29
29
import mod_python.Session
30
30
import mod_python.Cookie
31
31
import mod_python.util
32
import mod_python.apache
34
class PotentiallySecureFileSession(mod_python.Session.FileSession):
35
"""A mod_python FileSession that sets secure cookie when appropriate.
37
A secure cookie will be set if the request itself is over HTTPS, or if
38
a proxy in front has set X-Forwarded-Proto: https. Otherwise the cookie
41
def make_cookie(self):
42
cookie = super(PotentiallySecureFileSession, self).make_cookie()
43
if (self._req.is_https() or
44
self._req.headers_in.get('X-Forwarded-Proto') == 'https'):
47
32
except ImportError:
48
33
# This needs to be importable from outside Apache.
54
38
import ivle.database
55
39
from ivle.webapp.base.plugins import CookiePlugin
56
import ivle.webapp.security
60
42
"""An IVLE request object. This is presented to the IVLE apps as a way of
65
47
String. The request method (eg. 'GET', 'POST', etc)
67
49
String. The path portion of the URI.
69
String. The path portion of the URI, unparsed with query string.
71
51
String. Name of the application specified in the URL, or None.
96
76
content_type (write)
97
77
String. The Content-Type (mime type) header value.
98
content_length (write)
99
Integer. The number of octets to be transfered.
101
79
String. Response "Location" header value. Used with HTTP redirect
82
List of strings. Write a list of URLs to CSS files here, and they
83
will be incorporated as <link rel="stylesheet" type="text/css">
84
elements in the head, if write_html_head_foot is True.
85
URLs should be relative to the IVLE root; they will be fixed up
88
List of strings. Write a list of URLs to JS files here, and they
89
will be incorporated as <script type="text/javascript"> elements
90
in the head, if write_html_head_foot is True.
91
URLs should be relative to the IVLE root; they will be fixed up
94
List of strings. Write a list of JS function names, and they
95
will be added as window.addListener('load', ..., false); calls
96
in the head, if write_html_head_foot is True.
97
This is the propper way to specify functions that need to run at
105
101
# Special code for an OK response.
110
106
# HTTP status codes
109
HTTP_SWITCHING_PROTOCOLS = 101
110
HTTP_PROCESSING = 102
114
HTTP_NON_AUTHORITATIVE = 203
115
HTTP_NO_CONTENT = 204
116
HTTP_RESET_CONTENT = 205
117
HTTP_PARTIAL_CONTENT = 206
118
HTTP_MULTI_STATUS = 207
119
HTTP_MULTIPLE_CHOICES = 300
120
HTTP_MOVED_PERMANENTLY = 301
113
121
HTTP_MOVED_TEMPORARILY = 302
123
HTTP_NOT_MODIFIED = 304
125
HTTP_TEMPORARY_REDIRECT = 307
126
HTTP_BAD_REQUEST = 400
127
HTTP_UNAUTHORIZED = 401
128
HTTP_PAYMENT_REQUIRED = 402
114
129
HTTP_FORBIDDEN = 403
115
130
HTTP_NOT_FOUND = 404
131
HTTP_METHOD_NOT_ALLOWED = 405
132
HTTP_NOT_ACCEPTABLE = 406
133
HTTP_PROXY_AUTHENTICATION_REQUIRED= 407
134
HTTP_REQUEST_TIME_OUT = 408
137
HTTP_LENGTH_REQUIRED = 411
138
HTTP_PRECONDITION_FAILED = 412
139
HTTP_REQUEST_ENTITY_TOO_LARGE = 413
140
HTTP_REQUEST_URI_TOO_LARGE = 414
141
HTTP_UNSUPPORTED_MEDIA_TYPE = 415
142
HTTP_RANGE_NOT_SATISFIABLE = 416
143
HTTP_EXPECTATION_FAILED = 417
144
HTTP_UNPROCESSABLE_ENTITY = 422
146
HTTP_FAILED_DEPENDENCY = 424
116
147
HTTP_INTERNAL_SERVER_ERROR = 500
120
def __init__(self, req, config):
121
"""Create an IVLE request from a mod_python one.
123
@param req: A mod_python request.
124
@param config: An IVLE configuration.
148
HTTP_NOT_IMPLEMENTED = 501
149
HTTP_BAD_GATEWAY = 502
150
HTTP_SERVICE_UNAVAILABLE = 503
151
HTTP_GATEWAY_TIME_OUT = 504
152
HTTP_VERSION_NOT_SUPPORTED = 505
153
HTTP_VARIANT_ALSO_VARIES = 506
154
HTTP_INSUFFICIENT_STORAGE = 507
155
HTTP_NOT_EXTENDED = 510
157
def __init__(self, req):
158
"""Builds an IVLE request object from a mod_python request object.
159
This results in an object with all of the necessary methods and
162
req: A mod_python request object.
