author | Sylvain Thénault <sylvain.thenault@logilab.fr> |
Tue, 15 Apr 2014 11:55:37 +0200 | |
changeset 9790 | 0872ac2a1db0 |
parent 9659 | c45073a96aee |
child 9727 | 33f6ad4c75a5 |
child 9876 | ff98039cb4cd |
permissions | -rw-r--r-- |
9428
946aded614f3
[web error] exception may not have a 'status' attribute, generating an AttributeError that hides the original error. Closes #3381670
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
9355
diff
changeset
|
1 |
# copyright 2003-2014 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
5421
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5377
diff
changeset
|
2 |
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5377
diff
changeset
|
3 |
# |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5377
diff
changeset
|
4 |
# This file is part of CubicWeb. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5377
diff
changeset
|
5 |
# |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5377
diff
changeset
|
6 |
# CubicWeb is free software: you can redistribute it and/or modify it under the |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5377
diff
changeset
|
7 |
# terms of the GNU Lesser General Public License as published by the Free |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5377
diff
changeset
|
8 |
# Software Foundation, either version 2.1 of the License, or (at your option) |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5377
diff
changeset
|
9 |
# any later version. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5377
diff
changeset
|
10 |
# |
5424
8ecbcbff9777
replace logilab-common by CubicWeb in disclaimer
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5421
diff
changeset
|
11 |
# CubicWeb is distributed in the hope that it will be useful, but WITHOUT |
5421
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5377
diff
changeset
|
12 |
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5377
diff
changeset
|
13 |
# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5377
diff
changeset
|
14 |
# details. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5377
diff
changeset
|
15 |
# |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5377
diff
changeset
|
16 |
# You should have received a copy of the GNU Lesser General Public License along |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5377
diff
changeset
|
17 |
# with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
5722
61d6a4caa963
[iprogress] move adapter to entities.adapters
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5655
diff
changeset
|
18 |
"""CubicWeb web client application object""" |
0 | 19 |
|
20 |
__docformat__ = "restructuredtext en" |
|
21 |
||
22 |
import sys |
|
23 |
from time import clock, time |
|
7876
df15d194a134
[views] implement json / jsonp export views (closes #1942658)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7855
diff
changeset
|
24 |
from contextlib import contextmanager |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
25 |
from warnings import warn |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
26 |
|
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
27 |
import httplib |
0 | 28 |
|
2613
5e19c2bb370e
R [all] logilab.common 0.44 provides only deprecated
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
2476
diff
changeset
|
29 |
from logilab.common.deprecation import deprecated |
2058
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
30 |
|
0 | 31 |
from rql import BadRQLQuery |
32 |
||
2058
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
33 |
from cubicweb import set_log_methods, cwvreg |
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
34 |
from cubicweb import ( |
8602
d066ba3bb07d
[web] add a Forbidden exception
David Douard <david.douard@logilab.fr>
parents:
8470
diff
changeset
|
35 |
ValidationError, Unauthorized, Forbidden, |
d066ba3bb07d
[web] add a Forbidden exception
David Douard <david.douard@logilab.fr>
parents:
8470
diff
changeset
|
36 |
AuthenticationError, NoSelectableObject, |
6791
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6680
diff
changeset
|
37 |
BadConnectionId, CW_EVENT_MANAGER) |
9071
46885bfa4150
Use new repoapi for the web stack
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9066
diff
changeset
|
38 |
from cubicweb.repoapi import anonymous_cnx |
9571
aaf83cc07eed
[web] implement cross origin resource sharing (CORS) (closes #2491768)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
9478
diff
changeset
|
39 |
from cubicweb.web import LOGGER, component, cors |
2058
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
40 |
from cubicweb.web import ( |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
41 |
StatusResponse, DirectResponse, Redirect, NotFound, LogOut, |
9428
946aded614f3
[web error] exception may not have a 'status' attribute, generating an AttributeError that hides the original error. Closes #3381670
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
9355
diff
changeset
|
42 |
RemoteCallFailed, InvalidSession, RequestError, PublishException) |
0 | 43 |
|
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
44 |
from cubicweb.web.request import CubicWebRequestBase |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
45 |
|
0 | 46 |
# make session manager available through a global variable so the debug view can |
47 |
# print information about web session |
|
48 |
SESSION_MANAGER = None |
|
49 |
||
7876
df15d194a134
[views] implement json / jsonp export views (closes #1942658)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7855
diff
changeset
|
50 |
|
df15d194a134
[views] implement json / jsonp export views (closes #1942658)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7855
diff
changeset
|
51 |
@contextmanager |
df15d194a134
[views] implement json / jsonp export views (closes #1942658)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7855
diff
changeset
|
52 |
def anonymized_request(req): |
9071
46885bfa4150
Use new repoapi for the web stack
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9066
diff
changeset
|
53 |
orig_cnx = req.cnx |
46885bfa4150
Use new repoapi for the web stack
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9066
diff
changeset
|
54 |
anon_clt_cnx = anonymous_cnx(orig_cnx._session.repo) |
46885bfa4150
Use new repoapi for the web stack
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9066
diff
changeset
|
55 |
req.set_cnx(anon_clt_cnx) |
7876
df15d194a134
[views] implement json / jsonp export views (closes #1942658)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7855
diff
changeset
|
56 |
try: |
9071
46885bfa4150
Use new repoapi for the web stack
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9066
diff
changeset
|
57 |
with anon_clt_cnx: |
46885bfa4150
Use new repoapi for the web stack
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9066
diff
changeset
|
58 |
yield req |
7876
df15d194a134
[views] implement json / jsonp export views (closes #1942658)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7855
diff
changeset
|
59 |
finally: |
9071
46885bfa4150
Use new repoapi for the web stack
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9066
diff
changeset
|
60 |
req.set_cnx(orig_cnx) |
7876
df15d194a134
[views] implement json / jsonp export views (closes #1942658)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7855
diff
changeset
|
61 |
|
2058
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
62 |
class AbstractSessionManager(component.Component): |
0 | 63 |
"""manage session data associated to a session identifier""" |
3408
c92170fca813
[api] use __regid__ instead of deprecated id
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
2887
diff
changeset
|
64 |
__regid__ = 'sessionmanager' |
1426 | 65 |
|
9032
629a8d49d6f5
[auth] pass `repo` instead of `vreg` to SessionManager and AuthenticationManager
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9031
diff
changeset
|
66 |
def __init__(self, repo): |
629a8d49d6f5
[auth] pass `repo` instead of `vreg` to SessionManager and AuthenticationManager
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9031
diff
changeset
|
67 |
vreg = repo.vreg |
2887
1282dc6525c5
give vreg where we need it (eg no bound request)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2867
diff
changeset
|
68 |
self.session_time = vreg.config['http-session-time'] or None |
9032
629a8d49d6f5
[auth] pass `repo` instead of `vreg` to SessionManager and AuthenticationManager
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9031
diff
changeset
|
69 |
self.authmanager = vreg['components'].select('authmanager', repo=repo) |
6012
d56fd78006cd
[session] cleanup session-time / cleanup-session-time...
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5868
diff
changeset
|
70 |
interval = (self.session_time or 0) / 2. |
9355
19ab31ea6ffb
Fix use of vreg.config.anonymous_user()
Julien Cristau <julien.cristau@logilab.fr>
parents:
9228
diff
changeset
|
71 |
if vreg.config.anonymous_user()[0] is not None: |
6012
d56fd78006cd
[session] cleanup session-time / cleanup-session-time...
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5868
diff
changeset
|
72 |
self.cleanup_anon_session_time = vreg.config['cleanup-anonymous-session-time'] or 5 * 60 |
d56fd78006cd
[session] cleanup session-time / cleanup-session-time...
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5868
diff
changeset
|
73 |
assert self.cleanup_anon_session_time > 0 |
d56fd78006cd
[session] cleanup session-time / cleanup-session-time...
