1
# IVLE - Informatics Virtual Learning Environment
2
# Copyright (C) 2007-2009 The University of Melbourne
4
# This program is free software; you can redistribute it and/or modify
5
# it under the terms of the GNU General Public License as published by
6
# the Free Software Foundation; either version 2 of the License, or
7
# (at your option) any later version.
9
# This program is distributed in the hope that it will be useful,
10
# but WITHOUT ANY WARRANTY; without even the implied warranty of
11
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
# GNU General Public License for more details.
14
# You should have received a copy of the GNU General Public License
15
# along with this program; if not, write to the Free Software
16
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
23
Builds an IVLE request object from a mod_python request object.
24
See design notes/apps/dispatch.txt for a full specification of this request
29
import mod_python.Session
30
import mod_python.Cookie
31
import mod_python.util
32
import mod_python.apache
34
class PotentiallySecureFileSession(mod_python.Session.FileSession):
35
"""A mod_python FileSession that sets secure cookie when appropriate.
37
A secure cookie will be set if the request itself is over HTTPS, or if
38
a proxy in front has set X-Forwarded-Proto: https. Otherwise the cookie
41
def make_cookie(self):
42
cookie = super(PotentiallySecureFileSession, self).make_cookie()
43
if (self._req.is_https() or
44
self._req.headers_in.get('X-Forwarded-Proto') == 'https'):
48
# This needs to be importable from outside Apache.
55
from ivle.webapp.base.plugins import CookiePlugin
56
import ivle.webapp.security
60
"""An IVLE request object. This is presented to the IVLE apps as a way of
61
interacting with the web server and the dispatcher.
63
Request object attributes:
65
String. The request method (eg. 'GET', 'POST', etc)
67
String. The path portion of the URI.
69
String. The path portion of the URI, unparsed with query string.
71
String. Name of the application specified in the URL, or None.
73
String. The path specified in the URL *not including* the
74
application or the IVLE location prefix. eg. a URL of
75
"/ivle/files/joe/myfiles" has a path of "joe/myfiles".
77
User object. Details of the user who is currently logged in, or
80
storm.store.Store instance. Holds a database transaction open,
81
which is available for the entire lifetime of the request.
83
String. Hostname the server is running on.
85
Table object representing headers sent by the client.
86
headers_out (read, can be written to)
87
Table object representing headers to be sent to the client.
89
Bool. True if the request came for the "public host" as
90
configured in conf.py. Note that public mode requests do not
91
have an app (app is set to None).
94
Int. Response status number. Use one of the status codes defined
97
String. The Content-Type (mime type) header value.
99
String. Response "Location" header value. Used with HTTP redirect
103
# Special code for an OK response.
104
# Do not use HTTP_OK; for some reason Apache produces an "OK" error
105
# message if you do that.
111
HTTP_MOVED_TEMPORARILY = 302
114
HTTP_INTERNAL_SERVER_ERROR = 500
118
def __init__(self, req, config):
119
"""Create an IVLE request from a mod_python one.
121
@param req: A mod_python request.
122
@param config: An IVLE configuration.
125
# Methods are mostly wrappers around the Apache request object
126
self.apache_req = req
128
self.headers_written = False
130
# Determine if the browser used the public host name to make the
131
# request (in which case we are in "public mode")
132
if req.hostname == config['urls']['public_host']:
133
self.publicmode = True
135
self.publicmode = False
137
# Inherit values for the input members
138
self.method = req.method
140
self.unparsed_uri = req.unparsed_uri
141
# Split the given path into the app (top-level dir) and sub-path
142
# (after first stripping away the root directory)
143
(self.app, self.path) = (ivle.util.split_path(req.uri))
144
self.hostname = req.hostname
145
self.headers_in = req.headers_in
146
self.headers_out = req.headers_out
148
# Default values for the output members
149
self.status = Request.HTTP_OK
150
self.content_type = None # Use Apache's default
152
# In some cases we don't want the template JS (such as the username
153
# and public FQDN) in the output HTML. In that case, set this to 0.
154
self.write_javascript_settings = True
155
self.got_common_vars = False
162
if self._store is not None:
168
if self._store is not None:
171
def __writeheaders(self):
172
"""Writes out the HTTP and HTML headers before any real data is
174
self.headers_written = True
176
# Prepare the HTTP and HTML headers before the first write is made
177
if self.content_type != None:
178
self.apache_req.content_type = self.content_type
179
self.apache_req.status = self.status
180
if self.location != None:
181
self.apache_req.headers_out['Location'] = self.location
183
def ensure_headers_written(self):
184
"""Writes out the HTTP and HTML headers if they haven't already been
186
if not self.headers_written:
187
self.__writeheaders()
189
def write(self, string, flush=1):
190
"""Writes string directly to the client, then flushes the buffer,
191
unless flush is 0."""