127
165
# Methods are mostly wrappers around the Apache request object
128
166
self.apache_req = req
130
167
self.headers_written = False
132
169
# Determine if the browser used the public host name to make the
133
170
# request (in which case we are in "public mode")
134
if req.hostname == config['urls']['public_host']:
171
if req.hostname == ivle.conf.public_host:
135
172
self.publicmode = True
137
174
self.publicmode = False
139
176
# Inherit values for the input members
140
177
self.method = req.method
141
178
self.uri = req.uri
142
self.unparsed_uri = req.unparsed_uri
143
179
# Split the given path into the app (top-level dir) and sub-path
144
180
# (after first stripping away the root directory)
145
(self.app, self.path) = (ivle.util.split_path(req.uri))
181
path = ivle.util.unmake_path(req.uri)
182
(self.app, self.path) = (ivle.util.split_path(path))
146
184
self.hostname = req.hostname
147
185
self.headers_in = req.headers_in
148
186
self.headers_out = req.headers_out
188
# Open a database connection and transaction, keep it around for users
189
# of the Request object to use
190
self.store = ivle.database.get_store()
150
192
# Default values for the output members
151
193
self.status = Request.HTTP_OK
152
194
self.content_type = None # Use Apache's default
153
self.content_length = None # Don't provide Content-Length
154
195
self.location = None
198
self.scripts_init = []
155
199
# In some cases we don't want the template JS (such as the username
156
200
# and public FQDN) in the output HTML. In that case, set this to 0.
157
201
self.write_javascript_settings = True
158
202
self.got_common_vars = False
160
204
def __del__(self):
165
if self._store is not None:
171
if self._store is not None:
174
208
def __writeheaders(self):
175
209
"""Writes out the HTTP and HTML headers before any real data is
179
213
# Prepare the HTTP and HTML headers before the first write is made
180
214
if self.content_type != None:
181
215
self.apache_req.content_type = self.content_type
182
if self.content_length:
183
self.apache_req.set_content_length(self.content_length)
184
216
self.apache_req.status = self.status
185
217
if self.location != None:
186
218
self.apache_req.headers_out['Location'] = self.location
261
293
mod_python.Cookie.add_cookie(self.apache_req, cookie, value, **attributes)
263
def make_path(self, path):
264
"""Prepend the IVLE URL prefix to the given path.
266
This is used when generating URLs to send to the client.
268
This method is DEPRECATED. We no longer support use of a prefix.
270
return os.path.join(self.config['urls']['root'], path)
272
295
def get_session(self):
273
296
"""Returns a mod_python Session object for this request.
274
297
Note that this is dependent on mod_python and may need to change
275
interface if porting away from mod_python.
277
IMPORTANT: Call unlock() on the session as soon as you are done with
278
it! If you don't, all other requests will block!
298
interface if porting away from mod_python."""
280
299
# Cache the session object and set the timeout to 24 hours.
281
300
if not hasattr(self, 'session'):
282
self.session = PotentiallySecureFileSession(
283
self.apache_req, timeout = 60 * 60 * 24)
301
self.session = mod_python.Session.FileSession(self.apache_req,
302
timeout = 60 * 60 * 24)
284
303
return self.session
286
305
def get_fieldstorage(self):
301
320
self.got_common_vars = True
302
321
return self.apache_req.subprocess_env
306
# Open a database connection and transaction, keep it around for users
307
# of the Request object to use.
308
if self._store is None:
309
self._store = ivle.database.get_store(self.config)
314
# Get and cache the request user, or None if it's not valid.
315
# This is a property so that we don't create a store unless
316
# some code actually requests the user.
324
def get_http_codename(code):
325
"""Given a HTTP error code int, returns a (name, description)
326
pair, suitable for displaying to the user.
327
May return (None,None) if code is unknown.
328
Only lists common 4xx and 5xx codes (since this is just used
329
to display throw_error error messages).
319
except AttributeError:
323
temp_user = ivle.webapp.security.get_user_details(self)
324
if temp_user and temp_user.valid:
325
self._user = temp_user
332
return http_codenames[code]
336
# Human strings for HTTP response codes
338
Request.HTTP_BAD_REQUEST:
340
"Your browser sent a request IVLE did not understand."),
341
Request.HTTP_UNAUTHORIZED:
343
"You are not allowed to view this part of IVLE."),
344
Request.HTTP_FORBIDDEN:
346
"You are not allowed to view this part of IVLE."),
347
Request.HTTP_NOT_FOUND:
349
"The application or file you requested does not exist."),
350
Request.HTTP_METHOD_NOT_ALLOWED:
351
("Method Not Allowed",
352
"Your browser is interacting with IVLE in the wrong way."
353
"This is probably a bug in IVLE. "
354
"Please report it to the administrators."),
355
Request.HTTP_INTERNAL_SERVER_ERROR:
356
("Internal Server Error",
357
"An unknown error occured in IVLE."),
358
Request.HTTP_NOT_IMPLEMENTED:
360
"The application or file you requested has not been implemented "
362
Request.HTTP_SERVICE_UNAVAILABLE:
363
("Service Unavailable",
364
"IVLE is currently experiencing technical difficulties. "
365
"Please try again later."),
added
removed
ivle/dispatch/request.py
