def handle_submit(self): amount = self.amount try: is_email(self.request.form['email']) except Exception as e: self.error = str(e) if self.cart.shippable and not self.cart.data.get('ship_method'): self.error = ('Something went wrong while calculating shipping. ' 'Your payment has not been processed. ' 'Please contact us for assistance.') if self.error: return userid = get_current_userid() contact_info = PersistentMapping() for f in ('first_name', 'last_name', 'email', 'phone', 'address', 'city', 'state', 'zip', 'country'): contact_info[f] = self.request.form[f] method = 'Online Payment' if self.is_superuser(): method = self.request.form.get('method', 'None') if method not in ('Online Payment', 'Check', 'Cash', 'None'): raise Forbidden('Invalid payment method: %s' % method) if amount and (method == 'None'): raise Forbidden('Invalid payment method: None') charge_result = {'success': True} if amount and method == 'Online Payment': if 'stripeToken' not in self.request.form: self.error = 'Unable to process payment. Please try again.' return card_token = self.request.form['stripeToken'] try: charge_result = process_interactive_payment( self.cart, card_token, contact_info) charge_result['success'] = True except PaymentProcessingException as e: charge_result = { 'success': False, 'err_msg': e.message, 'err_code': getattr(e, 'code', None), } self.error = e.message if not self.error: try: self.store_order(method, charge_result, userid, contact_info) self.notify_purchased() self.clear_cart() except ConflictError: self.error = ('Failed to store results of payment after ' 'multiple retries. Please contact us for ' 'assistance. ')
def _validate_contact_id(self): """Return True if the contact_id from the request is valid. :raises: Forbidden """ id = self.request.form.get('contact_id', None) if id is None: raise Forbidden('contact_id was not set.') else: try: id = int(id) except ValueError: raise Forbidden('contact_id is not an integer.') return True
def __call__(self): if 'login' in self.request.form: self._generate_url('login') elif 'register' in self.request.form: if not self.user_can_register(): raise Forbidden() self._generate_url('register') elif 'connect' in self.request.form: if checkPermission('cmf.SetOwnPassword', self.context): self._generate_url('connect') else: raise Forbidden() return self.template(self)
def _check_internal_request(self): # WARNING: The security is done here by using the request layer # IInternalOpengeverRequestLayer provided by the ogds PAS plugin. # The view has to be public, since the user may not have any # permission on this context. if not IInternalOpengeverRequestLayer.providedBy(self.request): raise Forbidden()
def traverse(self, name, ignored): # The context is important here, since it becomes the parent of the # resource, which is needed to generate the absolute URL. res = namespace.getResource(self.context, name, self.request) if isinstance(res, InterfaceClass): raise Forbidden('Access to traverser is forbidden.') return res
def publishTraverse(self, request, name): object = self.context URL = request['URL'] if name[:1] == '_': raise Forbidden("Object name begins with an underscore at: %s" % URL) if hasattr(object, '__bobo_traverse__'): try: subobject = object.__bobo_traverse__(request, name) if type(subobject) is type(()) and len(subobject) > 1: # Add additional parents into the path # XXX There are no tests for this: request['PARENTS'][-1:] = list(subobject[:-1]) object, subobject = subobject[-2:] except (AttributeError, KeyError, NotFound), e: # Try to find a view subobject = queryMultiAdapter((object, request), Interface, name) if subobject is not None: # OFS.Application.__bobo_traverse__ calls # REQUEST.RESPONSE.notFoundError which sets the HTTP # status code to 404 request.response.setStatus(200) # We don't need to do the docstring security check # for views, so lets skip it and return the object here. return subobject.__of__(object) # No view found. Reraise the error raised by __bobo_traverse__ raise e
def _resolveSubpath(self, path): parts = path.split('/') filepath = os.path.abspath(os.path.join(self.directory, *parts)) if not filepath.startswith(self.directory): raise Forbidden('Invalid path resource') return filepath
