示例#1
0
def processRequest(method, params, req):
    # lookup handler
    handler = lookupHandler(method)
    websession = getSession(req)

    # invoke handler
    if hasattr(handler, "process"):
        result = handler(params, websession, req).process()
    else:
        result = handler(params, websession, req)

    # commit session if necessary
    session.getSessionManager().maintain_session(req, websession)

    return result
示例#2
0
def getSession(req):
    sm = session.getSessionManager()
    try:
        websession = sm.get_session(req)
    except session.SessionError, e:
        sm.revoke_session_cookie(req)
        websession = sm.get_session(req)
示例#3
0
def getSession(req):
    sm = session.getSessionManager()
    try:
        websession = sm.get_session(req)
    except session.SessionError:
        sm.revoke_session_cookie(req)
        websession = sm.get_session(req)
    return websession
示例#4
0
def processRequest(method, params, req, internal=False):
    # lookup handler
    handler = lookupHandler(method)
    websession = getSession(req)

    if not internal and Config.getInstance().getCSRFLevel() >= 1:
        if websession.csrf_protected and websession.csrf_token != req.headers_in.get('X-CSRF-Token'):
            raise CSRFError()

    # invoke handler
    if hasattr(handler, "process"):
        result = handler(params, websession, req).process()
    else:
        result = handler(params, websession, req)

    # commit session if necessary
    session.getSessionManager().maintain_session(req, websession)

    return result
示例#5
0
def processRequest(method, params, req, internal=False):
    # lookup handler
    handler = lookupHandler(method)
    websession = getSession(req)

    if not internal and Config.getInstance().getCSRFLevel() >= 1:
        if websession.csrf_token != req.headers_in.get('X-CSRF-Token'):
            raise RequestError('ERR-R4', _('Invalid CSRF token'))

    # invoke handler
    if hasattr(handler, "process"):
        result = handler(params, websession, req).process()
    else:
        result = handler(params, websession, req)

    # commit session if necessary
    session.getSessionManager().maintain_session(req, websession)

    return result
示例#6
0
文件: base.py 项目: vstitches/indico
 def _setSession( self ):
     """Sets up a reference to the corresponding web session. It uses the
         session manager to retrieve the session corresponding to the
         received request and makes sure it is a valid one. In case of having
         an invalid session it reset client settings and creates a new one.
    """
     if not self._websession:
         sm = session.getSessionManager()
         try:
             self._websession = sm.get_session( self._req )
         except session.SessionError:
             sm.revoke_session_cookie( self._req )
             self._websession = sm.get_session( self._req )
示例#7
0
文件: base.py 项目: arturodr/indico
 def _setSession(self):
     """Sets up a reference to the corresponding web session. It uses the
         session manager to retrieve the session corresponding to the
         received request and makes sure it is a valid one. In case of having
         an invalid session it reset client settings and creates a new one.
    """
     if not self._websession:
         sm = session.getSessionManager()
         try:
             self._websession = sm.get_session(self._req)
         except session.SessionError:
             sm.revoke_session_cookie(self._req)
             self._websession = sm.get_session(self._req)
示例#8
0
文件: base.py 项目: vstitches/indico
    def process( self, params ):
        """
        """
        profile = Config.getInstance().getProfile()
        proffilename = ""
        res = ""
        MAX_RETRIES = 10
        retry = MAX_RETRIES
        textLog = []
        self._startTime = datetime.now()

        # clear the context
        ContextManager.destroy()
        ContextManager.set('currentRH', self)

        #redirect to https if necessary
        if self._checkHttpsRedirect():
            return


        DBMgr.getInstance().startRequest()
        self._startRequestSpecific2RH()     # I.e. implemented by Room Booking request handlers
        textLog.append("%s : Database request started"%(datetime.now() - self._startTime))
        Logger.get('requestHandler').info('[pid=%s] Request %s started (%s)' % (os.getpid(),id(self._req), self._req.unparsed_uri))

        # notify components that the request has started
        self._notify('requestStarted', self._req)

        forcedConflicts = Config.getInstance().getForceConflicts()
        try:
            while retry>0:

                if retry < MAX_RETRIES:
                    # notify components that the request is being retried
                    self._notify('requestRetry', self._req, MAX_RETRIES - retry)

                try:
                    Logger.get('requestHandler').info('\t[pid=%s] from host %s' % (os.getpid(), self.getHostIP()))
                    try:
                        # clear the fossile cache at the start of each request
                        fossilize.clearCache()
                        # delete all queued emails
                        GenericMailer.flushQueue(False)

