cubicweb: comparison web/application.py

equal deleted inserted replaced

-:76a44a0d7f4b
+:6c2119509fac
 __docformat__ = "restructuredtext en"
 import sys
 from time import clock, time
 from contextlib import contextmanager
+from warnings import warn
+import httplib
 from logilab.common.deprecation import deprecated
 from rql import BadRQLQuery
 from cubicweb.dbapi import DBAPISession, anonymous_session
 from cubicweb.web import LOGGER, component
 from cubicweb.web import (
 StatusResponse, DirectResponse, Redirect, NotFound, LogOut,
 RemoteCallFailed, InvalidSession, RequestError)
+from cubicweb.web.request import CubicWebRequestBase
 # make session manager available through a global variable so the debug view can
 # print information about web session
 SESSION_MANAGER = None
 vreg.set_schema(self.repo.get_schema())
 # set the correct publish method
 if config['query-log-file']:
 from threading import Lock
 self._query_log = open(config['query-log-file'], 'a')
-self.publish = self.log_publish
+self.handle_request = self.log_handle_request
 self._logfile_lock = Lock()
 else:
 self._query_log = None
-self.publish = self.main_publish
+self.handle_request = self.main_handle_request
 # instantiate session and url resolving helpers
 self.session_handler = session_handler_fact(self)
 self.set_urlresolver()
 CW_EVENT_MANAGER.bind('after-registry-reload', self.set_urlresolver)
 """
 self.session_handler.set_session(req)
 # publish methods #########################################################
-def log_publish(self, path, req):
+def log_handle_request(self, req, path):
 """wrapper around _publish to log all queries executed for a given
 accessed path
 """
 try:
-return self.main_publish(path, req)
+return self.main_handle_request(req, path)
 finally:
 cnx = req.cnx
 if cnx:
 with self._logfile_lock:
 try:
 self._query_log.write('\n'.join(result).encode(req.encoding))
 self._query_log.flush()
 except Exception:
 self.exception('error while logging queries')
-def main_publish(self, path, req):
+def main_handle_request(self, req, path):
+if not isinstance(req, CubicWebRequestBase):
+warn('[3.15] Application entry poin arguments are now (req, path) '
+'not (path, req)', DeprecationWarning, 2)
+req, path = path, req
+if req.authmode == 'http':
+# activate realm-based auth
+realm = self.vreg.config['realm']
+req.set_header('WWW-Authenticate', [('Basic', {'realm' : realm })], raw=False)
+try:
+self.connect(req)
+# DENY https acces for anonymous_user
+if (req.https
+and req.session.anonymous_session
+and self.vreg.config['https-deny-anonymous']):
+# don't allow anonymous on https connection
+raise AuthenticationError()
+content = ''
+# nested try to allow LogOut to delegate logic to AuthenticationError
+# handler
+try:
+### Try to generate the actual request content
+content = self.core_handle(req, path)
+# Handle user log-out
+except LogOut, ex:
+# When authentification is handled by cookie the code that
+# raised LogOut must has invalidated the cookie. We can just
+# reload the original url without authentification
+if self.vreg.config['auth-mode'] == 'cookie' and ex.url:
+req.headers_out.setHeader('location', str(ex.url))
+if ex.status is not None:
+req.status_out = httplib.SEE_OTHER
+# When the authentification is handled by http we must
+# explicitly ask for authentification to flush current http
+# authentification information
+else:
+# Render "logged out" content.
+# assignement to ``content`` prevent standard
+# AuthenticationError code to overwrite it.
+content = self.loggedout_content(req)
+# let the explicitly reset http credential
+raise AuthenticationError()
+# Wrong, absent or Reseted credential
+except AuthenticationError:
+# If there is an https url configured and
+# the request do not used https, redirect to login form
+https_url = self.vreg.config['https-url']
+if https_url and req.base_url() != https_url:
+req.status_out = httplib.SEE_OTHER
+req.headers_out.setHeader('location', https_url + 'login')
+else:
+# We assume here that in http auth mode the user *May* provide
+# Authentification Credential if asked kindly.