def checkGuard(self, _exec=False): guard = self.guard if guard is None or _checkGuard(guard, aq_parent(self)): return 1 if _exec: raise Forbidden('Calling %s %s is denied by Guard.' % (self.meta_type, self.id))
def MKCOL(self, REQUEST, RESPONSE): """Create a new collection resource.""" self.dav__init(REQUEST, RESPONSE) if REQUEST.get('BODY', ''): raise UnsupportedMediaType('Unknown request body.') name = self.__name__ parent = self.__parent__ if hasattr(aq_base(parent), name): raise MethodNotAllowed('The name %s is in use.' % name) if not isDavCollection(parent): raise Forbidden('Cannot create collection at this location.') ifhdr = REQUEST.get_header('If', '') if IWriteLock.providedBy(parent) and parent.wl_isLocked(): if ifhdr: parent.dav__simpleifhandler(REQUEST, RESPONSE, col=1) else: raise Locked elif ifhdr: # There was an If header, but the parent is not locked raise PreconditionFailed # Add hook for webdav MKCOL (Collector #2254) (needed for CMF) mkcol_handler = getattr(parent, 'MKCOL_handler', parent.manage_addFolder) mkcol_handler(name) RESPONSE.setStatus(201) RESPONSE.setBody('') return RESPONSE
def PUT(self, REQUEST, RESPONSE): """ """ if REQUEST.environ['REQUEST_METHOD'] != 'PUT': raise Forbidden('REQUEST_METHOD should be PUT.') body = REQUEST['BODY'] self.po_import(self.id, body) RESPONSE.setStatus(204) return RESPONSE
def generic_query(self, script_path='all-documents', output_format='json', deserialize_json=False, **kw): """ Public query API for calling xquery scripts through RESTXQ. The related xquery script must expose is functionality through http://host:port/exist/restxq/<script_path>.<output_format>. The result is then returned as text (html, xml) or deserialized JSON data structure. Note that <script_path> must start with '/db/' or 'db/'. """ if self.context and not self.context.api_enabled: raise Forbidden('API not enabled') if output_format not in ('json', 'xml', 'html'): raise NotFound( 'Unsupported output format "{}"'.format(output_format)) registry = getUtility(IRegistry) settings = registry.forInterface(IConnectorSettings) pr = urlparse.urlparse(settings.connector_url) url = '{}://{}/exist/restxq/{}.{}'.format(pr.scheme, pr.netloc, script_path, output_format) session = requests.Session() adapter = requests.adapters.HTTPAdapter(max_retries=3) session.mount('http://', adapter) session.mount('https://', adapter) result = session.get(url, auth=HTTPBasicAuth( settings.connector_username, settings.connector_password or ''), params=kw) if result.status_code != 200: raise APIError( 'eXist-db return an response with HTTP code {} for {}'.format( result.status_code, url)) if output_format == 'json': data = result.json() if deserialize_json: # called internally (and not through the web) data = result.json() return data else: data = result.text self.request.response.setHeader('content-type', 'application/json') self.request.response.setHeader('content-length', len(data)) return data else: data = result.text self.request.response.setHeader('content-type', 'text/{}'.format(output_format)) self.request.response.setHeader('content-length', len(data)) return data
def _validateProxy(self, roles=None): if roles is None: roles = self._proxy_roles if not roles: return user = getSecurityManager().getUser() if user is not None and user.allowed(self, roles): return raise Forbidden('You are not authorized to change <em>%s</em> ' 'because you do not have proxy roles.\n<!--%s, %s-->' % (self.id, user, roles))
def testCustomExceptionViewForbidden(self): from zExceptions import Forbidden registerExceptionView(IForbidden) environ = self._makeEnviron() start_response = DummyCallable() _publish = DummyCallable() _publish._raise = Forbidden('argh') app_iter = self._callFUT(environ, start_response, _publish) body = b''.join(app_iter) self.assertEqual(start_response._called_with[0][0], '403 Forbidden') self.assertTrue(b'Exception View: Forbidden' in body)
