1 # Copyright (C) 2013 Ipsilon project Contributors, for license see COPYING
4 from ipsilon.util.endpoint import Endpoint
5 from ipsilon.util.user import UserSession
6 from ipsilon.util.trans import Transaction
7 from urllib import unquote
9 from urlparse import urlparse
10 from urlparse import parse_qs
12 # pylint: disable=no-name-in-module, import-error
13 from urllib.parse import urlparse
14 from urllib.parse import parse_qs
17 def admin_protect(fn):
19 def check(*args, **kwargs):
20 if UserSession().get_user().is_admin:
21 return fn(*args, **kwargs)
23 raise cherrypy.HTTPError(403)
29 def __init__(self, site, form=False):
30 super(Page, self).__init__(site)
31 if 'template_env' not in site:
32 raise ValueError('Missing template environment')
34 self.basepath = cherrypy.config.get('base.mount', "")
36 self._is_form_page = form
37 self.auth_protect = False
40 return cherrypy.url(relative=False)
42 def instance_base_url(self):
44 s = urlparse(unquote(url))
45 return '%s://%s%s' % (s.scheme, s.netloc, self.basepath)
47 def _check_referer(self, referer, url):
48 r = urlparse(unquote(referer))
49 u = urlparse(unquote(url))
50 if r.scheme != u.scheme:
52 if r.netloc != u.netloc:
54 if r.path.startswith(self.basepath):
58 def __call__(self, *args, **kwargs):
59 cherrypy.response.headers.update(self.default_headers)
61 self.user = UserSession().get_user()
63 if self.auth_protect and self.user.is_anonymous:
64 raise cherrypy.HTTPError(401)
67 op = getattr(self, args[0], None)
68 if callable(op) and getattr(op, 'public_function', None):
69 return op(*args[1:], **kwargs)
71 if self._is_form_page:
72 self.debug("method: %s" % cherrypy.request.method)
73 op = getattr(self, cherrypy.request.method, None)
75 # Basic CSRF protection
76 if cherrypy.request.method != 'GET':
78 if 'referer' not in cherrypy.request.headers:
79 self.debug("Missing referer in %s request to %s"
80 % (cherrypy.request.method, url))
81 raise cherrypy.HTTPError(403)
82 referer = cherrypy.request.headers['referer']
83 if not self._check_referer(referer, url):
84 self.debug("Wrong referer %s in request to %s"
86 raise cherrypy.HTTPError(403)
87 return op(*args, **kwargs)
89 op = getattr(self, 'root', None)
91 return op(*args, **kwargs)
93 return self.default(*args, **kwargs)
95 def _template_model(self):
97 model['basepath'] = self.basepath
98 model['title'] = 'IPSILON'
99 model['user'] = self.user
102 def _template(self, *args, **kwargs):
103 t = self._site['template_env'].get_template(args[0])
104 m = self._template_model()
108 def default(self, *args, **kwargs):
109 raise cherrypy.NotFound()
111 def add_subtree(self, name, page):
112 self.__dict__[name] = page
114 def del_subtree(self, name):
115 del self.__dict__[name]
117 def get_valid_transaction(self, provider, **kwargs):
119 t = Transaction(provider)
120 # Try with kwargs first
121 tid = t.find_tid(kwargs)
123 # If no TID yet See if we have it in a referer or in the
124 # environment in the REDIRECT_URL
126 if 'referer' in cherrypy.request.headers:
127 url = cherrypy.request.headers['referer']
128 r = urlparse(unquote(url))
130 tid = t.find_tid(parse_qs(r.query))
131 if not tid and 'REQUEST_URI' in cherrypy.request.wsgi_environ:
132 url = cherrypy.request.wsgi_environ['REQUEST_URI']
133 r = urlparse(unquote(url))
135 tid = t.find_tid(parse_qs(r.query))
140 msg = 'Transaction expired, or cookies not available'
141 raise cherrypy.HTTPError(401, msg)