Revision 217994f8 snf-astakos-app/astakos/im/util.py

b/snf-astakos-app/astakos/im/util.py
36 36
import time
37 37

  
38 38
from urllib import quote
39
from urlparse import urlsplit, urlunsplit
39
from urlparse import urlsplit, urlunsplit, urlparse
40 40

  
41 41
from datetime import tzinfo, timedelta
42 42
from django.http import HttpResponse, HttpResponseBadRequest, urlencode
......
47 47
from django.core.exceptions import ValidationError
48 48

  
49 49
from astakos.im.models import AstakosUser, Invitation, ApprovalTerms
50
from astakos.im.settings import INVITATIONS_PER_LEVEL, COOKIE_NAME, \
51
    COOKIE_DOMAIN, COOKIE_SECURE, FORCE_PROFILE_UPDATE, LOGGING_LEVEL
50
from astakos.im.settings import (
51
    INVITATIONS_PER_LEVEL, COOKIE_NAME, COOKIE_DOMAIN, COOKIE_SECURE,
52
    FORCE_PROFILE_UPDATE, LOGGING_LEVEL
53
)
52 54
from astakos.im.functions import login
53 55

  
54 56
logger = logging.getLogger(__name__)
......
96 98
        raise ValueError(_('Email: %s is reserved' % invitation.username))
97 99
    return invitation
98 100

  
101
def restrict_next(url, domain=None, allowed_schemes=()):
102
    """
103
    Return url if having the supplied ``domain`` (if present) or one of the ``allowed_schemes``.
104
    Otherwise return None.
105
    
106
    >>> print restrict_next('/im/feedback', '.okeanos.grnet.gr')
107
    /im/feedback
108
    >>> print restrict_next('pithos.okeanos.grnet.gr/im/feedback', '.okeanos.grnet.gr')
109
    pithos.okeanos.grnet.gr/im/feedback
110
    >>> print restrict_next('https://pithos.okeanos.grnet.gr/im/feedback', '.okeanos.grnet.gr')
111
    https://pithos.okeanos.grnet.gr/im/feedback
112
    >>> print restrict_next('pithos://127.0.0,1', '.okeanos.grnet.gr')
113
    None
114
    >>> print restrict_next('pithos://127.0.0,1', '.okeanos.grnet.gr', allowed_schemes=('pithos'))
115
    pithos://127.0.0,1
116
    >>> print restrict_next('node1.example.com', '.okeanos.grnet.gr')
117
    None
118
    >>> print restrict_next('//node1.example.com', '.okeanos.grnet.gr')
119
    None
120
    >>> print restrict_next('https://node1.example.com', '.okeanos.grnet.gr')
121
    None
122
    >>> print restrict_next('https://node1.example.com')
123
    https://node1.example.com
124
    >>> print restrict_next('//node1.example.com')
125
    //node1.example.com
126
    >>> print restrict_next('node1.example.com')
127
    node1.example.com
128
    """
129
    if not url:
130
        return
131
    parts = urlparse(url, scheme='http')
132
    if not parts.netloc:
133
        # fix url if does not conforms RFC 1808
134
        url = '//%s' % url
135
        parts = urlparse(url, scheme='http')
136
    # TODO more scientific checks?
137
    if not parts.netloc:    # internal url
138
        return url
139
    elif not domain:
140
        return url
141
    elif parts.netloc.endswith(domain):
142
        return url
143
    elif parts.scheme in allowed_schemes:
144
        return url
145

  
99 146
def prepare_response(request, user, next='', renew=False):
100 147
    """Return the unique username and the token
101 148
       as 'X-Auth-User' and 'X-Auth-Token' headers,
......
115 162
        except ValidationError, e:
116 163
            return HttpResponseBadRequest(e) 
117 164
    
165
    next = restrict_next(next, domain=COOKIE_DOMAIN)
166
    
118 167
    if FORCE_PROFILE_UPDATE and not user.is_verified and not user.is_superuser:
119 168
        params = ''
120 169
        if next:

Also available in: Unified diff