def old_validation(groups, request, auth, roles=UNSPECIFIED_ROLES): if auth: auth = request._authUserPW() if auth: name, password = auth elif roles is None: return '' else: return None elif 'REMOTE_USER' in request.environ: name = request.environ['REMOTE_USER'] password = None else: if roles is None: return '' return None if roles is None: return name keys = None try: keys = groups.keys except Exception: try: groups = groups() # Maybe it was a method defining a group keys = groups.keys except Exception: pass if keys is not None: # OK, we have a named group, so apply the roles to the named # group. if roles is UNSPECIFIED_ROLES: roles = keys() g = [] for role in roles: if role in groups: g.append(groups[role]) groups = g for d in groups: if name in d and (d[name] == password or password is None): return name if keys is None: # Not a named group, so don't go further raise Forbidden( """<strong>You are not authorized to access this resource""") return None
def render(self): if not IInternalOpengeverRequestLayer.providedBy(self.request): raise Forbidden() transition = self.request.get('transition') text = self.request.get('text') responsible = self.request.get('responsible') responsible_client = self.request.get('responsible_client') if self.is_already_done(transition, text): # Set correct content type for text response self.request.response.setHeader("Content-type", "text/plain") return 'OK' wftool = getToolByName(self.context, 'portal_workflow') # change workflow state before = wftool.getInfoFor(self.context, 'review_state') before = wftool.getTitleForStateOnType(before, self.context.Type()) wftool.doActionFor(self.context, transition) after = wftool.getInfoFor(self.context, 'review_state') after = wftool.getTitleForStateOnType(after, self.context.Type()) # create response response = add_simple_response( self.context, transition=transition, text=text) if responsible and responsible is not 'None': # special handling for reassign response.add_change( 'reponsible', _(u"label_responsible", default=u"Responsible"), ITask(self.context).responsible, responsible) ITask(self.context).responsible_client = responsible_client ITask(self.context).responsible = responsible notify(ObjectModifiedEvent(self.context)) response.add_change('review_state', _(u'Issue state'), before, after) # Set correct content type for text response self.request.response.setHeader("Content-type", "text/plain") return 'OK'
def check_delete_preconditions(repository, event): """It's not allowed to delete repository folders or the repository root """ # Ignore plone site deletions if IPloneSiteRoot.providedBy(event.object): return # Allow deletion done through the RepositoryDeleter if IDuringRepositoryDeletion.providedBy(event.object.REQUEST): return raise Forbidden('Deleting repository folders and roots is not allowed')
def checkCSRFToken(request, token='csrf_token', raises=True): """ Check CSRF token in session against token formdata. If the values don't match, and 'raises' is True, raise a Forbidden. If the values don't match, and 'raises' is False, return False. If the values match, return True. """ if request.form.get(token) != getCSRFToken(request): if raises: raise Forbidden('incorrect CSRF token') return False return True
def apply(self, obj, token, sm, url=None, result=None, top=1): if result is None: result = StringIO() url = urlfix(url, 'DELETE') url = urlbase(url) iscol = isDavCollection(obj) errmsg = None parent = aq_parent(obj) islockable = IWriteLock.providedBy(obj) if parent and (not sm.checkPermission(delete_objects, parent)): # User doesn't have permission to delete this object errmsg = "403 Forbidden" elif islockable and obj.wl_isLocked(): if token and obj.wl_hasLock(token): # Object is locked, and the token matches (no error) errmsg = "" else: errmsg = "423 Locked" if errmsg: if top and (not iscol): if errmsg == "403 Forbidden": raise Forbidden() if errmsg == "423 Locked": raise Locked() elif not result.getvalue(): # We haven't had any errors yet, so our result is empty # and we need to set up the XML header result.write('<?xml version="1.0" encoding="utf-8" ?>\n' \ '<d:multistatus xmlns:d="DAV:">\n') result.write('<d:response>\n <d:href>%s</d:href>\n' % url) result.write(' <d:status>HTTP/1.1 %s</d:status>\n' % errmsg) result.write('</d:response>\n') if iscol: for ob in obj.objectValues(): dflag = hasattr(ob,'_p_changed') and (ob._p_changed == None) if hasattr(ob, '__dav_resource__'): uri = urljoin(url, absattr(ob.getId())) self.apply(ob, token, sm, uri, result, top=0) if dflag: ob._p_deactivate() if not top: return result if result.getvalue(): # One or more subitems can't be delted, so close the multistatus # element result.write('</d:multistatus>\n') return result.getvalue()