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5868
diff
changeset
|
74 |
if self.session_time is not None: |
d56fd78006cd
[session] cleanup session-time / cleanup-session-time...
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5868
diff
changeset
|
75 |
self.cleanup_anon_session_time = min(self.session_time, |
d56fd78006cd
[session] cleanup session-time / cleanup-session-time...
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5868
diff
changeset
|
76 |
self.cleanup_anon_session_time) |
d56fd78006cd
[session] cleanup session-time / cleanup-session-time...
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5868
diff
changeset
|
77 |
interval = self.cleanup_anon_session_time / 2. |
d56fd78006cd
[session] cleanup session-time / cleanup-session-time...
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5868
diff
changeset
|
78 |
# we don't want to check session more than once every 5 minutes |
d56fd78006cd
[session] cleanup session-time / cleanup-session-time...
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5868
diff
changeset
|
79 |
self.clean_sessions_interval = max(5 * 60, interval) |
1426 | 80 |
|
0 | 81 |
def clean_sessions(self): |
82 |
"""cleanup sessions which has not been unused since a given amount of |
|
83 |
time. Return the number of sessions which have been closed. |
|
84 |
""" |
|
85 |
self.debug('cleaning http sessions') |
|
6012
d56fd78006cd
[session] cleanup session-time / cleanup-session-time...
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5868
diff
changeset
|
86 |
session_time = self.session_time |
0 | 87 |
closed, total = 0, 0 |
88 |
for session in self.current_sessions(): |
|
89 |
total += 1 |
|
6012
d56fd78006cd
[session] cleanup session-time / cleanup-session-time...
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5868
diff
changeset
|
90 |
try: |
d56fd78006cd
[session] cleanup session-time / cleanup-session-time...
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5868
diff
changeset
|
91 |
last_usage_time = session.cnx.check() |
7589
d3459fe041f0
[web session] fix bad cleanup of session without a connection set. Closes #1772125
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7428
diff
changeset
|
92 |
except AttributeError: |
d3459fe041f0
[web session] fix bad cleanup of session without a connection set. Closes #1772125
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7428
diff
changeset
|
93 |
last_usage_time = session.mtime |
6012
d56fd78006cd
[session] cleanup session-time / cleanup-session-time...
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5868
diff
changeset
|
94 |
except BadConnectionId: |
d56fd78006cd
[session] cleanup session-time / cleanup-session-time...
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5868
diff
changeset
|
95 |
self.close_session(session) |
d56fd78006cd
[session] cleanup session-time / cleanup-session-time...
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5868
diff
changeset
|
96 |
closed += 1 |
d56fd78006cd
[session] cleanup session-time / cleanup-session-time...
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5868
diff
changeset
|
97 |
else: |
d56fd78006cd
[session] cleanup session-time / cleanup-session-time...
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5868
diff
changeset
|
98 |
no_use_time = (time() - last_usage_time) |
d56fd78006cd
[session] cleanup session-time / cleanup-session-time...
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5868
diff
changeset
|
99 |
if session.anonymous_session: |
d56fd78006cd
[session] cleanup session-time / cleanup-session-time...
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5868
diff
changeset
|
100 |
if no_use_time >= self.cleanup_anon_session_time: |
d56fd78006cd
[session] cleanup session-time / cleanup-session-time...
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5868
diff
changeset
|
101 |
self.close_session(session) |
d56fd78006cd
[session] cleanup session-time / cleanup-session-time...
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5868
diff
changeset
|
102 |
closed += 1 |
d56fd78006cd
[session] cleanup session-time / cleanup-session-time...
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5868
diff
changeset
|
103 |
elif session_time is not None and no_use_time >= session_time: |
0 | 104 |
self.close_session(session) |
105 |
closed += 1 |
|
106 |
return closed, total - closed |
|
1426 | 107 |
|
0 | 108 |
def current_sessions(self): |
109 |
"""return currently open sessions""" |
|
110 |
raise NotImplementedError() |
|
1426 | 111 |
|
0 | 112 |
def get_session(self, req, sessionid): |
113 |
"""return existing session for the given session identifier""" |
|
114 |
raise NotImplementedError() |
|
115 |
||
116 |
def open_session(self, req): |
|
9019
e08f9c55dab5
[application] call req.set_session in application.main_handle_request
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9018
diff
changeset
|
117 |
"""open and return a new session for the given request. |
1426 | 118 |
|
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
119 |
raise :exc:`cubicweb.AuthenticationError` if authentication failed |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
120 |
(no authentication info found or wrong user/password) |
0 | 121 |
""" |
122 |
raise NotImplementedError() |
|
1426 | 123 |
|
0 | 124 |
def close_session(self, session): |
125 |
"""close session on logout or on invalid session detected (expired out, |
|
126 |
corrupted...) |
|
127 |
""" |
|
128 |
raise NotImplementedError() |
|
129 |
||
130 |
||
2058
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
131 |
class AbstractAuthenticationManager(component.Component): |
0 | 132 |
"""authenticate user associated to a request and check session validity""" |
7990
a673d1d9a738
[diet]Â drop pre 3.6 API compatibility (but attempt to keep data cmopatibility). Closes #2017916
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7876
diff
changeset
|
133 |
__regid__ = 'authmanager' |
2887
1282dc6525c5
give vreg where we need it (eg no bound request)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2867
diff
changeset
|
134 |
|
9032
629a8d49d6f5
[auth] pass `repo` instead of `vreg` to SessionManager and AuthenticationManager
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9031
diff
changeset
|
135 |
def __init__(self, repo): |
629a8d49d6f5
[auth] pass `repo` instead of `vreg` to SessionManager and AuthenticationManager
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9031
diff
changeset
|
136 |
self.vreg = repo.vreg |
0 | 137 |
|
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
138 |
def validate_session(self, req, session): |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
139 |
"""check session validity, reconnecting it to the repository if the |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
140 |
associated connection expired in the repository side (hence the |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
141 |
necessity for this method). |
1426 | 142 |
|
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
143 |
raise :exc:`InvalidSession` if session is corrupted for a reason or |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
144 |
another and should be closed |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
145 |
""" |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
146 |
raise NotImplementedError() |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
147 |
|
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
148 |
def authenticate(self, req): |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
149 |
"""authenticate user using connection information found in the request, |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
150 |
and return corresponding a :class:`~cubicweb.dbapi.Connection` instance, |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
151 |
as well as login and authentication information dictionary used to open |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
152 |
the connection. |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
153 |
|
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
154 |
raise :exc:`cubicweb.AuthenticationError` if authentication failed |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
155 |
(no authentication info found or wrong user/password) |
0 | 156 |
""" |
157 |
raise NotImplementedError() |
|
158 |
||
1426 | 159 |
|
0 | 160 |
class CookieSessionHandler(object): |
6680
b62ebf1d9388
[web session] fix '#1375582: sometime have to relogin since secure session cookie are used' by having different session cookie for http/https version. Also add application name to avoid potential pb when developping differents appls on the same port.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6582
diff
changeset
|
161 |
"""a session handler using a cookie to store the session identifier""" |
1426 | 162 |
|
0 | 163 |
def __init__(self, appli): |
9032
629a8d49d6f5
[auth] pass `repo` instead of `vreg` to SessionManager and AuthenticationManager
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9031
diff
changeset
|
164 |
self.repo = appli.repo |
2706
09baf5175196
[web session] proper reloading of the session manager on vreg update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2705
diff
changeset
|
165 |
self.vreg = appli.vreg |
2887
1282dc6525c5
give vreg where we need it (eg no bound request)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2867
diff
changeset
|
166 |
self.session_manager = self.vreg['components'].select('sessionmanager', |
9032
629a8d49d6f5
[auth] pass `repo` instead of `vreg` to SessionManager and AuthenticationManager
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9031
diff
changeset
|
167 |
repo=self.repo) |
0 | 168 |
global SESSION_MANAGER |
169 |
SESSION_MANAGER = self.session_manager |
|
5000
f1a10b41417a
[test] don't try to reset session manager during test,
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4914
diff
changeset
|
170 |
if self.vreg.config.mode != 'test': |
