def test_allow_origin(self): with self.Settings(SENTRY_ALLOW_ORIGIN="http://foo.example"): response = apply_access_control_headers(HttpResponse()) self.assertEqual(response.get('Access-Control-Allow-Origin', None), "http://foo.example") self.assertEqual(response.get('Access-Control-Allow-Headers', None), "X-Sentry-Auth") self.assertEqual(response.get('Access-Control-Allow-Methods', None), "POST")
def test_allow_origin(self): with self.Settings(SENTRY_ALLOW_ORIGIN="http://foo.example"): response = apply_access_control_headers(HttpResponse(), "http://foo.example") self.assertEqual(response.get('Access-Control-Allow-Origin', None), "http://foo.example") self.assertEqual(response.get('Access-Control-Allow-Headers', None), "X-Sentry-Auth, Authentication") self.assertEqual(response.get('Access-Control-Allow-Methods', None), "POST, OPTIONS")
def test_allow_origin_none(self): """If ALLOW_ORIGIN is None, the headers should not be added""" with self.Settings(SENTRY_ALLOW_ORIGIN=None): response = apply_access_control_headers(HttpResponse()) self.assertEqual(response.get('Access-Control-Allow-Origin', None), None) self.assertEqual(response.get('Access-Control-Allow-Headers', None), None) self.assertEqual(response.get('Access-Control-Allow-Methods', None), None)
def test_allow_origin_none(self): """If ALLOW_ORIGIN is None, the headers should not be added""" with self.Settings(SENTRY_ALLOW_ORIGIN=None): response = apply_access_control_headers(HttpResponse(), None) self.assertEqual(response.get('Access-Control-Allow-Origin', None), None) self.assertEqual(response.get('Access-Control-Allow-Headers', None), None) self.assertEqual(response.get('Access-Control-Allow-Methods', None), None)
def test_allow_origin_project_and_setting(self): from sentry.models import Project, ProjectOption project = Project.objects.get() ProjectOption.objects.create(project=project, key='sentry:origins', value=['http://foo.example']) with self.Settings(SENTRY_ALLOW_ORIGIN='http://example.com'): response = apply_access_control_headers(HttpResponse(), project) self.assertEqual(response.get('Access-Control-Allow-Origin', None), "http://example.com http://foo.example") self.assertEqual(response.get('Access-Control-Allow-Headers', None), "X-Sentry-Auth, Authentication") self.assertEqual(response.get('Access-Control-Allow-Methods', None), "POST")
def test_allow_origin(self): with self.Settings(SENTRY_ALLOW_ORIGIN="http://foo.example"): response = apply_access_control_headers(HttpResponse(), "http://foo.example") self.assertEqual(response.get('Access-Control-Allow-Origin', None), "http://foo.example") headers = response.get('Access-Control-Allow-Headers', None) self.assertNotEquals(headers, None) headers = headers.split(', ') self.assertIn('X-Sentry-Auth', headers) self.assertIn('Authentication', headers) methods = response.get('Access-Control-Allow-Methods', None) self.assertNotEquals(methods, None) methods = methods.split(', ') self.assertIn('POST', methods) self.assertIn('HEAD', methods) self.assertIn('OPTIONS', methods)
def wrapped(request, project_id=None, *args, **kwargs): if project_id: if project_id.isdigit(): lookup_kwargs = {"id": int(project_id)} else: lookup_kwargs = {"slug": project_id} try: project = Project.objects.get_from_cache(**lookup_kwargs) except Project.DoesNotExist: return HttpResponse("Invalid project_id: %r" % project_id, status=400) else: project = None origin = request.META.get("HTTP_ORIGIN", None) if origin is not None and not is_valid_origin(origin, project): return HttpResponse("Invalid origin: %r" % origin, status=400) response = func(request, project, *args, **kwargs) response = apply_access_control_headers(response, origin) return response
def wrapped(request, project_id=None, *args, **kwargs): if project_id: if project_id.isdigit(): lookup_kwargs = {'id': int(project_id)} else: lookup_kwargs = {'slug': project_id} try: project = Project.objects.get_from_cache(**lookup_kwargs) except Project.DoesNotExist: return HttpResponse('Invalid project_id: %r' % project_id, status=400) else: project = None origin = request.META.get('HTTP_ORIGIN', None) if origin is not None and not is_valid_origin(origin, project): return HttpResponse('Invalid origin: %r' % origin, status=400) response = func(request, project, *args, **kwargs) response = apply_access_control_headers(response, origin) return response
project=project, auth=auth, **kwargs) except APIError, error: logger.info('Project %r raised API error: %s', project.slug, error, extra={ 'request': request, }, exc_info=True) response = HttpResponse(unicode(error.msg), status=error.http_status) response = apply_access_control_headers(response, origin) return response # XXX: backported from Django 1.5 def _allowed_methods(self): return [m.upper() for m in self.http_method_names if hasattr(self, m)] def options(self, request, *args, **kwargs): response = HttpResponse() response['Allow'] = ', '.join(self._allowed_methods()) response['Content-Length'] = '0' return response class StoreView(APIView):
# Log the error, remove the timestamp, and revalidate error_logger.error('Client %r passed an invalid value for timestamp %r' % ( data['timestamp'], client or '<unknown client>', )) del data['timestamp'] validate_data(project, data) insert_data_to_database(data) except APIError, error: logging.error('Client %r raised API error: %s' % (client, error), exc_info=True) response = HttpResponse(unicode(error.msg), status=error.http_status) else: logging.info('New event from client %r (id=%%s)' % client, data['event_id']) response = HttpResponse('') return apply_access_control_headers(response) @csrf_exempt @has_access def notification(request, project): return render_to_response('sentry/partial/_notification.html', request.GET) @csrf_exempt @has_access def poll(request, project): from sentry.templatetags.sentry_helpers import as_bookmarks, handle_before_events offset = 0 limit = settings.MESSAGES_PER_PAGE
try: validate_data(project, data, client) except InvalidData, e: raise APIError(unicode(e)) insert_data_to_database(data) except APIError, error: logging.error('Client %r raised API error: %s' % (client, error), exc_info=True) response = HttpResponse(unicode(error.msg), status=error.http_status) else: logging.info('New event from client %r (id=%%s)' % client, data['event_id']) response = HttpResponse('') return apply_access_control_headers(response) @csrf_exempt @has_access def notification(request, project): return render_to_response('sentry/partial/_notification.html', request.GET) @csrf_exempt @has_access def poll(request, project): from sentry.templatetags.sentry_helpers import as_bookmarks from sentry.templatetags.sentry_plugins import handle_before_events offset = 0
origin = request.META.get('HTTP_ORIGIN', None) if origin is not None and not is_valid_origin(origin, project): return HttpResponse('Invalid origin: %r' % origin, status=400) auth = Auth(auth_vars) try: response = super(APIView, self).dispatch(request, project=project, auth=auth, **kwargs) except APIError, error: logger.info('Project %r raised API error: %s', project.slug, error, extra={ 'request': request, }, exc_info=True) response = HttpResponse(unicode(error.msg), status=error.http_status) response = apply_access_control_headers(response, origin) return response # XXX: backported from Django 1.5 def _allowed_methods(self): return [m.upper() for m in self.http_method_names if hasattr(self, m)] def options(self, request, *args, **kwargs): response = HttpResponse() response['Allow'] = ', '.join(self._allowed_methods()) response['Content-Length'] = '0' return response class StoreView(APIView):