Proper fallback from referer to REQUEST_URI

[cascardo/ipsilon.git] / ipsilon / util / page.py

diff --git a/ipsilon/util/page.py b/ipsilon/util/page.py
index db1c145..7e88534 100644 (file)
--- a/ipsilon/util/page.py
+++ b/ipsilon/util/page.py
@@ -16,15 +16,17 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import cherrypy
-from ipsilon.util.log import Log
+from ipsilon.util.endpoint import Endpoint
 from ipsilon.util.user import UserSession
 from ipsilon.util.trans import Transaction
 from urllib import unquote
 try:
     from urlparse import urlparse
+    from urlparse import parse_qs
 except ImportError:
     # pylint: disable=no-name-in-module, import-error
     from urllib.parse import urlparse
+    from urllib.parse import parse_qs
 
 
 def admin_protect(fn):
@@ -38,8 +40,9 @@ def admin_protect(fn):
     return check
 
 
-class Page(Log):
+class Page(Endpoint):
     def __init__(self, site, form=False):
+        super(Page, self).__init__(site)
         if 'template_env' not in site:
             raise ValueError('Missing template environment')
         self._site = site
@@ -49,6 +52,14 @@ class Page(Log):
         self.default_headers = dict()
         self.auth_protect = False
 
+    def get_url(self):
+        return cherrypy.url(relative=False)
+
+    def instance_base_url(self):
+        url = self.get_url()
+        s = urlparse(unquote(url))
+        return '%s://%s%s' % (s.scheme, s.netloc, self.basepath)
+
     def _check_referer(self, referer, url):
         r = urlparse(unquote(referer))
         u = urlparse(unquote(url))
@@ -80,7 +91,7 @@ class Page(Log):
                 if callable(op):
                     # Basic CSRF protection
                     if cherrypy.request.method != 'GET':
-                        url = cherrypy.url(relative=False)
+                        url = self.get_url()
                         if 'referer' not in cherrypy.request.headers:
                             self._debug("Missing referer in %s request to %s"
                                         % (cherrypy.request.method, url))
@@ -123,7 +134,26 @@ class Page(Log):
 
     def get_valid_transaction(self, provider, **kwargs):
         try:
-            return Transaction(provider, **kwargs)
+            t = Transaction(provider)
+            # Try with kwargs first
+            tid = t.find_tid(kwargs)
+            if not tid:
+                # If no TID yet See if we have it in a referer or in the
+                # environment in the REDIRECT_URL
+                url = None
+                if 'referer' in cherrypy.request.headers:
+                    url = cherrypy.request.headers['referer']
+                    r = urlparse(unquote(url))
+                    if r.query:
+                        tid = t.find_tid(parse_qs(r.query))
+                if not tid and 'REQUEST_URI' in cherrypy.request.wsgi_environ:
+                    url = cherrypy.request.wsgi_environ['REQUEST_URI']
+                    r = urlparse(unquote(url))
+                    if r.query:
+                        tid = t.find_tid(parse_qs(r.query))
+                if not tid:
+                    t.create_tid()
+            return t
         except ValueError:
             msg = 'Transaction expired, or cookies not available'
             raise cherrypy.HTTPError(401, msg)