29
29
import mod_python.Session
30
30
import mod_python.Cookie
31
31
import mod_python.util
32
import mod_python.apache
34
class PotentiallySecureFileSession(mod_python.Session.FileSession):
35
"""A mod_python FileSession that sets secure cookie when appropriate.
37
A secure cookie will be set if the request itself is over HTTPS, or if
38
a proxy in front has set X-Forwarded-Proto: https. Otherwise the cookie
41
def make_cookie(self):
42
cookie = super(PotentiallySecureFileSession, self).make_cookie()
43
if (self._req.is_https() or
44
self._req.headers_in.get('X-Forwarded-Proto') == 'https'):
32
47
except ImportError:
33
48
# This needs to be importable from outside Apache.
48
65
String. The request method (eg. 'GET', 'POST', etc)
50
67
String. The path portion of the URI.
69
String. The path portion of the URI, unparsed with query string.
52
71
String. Name of the application specified in the URL, or None.
77
96
content_type (write)
78
97
String. The Content-Type (mime type) header value.
98
content_length (write)
99
Integer. The number of octets to be transfered.
80
101
String. Response "Location" header value. Used with HTTP redirect
83
List of strings. Write a list of URLs to CSS files here, and they
84
will be incorporated as <link rel="stylesheet" type="text/css">
85
elements in the head, if write_html_head_foot is True.
86
URLs should be relative to the IVLE root; they will be fixed up
89
List of strings. Write a list of URLs to JS files here, and they
90
will be incorporated as <script type="text/javascript"> elements
91
in the head, if write_html_head_foot is True.
92
URLs should be relative to the IVLE root; they will be fixed up
95
List of strings. Write a list of JS function names, and they
96
will be added as window.addListener('load', ..., false); calls
97
in the head, if write_html_head_foot is True.
98
This is the propper way to specify functions that need to run at
102
105
# Special code for an OK response.
107
110
# HTTP status codes
110
HTTP_SWITCHING_PROTOCOLS = 101
111
HTTP_PROCESSING = 102
115
HTTP_NON_AUTHORITATIVE = 203
116
HTTP_NO_CONTENT = 204
117
HTTP_RESET_CONTENT = 205
118
HTTP_PARTIAL_CONTENT = 206
119
HTTP_MULTI_STATUS = 207
120
HTTP_MULTIPLE_CHOICES = 300
121
HTTP_MOVED_PERMANENTLY = 301
122
113
HTTP_MOVED_TEMPORARILY = 302
124
HTTP_NOT_MODIFIED = 304
126
HTTP_TEMPORARY_REDIRECT = 307
127
HTTP_BAD_REQUEST = 400
128
HTTP_UNAUTHORIZED = 401
129
HTTP_PAYMENT_REQUIRED = 402
130
114
HTTP_FORBIDDEN = 403
131
115
HTTP_NOT_FOUND = 404
132
HTTP_METHOD_NOT_ALLOWED = 405
133
HTTP_NOT_ACCEPTABLE = 406
134
HTTP_PROXY_AUTHENTICATION_REQUIRED= 407
135
HTTP_REQUEST_TIME_OUT = 408
138
HTTP_LENGTH_REQUIRED = 411
139
HTTP_PRECONDITION_FAILED = 412
140
HTTP_REQUEST_ENTITY_TOO_LARGE = 413
141
HTTP_REQUEST_URI_TOO_LARGE = 414
142
HTTP_UNSUPPORTED_MEDIA_TYPE = 415
143
HTTP_RANGE_NOT_SATISFIABLE = 416
144
HTTP_EXPECTATION_FAILED = 417
145
HTTP_UNPROCESSABLE_ENTITY = 422
147
HTTP_FAILED_DEPENDENCY = 424
148
116
HTTP_INTERNAL_SERVER_ERROR = 500
149
HTTP_NOT_IMPLEMENTED = 501
150
HTTP_BAD_GATEWAY = 502
151
HTTP_SERVICE_UNAVAILABLE = 503
152
HTTP_GATEWAY_TIME_OUT = 504
153
HTTP_VERSION_NOT_SUPPORTED = 505
154
HTTP_VARIANT_ALSO_VARIES = 506
155
HTTP_INSUFFICIENT_STORAGE = 507
156
HTTP_NOT_EXTENDED = 510
158
120
def __init__(self, req, config):
159
121
"""Create an IVLE request from a mod_python one.
