Raise error instead of sending making the webapphandler send hand-crafted responses.

pull/7/head
Ferry Boender 10 years ago
parent 4210c3c672
commit fe51013643
  1. 39
      src/webapp.py

@ -135,6 +135,16 @@ html_submit_response = u'''
''' '''
class HTTPError(Exception):
def __init__(self, status_code, msg, headers=None):
if headers is None:
headers = {}
self.status_code = status_code
self.msg = msg
self.headers = headers
Exception.__init__(self, status_code, msg, headers)
class ThreadedHTTPServer(ThreadingMixIn, BaseHTTPServer.HTTPServer): class ThreadedHTTPServer(ThreadingMixIn, BaseHTTPServer.HTTPServer):
pass pass
@ -194,9 +204,18 @@ class WebAppHandler(BaseHTTPRequestHandler):
elif hasattr(self, 'default'): elif hasattr(self, 'default'):
method_cb = getattr(self, 'default') method_cb = getattr(self, 'default')
else: else:
# FIXME: Raise Error
self.send_error(404, "Not found") self.send_error(404, "Not found")
return return
method_cb(**params) method_cb(**params)
except HTTPError, e:
if e.status_code not in (401, ):
self.scriptform.log.exception(e)
self.send_response(e.status_code)
for header_k, header_v in e.headers.items():
self.send_header(header_k, header_v)
self.end_headers()
return False
except Exception, e: except Exception, e:
self.scriptform.log.exception(e) self.scriptform.log.exception(e)
self.send_error(500, "Internal server error") self.send_error(500, "Internal server error")
@ -224,9 +243,9 @@ class ScriptFormWebApp(WebAppHandler):
def auth(self): def auth(self):
""" """
Verify that the user is authenticated. This is required if the form Verify that the user is authenticated. This is required if the form
definition contains a 'users' field. Returns True if the user is definition contains a 'users' field. Returns the username if the user
validated. Otherwise, returns False and sends 401 HTTP back to the is validated or None if no validation is required.. Otherwise, raises a
client. 401 HTTP back to the client.
""" """
form_config = self.scriptform.get_form_config() form_config = self.scriptform.get_form_config()
self.username = None self.username = None
@ -247,11 +266,10 @@ class ScriptFormWebApp(WebAppHandler):
authorized = True authorized = True
if not authorized: if not authorized:
# User is not authenticated. Send authentication request. headers = {
self.send_response(401) "WWW-Authenticate": 'Basic realm="Private Area"'
self.send_header("WWW-Authenticate", 'Basic realm="Private Area"') }
self.end_headers() raise HTTPError(401, 'Authenticate', headers)
return False
return True return True
def h_list(self): def h_list(self):
@ -352,6 +370,7 @@ class ScriptFormWebApp(WebAppHandler):
form_def = form_config.get_form_def(form_name) form_def = form_config.get_form_def(form_name)
if form_def.allowed_users is not None and \ if form_def.allowed_users is not None and \
self.username not in form_def.allowed_users: self.username not in form_def.allowed_users:
# FIXME: Raise HTTPError instead?
self.send_error(401, "You're not authorized to view this form") self.send_error(401, "You're not authorized to view this form")
return return
@ -392,6 +411,7 @@ class ScriptFormWebApp(WebAppHandler):
form_def = form_config.get_form_def(form_name) form_def = form_config.get_form_def(form_name)
if form_def.allowed_users is not None and \ if form_def.allowed_users is not None and \
self.username not in form_def.allowed_users: self.username not in form_def.allowed_users:
# FIXME: Raise HTTPError instead?
self.send_error(401, "You're not authorized to view this form") self.send_error(401, "You're not authorized to view this form")
return return
@ -485,15 +505,18 @@ class ScriptFormWebApp(WebAppHandler):
form_config = self.scriptform.get_form_config() form_config = self.scriptform.get_form_config()
if not form_config.static_dir: if not form_config.static_dir:
# FIXME: Raise Error
self.send_error(501, "Static file serving not enabled") self.send_error(501, "Static file serving not enabled")
return return
if '..' in fname: if '..' in fname:
# FIXME: Raise Error
self.send_error(403, "Invalid file name") self.send_error(403, "Invalid file name")
return return
path = os.path.join(form_config.static_dir, fname) path = os.path.join(form_config.static_dir, fname)
if not os.path.exists(path): if not os.path.exists(path):
# FIXME: Raise Error
self.send_error(404, "Not found") self.send_error(404, "Not found")
return return

Loading…
Cancel
Save