40
# We want to use the Storm C extensions if at all possible.
41
# Since we can't use SetEnv in Apache, do this here. It *must* appear
42
# before storm is imported for the first time.
43
os.environ['STORM_CEXTENSIONS'] = '1'
42
47
from ivle import util
44
49
from ivle.dispatch.request import Request
45
50
import ivle.webapp.security
46
51
from ivle.webapp.base.plugins import ViewPlugin, PublicViewPlugin
47
52
from ivle.webapp.base.xhtml import XHTMLView, XHTMLErrorView
48
from ivle.webapp.errors import HTTPError, Unauthorized, NotFound
50
def generate_route_mapper(view_plugins, attr):
53
from ivle.webapp.errors import BadRequest, HTTPError, NotFound, Unauthorized
54
from ivle.webapp.publisher import Publisher, PublishingError
55
from ivle.webapp import ApplicationRoot
57
config = ivle.config.Config()
59
class ObjectPermissionCheckingPublisher(Publisher):
60
"""A specialised publisher that checks object permissions.
62
This publisher verifies that the user holds any permission at all
63
on the model objects through which the resolution path passes. If
64
no permission is held, resolution is aborted with an Unauthorized
67
IMPORTANT: This does NOT check view permissions. It only checks
68
the objects in between the root and the view, exclusive!
71
def traversed_to_object(self, obj):
72
"""Check that the user has any permission at all over the object."""
73
if (hasattr(obj, 'get_permissions') and
74
len(obj.get_permissions(self.root.user, config)) == 0):
75
# Indicate the forbidden object if this is an admin.
76
if self.root.user and self.root.user.admin:
77
raise Unauthorized('Unauthorized: %s' % obj)
82
def generate_publisher(view_plugins, root, publicmode=False):
52
84
Build a Mapper object for doing URL matching using 'routes', based on the
53
85
given plugin registry.
55
m = routes.Mapper(explicit=True)
87
r = ObjectPermissionCheckingPublisher(root=root)
89
r.add_set_switch('api', 'api')
92
view_attr = 'public_views'
93
forward_route_attr = 'public_forward_routes'
94
reverse_route_attr = 'public_reverse_routes'
97
forward_route_attr = 'forward_routes'
98
reverse_route_attr = 'reverse_routes'
56
101
for plugin in view_plugins:
57
# Establish a URL pattern for each element of plugin.urls
58
assert hasattr(plugin, 'urls'), "%r does not have any urls" % plugin
59
for url in getattr(plugin, attr):
62
kwargs_dict = url[2] if len(url) >= 3 else {}
63
m.connect(routex, view=view_class, **kwargs_dict)
102
if hasattr(plugin, forward_route_attr):
103
for fr in getattr(plugin, forward_route_attr):
104
# An annotated function can also be passed in directly.
105
if hasattr(fr, '_forward_route_meta'):
106
r.add_forward_func(fr)
110
if hasattr(plugin, reverse_route_attr):
111
for rr in getattr(plugin, reverse_route_attr):
112
# An annotated function can also be passed in directly.
113
if hasattr(rr, '_reverse_route_src'):
114
r.add_reverse_func(rr)
118
if hasattr(plugin, view_attr):
119
for v in getattr(plugin, view_attr):
66
124
def handler(apachereq):
67
125
"""Handles an HTTP request.
71
129
@param apachereq: An Apache request object.
73
131
# Make the request object into an IVLE request which can be given to views
74
req = Request(apachereq)
76
# Hack? Try and get the user login early just in case we throw an error
77
# (most likely 404) to stop us seeing not logged in even when we are.
78
if not req.publicmode:
79
user = ivle.webapp.security.get_user_details(req)
81
# Don't set the user if it is disabled or hasn't accepted the ToS.
82
if user and user.valid:
85
conf = ivle.config.Config()
89
req.mapper = generate_route_mapper(conf.plugin_index[PublicViewPlugin],
92
req.mapper = generate_route_mapper(conf.plugin_index[ViewPlugin],
95
matchdict = req.mapper.match(req.uri)
96
if matchdict is not None:
97
viewcls = matchdict['view']
98
# Get the remaining arguments, less 'view', 'action' and 'controller'
99
# (The latter two seem to be built-in, and we don't want them).
100
kwargs = matchdict.copy()
132
req = Request(apachereq, config)
134
req.publisher = generate_publisher(
135
config.plugin_index[ViewPlugin], ApplicationRoot(req),
136
publicmode=req.publicmode)
139
obj, viewcls, subpath = req.publisher.resolve(req.uri.decode('utf-8'))
141
# We 404 if we have a subpath but the view forbids it.
142
if not viewcls.subpath_allowed and subpath:
103
145
# Instantiate the view, which should be a BaseView class
104
view = viewcls(req, **kwargs)
146
view = viewcls(req, obj, subpath)
106
148
# Check that the request (mainly the user) is permitted to access
108
150
if not view.authorize(req):
151
# Indicate the forbidden object if this is an admin.
152
if req.user and req.user.admin:
153
raise Unauthorized('Unauthorized: %s' % view)
157
# Non-GET requests from other sites leave us vulnerable to
159
referer = req.headers_in.get('Referer')
160
if (referer is None or
161
urlparse.urlparse(req.headers_in.get('Referer')).netloc !=
163
if req.method != 'GET' and not view.offsite_posts_allowed:
165
"Non-GET requests from external sites are forbidden "
166
"for security reasons.")
110
168
# Render the output
112
170
except HTTPError, e:
189
except mod_python.apache.SERVER_RETURN:
190
# A mod_python-specific Apache error.
191
# XXX: We need to raise these because req.throw_error() uses them.
192
# Remove this after Google Code issue 117 is fixed.
131
194
except Exception, e:
132
195
# A non-HTTPError appeared. We have an unknown exception. Panic.
133
196
handle_unknown_exception(req, *sys.exc_info())
199
# Commit the transaction if we have a store open.
139
XHTMLErrorView(req, NotFound()).render(req)
202
except Unauthorized, e:
203
# Resolution failed due to a permission check. Display a pretty
204
# error, or maybe a login page.
205
XHTMLView.get_error_view(e)(req, e, req.publisher.root).render(req)
207
except PublishingError, e:
210
if req.user and req.user.admin:
211
XHTMLErrorView(req, NotFound('Not found: ' +
212
str(e.args)), e[0]).render(req)
214
XHTMLErrorView(req, NotFound(), e[0]).render(req)
218
# Make sure we close the store.
142
221
def handle_unknown_exception(req, exc_type, exc_value, exc_traceback):
186
269
# misbehaves (which is currently very easy, if things aren't set up
188
271
# Write the traceback.
189
# If this is a non-4xx IVLEError, get the message and httpcode and
190
# make the error message a bit nicer (but still include the
192
# We also need to special-case IVLEJailError, as we can get another
273
# We need to special-case IVLEJailError, as we can get another
193
274
# almost-exception out of it.
195
codename, msg = None, None
197
275
if exc_type is util.IVLEJailError:
198
msg = exc_value.type_str + ": " + exc_value.message
199
276
tb = 'Exception information extracted from IVLEJailError:\n'
200
277
tb += urllib.unquote(exc_value.info)
203
codename, msg = req.get_http_codename(httpcode)
204
except AttributeError:
207
279
tb = ''.join(traceback.format_exception(exc_type, exc_value,
210
logging.error('%s\n%s'%(str(msg), tb))
282
logging.error('\n' + tb)
212
284
# Error messages are only displayed is the user is NOT a student,
213
285
# or if there has been a problem logging the error message