29
29
import mod_python.Session
30
30
import mod_python.Cookie
31
31
import mod_python.util
32
import mod_python.apache
34
class PotentiallySecureFileSession(mod_python.Session.FileSession):
35
"""A mod_python FileSession that sets secure cookie when appropriate.
37
A secure cookie will be set if the request itself is over HTTPS, or if
38
a proxy in front has set X-Forwarded-Proto: https. Otherwise the cookie
41
def make_cookie(self):
42
cookie = super(PotentiallySecureFileSession, self).make_cookie()
43
if (self._req.is_https() or
44
self._req.headers_in.get('X-Forwarded-Proto') == 'https'):
32
47
except ImportError:
33
48
# This needs to be importable from outside Apache.
38
54
import ivle.database
39
55
from ivle.webapp.base.plugins import CookiePlugin
56
import ivle.webapp.security
42
60
"""An IVLE request object. This is presented to the IVLE apps as a way of
76
96
content_type (write)
77
97
String. The Content-Type (mime type) header value.
98
content_length (write)
99
Integer. The number of octets to be transfered.
79
101
String. Response "Location" header value. Used with HTTP redirect
82
String. HTML page title. Used if write_html_head_foot is True, in
83
the HTML title element text.
85
List of strings. Write a list of URLs to CSS files here, and they
86
will be incorporated as <link rel="stylesheet" type="text/css">
87
elements in the head, if write_html_head_foot is True.
88
URLs should be relative to the IVLE root; they will be fixed up
91
List of strings. Write a list of URLs to JS files here, and they
92
will be incorporated as <script type="text/javascript"> elements
93
in the head, if write_html_head_foot is True.
94
URLs should be relative to the IVLE root; they will be fixed up
97
List of strings. Write a list of JS function names, and they
98
will be added as window.addListener('load', ..., false); calls
99
in the head, if write_html_head_foot is True.
100
This is the propper way to specify functions that need to run at
102
write_html_head_foot (write)
103
Boolean. If True, dispatch assumes that this is an XHTML page, and
104
will immediately write a full HTML head, open the body element,
105
and write heading contents to the page, before any bytes are
106
written. It will then write footer contents and close the body and
107
html elements at the end of execution.
109
This value should be set to true by all applications for all HTML
110
output (unless there is a good reason, eg. exec). The
111
applications should therefore output HTML content assuming that
112
it will be written inside the body tag. Do not write opening or
113
closing <html> or <body> tags.
116
105
# Special code for an OK response.
121
110
# HTTP status codes
124
HTTP_SWITCHING_PROTOCOLS = 101
125
HTTP_PROCESSING = 102
129
HTTP_NON_AUTHORITATIVE = 203
130
HTTP_NO_CONTENT = 204
131
HTTP_RESET_CONTENT = 205
132
HTTP_PARTIAL_CONTENT = 206
133
HTTP_MULTI_STATUS = 207
134
HTTP_MULTIPLE_CHOICES = 300
135
HTTP_MOVED_PERMANENTLY = 301
136
113
HTTP_MOVED_TEMPORARILY = 302
138
HTTP_NOT_MODIFIED = 304
140
HTTP_TEMPORARY_REDIRECT = 307
141
HTTP_BAD_REQUEST = 400
142
HTTP_UNAUTHORIZED = 401
143
HTTP_PAYMENT_REQUIRED = 402
144
114
HTTP_FORBIDDEN = 403
145
115
HTTP_NOT_FOUND = 404
146
HTTP_METHOD_NOT_ALLOWED = 405
147
HTTP_NOT_ACCEPTABLE = 406
148
HTTP_PROXY_AUTHENTICATION_REQUIRED= 407
149
HTTP_REQUEST_TIME_OUT = 408
152
HTTP_LENGTH_REQUIRED = 411
153
HTTP_PRECONDITION_FAILED = 412
154
HTTP_REQUEST_ENTITY_TOO_LARGE = 413
155
HTTP_REQUEST_URI_TOO_LARGE = 414
156
HTTP_UNSUPPORTED_MEDIA_TYPE = 415
157
HTTP_RANGE_NOT_SATISFIABLE = 416
158
HTTP_EXPECTATION_FAILED = 417
159
HTTP_UNPROCESSABLE_ENTITY = 422
161
HTTP_FAILED_DEPENDENCY = 424
162
116
HTTP_INTERNAL_SERVER_ERROR = 500
163
HTTP_NOT_IMPLEMENTED = 501
164
HTTP_BAD_GATEWAY = 502
165
HTTP_SERVICE_UNAVAILABLE = 503
166
HTTP_GATEWAY_TIME_OUT = 504
167
HTTP_VERSION_NOT_SUPPORTED = 505
168
HTTP_VARIANT_ALSO_VARIES = 506
169
HTTP_INSUFFICIENT_STORAGE = 507
170
HTTP_NOT_EXTENDED = 510
172
def __init__(self, req, write_html_head):
173
"""Builds an IVLE request object from a mod_python request object.