                        DBMgr.getInstance().sync()
                        # keep a link to the web session in the access wrapper
                        # this is used for checking access/modification key existence
                        # in the user session
                        self._aw.setIP( self.getHostIP() )
                        self._aw.setSession(self._getSession())
                        #raise(str(dir(self._websession)))
                        self._setSessionUser()
                        self._setLang(params)
                        if self._getAuth():
                            if self._getUser():
                                Logger.get('requestHandler').info('Request %s identified with user %s (%s)' % (id(self._req), self._getUser().getFullName(), self._getUser().getId()))
                            if not self._tohttps and Config.getInstance().getAuthenticatedEnforceSecure():
                                self._tohttps = True
                                if self._checkHttpsRedirect():
                                    return

                        #if self._getUser() != None and self._getUser().getId() == "893":
                        #    profile = True
                        self._reqParams = copy.copy( params )
                        self._checkParams( self._reqParams )

                        self._checkProtection()
                        security.Sanitization.sanitizationCheck(self._target,
                                               self._reqParams,
                                               self._aw, self._doNotSanitizeFields)
                        if self._doProcess:
                            if profile:
                                import profile, pstats
                                proffilename = os.path.join(Config.getInstance().getTempDir(), "stone%s.prof" % str(random.random()))
                                result = [None]
                                profile.runctx("result[0] = self._process()", globals(), locals(), proffilename)
                                res = result[0]
                            else:
                                res = self._process()

                        # Save web session, just when needed
                        sm = session.getSessionManager()
                        sm.maintain_session(self._req, self._websession)

                        # notify components that the request has finished
                        self._notify('requestFinished', self._req)
                        # Raise a conflict error if enabled. This allows detecting conflict-related issues easily.
                        if retry > (MAX_RETRIES - forcedConflicts):
                            raise ConflictError
                        self._endRequestSpecific2RH( True ) # I.e. implemented by Room Booking request handlers
                        DBMgr.getInstance().endRequest( True )

                        Logger.get('requestHandler').info('Request %s successful' % (id(self._req)))
                        #request succesfull, now, doing tas that must be done only once
                        try:
                            GenericMailer.flushQueue(True) # send emails
                            self._deleteTempFiles()
                        except:
                            Logger.get('mail').exception('Mail sending operation failed')
                            pass
                        break
                    except MaKaCError, e:
                        #DBMgr.getInstance().endRequest(False)
                        res = self._processError(e)
                except (ConflictError, POSKeyError):
                    import traceback
                    # only log conflict if it wasn't forced
                    if retry <= (MAX_RETRIES - forcedConflicts):
                        Logger.get('requestHandler').warning('Conflict in Database! (Request %s)\n%s' % (id(self._req), traceback.format_exc()))
                    self._abortSpecific2RH()
                    DBMgr.getInstance().abort()
                    retry -= 1
                    continue
                except ClientDisconnected:
                    Logger.get('requestHandler').warning('Client Disconnected! (Request %s)' % id(self._req) )
                    self._abortSpecific2RH()
                    DBMgr.getInstance().abort()
                    retry -= 1
                    time.sleep(10-retry)
                    continue
        except KeyAccessError, e:
            #Key Access error treatment
            res = self._processKeyAccessError( e )
            self._endRequestSpecific2RH( False )
            DBMgr.getInstance().endRequest(False)
示例#9
0
文件: base.py 项目: arturodr/indico
    def process(self, params):
        """
        """
        profile = Config.getInstance().getProfile()
        proffilename = ""
        res = ""
        MAX_RETRIES = 10
        retry = MAX_RETRIES
        textLog = []
        self._startTime = datetime.now()

        # clear the context
        ContextManager.destroy()
        ContextManager.set('currentRH', self)

        #redirect to https if necessary
        if self._checkHttpsRedirect():
            return

        DBMgr.getInstance().startRequest()
        self._startRequestSpecific2RH(
        )  # I.e. implemented by Room Booking request handlers
        textLog.append("%s : Database request started" %
                       (datetime.now() - self._startTime))
        Logger.get('requestHandler').info(
            '[pid=%s] Request %s started (%s)' %
            (os.getpid(), id(self._req), self._req.unparsed_uri))

