def finished(): try: downloadable_files = file_download_feature.get_downloadable_files( execution_id) for file in downloadable_files: filename = os.path.basename(file) relative_path = file_utils.relative_path( file, downloads_folder) url_path = relative_path.replace(os.path.sep, '/') url_path = 'result_files/' + url_path web_socket.safe_write( wrap_to_server_event('file', { 'url': url_path, 'filename': filename })) except: LOGGER.exception('Could not prepare downloadable files') connection = web_socket.ws_connection if (connection is not None) and (hasattr(connection, 'ping_callback')): # we need to stop callback explicitly and as soon as possible, to avoid sending ping after close connection.ping_callback.stop() output_stream.wait_close(timeout=5) web_socket.ioloop.add_callback(web_socket.close, code=1000)
def finished(self): output_stream.wait_close() script_output = ''.join(output_stream.get_old_data()) try: downloadable_files = file_download_feature.prepare_downloadable_files( executor.config, script_output, executor.parameter_values, audit_name) for file in downloadable_files: filename = os.path.basename(file) relative_path = file_utils.relative_path( file, TEMP_FOLDER) web_socket.safe_write( wrap_to_server_event( 'file', { 'url': relative_path.replace( os.path.sep, '/'), 'filename': filename })) except: LOGGER.exception("Couldn't prepare downloadable files") web_socket.ioloop.add_callback(web_socket.close)
def finished(self): reading_thread.join() output_logger.close() try: downloadable_files = file_download_feature.prepare_downloadable_files( process_wrapper.get_config(), process_wrapper.get_full_output(), process_wrapper.execution_info.param_values, audit_name, get_tornado_secret(), TEMP_FOLDER) for file in downloadable_files: filename = os.path.basename(file) relative_path = file_utils.relative_path(file, TEMP_FOLDER) web_socket.safe_write(wrap_to_server_event( 'file', {'url': relative_path.replace(os.path.sep, '/'), 'filename': filename})) except: logger.exception("Couldn't prepare downloadable files") tornado.ioloop.IOLoop.current().add_callback(web_socket.close)
def validate_absolute_path(self, root, absolute_path): logger = logging.getLogger('scriptServer') audit_name = get_audit_name(self, logger) file_path = file_utils.relative_path(absolute_path, os.path.abspath(root)) if not file_download_feature.allowed_to_download(file_path, audit_name, get_tornado_secret()): logger.warning('Access attempt from ' + audit_name + ' to ' + absolute_path) raise tornado.web.HTTPError(404) return super(AuthorizedStaticFileHandler, self).validate_absolute_path(root, absolute_path)
def validate_absolute_path(self, root, absolute_path): audit_name = get_audit_name_from_request(self) user_id = identify_user(self) file_download_feature = self.application.file_download_feature file_path = file_utils.relative_path(absolute_path, os.path.abspath(root)) if not file_download_feature.allowed_to_download(file_path, user_id): LOGGER.warning('Access attempt from ' + user_id + '(' + audit_name + ') to ' + absolute_path) raise tornado.web.HTTPError(403) return super(AuthorizedStaticFileHandler, self).validate_absolute_path(root, absolute_path)
def validate_absolute_path(self, root, absolute_path): audit_name = get_audit_name_from_request(self) user_id = _identify_user(self) file_download_feature = self.application.file_download_feature file_path = file_utils.relative_path(absolute_path, os.path.abspath(root)) if not file_download_feature.allowed_to_download(file_path, user_id): LOGGER.warning('Access attempt from ' + user_id + '(' + audit_name + ') to ' + absolute_path) raise tornado.web.HTTPError(403) return super(AuthorizedStaticFileHandler, self).validate_absolute_path(root, absolute_path)
def validate_absolute_path(self, root, absolute_path): if not self.application.auth.is_enabled() and (absolute_path.endswith("/login.html")): raise tornado.web.HTTPError(404) relative_path = file_utils.relative_path(absolute_path, root) if self.is_admin_file(relative_path): if not has_admin_rights(self): user_id = identify_user(self) LOGGER.warning('User %s (%s) tried to access admin static file %s', user_id, get_audit_name_from_request(self), relative_path) raise tornado.web.HTTPError(403) return super(AuthorizedStaticFileHandler, self).validate_absolute_path(root, absolute_path)
def validate_absolute_path(self, root, absolute_path): if not self.application.auth.is_enabled() and (absolute_path.endswith("/login.html")): raise tornado.web.HTTPError(404) relative_path = file_utils.relative_path(absolute_path, root) if self.is_admin_file(relative_path): if not has_admin_rights(self): user_id = _identify_user(self) LOGGER.warning('User %s (%s) tried to access admin static file %s', user_id, get_audit_name_from_request(self), relative_path) raise tornado.web.HTTPError(403) return super(AuthorizedStaticFileHandler, self).validate_absolute_path(root, absolute_path)
def finished(): try: downloadable_files = file_download_feature.get_downloadable_files(execution_id) for file in downloadable_files: filename = os.path.basename(file) relative_path = file_utils.relative_path(file, downloads_folder) url_path = relative_path.replace(os.path.sep, '/') url_path = 'result_files/' + url_path web_socket.safe_write(wrap_to_server_event( 'file', {'url': url_path, 'filename': filename})) except: LOGGER.exception('Could not prepare downloadable files') connection = web_socket.ws_connection if (connection is not None) and (hasattr(connection, 'ping_callback')): # we need to stop callback explicitly and as soon as possible, to avoid sending ping after close connection.ping_callback.stop() output_stream.wait_close(timeout=5) web_socket.ioloop.add_callback(web_socket.close, code=1000)
def prepare_download_url(self, file): downloads_folder = self.application.downloads_folder relative_path = file_utils.relative_path(file, downloads_folder) url_path = relative_path.replace(os.path.sep, '/') url_path = 'result_files/' + url_path return url_path
def test_prohibit_access_to_different_user(self): user1_folder = self.storage.prepare_new_folder('user1', test_utils.temp_folder) relative_folder = file_utils.relative_path(user1_folder, test_utils.temp_folder) self.assertFalse(self.storage.allowed_to_access(relative_folder, 'user2'))
def test_allow_to_access_own_folder(self): user1_folder = self.storage.prepare_new_folder('user1', test_utils.temp_folder) relative_folder = file_utils.relative_path(user1_folder, test_utils.temp_folder) self.assertTrue(self.storage.allowed_to_access(relative_folder, 'user1'))