f1a10b41417a
[test] don't try to reset session manager during test,
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4914
diff
changeset
|
171 |
# don't try to reset session manager during test, this leads to |
f1a10b41417a
[test] don't try to reset session manager during test,
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4914
diff
changeset
|
172 |
# weird failures when running multiple tests |
f1a10b41417a
[test] don't try to reset session manager during test,
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4914
diff
changeset
|
173 |
CW_EVENT_MANAGER.bind('after-registry-reload', |
f1a10b41417a
[test] don't try to reset session manager during test,
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4914
diff
changeset
|
174 |
self.reset_session_manager) |
2706
09baf5175196
[web session] proper reloading of the session manager on vreg update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2705
diff
changeset
|
175 |
|
09baf5175196
[web session] proper reloading of the session manager on vreg update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2705
diff
changeset
|
176 |
def reset_session_manager(self): |
09baf5175196
[web session] proper reloading of the session manager on vreg update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2705
diff
changeset
|
177 |
data = self.session_manager.dump_data() |
2887
1282dc6525c5
give vreg where we need it (eg no bound request)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2867
diff
changeset
|
178 |
self.session_manager = self.vreg['components'].select('sessionmanager', |
9032
629a8d49d6f5
[auth] pass `repo` instead of `vreg` to SessionManager and AuthenticationManager
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9031
diff
changeset
|
179 |
repo=self.repo) |
2706
09baf5175196
[web session] proper reloading of the session manager on vreg update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2705
diff
changeset
|
180 |
self.session_manager.restore_data(data) |
09baf5175196
[web session] proper reloading of the session manager on vreg update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2705
diff
changeset
|
181 |
global SESSION_MANAGER |
09baf5175196
[web session] proper reloading of the session manager on vreg update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2705
diff
changeset
|
182 |
SESSION_MANAGER = self.session_manager |
0 | 183 |
|
5325
f1c660e1169e
[web] consistent cleanup session interval time
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5283
diff
changeset
|
184 |
@property |
f1c660e1169e
[web] consistent cleanup session interval time
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5283
diff
changeset
|
185 |
def clean_sessions_interval(self): |
f1c660e1169e
[web] consistent cleanup session interval time
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5283
diff
changeset
|
186 |
return self.session_manager.clean_sessions_interval |
f1c660e1169e
[web] consistent cleanup session interval time
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5283
diff
changeset
|
187 |
|
0 | 188 |
def clean_sessions(self): |
189 |
"""cleanup sessions which has not been unused since a given amount of |
|
190 |
time |
|
191 |
""" |
|
192 |
self.session_manager.clean_sessions() |
|
1426 | 193 |
|
6680
b62ebf1d9388
[web session] fix '#1375582: sometime have to relogin since secure session cookie are used' by having different session cookie for http/https version. Also add application name to avoid potential pb when developping differents appls on the same port.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6582
diff
changeset
|
194 |
def session_cookie(self, req): |
b62ebf1d9388
[web session] fix '#1375582: sometime have to relogin since secure session cookie are used' by having different session cookie for http/https version. Also add application name to avoid potential pb when developping differents appls on the same port.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6582
diff
changeset
|
195 |
"""return a string giving the name of the cookie used to store the |
b62ebf1d9388
[web session] fix '#1375582: sometime have to relogin since secure session cookie are used' by having different session cookie for http/https version. Also add application name to avoid potential pb when developping differents appls on the same port.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6582
diff
changeset
|
196 |
session identifier. |
b62ebf1d9388
[web session] fix '#1375582: sometime have to relogin since secure session cookie are used' by having different session cookie for http/https version. Also add application name to avoid potential pb when developping differents appls on the same port.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6582
diff
changeset
|
197 |
""" |
b62ebf1d9388
[web session] fix '#1375582: sometime have to relogin since secure session cookie are used' by having different session cookie for http/https version. Also add application name to avoid potential pb when developping differents appls on the same port.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6582
diff
changeset
|
198 |
if req.https: |
b62ebf1d9388
[web session] fix '#1375582: sometime have to relogin since secure session cookie are used' by having different session cookie for http/https version. Also add application name to avoid potential pb when developping differents appls on the same port.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6582
diff
changeset
|
199 |
return '__%s_https_session' % self.vreg.config.appid |
b62ebf1d9388
[web session] fix '#1375582: sometime have to relogin since secure session cookie are used' by having different session cookie for http/https version. Also add application name to avoid potential pb when developping differents appls on the same port.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6582
diff
changeset
|
200 |
return '__%s_session' % self.vreg.config.appid |
b62ebf1d9388
[web session] fix '#1375582: sometime have to relogin since secure session cookie are used' by having different session cookie for http/https version. Also add application name to avoid potential pb when developping differents appls on the same port.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6582
diff
changeset
|
201 |
|
9019
e08f9c55dab5
[application] call req.set_session in application.main_handle_request
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9018
diff
changeset
|
202 |
def get_session(self, req): |
e08f9c55dab5
[application] call req.set_session in application.main_handle_request
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9018
diff
changeset
|
203 |
"""Return a session object corresponding to credentials held by the req |
0 | 204 |
|
205 |
Session id is searched from : |
|
206 |
- # form variable |
|
207 |
- cookie |
|
208 |
||
9019
e08f9c55dab5
[application] call req.set_session in application.main_handle_request
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9018
diff
changeset
|
209 |
If no session id is found, try opening a new session with credentials |
e08f9c55dab5
[application] call req.set_session in application.main_handle_request
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9018
diff
changeset
|
210 |
found in the request. |
0 | 211 |
|
9019
e08f9c55dab5
[application] call req.set_session in application.main_handle_request
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9018
diff
changeset
|
212 |
Raises AuthenticationError if no session can be found or created. |
0 | 213 |
""" |
214 |
cookie = req.get_cookie() |
|
6680
b62ebf1d9388
[web session] fix '#1375582: sometime have to relogin since secure session cookie are used' by having different session cookie for http/https version. Also add application name to avoid potential pb when developping differents appls on the same port.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6582
diff
changeset
|
215 |
sessioncookie = self.session_cookie(req) |
0 | 216 |
try: |
6680
b62ebf1d9388
[web session] fix '#1375582: sometime have to relogin since secure session cookie are used' by having different session cookie for http/https version. Also add application name to avoid potential pb when developping differents appls on the same port.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6582
diff
changeset
|
217 |
sessionid = str(cookie[sessioncookie].value) |
9019
e08f9c55dab5
[application] call req.set_session in application.main_handle_request
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9018
diff
changeset
|
218 |
session = self.get_session_by_id(req, sessionid) |
9017
aa709bc6b6c1
[application/connect] simplify connection logic
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8997
diff
changeset
|
219 |
except (KeyError, InvalidSession): # no valid session cookie |
0 | 220 |
session = self.open_session(req) |
9019
e08f9c55dab5
[application] call req.set_session in application.main_handle_request
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9018
diff
changeset
|
221 |
return session |
0 | 222 |
|
9019
e08f9c55dab5
[application] call req.set_session in application.main_handle_request
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9018
diff
changeset
|
223 |
def get_session_by_id(self, req, sessionid): |
7589
d3459fe041f0
[web session] fix bad cleanup of session without a connection set. Closes #1772125
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7428
diff
changeset
|
224 |
session = self.session_manager.get_session(req, sessionid) |
d3459fe041f0
[web session] fix bad cleanup of session without a connection set. Closes #1772125
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7428
diff
changeset
|
225 |
session.mtime = time() |
d3459fe041f0
[web session] fix bad cleanup of session without a connection set. Closes #1772125
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7428
diff
changeset
|
226 |
return session |
1426 | 227 |
|
9017
aa709bc6b6c1
[application/connect] simplify connection logic