174
This results in an object with all of the necessary methods and
177
req: A mod_python request object.
178
write_html_head: Function which is called when writing the automatic
179
HTML header. Accepts a single argument, the IVLE request object.
120
def __init__(self, req, config):
121
"""Create an IVLE request from a mod_python one.
123
@param req: A mod_python request.
124
@param config: An IVLE configuration.
182
127
# Methods are mostly wrappers around the Apache request object
183
128
self.apache_req = req
184
self.func_write_html_head = write_html_head
185
130
self.headers_written = False
187
132
# Determine if the browser used the public host name to make the
188
133
# request (in which case we are in "public mode")
189
if req.hostname == ivle.conf.public_host:
134
if req.hostname == config['urls']['public_host']:
190
135
self.publicmode = True
192
137
self.publicmode = False
194
139
# Inherit values for the input members
195
140
self.method = req.method
196
141
self.uri = req.uri
142
self.unparsed_uri = req.unparsed_uri
197
143
# Split the given path into the app (top-level dir) and sub-path
198
144
# (after first stripping away the root directory)
199
path = ivle.util.unmake_path(req.uri)
200
(self.app, self.path) = (ivle.util.split_path(path))
145
(self.app, self.path) = (ivle.util.split_path(req.uri))
202
146
self.hostname = req.hostname
203
147
self.headers_in = req.headers_in
204
148
self.headers_out = req.headers_out
206
# Open a database connection and transaction, keep it around for users
207
# of the Request object to use
208
self.store = ivle.database.get_store()
210
150
# Default values for the output members
211
151
self.status = Request.HTTP_OK
212
152
self.content_type = None # Use Apache's default
153
self.content_length = None # Don't provide Content-Length
213
154
self.location = None
214
self.title = None # Will be set by dispatch before passing to app
217
self.scripts_init = []
218
self.write_html_head_foot = False
219
155
# In some cases we don't want the template JS (such as the username
220
156
# and public FQDN) in the output HTML. In that case, set this to 0.
221
157
self.write_javascript_settings = True
222
158
self.got_common_vars = False
224
160
def __del__(self):
165
if self._store is not None:
171
if self._store is not None:
228
174
def __writeheaders(self):
229
175
"""Writes out the HTTP and HTML headers before any real data is
231
177
self.headers_written = True
233
# app is the App object for the chosen app
235
app = ivle.conf.apps.app_url[self.app]
239
179
# Prepare the HTTP and HTML headers before the first write is made
240
180
if self.content_type != None:
241
181
self.apache_req.content_type = self.content_type
182
if self.content_length:
183
self.apache_req.set_content_length(self.content_length)
242
184
self.apache_req.status = self.status
243
185
if self.location != None:
244
186
self.apache_req.headers_out['Location'] = self.location
245
if self.write_html_head_foot:
246
# Write the HTML header, pass "self" (request object)
247
self.func_write_html_head(self)
249
188
def ensure_headers_written(self):
250
189
"""Writes out the HTTP and HTML headers if they haven't already been
303
242
return self.apache_req.read(len)
305
def throw_error(self, httpcode, message=None):
306
"""Writes out an HTTP error of the specified code. Raises an exception
307
which is caught by the dispatch or web server, so any code following
308
this call will not be executed.
