1 # copyright 2003-2012 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
1 # copyright 2003-2013 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
2 # contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
2 # contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
3 # |
3 # |
4 # This file is part of CubicWeb. |
4 # This file is part of CubicWeb. |
5 # |
5 # |
6 # CubicWeb is free software: you can redistribute it and/or modify it under the |
6 # CubicWeb is free software: you can redistribute it and/or modify it under the |
66 def __init__(self, repo): |
66 def __init__(self, repo): |
67 vreg = repo.vreg |
67 vreg = repo.vreg |
68 self.session_time = vreg.config['http-session-time'] or None |
68 self.session_time = vreg.config['http-session-time'] or None |
69 self.authmanager = vreg['components'].select('authmanager', repo=repo) |
69 self.authmanager = vreg['components'].select('authmanager', repo=repo) |
70 interval = (self.session_time or 0) / 2. |
70 interval = (self.session_time or 0) / 2. |
71 if vreg.config.anonymous_user() is not None: |
71 if vreg.config.anonymous_user()[0] is not None: |
72 self.cleanup_anon_session_time = vreg.config['cleanup-anonymous-session-time'] or 5 * 60 |
72 self.cleanup_anon_session_time = vreg.config['cleanup-anonymous-session-time'] or 5 * 60 |
73 assert self.cleanup_anon_session_time > 0 |
73 assert self.cleanup_anon_session_time > 0 |
74 if self.session_time is not None: |
74 if self.session_time is not None: |
75 self.cleanup_anon_session_time = min(self.session_time, |
75 self.cleanup_anon_session_time = min(self.session_time, |
76 self.cleanup_anon_session_time) |
76 self.cleanup_anon_session_time) |
317 self.exception('error while logging queries') |
317 self.exception('error while logging queries') |
318 |
318 |
319 |
319 |
320 |
320 |
321 def main_handle_request(self, req, path): |
321 def main_handle_request(self, req, path): |
322 """Process and http request |
322 """Process an http request |
323 |
323 |
324 Arguments are: |
324 Arguments are: |
325 - a Request object |
325 - a Request object |
326 - path of the request object |
326 - path of the request object |
327 |
327 |
328 It return the content of the http response. HTTP header and status are |
328 It returns the content of the http response. HTTP header and status are |
329 are set on the Request Object. |
329 set on the Request object. |
330 """ |
330 """ |
331 if not isinstance(req, CubicWebRequestBase): |
331 if not isinstance(req, CubicWebRequestBase): |
332 warn('[3.15] Application entry poin arguments are now (req, path) ' |
332 warn('[3.15] Application entry point arguments are now (req, path) ' |
333 'not (path, req)', DeprecationWarning, 2) |
333 'not (path, req)', DeprecationWarning, 2) |
334 req, path = path, req |
334 req, path = path, req |
335 if req.authmode == 'http': |
335 if req.authmode == 'http': |
336 # activate realm-based auth |
336 # activate realm-based auth |
337 realm = self.vreg.config['realm'] |
337 realm = self.vreg.config['realm'] |
391 # authentication needs redirection (eg openid) |
391 # authentication needs redirection (eg openid) |
392 content = self.redirect_handler(req, ex) |
392 content = self.redirect_handler(req, ex) |
393 # Wrong, absent or Reseted credential |
393 # Wrong, absent or Reseted credential |
394 except AuthenticationError: |
394 except AuthenticationError: |
395 # If there is an https url configured and |
395 # If there is an https url configured and |
396 # the request do not used https, redirect to login form |
396 # the request does not use https, redirect to login form |
397 https_url = self.vreg.config['https-url'] |
397 https_url = self.vreg.config['https-url'] |
398 if https_url and req.base_url() != https_url: |
398 if https_url and req.base_url() != https_url: |
399 req.status_out = httplib.SEE_OTHER |
399 req.status_out = httplib.SEE_OTHER |
400 req.headers_out.setHeader('location', https_url + 'login') |
400 req.headers_out.setHeader('location', https_url + 'login') |
401 else: |
401 else: |
447 except NoSelectableObject: |
447 except NoSelectableObject: |
448 raise Unauthorized(req._('not authorized')) |
448 raise Unauthorized(req._('not authorized')) |
449 req.update_search_state() |
449 req.update_search_state() |
450 result = controller.publish(rset=rset) |
450 result = controller.publish(rset=rset) |
451 except StatusResponse as ex: |
451 except StatusResponse as ex: |
452 warn('StatusResponse is deprecated use req.status_out', |
452 warn('[3.16] StatusResponse is deprecated use req.status_out', |
453 DeprecationWarning) |
453 DeprecationWarning, stacklevel=2) |
454 result = ex.content |
454 result = ex.content |
455 req.status_out = ex.status |
455 req.status_out = ex.status |
456 except Redirect as ex: |
456 except Redirect as ex: |
457 # Redirect may be raised by edit controller when everything went |
457 # Redirect may be raised by edit controller when everything went |
458 # fine, so attempt to commit |
458 # fine, so attempt to commit |