def _curried(*args, **kw): request = args[r_index] if IBrowserRequest.providedBy(request): if request.method not in methods: raise Forbidden('Request must be %s' % methodsstr) # Reconstruct keyword arguments if defaults is not None: args, kwparams = args[:arglen], args[arglen:] for positional, (key, default) in zip(kwparams, defaults): if positional is _default: kw[key] = default else: kw[key] = positional return callable(*args, **kw)
def PUT(self, REQUEST, RESPONSE): """ Handle HTTP PUT requests for FTP/Webdav upload, which is object dependent. For now only set the text content... """ self.dav__init(REQUEST, RESPONSE) self.dav__simpleifhandler(REQUEST, RESPONSE, refresh=1) if REQUEST.environ['REQUEST_METHOD'] != 'PUT': raise Forbidden('REQUEST_METHOD should be PUT.') text_content = REQUEST.get('BODY') if text_content is None: RESPONSE.setStatus(304) else: self.setTextContent(text_content) RESPONSE.setStatus(204) return RESPONSE
def _validateProxy(self, request, roles=None): if roles is None: roles = self._proxy_roles if not roles: return user = u = getSecurityManager().getUser() user = user.allowed for r in roles: if r and not user(self, (r, )): user = None break if user is not None: return raise Forbidden( 'You are not authorized to change <em>%s</em> because you ' 'do not have proxy roles.\n<!--%s, %s-->' % (self.__name__, u, roles))
def _curried(*args, **kw): request = None if len(args) > r_index: request = args[r_index] if isinstance(request, HTTPRequest): if request.get('REQUEST_METHOD', 'GET').upper() != 'POST': raise Forbidden('Request must be POST') # Reconstruct keyword arguments if defaults is not None: args, kwparams = args[:arglen], args[arglen:] for positional, (key, default) in zip(kwparams, defaults): if positional is _default: kw[key] = default else: kw[key] = positional return callable(*args, **kw)
def __call__(self): url = self.get_came_from() if api.user.is_anonymous(): # We might try to let the user re-authenticate, # but that will likely lead to infinite redirects. if not url and self.get_came_from(include_login_templates=True): # The user came from a login-related page, so we do not redirect. raise Forbidden("ERROR: headerlogin failed") # Okay, it seems safe to redirect to require_login (or elsewhere). # Actually, require_login itself redirects anonymous users to /login. self.request.response.redirect(self.context.absolute_url() + "/login") return if not url: nav_root = api.portal.get_navigation_root(self.context) url = nav_root.absolute_url() # Temporary redirect. # Note: zope.publisher makes this 302 for HTTP/1.0 and 303 for higher. self.request.response.redirect(url)
def checkCSRFToken(request, token='csrf_token', raises=True): """ Check CSRF token in session against token formdata. If the values don't match, and 'raises' is True, raise a Forbidden. If the values don't match, and 'raises' is False, return False. If the values match, return True. """ if getattr(request, 'SESSION', None) is None: # Sessioning is not available at all, just give up logger.warning( 'Built-in CSRF check disabled - sessioning not available') return True if request.form.get(token) != getCSRFToken(request): if raises: raise Forbidden('incorrect CSRF token') return False return True