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8997
diff
changeset
|
228 |
def open_session(self, req): |
aa709bc6b6c1
[application/connect] simplify connection logic
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8997
diff
changeset
|
229 |
session = self.session_manager.open_session(req) |
6680
b62ebf1d9388
[web session] fix '#1375582: sometime have to relogin since secure session cookie are used' by having different session cookie for http/https version. Also add application name to avoid potential pb when developping differents appls on the same port.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6582
diff
changeset
|
230 |
sessioncookie = self.session_cookie(req) |
7855
54283a5b7afc
[web request]Â fix cookie 'expires' formating (closes #1953945)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7815
diff
changeset
|
231 |
secure = req.https and req.base_url().startswith('https://') |
54283a5b7afc
[web request]Â fix cookie 'expires' formating (closes #1953945)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7815
diff
changeset
|
232 |
req.set_cookie(sessioncookie, session.sessionid, |
54283a5b7afc
[web request]Â fix cookie 'expires' formating (closes #1953945)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7815
diff
changeset
|
233 |
maxage=None, secure=secure) |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
234 |
if not session.anonymous_session: |
9018
9deb024a96c0
[session-handler] use session directly to update last usage
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9017
diff
changeset
|
235 |
self.session_manager.postlogin(req, session) |
0 | 236 |
return session |
237 |
||
4911
898c35be5873
#750055: make it easier to change post logout url
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4709
diff
changeset
|
238 |
def logout(self, req, goto_url): |
2476
1294a6bdf3bf
application -> instance where it makes sense
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2293
diff
changeset
|
239 |
"""logout from the instance by cleaning the session and raising |
0 | 240 |
`AuthenticationError` |
241 |
""" |
|
5494
f3bb53f1737c
[web session] fix potential key error on logout (occurs once the session has been transparently reconnected, hence session.sessionid and session.cnx.sessionid differs)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5426
diff
changeset
|
242 |
self.session_manager.close_session(req.session) |
7855
54283a5b7afc
[web request]Â fix cookie 'expires' formating (closes #1953945)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7815
diff
changeset
|
243 |
req.remove_cookie(self.session_cookie(req)) |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
244 |
raise LogOut(url=goto_url) |
0 | 245 |
|
7083
b8e35cde46e9
help pylint by explicitely defining some attributes
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
6791
diff
changeset
|
246 |
# these are overridden by set_log_methods below |
b8e35cde46e9
help pylint by explicitely defining some attributes
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
6791
diff
changeset
|
247 |
# only defining here to prevent pylint from complaining |
b8e35cde46e9
help pylint by explicitely defining some attributes
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
6791
diff
changeset
|
248 |
info = warning = error = critical = exception = debug = lambda msg,*a,**kw: None |
0 | 249 |
|
250 |
class CubicWebPublisher(object): |
|
2058
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
251 |
"""the publisher is a singleton hold by the web frontend, and is responsible |
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
252 |
to publish HTTP request. |
8997
525915f8bc1c
[web/application] add some minimal documentation
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8753
diff
changeset
|
253 |
|
525915f8bc1c
[web/application] add some minimal documentation
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8753
diff
changeset
|
254 |
The http server will call its main entry point ``application.handle_request``. |
525915f8bc1c
[web/application] add some minimal documentation
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8753
diff
changeset
|
255 |
|
525915f8bc1c
[web/application] add some minimal documentation
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8753
diff
changeset
|
256 |
.. automethod:: cubicweb.web.application.CubicWebPublisher.main_handle_request |
9031
6ff29f2879da
web/application: instantiate the repository outside of CubicWebPublisher
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9030
diff
changeset
|
257 |
|
6ff29f2879da
web/application: instantiate the repository outside of CubicWebPublisher
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9030
diff
changeset
|
258 |
You have to provide both a repository and web-server config at |
6ff29f2879da
web/application: instantiate the repository outside of CubicWebPublisher
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9030
diff
changeset
|
259 |
initialization. In all in one instance both config will be the same. |
0 | 260 |
""" |
1426 | 261 |
|
9031
6ff29f2879da
web/application: instantiate the repository outside of CubicWebPublisher
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9030
diff
changeset
|
262 |
def __init__(self, repo, config, session_handler_fact=CookieSessionHandler): |
4484
d87989d91635
fix duplicated vregistry initialization during tests
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4212
diff
changeset
|
263 |
self.info('starting web instance from %s', config.apphome) |
9031
6ff29f2879da
web/application: instantiate the repository outside of CubicWebPublisher
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9030
diff
changeset
|
264 |
self.repo = repo |
6ff29f2879da
web/application: instantiate the repository outside of CubicWebPublisher
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9030
diff
changeset
|
265 |
self.vreg = repo.vreg |
6ff29f2879da
web/application: instantiate the repository outside of CubicWebPublisher
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9030
diff
changeset
|
266 |
# get instance's schema |
6ff29f2879da
web/application: instantiate the repository outside of CubicWebPublisher
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9030
diff
changeset
|
267 |
if not self.vreg.initialized: |
5650
86e874fe30ea
[web] cleanup use of config in web application initialisation
Julien Jehannet <julien.jehannet@logilab.fr>
parents:
5587
diff
changeset
|
268 |
config.init_cubes(self.repo.get_cubes()) |
9031
6ff29f2879da
web/application: instantiate the repository outside of CubicWebPublisher
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9030
diff
changeset
|
269 |
self.vreg.init_properties(self.repo.properties()) |
6ff29f2879da
web/application: instantiate the repository outside of CubicWebPublisher
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9030
diff
changeset
|
270 |
self.vreg.set_schema(self.repo.get_schema()) |
0 | 271 |
# set the correct publish method |
272 |
if config['query-log-file']: |
|
273 |
from threading import Lock |
|
274 |
self._query_log = open(config['query-log-file'], 'a') |
|
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
275 |
self.handle_request = self.log_handle_request |
1426 | 276 |
self._logfile_lock = Lock() |
0 | 277 |
else: |
278 |
self._query_log = None |
|
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
279 |
self.handle_request = self.main_handle_request |
0 | 280 |
# instantiate session and url resolving helpers |
281 |
self.session_handler = session_handler_fact(self) |
|
2685
0518ca8f63e3
[autoreload] recompute urlresolver / urlrewriter after autoreload
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
2666
diff
changeset
|
282 |
self.set_urlresolver() |
2705
30bcdbd92820
[events] renamed source-reload into registry-reload to avoid potential confusions with datasources
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
2685
diff
changeset
|
283 |
CW_EVENT_MANAGER.bind('after-registry-reload', self.set_urlresolver) |
2685
0518ca8f63e3
[autoreload] recompute urlresolver / urlrewriter after autoreload
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
2666
diff
changeset
|
284 |
|
0518ca8f63e3
[autoreload] recompute urlresolver / urlrewriter after autoreload
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
2666
diff
changeset
|
285 |
def set_urlresolver(self): |
2887
1282dc6525c5
give vreg where we need it (eg no bound request)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2867
diff
changeset
|
286 |
self.url_resolver = self.vreg['components'].select('urlpublisher', |
1282dc6525c5
give vreg where we need it (eg no bound request)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2867
diff
changeset
|
287 |
vreg=self.vreg) |
1426 | 288 |
|
9019
e08f9c55dab5
[application] call req.set_session in application.main_handle_request
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9018
diff
changeset
|
289 |
def get_session(self, req): |
e08f9c55dab5
[application] call req.set_session in application.main_handle_request
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9018
diff
changeset
|
290 |
"""Return a session object corresponding to credentials held by the req |
e08f9c55dab5
[application] call req.set_session in application.main_handle_request
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9018
diff
changeset
|
291 |
|
e08f9c55dab5
[application] call req.set_session in application.main_handle_request
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9018
diff
changeset
|
292 |
May raise AuthenticationError. |
0 | 293 |
""" |
9019
e08f9c55dab5
[application] call req.set_session in application.main_handle_request
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9018
diff
changeset
|
294 |
return self.session_handler.get_session(req) |
0 | 295 |
|
296 |
# publish methods ######################################################### |
|
1426 | 297 |
|
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
298 |
def log_handle_request(self, req, path): |