177
139
# Inherit values for the input members
178
140
self.method = req.method
179
141
self.uri = req.uri
142
self.unparsed_uri = req.unparsed_uri
180
143
# Split the given path into the app (top-level dir) and sub-path
181
144
# (after first stripping away the root directory)
182
path = self.unmake_path(req.uri)
183
(self.app, self.path) = (ivle.util.split_path(path))
145
(self.app, self.path) = (ivle.util.split_path(req.uri))
185
146
self.hostname = req.hostname
186
147
self.headers_in = req.headers_in
187
148
self.headers_out = req.headers_out
189
# Open a database connection and transaction, keep it around for users
190
# of the Request object to use
191
self.store = ivle.database.get_store(config)
193
150
# Default values for the output members
194
151
self.status = Request.HTTP_OK
195
152
self.content_type = None # Use Apache's default
153
self.content_length = None # Don't provide Content-Length
196
154
self.location = None
199
self.scripts_init = []
200
155
# In some cases we don't want the template JS (such as the username
201
156
# and public FQDN) in the output HTML. In that case, set this to 0.
202
157
self.write_javascript_settings = True
203
158
self.got_common_vars = False
205
160
def __del__(self):
165
if self._store is not None:
171
if self._store is not None:
209
174
def __writeheaders(self):
210
175
"""Writes out the HTTP and HTML headers before any real data is
214
179
# Prepare the HTTP and HTML headers before the first write is made
215
180
if self.content_type != None:
216
181
self.apache_req.content_type = self.content_type
182
if self.content_length:
183
self.apache_req.set_content_length(self.content_length)
217
184
self.apache_req.status = self.status
218
185
if self.location != None:
219
186
self.apache_req.headers_out['Location'] = self.location
303
270
return os.path.join(self.config['urls']['root'], path)
305
def unmake_path(self, path):
306
"""Strip the IVLE URL prefix from the given path, if present.
308
Also normalises the path.
310
This method is DEPRECATED. We no longer support use of a prefix.
312
path = os.path.normpath(path)
313
root = os.path.normpath(self.config['urls']['root'])
315
if path.startswith(root):
316
path = path[len(root):]
317
# Take out the slash as well
318
if len(path) > 0 and path[0] == os.sep:
323
272
def get_session(self):
324
273
"""Returns a mod_python Session object for this request.
325
274
Note that this is dependent on mod_python and may need to change
331
280
# Cache the session object and set the timeout to 24 hours.
332
281
if not hasattr(self, 'session'):
333
self.session = mod_python.Session.FileSession(self.apache_req,
334
timeout = 60 * 60 * 24)
282
self.session = PotentiallySecureFileSession(
283
self.apache_req, timeout = 60 * 60 * 24)
335
284
return self.session
337
286
def get_fieldstorage(self):
352
301
self.got_common_vars = True
353
302
return self.apache_req.subprocess_env
356
def get_http_codename(code):
357
"""Given a HTTP error code int, returns a (name, description)
358
pair, suitable for displaying to the user.
359
May return (None,None) if code is unknown.
360
Only lists common 4xx and 5xx codes (since this is just used
361
to display throw_error error messages).
306
# Open a database connection and transaction, keep it around for users
307
# of the Request object to use.
308
if self._store is None:
309
self._store = ivle.database.get_store(self.config)
314
# Get and cache the request user, or None if it's not valid.
315
# This is a property so that we don't create a store unless
316
# some code actually requests the user.
364
return http_codenames[code]
319
except AttributeError:
323
temp_user = ivle.webapp.security.get_user_details(self)
324
if temp_user and temp_user.valid:
325
self._user = temp_user
368
# Human strings for HTTP response codes
370
Request.HTTP_BAD_REQUEST:
372
"Your browser sent a request IVLE did not understand."),
373
Request.HTTP_UNAUTHORIZED:
375
"You are not allowed to view this part of IVLE."),
376
Request.HTTP_FORBIDDEN:
378
"You are not allowed to view this part of IVLE."),
379
Request.HTTP_NOT_FOUND:
381
"The application or file you requested does not exist."),
382
Request.HTTP_METHOD_NOT_ALLOWED:
383
("Method Not Allowed",
384
"Your browser is interacting with IVLE in the wrong way."
385
"This is probably a bug in IVLE. "
386
"Please report it to the administrators."),
387
Request.HTTP_INTERNAL_SERVER_ERROR:
388
("Internal Server Error",
389
"An unknown error occured in IVLE."),
390
Request.HTTP_NOT_IMPLEMENTED:
392
"The application or file you requested has not been implemented "
394
Request.HTTP_SERVICE_UNAVAILABLE:
395
("Service Unavailable",
396
"IVLE is currently experiencing technical difficulties. "
397
"Please try again later."),
added
removed
ivle/dispatch/request.py
