1
# IVLE - Informatics Virtual Learning Environment
2
# Copyright (C) 2007-2009 The University of Melbourne
4
# This program is free software; you can redistribute it and/or modify
5
# it under the terms of the GNU General Public License as published by
6
# the Free Software Foundation; either version 2 of the License, or
7
# (at your option) any later version.
9
# This program is distributed in the hope that it will be useful,
10
# but WITHOUT ANY WARRANTY; without even the implied warranty of
11
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
# GNU General Public License for more details.
14
# You should have received a copy of the GNU General Public License
15
# along with this program; if not, write to the Free Software
16
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
23
Builds an IVLE request object from a mod_python request object.
24
See design notes/apps/dispatch.txt for a full specification of this request
29
import mod_python.Session
30
import mod_python.Cookie
31
import mod_python.util
32
import mod_python.apache
34
class PotentiallySecureFileSession(mod_python.Session.FileSession):
35
"""A mod_python FileSession that sets secure cookie when appropriate.
37
A secure cookie will be set if the request itself is over HTTPS, or if
38
a proxy in front has set X-Forwarded-Proto: https. Otherwise the cookie
41
def make_cookie(self):
42
cookie = super(PotentiallySecureFileSession, self).make_cookie()
43
if (self._req.is_https() or
44
self._req.headers_in.get('X-Forwarded-Proto') == 'https'):
48
# This needs to be importable from outside Apache.
55
from ivle.webapp.base.plugins import CookiePlugin
56
import ivle.webapp.security
60
"""An IVLE request object. This is presented to the IVLE apps as a way of
61
interacting with the web server and the dispatcher.
63
Request object attributes:
65
String. The request method (eg. 'GET', 'POST', etc)
67
String. The path portion of the URI.
69
String. The path portion of the URI, unparsed with query string.
71
String. Name of the application specified in the URL, or None.
73
String. The path specified in the URL *not including* the
74
application or the IVLE location prefix. eg. a URL of
75
"/ivle/files/joe/myfiles" has a path of "joe/myfiles".
77
User object. Details of the user who is currently logged in, or
80
storm.store.Store instance. Holds a database transaction open,
81
which is available for the entire lifetime of the request.
83
String. Hostname the server is running on.
85
Table object representing headers sent by the client.
86
headers_out (read, can be written to)
87
Table object representing headers to be sent to the client.
89
Bool. True if the request came for the "public host" as
90
configured in conf.py. Note that public mode requests do not
91
have an app (app is set to None).
94
Int. Response status number. Use one of the status codes defined
97
String. The Content-Type (mime type) header value.
98
content_length (write)
99
Integer. The number of octets to be transfered.
101
String. Response "Location" header value. Used with HTTP redirect
105
# Special code for an OK response.
106
# Do not use HTTP_OK; for some reason Apache produces an "OK" error
107
# message if you do that.
113
HTTP_MOVED_TEMPORARILY = 302
116
HTTP_INTERNAL_SERVER_ERROR = 500
120
def __init__(self, req, config):
121
"""Create an IVLE request from a mod_python one.
123
@param req: A mod_python request.
124
@param config: An IVLE configuration.
127
# Methods are mostly wrappers around the Apache request object
128
self.apache_req = req
130
self.headers_written = False
132
# Determine if the browser used the public host name to make the
133
# request (in which case we are in "public mode")
134
if req.hostname == config['urls']['public_host']:
135
self.publicmode = True
137
self.publicmode = False
139
# Inherit values for the input members
140
self.method = req.method
142
self.unparsed_uri = req.unparsed_uri
143
# Split the given path into the app (top-level dir) and sub-path
144
# (after first stripping away the root directory)
145
(self.app, self.path) = (ivle.util.split_path(req.uri))
146
self.hostname = req.hostname
147
self.headers_in = req.headers_in
148
self.headers_out = req.headers_out
150
# Default values for the output members
151
self.status = Request.HTTP_OK
152
self.content_type = None # Use Apache's default
153
self.content_length = None # Don't provide Content-Length
155
# In some cases we don't want the template JS (such as the username
156
# and public FQDN) in the output HTML. In that case, set this to 0.
157
self.write_javascript_settings = True
158
self.got_common_vars = False
165
if self._store is not None:
171
if self._store is not None:
174
def __writeheaders(self):
175
"""Writes out the HTTP and HTML headers before any real data is
177
self.headers_written = True
179
# Prepare the HTTP and HTML headers before the first write is made
180
if self.content_type != None:
181
self.apache_req.content_type = self.content_type
182
if self.content_length:
183
self.apache_req.set_content_length(self.content_length)
184
self.apache_req.status = self.status
185
if self.location != None:
186
self.apache_req.headers_out['Location'] = self.location
188
def ensure_headers_written(self):
189
"""Writes out the HTTP and HTML headers if they haven't already been
191
if not self.headers_written:
192
self.__writeheaders()
194
def write(self, string, flush=1):
195
"""Writes string directly to the client, then flushes the buffer,
196
unless flush is 0."""
