def _validate_icon(self, document):
mime_type = None
encoding = None
data = None
xml = StringIO(document)
try:
tree = etree.parse(xml)
root = tree.getroot()
ns = root.nsmap[None]
for element in root:
if element.tag == "{%s}mime-type" % ns:
mime_type = element.text.lower()
if element.tag == "{%s}encoding" % ns:
encoding = element.text.lower()
if element.tag == "{%s}data" % ns:
data = element.text
except etree.ParseError:
raise errors.NotWellFormedError()
else:
if mime_type not in self.icon_mime_types:
raise errors.ConstraintFailureError(
phrase="Unsupported MIME type. Allowed MIME types: %s" %
','.join(self.icon_mime_types))
if encoding != self.icon_encoding:
raise errors.ConstraintFailureError(
phrase="Unsupported encoding. Allowed enconding: %s" %
self.icon_encoding)
if data is None:
raise errors.ConstraintFailureError(
phrase="No icon data was provided")
if len(data) > self.icon_max_size:
raise errors.ConstraintFailureError(
phrase=
"Size limit exceeded, maximum allowed size is %d bytes" %
self.icon_max_size)
def _check_external_list(self, external_list, node_uri):
if not external_list:
return
external_list = unquote(external_list)
external_list_uri = parseExternalListURI(
external_list, AuthenticationConfig.default_realm)
if external_list_uri.xcap_root != node_uri.xcap_root:
raise errors.ConstraintFailureError(
phrase=
"XCAP root in the external list doesn't match PUT requests'")
if external_list_uri.user != node_uri.user:
raise errors.ConstraintFailureError(
phrase="Cannot link to another user's list")
def _validate_rules(self, document, node_uri):
common_policy_namespace = 'urn:ietf:params:xml:ns:common-policy'
oma_namespace = 'urn:oma:xml:xdm:common-policy'
actions_tag = '{%s}actions' % common_policy_namespace
conditions_tag = '{%s}conditions' % common_policy_namespace
identity_tag = '{%s}identity' % common_policy_namespace
rule_tag = '{%s}rule' % common_policy_namespace
transformations_tag = '{%s}transformations' % common_policy_namespace
sub_handling_tag = '{%s}sub-handling' % self.default_ns
oma_anonymous_request_tag = '{%s}anonymous-request' % oma_namespace
oma_entry_tag = '{%s}entry' % oma_namespace
oma_external_list_tag = '{%s}external-list' % oma_namespace
oma_other_identity_tag = '{%s}other-identity' % oma_namespace
try:
xml = StringIO(document)
tree = etree.parse(xml)
root = tree.getroot()
if oma_namespace in root.nsmap.values():
# Condition constraints
for element in root.iter(conditions_tag):
if any([
len(element.findall(item)) > 1
for item in (identity_tag, oma_external_list_tag,
oma_other_identity_tag,
oma_anonymous_request_tag)
]):
raise errors.ConstraintFailureError(
phrase="Complex rules are not allowed")
# Transformations constraints
for rule in root.iter(rule_tag):
actions = rule.find(actions_tag)
if actions is not None:
sub_handling = actions.find(sub_handling_tag)
transformations = rule.find(transformations_tag)
if sub_handling is not None and sub_handling.text != 'allow' and transformations is not None and transformations.getchildren(
):
raise errors.ConstraintFailureError(
phrase="transformations element not allowed")
# External list constraints
if not ServerConfig.allow_external_references:
for element in root.iter(oma_external_list_tag):
for entry in element.iter(oma_entry_tag):
self._check_external_list(
entry.attrib.get('anc', None), node_uri)
except etree.ParseError:
raise errors.NotWellFormedError()
def check_list(cls, element, node_uri):
from xcap.authentication import parseNodeURI
entry_tag = "{%s}entry" % cls.default_ns
entry_ref_tag = "{%s}entry-ref" % cls.default_ns
external_tag = "{%s}external" % cls.default_ns
list_tag = "{%s}list" % cls.default_ns
anchor_attrs = set()
name_attrs = set()
ref_attrs = set()
uri_attrs = set()
for child in element.getchildren():
if child.tag == list_tag:
name = child.get("name")
if name in name_attrs:
attribute_not_unique(child, 'name')
else:
name_attrs.add(name)
