[integrity] temporary fix auto-delete relation (see 4673:6f8b925a29f4 and 4642:921737d2e3a8): we want no read perms, though we want to check delete perms. Should be properly fixed in 3.7 once we've proper security control and [unsafe_]execute behaviour on the repository side
"""WSGI request handler for cubicweb
:organization: Logilab
:copyright: 2008-2010 LOGILAB S.A. (Paris, FRANCE), license is LGPL v2.
:contact: http://www.logilab.fr/ -- mailto:contact@logilab.fr
:license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses
"""
__docformat__ = "restructuredtext en"
from cubicweb import ObjectNotFound, AuthenticationError
from cubicweb.web import (NotFound, Redirect, DirectResponse, StatusResponse,
ExplicitLogin)
from cubicweb.web.application import CubicWebPublisher
from cubicweb.wsgi.request import CubicWebWsgiRequest
# See http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
STATUS_CODE_TEXT = {
100: 'CONTINUE',
101: 'SWITCHING PROTOCOLS',
200: 'OK',
201: 'CREATED',
202: 'ACCEPTED',
203: 'NON-AUTHORITATIVE INFORMATION',
204: 'NO CONTENT',
205: 'RESET CONTENT',
206: 'PARTIAL CONTENT',
300: 'MULTIPLE CHOICES',
301: 'MOVED PERMANENTLY',
302: 'FOUND',
303: 'SEE OTHER',
304: 'NOT MODIFIED',
305: 'USE PROXY',
306: 'RESERVED',
307: 'TEMPORARY REDIRECT',
400: 'BAD REQUEST',
401: 'UNAUTHORIZED',
402: 'PAYMENT REQUIRED',
403: 'FORBIDDEN',
404: 'NOT FOUND',
405: 'METHOD NOT ALLOWED',
406: 'NOT ACCEPTABLE',
407: 'PROXY AUTHENTICATION REQUIRED',
408: 'REQUEST TIMEOUT',
409: 'CONFLICT',
410: 'GONE',
411: 'LENGTH REQUIRED',
412: 'PRECONDITION FAILED',
413: 'REQUEST ENTITY TOO LARGE',
414: 'REQUEST-URI TOO LONG',
415: 'UNSUPPORTED MEDIA TYPE',
416: 'REQUESTED RANGE NOT SATISFIABLE',
417: 'EXPECTATION FAILED',
500: 'INTERNAL SERVER ERROR',
501: 'NOT IMPLEMENTED',
502: 'BAD GATEWAY',
503: 'SERVICE UNAVAILABLE',
504: 'GATEWAY TIMEOUT',
505: 'HTTP VERSION NOT SUPPORTED',
}
class WSGIResponse(object):
"""encapsulates the wsgi response parameters
(code, headers and body if there is one)
"""
def __init__(self, code, req, body=None):
text = STATUS_CODE_TEXT.get(code, 'UNKNOWN STATUS CODE')
self.status = '%s %s' % (code, text)
self.headers = [(str(k), str(v)) for k, v in req.headers_out.items()]
if body:
self.body = [body]
else:
self.body = []
def __iter__(self):
return iter(self.body)
class CubicWebWSGIApplication(object):
"""This is the wsgi application which will be called by the
wsgi server with the WSGI ``environ`` and ``start_response``
parameters.
XXX: missing looping tasks and proper repository shutdown when
the application is stopped.
NOTE: no pyro
"""
def __init__(self, config, debug=None, vreg=None):
self.appli = CubicWebPublisher(config, debug=debug, vreg=vreg)
self.debugmode = debug
self.config = config
self.base_url = None
# self.base_url = config['base-url'] or config.default_base_url()
# assert self.base_url[-1] == '/'
# self.https_url = config['https-url']
# assert not self.https_url or self.https_url[-1] == '/'
self.url_rewriter = self.appli.vreg['components'].select_or_none('urlrewriter')
def _render(self, req):
"""this function performs the actual rendering
XXX missing: https handling, url rewriting, cache management,
authentication
"""
if self.base_url is None:
self.base_url = self.config._base_url = req.base_url()
# XXX https handling needs to be implemented
if req.authmode == 'http':
# activate realm-based auth
realm = self.config['realm']
req.set_header('WWW-Authenticate', [('Basic', {'realm' : realm })], raw=False)
try:
self.appli.connect(req)
except AuthenticationError:
return self.request_auth(req)
except Redirect, ex:
return self.redirect(req, ex.location)
path = req.path
if not path or path == "/":
path = 'view'
try:
result = self.appli.publish(path, req)
except DirectResponse, ex:
return WSGIResponse(200, req, ex.response)
except StatusResponse, ex:
return WSGIResponse(ex.status, req, ex.content)
except NotFound:
result = self.appli.notfound_content(req)
return WSGIResponse(404, req, result)
except ExplicitLogin: # must be before AuthenticationError
return self.request_auth(req)
except AuthenticationError:
if self.config['auth-mode'] == 'cookie':
# in cookie mode redirecting to the index view is enough :
# either anonymous connection is allowed and the page will
# be displayed or we'll be redirected to the login form
msg = req._('you have been logged out')
# if req.https:
# req._base_url = self.base_url
# req.https = False
url = req.build_url('view', vid='index', __message=msg)
return self.redirect(req, url)
else:
# in http we have to request auth to flush current http auth
# information
return self.request_auth(req, loggedout=True)
except Redirect, ex:
return self.redirect(req, ex.location)
if not result:
# no result, something went wrong...
self.error('no data (%s)', req)
# 500 Internal server error
return self.redirect(req, req.build_url('error'))
return WSGIResponse(200, req, result)
def __call__(self, environ, start_response):
"""WSGI protocol entry point"""
req = CubicWebWsgiRequest(environ, self.appli.vreg, self.base_url)
response = self._render(req)
start_response(response.status, response.headers)
return response.body
def redirect(self, req, location):
"""convenience function which builds a redirect WSGIResponse"""
self.debug('redirecting to %s', location)
req.set_header('location', str(location))
return WSGIResponse(303, req)
def request_auth(self, req, loggedout=False):
"""returns the appropriate WSGIResponse to require the user to log in
"""
# if self.https_url and req.base_url() != self.https_url:
# return self.redirect(self.https_url + 'login')
if self.config['auth-mode'] == 'http':
code = 401 # UNAUTHORIZED
else:
code = 403 # FORBIDDEN
if loggedout:
# if req.https:
# req._base_url = self.base_url
# req.https = False
content = self.appli.loggedout_content(req)
else:
content = self.appli.need_login_content(req)
return WSGIResponse(code, req, content)
from logging import getLogger
from cubicweb import set_log_methods
set_log_methods(CubicWebWSGIApplication, getLogger('cubicweb.wsgi'))