193
if not self.headers_written:
194
self.__writeheaders()
195
if isinstance(string, unicode):
196
# Encode unicode strings as UTF-8
197
# (Otherwise cannot handle being written to a bytestream)
198
self.apache_req.write(string.encode('utf8'), flush)
200
# 8-bit clean strings just get written directly.
201
# This includes binary strings.
202
self.apache_req.write(string, flush)
205
"""Log out the current user by destroying the session state.
206
Then redirect to the top-level IVLE page."""
207
if hasattr(self, 'session'):
208
self.session.invalidate()
209
self.session.delete()
210
# Invalidates all IVLE cookies
211
all_cookies = mod_python.Cookie.get_cookies(self)
213
# Create cookies for plugins that might request them.
214
for plugin in self.config.plugin_index[CookiePlugin]:
215
for cookie in plugin.cookies:
216
self.add_cookie(mod_python.Cookie.Cookie(cookie, '',
217
expires=1, path='/'))
218
self.throw_redirect(self.make_path(''))
222
"""Flushes the output buffer."""
223
self.apache_req.flush()
225
def sendfile(self, filename):
226
"""Sends the named file directly to the client."""
227
if not self.headers_written:
228
self.__writeheaders()
229
self.apache_req.sendfile(filename)
231
def read(self, len=None):
232
"""Reads at most len bytes directly from the client. (See mod_python
235
return self.apache_req.read()
237
return self.apache_req.read(len)
239
def throw_redirect(self, location):
240
"""Writes out an HTTP redirect to the specified URL. Raises an
241
exception which is caught by the dispatch or web server, so any
242
code following this call will not be executed.
244
httpcode: An HTTP response status code. Pass a constant from the
247
# Note: location may be a unicode, but it MUST only have ASCII
248
# characters (non-ascii characters should be URL-encoded).
249
mod_python.util.redirect(self.apache_req, location.encode("ascii"))
251
def add_cookie(self, cookie, value=None, **attributes):
252
"""Inserts a cookie into this request object's headers."""
254
mod_python.Cookie.add_cookie(self.apache_req, cookie)
256
mod_python.Cookie.add_cookie(self.apache_req, cookie, value, **attributes)
258
def make_path(self, path):
259
"""Prepend the IVLE URL prefix to the given path.
261
This is used when generating URLs to send to the client.
263
This method is DEPRECATED. We no longer support use of a prefix.
265
return os.path.join(self.config['urls']['root'], path)
267
def get_session(self):
268
"""Returns a mod_python Session object for this request.
269
Note that this is dependent on mod_python and may need to change
270
interface if porting away from mod_python.
272
IMPORTANT: Call unlock() on the session as soon as you are done with
273
it! If you don't, all other requests will block!
275
# Cache the session object and set the timeout to 24 hours.
276
if not hasattr(self, 'session'):
277
self.session = PotentiallySecureFileSession(
278
self.apache_req, timeout = 60 * 60 * 24)
281
def get_fieldstorage(self):
282
"""Returns a mod_python FieldStorage object for this request.
283
Note that this is dependent on mod_python and may need to change
284
interface if porting away from mod_python."""
285
# Cache the fieldstorage object
286
if not hasattr(self, 'fields'):
287
self.fields = mod_python.util.FieldStorage(self.apache_req)
290
def get_cgi_environ(self):
291
"""Returns the CGI environment emulation for this request. (Calls
292
add_common_vars). The environment is returned as a mapping
293
compatible with os.environ."""
294
if not self.got_common_vars:
295
self.apache_req.add_common_vars()
296
self.got_common_vars = True
297
return self.apache_req.subprocess_env
301
# Open a database connection and transaction, keep it around for users
302
# of the Request object to use.
303
if self._store is None:
304
self._store = ivle.database.get_store(self.config)
309
# Get and cache the request user, or None if it's not valid.
310
# This is a property so that we don't create a store unless
311
# some code actually requests the user.
314
except AttributeError:
318
temp_user = ivle.webapp.security.get_user_details(self)
319
if temp_user and temp_user.valid:
320
self._user = temp_user
added
removed
ivle/dispatch/request.py