        # notify components that the request has started
        self._notify('requestStarted', self._req)

        forcedConflicts = Config.getInstance().getForceConflicts()
        try:
            while retry > 0:

                if retry < MAX_RETRIES:
                    # notify components that the request is being retried
                    self._notify('requestRetry', self._req,
                                 MAX_RETRIES - retry)

                try:
                    Logger.get('requestHandler').info(
                        '\t[pid=%s] from host %s' %
                        (os.getpid(), self.getHostIP()))
                    try:
                        # clear the fossile cache at the start of each request
                        fossilize.clearCache()
                        # delete all queued emails
                        GenericMailer.flushQueue(False)

                        DBMgr.getInstance().sync()
                        # keep a link to the web session in the access wrapper
                        # this is used for checking access/modification key existence
                        # in the user session
                        self._aw.setIP(self.getHostIP())
                        self._aw.setSession(self._getSession())
                        #raise(str(dir(self._websession)))
                        self._setSessionUser()
                        self._setLang(params)
                        if self._getAuth():
                            if self._getUser():
                                Logger.get('requestHandler').info(
                                    'Request %s identified with user %s (%s)' %
                                    (id(self._req),
                                     self._getUser().getFullName(),
                                     self._getUser().getId()))
                            if not self._tohttps and Config.getInstance(
                            ).getAuthenticatedEnforceSecure():
                                self._tohttps = True
                                if self._checkHttpsRedirect():
                                    return

                        #if self._getUser() != None and self._getUser().getId() == "893":
                        #    profile = True
                        self._reqParams = copy.copy(params)
                        self._checkParams(self._reqParams)

                        self._checkProtection()
                        security.Sanitization.sanitizationCheck(
                            self._target, self._reqParams, self._aw,
                            self._doNotSanitizeFields)
                        if self._doProcess:
                            if profile:
                                import profile, pstats
                                proffilename = os.path.join(
                                    Config.getInstance().getTempDir(),
                                    "stone%s.prof" % str(random.random()))
                                result = [None]
                                profile.runctx("result[0] = self._process()",
                                               globals(), locals(),
                                               proffilename)
                                res = result[0]
                            else:
                                res = self._process()

                        # Save web session, just when needed
                        sm = session.getSessionManager()
                        sm.maintain_session(self._req, self._websession)

                        # notify components that the request has finished
                        self._notify('requestFinished', self._req)
                        # Raise a conflict error if enabled. This allows detecting conflict-related issues easily.
                        if retry > (MAX_RETRIES - forcedConflicts):
                            raise ConflictError
                        self._endRequestSpecific2RH(
                            True
                        )  # I.e. implemented by Room Booking request handlers
                        DBMgr.getInstance().endRequest(True)

                        Logger.get('requestHandler').info(
                            'Request %s successful' % (id(self._req)))
                        #request succesfull, now, doing tas that must be done only once
                        try:
                            GenericMailer.flushQueue(True)  # send emails
                            self._deleteTempFiles()
                        except:
                            Logger.get('mail').exception(
                                'Mail sending operation failed')
                            pass
                        break
                    except MaKaCError, e:
                        #DBMgr.getInstance().endRequest(False)
                        res = self._processError(e)
                except (ConflictError, POSKeyError):
                    import traceback
                    # only log conflict if it wasn't forced
                    if retry <= (MAX_RETRIES - forcedConflicts):
                        Logger.get('requestHandler').warning(
                            'Conflict in Database! (Request %s)\n%s' %
                            (id(self._req), traceback.format_exc()))
                    self._abortSpecific2RH()
                    DBMgr.getInstance().abort()
                    retry -= 1
                    continue
                except ClientDisconnected:
                    Logger.get('requestHandler').warning(
                        'Client Disconnected! (Request %s)' % id(self._req))
                    self._abortSpecific2RH()
                    DBMgr.getInstance().abort()
                    retry -= 1
                    time.sleep(10 - retry)
                    continue
        except KeyAccessError, e:
            #Key Access error treatment
            res = self._processKeyAccessError(e)
            self._endRequestSpecific2RH(False)
            DBMgr.getInstance().endRequest(False)