0 | 299 |
"""wrapper around _publish to log all queries executed for a given |
300 |
accessed path |
|
301 |
""" |
|
302 |
try: |
|
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
303 |
return self.main_handle_request(req, path) |
0 | 304 |
finally: |
305 |
cnx = req.cnx |
|
5244
5467674ad101
[web] put a fake object that raise Unauthorized on any attribute access as req.cnx and req._user, so we are properly asked to authenticated on any view that tries to do something with one of those attributes (instead of doing defensive programming everywhere we're doing that)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5223
diff
changeset
|
306 |
if cnx: |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
307 |
with self._logfile_lock: |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
308 |
try: |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
309 |
result = ['\n'+'*'*80] |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
310 |
result.append(req.url()) |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
311 |
result += ['%s %s -- (%.3f sec, %.3f CPU sec)' % q |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
312 |
for q in cnx.executed_queries] |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
313 |
cnx.executed_queries = [] |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
314 |
self._query_log.write('\n'.join(result).encode(req.encoding)) |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
315 |
self._query_log.flush() |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
316 |
except Exception: |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
317 |
self.exception('error while logging queries') |
0 | 318 |
|
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
319 |
|
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
320 |
|
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
321 |
def main_handle_request(self, req, path): |
9175
a7412e884d7b
fix typos in docstring, doc and comments
Julien Cristau <julien.cristau@logilab.fr>
parents:
8997
diff
changeset
|
322 |
"""Process an http request |
8997
525915f8bc1c
[web/application] add some minimal documentation
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8753
diff
changeset
|
323 |
|
525915f8bc1c
[web/application] add some minimal documentation
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8753
diff
changeset
|
324 |
Arguments are: |
525915f8bc1c
[web/application] add some minimal documentation
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8753
diff
changeset
|
325 |
- a Request object |
525915f8bc1c
[web/application] add some minimal documentation
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8753
diff
changeset
|
326 |
- path of the request object |
525915f8bc1c
[web/application] add some minimal documentation
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8753
diff
changeset
|
327 |
|
9175
a7412e884d7b
fix typos in docstring, doc and comments
Julien Cristau <julien.cristau@logilab.fr>
parents:
8997
diff
changeset
|
328 |
It returns the content of the http response. HTTP header and status are |
a7412e884d7b
fix typos in docstring, doc and comments
Julien Cristau <julien.cristau@logilab.fr>
parents:
8997
diff
changeset
|
329 |
set on the Request object. |
8997
525915f8bc1c
[web/application] add some minimal documentation
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8753
diff
changeset
|
330 |
""" |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
331 |
if not isinstance(req, CubicWebRequestBase): |
9175
a7412e884d7b
fix typos in docstring, doc and comments
Julien Cristau <julien.cristau@logilab.fr>
parents:
8997
diff
changeset
|
332 |
warn('[3.15] Application entry point arguments are now (req, path) ' |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
333 |
'not (path, req)', DeprecationWarning, 2) |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
334 |
req, path = path, req |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
335 |
if req.authmode == 'http': |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
336 |
# activate realm-based auth |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
337 |
realm = self.vreg.config['realm'] |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
338 |
req.set_header('WWW-Authenticate', [('Basic', {'realm' : realm })], raw=False) |
8443
86fc11fb6f99
[web/application] declare default 'content' value sooner (closes #2406560)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8390
diff
changeset
|
339 |
content = '' |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
340 |
try: |
9017
aa709bc6b6c1
[application/connect] simplify connection logic
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8997
diff
changeset
|
341 |
try: |
9019
e08f9c55dab5
[application] call req.set_session in application.main_handle_request
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9018
diff
changeset
|
342 |
session = self.get_session(req) |
9071
46885bfa4150
Use new repoapi for the web stack
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9066
diff
changeset
|
343 |
from cubicweb import repoapi |
46885bfa4150
Use new repoapi for the web stack
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9066
diff
changeset
|
344 |
cnx = repoapi.ClientConnection(session) |
46885bfa4150
Use new repoapi for the web stack
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9066
diff
changeset
|
345 |
req.set_cnx(cnx) |
9017
aa709bc6b6c1
[application/connect] simplify connection logic
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8997
diff
changeset
|
346 |
except AuthenticationError: |
9040
3c85e734ce00
[webrequest] set DBAPISession without cnx at initialisation time
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9032
diff
changeset
|
347 |
# Keep the dummy session set at initialisation. |
3c85e734ce00
[webrequest] set DBAPISession without cnx at initialisation time
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9032
diff
changeset
|
348 |
# such session with work to an some extend but raise an |
3c85e734ce00
[webrequest] set DBAPISession without cnx at initialisation time
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9032
diff
changeset
|
349 |
# AuthenticationError on any database access. |
9071
46885bfa4150
Use new repoapi for the web stack
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9066
diff
changeset
|
350 |
import contextlib |
46885bfa4150
Use new repoapi for the web stack
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9066
diff
changeset
|
351 |
@contextlib.contextmanager |
46885bfa4150
Use new repoapi for the web stack
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9066
diff
changeset
|
352 |
def dummy(): |
46885bfa4150
Use new repoapi for the web stack
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9066
diff
changeset
|
353 |
yield |
46885bfa4150
Use new repoapi for the web stack
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9066
diff
changeset
|
354 |
cnx = dummy() |
9017
aa709bc6b6c1
[application/connect] simplify connection logic
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8997
diff
changeset
|
355 |
# XXX We want to clean up this approach in the future. But |
aa709bc6b6c1
[application/connect] simplify connection logic
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8997
diff
changeset
|
356 |
# several cubes like registration or forgotten password rely on |
aa709bc6b6c1
[application/connect] simplify connection logic
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8997
diff
changeset
|
357 |
# this principle. |
9071
46885bfa4150
Use new repoapi for the web stack
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9066
diff
changeset
|
358 |
|
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
359 |
# DENY https acces for anonymous_user |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
360 |
if (req.https |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
361 |
and req.session.anonymous_session |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
362 |
and self.vreg.config['https-deny-anonymous']): |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
363 |
# don't allow anonymous on https connection |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
364 |
raise AuthenticationError() |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
365 |
# nested try to allow LogOut to delegate logic to AuthenticationError |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
366 |
# handler |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
367 |
try: |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
368 |
### Try to generate the actual request content |
9071
46885bfa4150
Use new repoapi for the web stack
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9066
diff
changeset
|
369 |
with cnx: |
46885bfa4150
Use new repoapi for the web stack
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
9066
diff
changeset
|
370 |
content = self.core_handle(req, path) |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
371 |
# Handle user log-out |
8695
358d8bed9626
[toward-py3k] rewrite to "except AnException as exc:" (part of #2711624)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
8694
diff
changeset
|
372 |
except LogOut as ex: |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
373 |
# When authentification is handled by cookie the code that |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
374 |
# raised LogOut must has invalidated the cookie. We can just |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
375 |
# reload the original url without authentification |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
376 |
if self.vreg.config['auth-mode'] == 'cookie' and ex.url: |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
377 |
req.headers_out.setHeader('location', str(ex.url)) |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
378 |
if ex.status is not None: |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
379 |