cls.check_list(child, node_uri)
elif child.tag == entry_tag:
uri = child.get("uri")
if uri in uri_attrs:
attribute_not_unique(child, 'uri')
else:
uri_attrs.add(uri)
elif child.tag == entry_ref_tag:
ref = child.get("ref")
if ref in ref_attrs:
attribute_not_unique(child, 'ref')
else:
try:
ref = unquote(ref)
ref_uri = parseNodeURI(
"%s/%s" % (node_uri.xcap_root, ref),
AuthenticationConfig.default_realm)
if not ServerConfig.allow_external_references and ref_uri.user != node_uri.user:
raise errors.ConstraintFailureError(
phrase="Cannot link to another users' list")
try:
if ref_uri.node_selector.element_selector[-1].name[
1] != "entry":
raise ValueError
except LookupError:
raise ValueError
except (DocumentSelectorError, NodeParsingError), e:
raise errors.ConstraintFailureError(phrase=str(e))
except ValueError:
raise errors.ConstraintFailureError
else:
ref_attrs.add(ref)
def parseExternalListURI(node_uri, default_realm):
from xcap.appusage import namespaces
xcap_root = None
for uri in ServerConfig.root.uris:
if node_uri.startswith(uri):
xcap_root = uri
break
if xcap_root is None:
raise errors.ConstraintFailureError("XCAP root not found for URI: %s" % node_uri)
resource_selector = node_uri[len(xcap_root):]
if not resource_selector or resource_selector == '/':
raise errors.ConstraintFailureError("Resource selector missing")
try:
uri = XCAPUri(xcap_root, resource_selector, namespaces)
except (DocumentSelectorError, NodeParsingError), e:
raise errors.ConstraintFailureError(phrase=str(e))
class ResourceListsApplication(ApplicationUsage):
# RFC 4826
id = "resource-lists"
default_ns = "urn:ietf:params:xml:ns:resource-lists"
mime_type = "application/resource-lists+xml"
schema_file = 'resource-lists.xsd'
@classmethod
def check_list(cls, element, node_uri):
from xcap.authentication import parseNodeURI
entry_tag = "{%s}entry" % cls.default_ns
entry_ref_tag = "{%s}entry-ref" % cls.default_ns
external_tag = "{%s}external" % cls.default_ns
list_tag = "{%s}list" % cls.default_ns
anchor_attrs = set()
name_attrs = set()
ref_attrs = set()
uri_attrs = set()
for child in element.getchildren():
if child.tag == list_tag:
name = child.get("name")
if name in name_attrs:
attribute_not_unique(child, 'name')
else:
name_attrs.add(name)
cls.check_list(child, node_uri)
elif child.tag == entry_tag:
uri = child.get("uri")
if uri in uri_attrs:
attribute_not_unique(child, 'uri')
else:
uri_attrs.add(uri)
elif child.tag == entry_ref_tag:
ref = child.get("ref")
if ref in ref_attrs:
attribute_not_unique(child, 'ref')
else:
try:
ref = unquote(ref)
ref_uri = parseNodeURI(
"%s/%s" % (node_uri.xcap_root, ref),
AuthenticationConfig.default_realm)
if not ServerConfig.allow_external_references and ref_uri.user != node_uri.user:
raise errors.ConstraintFailureError(
phrase="Cannot link to another users' list")
try:
if ref_uri.node_selector.element_selector[-1].name[
1] != "entry":
raise ValueError
except LookupError:
raise ValueError
except (DocumentSelectorError, NodeParsingError), e:
raise errors.ConstraintFailureError(phrase=str(e))
except ValueError:
raise errors.ConstraintFailureError
else:
ref_attrs.add(ref)
elif child.tag == external_tag:
anchor = child.get("anchor")
if anchor in anchor_attrs:
attribute_not_unique(child, 'anchor')
else:
anchor = unquote(anchor)
if not ServerConfig.allow_external_references:
external_list_uri = parseExternalListURI(
anchor, AuthenticationConfig.default_realm)
if external_list_uri.xcap_root != node_uri.xcap_root:
raise errors.ConstraintFailureError(
phrase=
"XCAP root in the external list doesn't match PUT requests'"
)
if external_list_uri.user != node_uri.user:
raise errors.ConstraintFailureError(
phrase="Cannot link to another users' list")
else:
parsed_url = urlparse(anchor)
if parsed_url.scheme not in ('http', 'https'):
raise errors.ConstraintFailureError(
phrase='Specified anchor is not a valid URL')
else:
anchor_attrs.add(anchor)