def PUT(self, REQUEST, RESPONSE): """Create a new non-collection resource. """ if getattr(self.__parent__, 'PUT_factory', None) is not None: # BBB return NullResource_PUT(self, REQUEST, RESPONSE) self.dav__init(REQUEST, RESPONSE) if REQUEST.environ['REQUEST_METHOD'] != 'PUT': raise Forbidden('REQUEST_METHOD should be PUT.') name = self.__name__ parent = self.__parent__ ifhdr = REQUEST.get_header('If', '') if IWriteLock.providedBy(parent) and parent.wl_isLocked(): if ifhdr: parent.dav__simpleifhandler(REQUEST, RESPONSE, col=1) else: # There was no If header at all, and our parent is locked, # so we fail here raise Locked elif ifhdr: # There was an If header, but the parent is not locked raise PreconditionFailed # <ERP5> # XXX: Do we really want to force 'id' # when PUT is called on Contribution Tool ? kw = {'id': name, 'data': None, 'filename': name} contribution_tool = parent.getPortalObject().portal_contributions if aq_base(contribution_tool) is not aq_base(parent): kw.update(container=parent, discover_metadata=False) ob = contribution_tool.newContent(**kw) # </ERP5> ob.PUT(REQUEST, RESPONSE) RESPONSE.setStatus(201) RESPONSE.setBody('') return RESPONSE
def PUT(self, REQUEST, RESPONSE): """ Handle HTTP (and presumably FTP?) PUT requests """ self.dav__init(REQUEST, RESPONSE) self.dav__simpleifhandler(REQUEST, RESPONSE, refresh=1) if REQUEST.environ['REQUEST_METHOD'] != 'PUT': raise Forbidden('REQUEST_METHOD should be PUT.') body = REQUEST.get('BODY', '') try: headers = self.parseHeadersFromText(body) content_type = REQUEST.get_header('Content-Type', '') headers.setdefault('content_type', content_type) headers['file'] = StringIO(body) self._edit(**headers) except ResourceLockedError: transaction.abort() RESPONSE.setStatus(423) return RESPONSE RESPONSE.setStatus(204) self.reindexObject() return RESPONSE
def __call__(self): """Open a connection to the CiviCRM server using the configuration information stored on the registry and the current user account. :raises: Forbidden """ url = api.portal.get_registry_record(URL_RECORD) site_key = api.portal.get_registry_record(SITE_KEY_RECORD) api_key = api.user.get_current().getProperty('api_key', None) # can not open connection to server if no api_key is provided if not api_key: raise Forbidden( 'No API key defined. You can not access CiviCRM server.') # for now, we can use any kind of connection # in the future, we must enforce use_ssl=True # as CiviCRM stores personal information of users use_ssl = urlparse(url).scheme == 'https' self.civicrm = CiviCRM( url, site_key, api_key, use_ssl=use_ssl, timeout=TIMEOUT)
def generate_excerpt(self): """Generate an excerpt of an agenda item and store it in the meeting dossier. """ if not self.context.model.is_editable(): raise Unauthorized("Editing is not allowed") if not self.agenda_item.can_generate_excerpt(): raise Forbidden('Generating excerpt is not allowed in this state.') try: self.agenda_item.generate_excerpt( title=self.request.form['excerpt_title']) except MissingMeetingDossierPermissions: return (JSONResponse(self.request).error( _('error_no_permission_to_add_document', default=u'Insufficient privileges to add a' u' document to the meeting dossier.')).remain().dump()) return (JSONResponse(self.request).info( _('excerpt_generated', default=u'Excerpt was created successfully.')).proceed().dump())
def __call__(self): atool = queryUtility(IActionsTool) if atool is None: # re-raise the unhandled exception raise self.context try: target = atool.getActionInfo('user/login')['url'] except ValueError: # re-raise the unhandled exception raise self.context req = self.request if (not req['REQUEST_METHOD'] in ('HEAD', 'GET', 'PUT', 'POST') or req.environ.has_key('WEBDAV_SOURCE_PORT')): # re-raise the unhandled exception raise self.context attempt = getattr(req, '_cookie_auth', ATTEMPT_NONE) if attempt not in (ATTEMPT_NONE, ATTEMPT_LOGIN): # An authenticated user was denied access to something. # XXX: hack context to get the right @@standard_macros/page # why do we get the wrong without this hack? self.context = self.__parent__ raise Forbidden(self.forbidden_template()) _expireAuthCookie(self) came_from = req.get('came_from', None) if came_from is None: came_from = req.get('ACTUAL_URL') query = req.get('QUERY_STRING') if query: # Include the query string in came_from if not query.startswith('?'): query = '?' + query came_from = came_from + query url = '%s?came_from=%s' % (target, quote(came_from)) raise Redirect(url)
def __call__(self): raise Forbidden()