req.status_out = httplib.SEE_OTHER |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
380 |
# When the authentification is handled by http we must |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
381 |
# explicitly ask for authentification to flush current http |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
382 |
# authentification information |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
383 |
else: |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
384 |
# Render "logged out" content. |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
385 |
# assignement to ``content`` prevent standard |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
386 |
# AuthenticationError code to overwrite it. |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
387 |
content = self.loggedout_content(req) |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
388 |
# let the explicitly reset http credential |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
389 |
raise AuthenticationError() |
8695
358d8bed9626
[toward-py3k] rewrite to "except AnException as exc:" (part of #2711624)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
8694
diff
changeset
|
390 |
except Redirect as ex: |
8470
a85e107947e6
[web app] handle Redirect raised during session establishment, as this may be used by eg openid authentication. Closes #2430018
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8466
diff
changeset
|
391 |
# authentication needs redirection (eg openid) |
a85e107947e6
[web app] handle Redirect raised during session establishment, as this may be used by eg openid authentication. Closes #2430018
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8466
diff
changeset
|
392 |
content = self.redirect_handler(req, ex) |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
393 |
# Wrong, absent or Reseted credential |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
394 |
except AuthenticationError: |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
395 |
# If there is an https url configured and |
9175
a7412e884d7b
fix typos in docstring, doc and comments
Julien Cristau <julien.cristau@logilab.fr>
parents:
8997
diff
changeset
|
396 |
# the request does not use https, redirect to login form |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
397 |
https_url = self.vreg.config['https-url'] |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
398 |
if https_url and req.base_url() != https_url: |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
399 |
req.status_out = httplib.SEE_OTHER |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
400 |
req.headers_out.setHeader('location', https_url + 'login') |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
401 |
else: |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
402 |
# We assume here that in http auth mode the user *May* provide |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
403 |
# Authentification Credential if asked kindly. |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
404 |
if self.vreg.config['auth-mode'] == 'http': |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
405 |
req.status_out = httplib.UNAUTHORIZED |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
406 |
# In the other case (coky auth) we assume that there is no way |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
407 |
# for the user to provide them... |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
408 |
# XXX But WHY ? |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
409 |
else: |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
410 |
req.status_out = httplib.FORBIDDEN |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
411 |
# If previous error handling already generated a custom content |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
412 |
# do not overwrite it. This is used by LogOut Except |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
413 |
# XXX ensure we don't actually serve content |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
414 |
if not content: |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
415 |
content = self.need_login_content(req) |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
416 |
return content |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
417 |
|
9571
aaf83cc07eed
[web] implement cross origin resource sharing (CORS) (closes #2491768)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
9478
diff
changeset
|
418 |
|
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
419 |
def core_handle(self, req, path): |
0 | 420 |
"""method called by the main publisher to process <path> |
1426 | 421 |
|
0 | 422 |
should return a string containing the resulting page or raise a |
423 |
`NotFound` exception |
|
424 |
||
425 |
:type path: str |
|
426 |
:param path: the path part of the url to publish |
|
1426 | 427 |
|
0 | 428 |
:type req: `web.Request` |
429 |
:param req: the request object |
|
430 |
||
431 |
:rtype: str |
|
432 |
:return: the result of the pusblished url |
|
433 |
""" |
|
434 |
# don't log form values they may contains sensitive information |
|
8390
637b934bc742
[app] turn these info into debug logs (this being too chatty for .info)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8312
diff
changeset
|
435 |
self.debug('publish "%s" (%s, form params: %s)', |
8696
0bb18407c053
[toward py3k] rewrite dict.keys() and dict.values() (part of #2711624)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
8695
diff
changeset
|
436 |
path, req.session.sessionid, list(req.form)) |
0 | 437 |
# remove user callbacks on a new request (except for json controllers |
438 |
# to avoid callbacks being unregistered before they could be called) |
|
439 |
tstart = clock() |
|
5865
af414723598d
[publisher] avoid useless rollback after successful commit, which clutters debug logs and may also not be cost-free
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5721
diff
changeset
|
440 |
commited = False |
0 | 441 |
try: |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
442 |
### standard processing of the request |
0 | 443 |
try: |
9571
aaf83cc07eed
[web] implement cross origin resource sharing (CORS) (closes #2491768)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
9478
diff
changeset
|
444 |
# apply CORS sanity checks |
aaf83cc07eed
[web] implement cross origin resource sharing (CORS) (closes #2491768)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
9478
diff
changeset
|
445 |
cors.process_request(req, self.vreg.config) |
0 | 446 |
ctrlid, rset = self.url_resolver.process(req, path) |
2058
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
447 |
try: |
2650
18aec79ec3a3
R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2613
diff
changeset
|
448 |
controller = self.vreg['controllers'].select(ctrlid, req, |
18aec79ec3a3
R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2613
diff
changeset
|
449 |
appli=self) |
2058
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
450 |
except NoSelectableObject: |
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
451 |
raise Unauthorized(req._('not authorized')) |
581
09f87f2c535e
update_search_state in the publisher since it should be done whatever the controller
sylvain.thenault@logilab.fr
parents:
168
diff
changeset
|
452 |
req.update_search_state() |
0 | 453 |
result = controller.publish(rset=rset) |
9571
aaf83cc07eed
[web] implement cross origin resource sharing (CORS) (closes #2491768)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
9478
diff
changeset
|
454 |
except cors.CORSPreflight: |
aaf83cc07eed
[web] implement cross origin resource sharing (CORS) (closes #2491768)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
9478
diff
changeset
|
455 |
# Return directly an empty 200 |
aaf83cc07eed
[web] implement cross origin resource sharing (CORS) (closes #2491768)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
9478
diff
changeset
|
456 |
req.status_out = 200 |
aaf83cc07eed
[web] implement cross origin resource sharing (CORS) (closes #2491768)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
9478
diff
changeset
|
457 |
result = '' |
8695
358d8bed9626
[toward-py3k] rewrite to "except AnException as exc:" (part of #2711624)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
8694
diff
changeset
|
458 |
except StatusResponse as ex: |
9228
90b8c7a7e205
[deprecation] add (approximate) version number to deprecation message and set proper stacklevel
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
9175
diff
changeset
|
459 |
warn('[3.16] StatusResponse is deprecated use req.status_out', |
90b8c7a7e205
[deprecation] add (approximate) version number to deprecation message and set proper stacklevel
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
9175
diff
changeset
|
460 |
DeprecationWarning, stacklevel=2) |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
461 |
result = ex.content |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
462 |
req.status_out = ex.status |
8695
358d8bed9626
[toward-py3k] rewrite to "except AnException as exc:" (part of #2711624)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
8694
diff
changeset
|
463 |
except Redirect as ex: |
8470
a85e107947e6
[web app] handle Redirect raised during session establishment, as this may be used by eg openid authentication. Closes #2430018
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8466
diff
changeset
|
464 |
# Redirect may be raised by edit controller when everything went |
a85e107947e6
[web app] handle Redirect raised during session establishment, as this may be used by eg openid authentication. Closes #2430018
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8466
diff
changeset
|
465 |
# fine, so attempt to commit |
a85e107947e6
[web app] handle Redirect raised during session establishment, as this may be used by eg openid authentication. Closes #2430018
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8466
diff
changeset
|
466 |