310
httpcode: An HTTP response status code. Pass a constant from the
313
raise ivle.util.IVLEError(httpcode, message)
315
244
def throw_redirect(self, location):
316
245
"""Writes out an HTTP redirect to the specified URL. Raises an
317
246
exception which is caught by the dispatch or web server, so any
332
261
mod_python.Cookie.add_cookie(self.apache_req, cookie, value, **attributes)
263
def make_path(self, path):
264
"""Prepend the IVLE URL prefix to the given path.
266
This is used when generating URLs to send to the client.
268
This method is DEPRECATED. We no longer support use of a prefix.
270
return os.path.join(self.config['urls']['root'], path)
334
272
def get_session(self):
335
273
"""Returns a mod_python Session object for this request.
336
274
Note that this is dependent on mod_python and may need to change
337
interface if porting away from mod_python."""
275
interface if porting away from mod_python.
277
IMPORTANT: Call unlock() on the session as soon as you are done with
278
it! If you don't, all other requests will block!
338
280
# Cache the session object and set the timeout to 24 hours.
339
281
if not hasattr(self, 'session'):
340
self.session = mod_python.Session.FileSession(self.apache_req,
341
timeout = 60 * 60 * 24)
282
self.session = PotentiallySecureFileSession(
283
self.apache_req, timeout = 60 * 60 * 24)
342
284
return self.session
344
286
def get_fieldstorage(self):
359
301
self.got_common_vars = True
360
302
return self.apache_req.subprocess_env
363
def get_http_codename(code):
364
"""Given a HTTP error code int, returns a (name, description)
365
pair, suitable for displaying to the user.
366
May return (None,None) if code is unknown.
367
Only lists common 4xx and 5xx codes (since this is just used
368
to display throw_error error messages).
306
# Open a database connection and transaction, keep it around for users
307
# of the Request object to use.
308
if self._store is None:
309
self._store = ivle.database.get_store(self.config)
314
# Get and cache the request user, or None if it's not valid.
315
# This is a property so that we don't create a store unless
316
# some code actually requests the user.
371
return http_codenames[code]
319
except AttributeError:
323
temp_user = ivle.webapp.security.get_user_details(self)
324
if temp_user and temp_user.valid:
325
self._user = temp_user
375
# Human strings for HTTP response codes
377
Request.HTTP_BAD_REQUEST:
379
"Your browser sent a request IVLE did not understand."),
380
Request.HTTP_UNAUTHORIZED:
382
"You are not allowed to view this part of IVLE."),
383
Request.HTTP_FORBIDDEN:
385
"You are not allowed to view this part of IVLE."),
386
Request.HTTP_NOT_FOUND:
388
"The application or file you requested does not exist."),
389
Request.HTTP_METHOD_NOT_ALLOWED:
390
("Method Not Allowed",
391
"Your browser is interacting with IVLE in the wrong way."
392
"This is probably a bug in IVLE. "
393
"Please report it to the administrators."),
394
Request.HTTP_INTERNAL_SERVER_ERROR:
395
("Internal Server Error",
396
"An unknown error occured in IVLE."),
397
Request.HTTP_NOT_IMPLEMENTED:
399
"The application or file you requested has not been implemented "
401
Request.HTTP_SERVICE_UNAVAILABLE:
402
("Service Unavailable",
403
"IVLE is currently experiencing technical difficulties. "
404
"Please try again later."),
added
removed
ivle/dispatch/request.py