+if self.vreg.config['auth-mode'] == 'http':
+req.status_out = httplib.UNAUTHORIZED
+# In the other case (coky auth) we assume that there is no way
+# for the user to provide them...
+# XXX But WHY ?
+else:
+req.status_out = httplib.FORBIDDEN
+# If previous error handling already generated a custom content
+# do not overwrite it. This is used by LogOut Except
+# XXX ensure we don't actually serve content
+if not content:
+content = self.need_login_content(req)
+return content
+def core_handle(self, req, path):
 """method called by the main publisher to process <path>
 should return a string containing the resulting page or raise a
 `NotFound` exception
 # remove user callbacks on a new request (except for json controllers
 # to avoid callbacks being unregistered before they could be called)
 tstart = clock()
 commited = False
 try:
+### standard processing of the request
 try:
 ctrlid, rset = self.url_resolver.process(req, path)
 try:
 controller = self.vreg['controllers'].select(ctrlid, req,
 appli=self)
 except NoSelectableObject:
 raise Unauthorized(req._('not authorized'))
 req.update_search_state()
 result = controller.publish(rset=rset)
-if req.cnx:
+except StatusResponse, ex:
-# no req.cnx if anonymous aren't allowed and we are
+warn('StatusResponse is deprecated use req.status_out',
-# displaying some anonymous enabled view such as the cookie
+DeprecationWarning)
-# authentication form
+result = ex.content
-txuuid = req.cnx.commit()
+req.status_out = ex.status
-if txuuid is not None:
+except Redirect, ex:
-req.data['last_undoable_transaction'] = txuuid
+# handle redirect
-commited = True
+# - comply to ex status
-except (StatusResponse, DirectResponse):
+# - set header field
-if req.cnx:
+#
-req.cnx.commit()
+# Redirect Maybe be is raised by edit controller when
-raise
+# everything went fine, so try to commit
-except (AuthenticationError, LogOut):
+self.debug('redirecting to %s', str(ex.location))
-raise
+req.headers_out.setHeader('location', str(ex.location))
-except Redirect:
+assert 300<= ex.status < 400
-# redirect is raised by edit controller when everything went fine,
+req.status_out = ex.status
-# so try to commit
+result = ''
-try:
+if req.cnx:
-if req.cnx:
+txuuid = req.cnx.commit()
-txuuid = req.cnx.commit()
+commited = True
 if txuuid is not None:
 req.data['last_undoable_transaction'] = txuuid
-except ValidationError, ex:
+### error case
-self.validation_error_handler(req, ex)
+except NotFound, ex:
-except Unauthorized, ex:
+result = self.notfound_content(req)
-req.data['errmsg'] = req._('You\'re not authorized to access this page. '
+req.status_out = ex.status
-'If you think you should, please contact the site administrator.')
+except ValidationError, ex:
-self.error_handler(req, ex, tb=False)
+req.status_out = httplib.CONFLICT
-except Exception, ex:
+result = self.validation_error_handler(req, ex)
-self.error_handler(req, ex, tb=True)
+except RemoteCallFailed, ex:
-else:
+result = self.ajax_error_handler(req, ex)
-self.add_undo_link_to_msg(req)
+except Unauthorized, ex:
-# delete validation errors which may have been previously set
+req.data['errmsg'] = req._('You\'re not authorized to access this page. '
-if '__errorurl' in req.form:
+'If you think you should, please contact the site administrator.')
-req.session.data.pop(req.form['__errorurl'], None)
+req.status_out = httplib.UNAUTHORIZED
-raise
+result = self.error_handler(req, ex, tb=False)
-except RemoteCallFailed, ex:
+except (BadRQLQuery, RequestError), ex:
-req.set_header('content-type', 'application/json')
+result = self.error_handler(req, ex, tb=False)
-raise StatusResponse(500, ex.dumps())
+### pass through exception
-except NotFound:
+except DirectResponse:
-raise StatusResponse(404, self.notfound_content(req))
+if req.cnx:
-except ValidationError, ex:
+req.cnx.commit()
-self.validation_error_handler(req, ex)
+raise
-except Unauthorized, ex:
+except (AuthenticationError, LogOut):
-self.error_handler(req, ex, tb=False, code=403)
+# the rollback is handled in the finally
-except (BadRQLQuery, RequestError), ex:
+raise
-self.error_handler(req, ex, tb=False)
+### Last defence line
 except BaseException, ex:
-self.error_handler(req, ex, tb=True)
+result = self.error_handler(req, ex, tb=True)
-except:
-self.critical('Catch all triggered!!!')