result = self.redirect_handler(req, ex) |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
467 |
if req.cnx: |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
468 |
txuuid = req.cnx.commit() |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
469 |
commited = True |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
470 |
if txuuid is not None: |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
471 |
req.data['last_undoable_transaction'] = txuuid |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
472 |
### error case |
8695
358d8bed9626
[toward-py3k] rewrite to "except AnException as exc:" (part of #2711624)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
8694
diff
changeset
|
473 |
except NotFound as ex: |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
474 |
result = self.notfound_content(req) |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
475 |
req.status_out = ex.status |
8695
358d8bed9626
[toward-py3k] rewrite to "except AnException as exc:" (part of #2711624)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
8694
diff
changeset
|
476 |
except ValidationError as ex: |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
477 |
result = self.validation_error_handler(req, ex) |
8695
358d8bed9626
[toward-py3k] rewrite to "except AnException as exc:" (part of #2711624)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
8694
diff
changeset
|
478 |
except RemoteCallFailed as ex: |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
479 |
result = self.ajax_error_handler(req, ex) |
8695
358d8bed9626
[toward-py3k] rewrite to "except AnException as exc:" (part of #2711624)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
8694
diff
changeset
|
480 |
except Unauthorized as ex: |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
481 |
req.data['errmsg'] = req._('You\'re not authorized to access this page. ' |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
482 |
'If you think you should, please contact the site administrator.') |
9659
c45073a96aee
[web] return 403 for Unauthorized, not 401
Julien Cristau <julien.cristau@logilab.fr>
parents:
9582
diff
changeset
|
483 |
req.status_out = httplib.FORBIDDEN |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
484 |
result = self.error_handler(req, ex, tb=False) |
8695
358d8bed9626
[toward-py3k] rewrite to "except AnException as exc:" (part of #2711624)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
8694
diff
changeset
|
485 |
except Forbidden as ex: |
8602
d066ba3bb07d
[web] add a Forbidden exception
David Douard <david.douard@logilab.fr>
parents:
8470
diff
changeset
|
486 |
req.data['errmsg'] = req._('This action is forbidden. ' |
d066ba3bb07d
[web] add a Forbidden exception
David Douard <david.douard@logilab.fr>
parents:
8470
diff
changeset
|
487 |
'If you think it should be allowed, please contact the site administrator.') |
d066ba3bb07d
[web] add a Forbidden exception
David Douard <david.douard@logilab.fr>
parents:
8470
diff
changeset
|
488 |
req.status_out = httplib.FORBIDDEN |
d066ba3bb07d
[web] add a Forbidden exception
David Douard <david.douard@logilab.fr>
parents:
8470
diff
changeset
|
489 |
result = self.error_handler(req, ex, tb=False) |
8695
358d8bed9626
[toward-py3k] rewrite to "except AnException as exc:" (part of #2711624)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
8694
diff
changeset
|
490 |
except (BadRQLQuery, RequestError) as ex: |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
491 |
result = self.error_handler(req, ex, tb=False) |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
492 |
### pass through exception |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
493 |
except DirectResponse: |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
494 |
if req.cnx: |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
495 |
req.cnx.commit() |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
496 |
raise |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
497 |
except (AuthenticationError, LogOut): |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
498 |
# the rollback is handled in the finally |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
499 |
raise |
8560
fef0b8214fcf
[web app] move set of status_out into validation_error_handler to ease readability
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8556
diff
changeset
|
500 |
### Last defense line |
8695
358d8bed9626
[toward-py3k] rewrite to "except AnException as exc:" (part of #2711624)
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
8694
diff
changeset
|
501 |
except BaseException as ex: |
8753
b61a7c6352f2
[web publish] in case of error, ensure proper http status is set and Content-disposition header is reseted. Closes #2553066
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8711
diff
changeset
|
502 |
req.status_out = httplib.INTERNAL_SERVER_ERROR |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
503 |
result = self.error_handler(req, ex, tb=True) |
0 | 504 |
finally: |
5865
af414723598d
[publisher] avoid useless rollback after successful commit, which clutters debug logs and may also not be cost-free
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5721
diff
changeset
|
505 |
if req.cnx and not commited: |
0 | 506 |
try: |
507 |
req.cnx.rollback() |
|
7815
2a164a9cf81c
[exceptions] stop catching any exception in various places (closes #1942716)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7589
diff
changeset
|
508 |
except Exception: |
0 | 509 |
pass # ignore rollback error at this point |
8267
486386d9f836
[web] Exposes the undo feature to user through a undo-history view (closes #893940)
Anthony Truchet <anthony.truchet@logilab.fr>
parents:
8190
diff
changeset
|
510 |
self.add_undo_link_to_msg(req) |
8390
637b934bc742
[app] turn these info into debug logs (this being too chatty for .info)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8312
diff
changeset
|
511 |
self.debug('query %s executed in %s sec', req.relative_path(), clock() - tstart) |
0 | 512 |
return result |
513 |
||
8470
a85e107947e6
[web app] handle Redirect raised during session establishment, as this may be used by eg openid authentication. Closes #2430018
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8466
diff
changeset
|
514 |
# Error handlers |
a85e107947e6
[web app] handle Redirect raised during session establishment, as this may be used by eg openid authentication. Closes #2430018
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8466
diff
changeset
|
515 |
|
a85e107947e6
[web app] handle Redirect raised during session establishment, as this may be used by eg openid authentication. Closes #2430018
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8466
diff
changeset
|
516 |
def redirect_handler(self, req, ex): |
a85e107947e6
[web app] handle Redirect raised during session establishment, as this may be used by eg openid authentication. Closes #2430018
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8466
diff
changeset
|
517 |
"""handle redirect |
a85e107947e6
[web app] handle Redirect raised during session establishment, as this may be used by eg openid authentication. Closes #2430018
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8466
diff
changeset
|
518 |
- comply to ex status |
a85e107947e6
[web app] handle Redirect raised during session establishment, as this may be used by eg openid authentication. Closes #2430018
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8466
diff
changeset
|
519 |
- set header field |
a85e107947e6
[web app] handle Redirect raised during session establishment, as this may be used by eg openid authentication. Closes #2430018
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8466
diff
changeset
|
520 |
- return empty content |
a85e107947e6
[web app] handle Redirect raised during session establishment, as this may be used by eg openid authentication. Closes #2430018
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8466
diff
changeset
|
521 |
""" |
a85e107947e6
[web app] handle Redirect raised during session establishment, as this may be used by eg openid authentication. Closes #2430018
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8466
diff
changeset
|
522 |
self.debug('redirecting to %s', str(ex.location)) |
a85e107947e6
[web app] handle Redirect raised during session establishment, as this may be used by eg openid authentication. Closes #2430018
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8466
diff
changeset
|
523 |
req.headers_out.setHeader('location', str(ex.location)) |
a85e107947e6
[web app] handle Redirect raised during session establishment, as this may be used by eg openid authentication. Closes #2430018
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8466
diff
changeset
|
524 |
assert 300 <= ex.status < 400 |
a85e107947e6
[web app] handle Redirect raised during session establishment, as this may be used by eg openid authentication. Closes #2430018
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8466
diff
changeset
|
525 |
req.status_out = ex.status |
a85e107947e6
[web app] handle Redirect raised during session establishment, as this may be used by eg openid authentication. Closes #2430018
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8466
diff
changeset
|
526 |
return '' |
a85e107947e6
[web app] handle Redirect raised during session establishment, as this may be used by eg openid authentication. Closes #2430018
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8466
diff
changeset
|
527 |
|
0 | 528 |
def validation_error_handler(self, req, ex): |
8594
001159e2e4f3
[validation api] properly use yams 0.36 validation error api and update message catalog. Follows bbe0d6985e59
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8560
diff
changeset
|
529 |
ex.translate(req._) # translate messages using ui language |
0 | 530 |
if '__errorurl' in req.form: |
4224
5998df006968
refactor form error handling:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3408
diff
changeset
|
531 |
forminfo = {'error': ex, |
