def test_allow_origin(self):
with self.Settings(SENTRY_ALLOW_ORIGIN="http://foo.example"):
response = apply_access_control_headers(HttpResponse())
self.assertEqual(response.get('Access-Control-Allow-Origin', None),
"http://foo.example")
self.assertEqual(response.get('Access-Control-Allow-Headers', None),
"X-Sentry-Auth")
self.assertEqual(response.get('Access-Control-Allow-Methods', None),
"POST")
def test_allow_origin(self):
with self.Settings(SENTRY_ALLOW_ORIGIN="http://foo.example"):
response = apply_access_control_headers(HttpResponse(), "http://foo.example")
self.assertEqual(response.get('Access-Control-Allow-Origin', None),
"http://foo.example")
self.assertEqual(response.get('Access-Control-Allow-Headers', None),
"X-Sentry-Auth, Authentication")
self.assertEqual(response.get('Access-Control-Allow-Methods', None),
"POST, OPTIONS")
def test_allow_origin_none(self):
"""If ALLOW_ORIGIN is None, the headers should not be added"""
with self.Settings(SENTRY_ALLOW_ORIGIN=None):
response = apply_access_control_headers(HttpResponse())
self.assertEqual(response.get('Access-Control-Allow-Origin', None),
None)
self.assertEqual(response.get('Access-Control-Allow-Headers', None),
None)
self.assertEqual(response.get('Access-Control-Allow-Methods', None),
None)
def test_allow_origin_none(self):
"""If ALLOW_ORIGIN is None, the headers should not be added"""
with self.Settings(SENTRY_ALLOW_ORIGIN=None):
response = apply_access_control_headers(HttpResponse(), None)
self.assertEqual(response.get('Access-Control-Allow-Origin', None),
None)
self.assertEqual(response.get('Access-Control-Allow-Headers', None),
None)
self.assertEqual(response.get('Access-Control-Allow-Methods', None),
None)
def test_allow_origin_project_and_setting(self):
from sentry.models import Project, ProjectOption
project = Project.objects.get()
ProjectOption.objects.create(project=project, key='sentry:origins', value=['http://foo.example'])
with self.Settings(SENTRY_ALLOW_ORIGIN='http://example.com'):
response = apply_access_control_headers(HttpResponse(), project)
self.assertEqual(response.get('Access-Control-Allow-Origin', None),
"http://example.com http://foo.example")
self.assertEqual(response.get('Access-Control-Allow-Headers', None),
"X-Sentry-Auth, Authentication")
self.assertEqual(response.get('Access-Control-Allow-Methods', None),
"POST")
def test_allow_origin(self):
with self.Settings(SENTRY_ALLOW_ORIGIN="http://foo.example"):
response = apply_access_control_headers(HttpResponse(), "http://foo.example")
self.assertEqual(response.get('Access-Control-Allow-Origin', None),
"http://foo.example")
headers = response.get('Access-Control-Allow-Headers', None)
self.assertNotEquals(headers, None)
headers = headers.split(', ')
self.assertIn('X-Sentry-Auth', headers)
self.assertIn('Authentication', headers)
methods = response.get('Access-Control-Allow-Methods', None)
self.assertNotEquals(methods, None)
methods = methods.split(', ')
self.assertIn('POST', methods)
self.assertIn('HEAD', methods)
self.assertIn('OPTIONS', methods)
def wrapped(request, project_id=None, *args, **kwargs):
if project_id:
if project_id.isdigit():
lookup_kwargs = {"id": int(project_id)}
else:
lookup_kwargs = {"slug": project_id}
try:
project = Project.objects.get_from_cache(**lookup_kwargs)
except Project.DoesNotExist:
return HttpResponse("Invalid project_id: %r" % project_id, status=400)
else:
project = None
origin = request.META.get("HTTP_ORIGIN", None)
if origin is not None and not is_valid_origin(origin, project):
return HttpResponse("Invalid origin: %r" % origin, status=400)
response = func(request, project, *args, **kwargs)
response = apply_access_control_headers(response, origin)
return response
def wrapped(request, project_id=None, *args, **kwargs):
if project_id:
if project_id.isdigit():