-self.exception('this is what happened')
-result = 'oops'
 finally:
 if req.cnx and not commited:
 try:
 req.cnx.rollback()
 except Exception:
 pass # ignore rollback error at this point
+# request may be referenced by "onetime callback", so clear its entity
+# cache to avoid memory usage
+req.drop_entity_cache()
 self.add_undo_link_to_msg(req)
 self.info('query %s executed in %s sec', req.relative_path(), clock() - tstart)
 return result
-def add_undo_link_to_msg(self, req):
+### Error handler
-txuuid = req.data.get('last_undoable_transaction')
-if txuuid is not None:
-msg = u'<span class="undo">[<a href="%s">%s</a>]</span>' %(
-req.build_url('undo', txuuid=txuuid), req._('undo'))
-req.append_to_redirect_message(msg)
 def validation_error_handler(self, req, ex):
 ex.errors = dict((k, v) for k, v in ex.errors.items())
 if '__errorurl' in req.form:
 forminfo = {'error': ex,
 'values': req.form,
 req.session.data[req.form['__errorurl']] = forminfo
 # XXX form session key / __error_url should be differentiated:
 # session key is 'url + #<form dom id', though we usually don't want
 # the browser to move to the form since it hides the global
 # messages.
-raise Redirect(req.form['__errorurl'].rsplit('#', 1)[0])
+location = req.form['__errorurl'].rsplit('#', 1)[0]
-self.error_handler(req, ex, tb=False)
+req.headers_out.setHeader('location', str(location))
+req.status_out = httplib.SEE_OTHER
-def error_handler(self, req, ex, tb=False, code=500):
+return ''
+return self.error_handler(req, ex, tb=False)
+def error_handler(self, req, ex, tb=False):
 excinfo = sys.exc_info()
 self.exception(repr(ex))
 req.set_header('Cache-Control', 'no-cache')
 req.remove_header('Etag')
 req.reset_message()
 req.reset_headers()
 if req.ajax_request:
-raise RemoteCallFailed(unicode(ex))
+return ajax_error_handler(req, ex)
 try:
 req.data['ex'] = ex
 if tb:
 req.data['excinfo'] = excinfo
 req.form['vid'] = 'error'
 errview = self.vreg['views'].select('error', req)
 template = self.main_template_id(req)
 content = self.vreg['views'].main_template(req, template, view=errview)
 except Exception:
 content = self.vreg['views'].main_template(req, 'error-template')
-raise StatusResponse(code, content)
+if getattr(ex, 'status', None) is not None:
+req.status_out = ex.status
+return content
+def add_undo_link_to_msg(self, req):
+txuuid = req.data.get('last_undoable_transaction')
+if txuuid is not None:
+msg = u'<span class="undo">[<a href="%s">%s</a>]</span>' %(
+req.build_url('undo', txuuid=txuuid), req._('undo'))
+req.append_to_redirect_message(msg)
+def ajax_error_handler(self, req, ex):
+req.set_header('content-type', 'application/json')
+status = ex.status
+if status is None:
+status = httplib.INTERNAL_SERVER_ERROR
+json_dumper = getattr(ex, 'dumps', lambda : unicode(ex))
+req.status_out = status
+return json_dumper()
+# special case handling
 def need_login_content(self, req):
 return self.vreg['views'].main_template(req, 'login')
 def loggedout_content(self, req):
 req.form['vid'] = '404'
 view = self.vreg['views'].select('404', req)
 template = self.main_template_id(req)
 return self.vreg['views'].main_template(req, template, view=view)
+# template stuff
 def main_template_id(self, req):
 template = req.form.get('__template', req.property_value('ui.main-template'))
 if template not in self.vreg['views']:
 template = 'main-template'
 return template

changeset 8312	6c2119509fac
parent 8311	76a44a0d7f4b
child 8390	637b934bc742