BasicAuthMixin, self).dispatch(request, *args, **kwargs) # this is a two step authorization # here we simply skip the Basic Auth for the known-host # see CheckDownloadPermission for the 'package' check ip = get_client_ip(request) if KnownHost.objects.filter(ip=ip).exists(): log.info('KnownHost `{ip}` for {request.path}'.format(**locals())) return super(BasicAuthMixin, self).dispatch(request, *args, **kwargs) user = login_basic_auth(request) if not user: log.info('Unable to login') return HttpResponseUnauthorized('pypi') login(request, user) if not request.user.is_authenticated(): return HttpResponseForbidden("Not logged in, or invalid username/password.") log.info('User `{user}` logged in'.format(**locals())) return super(BasicAuthMixin, self).dispatch(request, *args, **kwargs)