198
if not self.headers_written:
199
self.__writeheaders()
200
if isinstance(string, unicode):
201
# Encode unicode strings as UTF-8
202
# (Otherwise cannot handle being written to a bytestream)
203
self.apache_req.write(string.encode('utf8'), flush)
205
# 8-bit clean strings just get written directly.
206
# This includes binary strings.
207
self.apache_req.write(string, flush)
210
"""Log out the current user by destroying the session state.
211
Then redirect to the top-level IVLE page."""
212
if hasattr(self, 'session'):
213
self.session.invalidate()
214
self.session.delete()
215
# Invalidates all IVLE cookies
216
all_cookies = mod_python.Cookie.get_cookies(self)
218
# Create cookies for plugins that might request them.
219
for plugin in self.config.plugin_index[CookiePlugin]:
220
for cookie in plugin.cookies:
221
self.add_cookie(mod_python.Cookie.Cookie(cookie, '',
222
expires=1, path='/'))
223
self.throw_redirect(self.make_path(''))
227
"""Flushes the output buffer."""
228
self.apache_req.flush()
230
def sendfile(self, filename):
231
"""Sends the named file directly to the client."""
232
if not self.headers_written:
233
self.__writeheaders()
234
self.apache_req.sendfile(filename)
236
def read(self, len=None):
237
"""Reads at most len bytes directly from the client. (See mod_python
240
return self.apache_req.read()
242
return self.apache_req.read(len)
244
def throw_redirect(self, location):
245
"""Writes out an HTTP redirect to the specified URL. Raises an
246
exception which is caught by the dispatch or web server, so any
247
code following this call will not be executed.
249
httpcode: An HTTP response status code. Pass a constant from the
252
# Note: location may be a unicode, but it MUST only have ASCII
253
# characters (non-ascii characters should be URL-encoded).
254
mod_python.util.redirect(self.apache_req, location.encode("ascii"))
256
def add_cookie(self, cookie, value=None, **attributes):
257
"""Inserts a cookie into this request object's headers."""
259
mod_python.Cookie.add_cookie(self.apache_req, cookie)
261
mod_python.Cookie.add_cookie(self.apache_req, cookie, value, **attributes)
263
def make_path(self, path):
264
"""Prepend the IVLE URL prefix to the given path.
266
This is used when generating URLs to send to the client.
268
This method is DEPRECATED. We no longer support use of a prefix.
270
return os.path.join(self.config['urls']['root'], path)
272
def get_session(self):
273
"""Returns a mod_python Session object for this request.
274
Note that this is dependent on mod_python and may need to change
275
interface if porting away from mod_python.
277
IMPORTANT: Call unlock() on the session as soon as you are done with
278
it! If you don't, all other requests will block!
280
# Cache the session object and set the timeout to 24 hours.
281
if not hasattr(self, 'session'):
282
self.session = PotentiallySecureFileSession(
283
self.apache_req, timeout = 60 * 60 * 24)
286
def get_fieldstorage(self):
287
"""Returns a mod_python FieldStorage object for this request.
288
Note that this is dependent on mod_python and may need to change
289
interface if porting away from mod_python."""
290
# Cache the fieldstorage object
291
if not hasattr(self, 'fields'):
292
self.fields = mod_python.util.FieldStorage(self.apache_req)
295
def get_cgi_environ(self):
296
"""Returns the CGI environment emulation for this request. (Calls
297
add_common_vars). The environment is returned as a mapping
298
compatible with os.environ."""
299
if not self.got_common_vars:
300
self.apache_req.add_common_vars()
301
self.got_common_vars = True
302
return self.apache_req.subprocess_env
306
# Open a database connection and transaction, keep it around for users
307
# of the Request object to use.
308
if self._store is None:
309
self._store = ivle.database.get_store(self.config)
314
# Get and cache the request user, or None if it's not valid.
315
# This is a property so that we don't create a store unless
316
# some code actually requests the user.
319
except AttributeError:
323
temp_user = ivle.webapp.security.get_user_details(self)
324
if temp_user and temp_user.valid:
325
self._user = temp_user
added
removed
ivle/dispatch/request.py