0 | 532 |
'values': req.form, |
533 |
'eidmap': req.data.get('eidmap', {}) |
|
534 |
} |
|
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
535 |
req.session.data[req.form['__errorurl']] = forminfo |
4679
d8ad65dab3e9
remove #<formid> from url used to redirect after a validation error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4639
diff
changeset
|
536 |
# XXX form session key / __error_url should be differentiated: |
d8ad65dab3e9
remove #<formid> from url used to redirect after a validation error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4639
diff
changeset
|
537 |
# session key is 'url + #<form dom id', though we usually don't want |
d8ad65dab3e9
remove #<formid> from url used to redirect after a validation error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4639
diff
changeset
|
538 |
# the browser to move to the form since it hides the global |
d8ad65dab3e9
remove #<formid> from url used to redirect after a validation error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4639
diff
changeset
|
539 |
# messages. |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
540 |
location = req.form['__errorurl'].rsplit('#', 1)[0] |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
541 |
req.headers_out.setHeader('location', str(location)) |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
542 |
req.status_out = httplib.SEE_OTHER |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
543 |
return '' |
8560
fef0b8214fcf
[web app] move set of status_out into validation_error_handler to ease readability
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8556
diff
changeset
|
544 |
req.status_out = httplib.CONFLICT |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
545 |
return self.error_handler(req, ex, tb=False) |
1426 | 546 |
|
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
547 |
def error_handler(self, req, ex, tb=False): |
0 | 548 |
excinfo = sys.exc_info() |
8466
92c668170ef9
[web app] only log tb when explicitly asked
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8443
diff
changeset
|
549 |
if tb: |
92c668170ef9
[web app] only log tb when explicitly asked
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8443
diff
changeset
|
550 |
self.exception(repr(ex)) |
0 | 551 |
req.set_header('Cache-Control', 'no-cache') |
552 |
req.remove_header('Etag') |
|
8753
b61a7c6352f2
[web publish] in case of error, ensure proper http status is set and Content-disposition header is reseted. Closes #2553066
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8711
diff
changeset
|
553 |
req.remove_header('Content-disposition') |
4897
e402e0b32075
[web] start a new message system based on id of message stored in session's data
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4709
diff
changeset
|
554 |
req.reset_message() |
0 | 555 |
req.reset_headers() |
8128
0a927fe4541b
[controllers] deprecate JSonController and implement AjaxController / ajax-func registry (closes #2110265)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
7990
diff
changeset
|
556 |
if req.ajax_request: |
8709
8dc0b8d92694
[web application] Fix missing self. in error_handler
Vincent Michel <vincent.michel@logilab.fr>
parents:
8602
diff
changeset
|
557 |
return self.ajax_error_handler(req, ex) |
0 | 558 |
try: |
559 |
req.data['ex'] = ex |
|
560 |
if tb: |
|
561 |
req.data['excinfo'] = excinfo |
|
562 |
req.form['vid'] = 'error' |
|
2650
18aec79ec3a3
R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2613
diff
changeset
|
563 |
errview = self.vreg['views'].select('error', req) |
882
75488a2a875e
fix ui.main-template property handling
sylvain.thenault@logilab.fr
parents:
871
diff
changeset
|
564 |
template = self.main_template_id(req) |
2650
18aec79ec3a3
R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2613
diff
changeset
|
565 |
content = self.vreg['views'].main_template(req, template, view=errview) |
7815
2a164a9cf81c
[exceptions] stop catching any exception in various places (closes #1942716)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7589
diff
changeset
|
566 |
except Exception: |
2650
18aec79ec3a3
R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2613
diff
changeset
|
567 |
content = self.vreg['views'].main_template(req, 'error-template') |
9428
946aded614f3
[web error] exception may not have a 'status' attribute, generating an AttributeError that hides the original error. Closes #3381670
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
9355
diff
changeset
|
568 |
if isinstance(ex, PublishException) and ex.status is not None: |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
569 |
req.status_out = ex.status |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
570 |
return content |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
571 |
|
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
572 |
def add_undo_link_to_msg(self, req): |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
573 |
txuuid = req.data.get('last_undoable_transaction') |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
574 |
if txuuid is not None: |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
575 |
msg = u'<span class="undo">[<a href="%s">%s</a>]</span>' %( |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
576 |
req.build_url('undo', txuuid=txuuid), req._('undo')) |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
577 |
req.append_to_redirect_message(msg) |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
578 |
|
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
579 |
def ajax_error_handler(self, req, ex): |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
580 |
req.set_header('content-type', 'application/json') |
9428
946aded614f3
[web error] exception may not have a 'status' attribute, generating an AttributeError that hides the original error. Closes #3381670
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
9355
diff
changeset
|
581 |
status = httplib.INTERNAL_SERVER_ERROR |
946aded614f3
[web error] exception may not have a 'status' attribute, generating an AttributeError that hides the original error. Closes #3381670
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
9355
diff
changeset
|
582 |
if isinstance(ex, PublishException) and ex.status is not None: |
946aded614f3
[web error] exception may not have a 'status' attribute, generating an AttributeError that hides the original error. Closes #3381670
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
9355
diff
changeset
|
583 |
status = ex.status |
946aded614f3
[web error] exception may not have a 'status' attribute, generating an AttributeError that hides the original error. Closes #3381670
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
9355
diff
changeset
|
584 |
req.status_out = status |
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
585 |
json_dumper = getattr(ex, 'dumps', lambda : unicode(ex)) |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
586 |
return json_dumper() |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
587 |
|
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
588 |
# special case handling |
1426 | 589 |
|
0 | 590 |
def need_login_content(self, req): |
2650
18aec79ec3a3
R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2613
diff
changeset
|
591 |
return self.vreg['views'].main_template(req, 'login') |
1426 | 592 |
|
0 | 593 |
def loggedout_content(self, req): |
2650
18aec79ec3a3
R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2613
diff
changeset
|
594 |
return self.vreg['views'].main_template(req, 'loggedout') |
1426 | 595 |
|
0 | 596 |
def notfound_content(self, req): |
597 |
req.form['vid'] = '404' |
|
2650
18aec79ec3a3
R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2613
diff
changeset
|
598 |
view = self.vreg['views'].select('404', req) |
882
75488a2a875e
fix ui.main-template property handling
sylvain.thenault@logilab.fr
parents:
871
diff
changeset
|
599 |
template = self.main_template_id(req) |
2650
18aec79ec3a3
R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2613
diff
changeset
|
600 |
return self.vreg['views'].main_template(req, template, view=view) |
0 | 601 |
|
8312
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
602 |
# template stuff |
6c2119509fac
[web] Move request handling logic into cubicweb application. (closes #2200684)
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8311
diff
changeset
|
603 |
|
882
75488a2a875e
fix ui.main-template property handling
sylvain.thenault@logilab.fr
parents:
871
diff
changeset
|
604 |
def main_template_id(self, req): |
2263
1f59cd5b710f
accept a __template parameter that specifies a different (main) template
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1977
diff
changeset
|
605 |
template = req.form.get('__template', req.property_value('ui.main-template')) |
2650
18aec79ec3a3
R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2613
diff
changeset
|
606 |
if template not in self.vreg['views']: |
882
75488a2a875e
fix ui.main-template property handling
sylvain.thenault@logilab.fr
parents:
871
diff
changeset
|
607 |
template = 'main-template' |
75488a2a875e
fix ui.main-template property handling
sylvain.thenault@logilab.fr
parents:
871
diff
changeset
|
608 |
return template |
1426 | 609 |
|
7083
b8e35cde46e9
help pylint by explicitely defining some attributes
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
6791
diff
changeset
|
610 |
# these are overridden by set_log_methods below |
b8e35cde46e9
help pylint by explicitely defining some attributes
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
6791
diff
changeset
|
611 |
# only defining here to prevent pylint from complaining |
b8e35cde46e9
help pylint by explicitely defining some attributes
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
6791
diff
changeset
|
612 |
info = warning = error = critical = exception = debug = lambda msg,*a,**kw: None |
0 | 613 |
|
614 |
set_log_methods(CubicWebPublisher, LOGGER) |
|
615 |
set_log_methods(CookieSessionHandler, LOGGER) |