lookup_kwargs = {'id': int(project_id)}
else:
lookup_kwargs = {'slug': project_id}
try:
project = Project.objects.get_from_cache(**lookup_kwargs)
except Project.DoesNotExist:
return HttpResponse('Invalid project_id: %r' % project_id, status=400)
else:
project = None
origin = request.META.get('HTTP_ORIGIN', None)
if origin is not None and not is_valid_origin(origin, project):
return HttpResponse('Invalid origin: %r' % origin, status=400)
response = func(request, project, *args, **kwargs)
response = apply_access_control_headers(response, origin)
return response
project=project,
auth=auth,
**kwargs)
except APIError, error:
logger.info('Project %r raised API error: %s',
project.slug,
error,
extra={
'request': request,
},
exc_info=True)
response = HttpResponse(unicode(error.msg),
status=error.http_status)
response = apply_access_control_headers(response, origin)
return response
# XXX: backported from Django 1.5
def _allowed_methods(self):
return [m.upper() for m in self.http_method_names if hasattr(self, m)]
def options(self, request, *args, **kwargs):
response = HttpResponse()
response['Allow'] = ', '.join(self._allowed_methods())
response['Content-Length'] = '0'
return response
class StoreView(APIView):
# Log the error, remove the timestamp, and revalidate
error_logger.error('Client %r passed an invalid value for timestamp %r' % (
data['timestamp'],
client or '<unknown client>',
))
del data['timestamp']
validate_data(project, data)
insert_data_to_database(data)
except APIError, error:
logging.error('Client %r raised API error: %s' % (client, error), exc_info=True)
response = HttpResponse(unicode(error.msg), status=error.http_status)
else:
logging.info('New event from client %r (id=%%s)' % client, data['event_id'])
response = HttpResponse('')
return apply_access_control_headers(response)
@csrf_exempt
@has_access
def notification(request, project):
return render_to_response('sentry/partial/_notification.html', request.GET)
@csrf_exempt
@has_access
def poll(request, project):
from sentry.templatetags.sentry_helpers import as_bookmarks, handle_before_events
offset = 0
limit = settings.MESSAGES_PER_PAGE
try:
validate_data(project, data, client)
except InvalidData, e:
raise APIError(unicode(e))
insert_data_to_database(data)
except APIError, error:
logging.error('Client %r raised API error: %s' % (client, error),
exc_info=True)
response = HttpResponse(unicode(error.msg), status=error.http_status)
else:
logging.info('New event from client %r (id=%%s)' % client,
data['event_id'])
response = HttpResponse('')
return apply_access_control_headers(response)
@csrf_exempt
@has_access
def notification(request, project):
return render_to_response('sentry/partial/_notification.html', request.GET)
@csrf_exempt
@has_access
def poll(request, project):
from sentry.templatetags.sentry_helpers import as_bookmarks
from sentry.templatetags.sentry_plugins import handle_before_events
offset = 0
origin = request.META.get('HTTP_ORIGIN', None)
if origin is not None and not is_valid_origin(origin, project):
return HttpResponse('Invalid origin: %r' % origin, status=400)
auth = Auth(auth_vars)
try:
response = super(APIView, self).dispatch(request, project=project, auth=auth, **kwargs)
except APIError, error:
logger.info('Project %r raised API error: %s', project.slug, error, extra={
'request': request,
}, exc_info=True)
response = HttpResponse(unicode(error.msg), status=error.http_status)
response = apply_access_control_headers(response, origin)
return response
# XXX: backported from Django 1.5
def _allowed_methods(self):
return [m.upper() for m in self.http_method_names if hasattr(self, m)]
def options(self, request, *args, **kwargs):
response = HttpResponse()
response['Allow'] = ', '.join(self._allowed_methods())
response['Content-Length'] = '0'
return response
class StoreView(APIView):
