# along with this program. If not, see <http://www.gnu.org/licenses/>.
import cherrypy
-from ipsilon.util.log import Log
+from ipsilon.util.endpoint import Endpoint
from ipsilon.util.user import UserSession
from ipsilon.util.trans import Transaction
from urllib import unquote
try:
from urlparse import urlparse
+ from urlparse import parse_qs
except ImportError:
# pylint: disable=no-name-in-module, import-error
from urllib.parse import urlparse
+ from urllib.parse import parse_qs
def admin_protect(fn):
return check
-class Page(Log):
+class Page(Endpoint):
def __init__(self, site, form=False):
+ super(Page, self).__init__(site)
if 'template_env' not in site:
raise ValueError('Missing template environment')
self._site = site
self.basepath = cherrypy.config.get('base.mount', "")
self.user = None
self._is_form_page = form
- self.default_headers = dict()
self.auth_protect = False
+ def get_url(self):
+ return cherrypy.url(relative=False)
+
+ def instance_base_url(self):
+ url = self.get_url()
+ s = urlparse(unquote(url))
+ return '%s://%s%s' % (s.scheme, s.netloc, self.basepath)
+
def _check_referer(self, referer, url):
r = urlparse(unquote(referer))
u = urlparse(unquote(url))
return op(*args[1:], **kwargs)
else:
if self._is_form_page:
- self._debug("method: %s" % cherrypy.request.method)
+ self.debug("method: %s" % cherrypy.request.method)
op = getattr(self, cherrypy.request.method, None)
if callable(op):
# Basic CSRF protection
if cherrypy.request.method != 'GET':
- url = cherrypy.url(relative=False)
+ url = self.get_url()
if 'referer' not in cherrypy.request.headers:
- self._debug("Missing referer in %s request to %s"
- % (cherrypy.request.method, url))
+ self.debug("Missing referer in %s request to %s"
+ % (cherrypy.request.method, url))
raise cherrypy.HTTPError(403)
referer = cherrypy.request.headers['referer']
if not self._check_referer(referer, url):
- self._debug("Wrong referer %s in request to %s"
- % (referer, url))
+ self.debug("Wrong referer %s in request to %s"
+ % (referer, url))
raise cherrypy.HTTPError(403)
return op(*args, **kwargs)
else:
def get_valid_transaction(self, provider, **kwargs):
try:
- return Transaction(provider, **kwargs)
+ t = Transaction(provider)
+ # Try with kwargs first
+ tid = t.find_tid(kwargs)
+ if not tid:
+ # If no TID yet See if we have it in a referer or in the
+ # environment in the REDIRECT_URL
+ url = None
+ if 'referer' in cherrypy.request.headers:
+ url = cherrypy.request.headers['referer']
+ r = urlparse(unquote(url))
+ if r.query:
+ tid = t.find_tid(parse_qs(r.query))
+ if not tid and 'REQUEST_URI' in cherrypy.request.wsgi_environ:
+ url = cherrypy.request.wsgi_environ['REQUEST_URI']
+ r = urlparse(unquote(url))
+ if r.query:
+ tid = t.find_tid(parse_qs(r.query))
+ if not tid:
+ t.create_tid()
+ return t
except ValueError:
msg = 'Transaction expired, or cookies not available'
raise cherrypy.HTTPError(401, msg)
projects / cascardo / ipsilon.git / blobdiff