Revision 217994f8 snf-astakos-app/astakos/im/util.py
b/snf-astakos-app/astakos/im/util.py | ||
---|---|---|
36 | 36 |
import time |
37 | 37 |
|
38 | 38 |
from urllib import quote |
39 |
from urlparse import urlsplit, urlunsplit |
|
39 |
from urlparse import urlsplit, urlunsplit, urlparse
|
|
40 | 40 |
|
41 | 41 |
from datetime import tzinfo, timedelta |
42 | 42 |
from django.http import HttpResponse, HttpResponseBadRequest, urlencode |
... | ... | |
47 | 47 |
from django.core.exceptions import ValidationError |
48 | 48 |
|
49 | 49 |
from astakos.im.models import AstakosUser, Invitation, ApprovalTerms |
50 |
from astakos.im.settings import INVITATIONS_PER_LEVEL, COOKIE_NAME, \ |
|
51 |
COOKIE_DOMAIN, COOKIE_SECURE, FORCE_PROFILE_UPDATE, LOGGING_LEVEL |
|
50 |
from astakos.im.settings import ( |
|
51 |
INVITATIONS_PER_LEVEL, COOKIE_NAME, COOKIE_DOMAIN, COOKIE_SECURE, |
|
52 |
FORCE_PROFILE_UPDATE, LOGGING_LEVEL |
|
53 |
) |
|
52 | 54 |
from astakos.im.functions import login |
53 | 55 |
|
54 | 56 |
logger = logging.getLogger(__name__) |
... | ... | |
96 | 98 |
raise ValueError(_('Email: %s is reserved' % invitation.username)) |
97 | 99 |
return invitation |
98 | 100 |
|
101 |
def restrict_next(url, domain=None, allowed_schemes=()): |
|
102 |
""" |
|
103 |
Return url if having the supplied ``domain`` (if present) or one of the ``allowed_schemes``. |
|
104 |
Otherwise return None. |
|
105 |
|
|
106 |
>>> print restrict_next('/im/feedback', '.okeanos.grnet.gr') |
|
107 |
/im/feedback |
|
108 |
>>> print restrict_next('pithos.okeanos.grnet.gr/im/feedback', '.okeanos.grnet.gr') |
|
109 |
pithos.okeanos.grnet.gr/im/feedback |
|
110 |
>>> print restrict_next('https://pithos.okeanos.grnet.gr/im/feedback', '.okeanos.grnet.gr') |
|
111 |
https://pithos.okeanos.grnet.gr/im/feedback |
|
112 |
>>> print restrict_next('pithos://127.0.0,1', '.okeanos.grnet.gr') |
|
113 |
None |
|
114 |
>>> print restrict_next('pithos://127.0.0,1', '.okeanos.grnet.gr', allowed_schemes=('pithos')) |
|
115 |
pithos://127.0.0,1 |
|
116 |
>>> print restrict_next('node1.example.com', '.okeanos.grnet.gr') |
|
117 |
None |
|
118 |
>>> print restrict_next('//node1.example.com', '.okeanos.grnet.gr') |
|
119 |
None |
|
120 |
>>> print restrict_next('https://node1.example.com', '.okeanos.grnet.gr') |
|
121 |
None |
|
122 |
>>> print restrict_next('https://node1.example.com') |
|
123 |
https://node1.example.com |
|
124 |
>>> print restrict_next('//node1.example.com') |
|
125 |
//node1.example.com |
|
126 |
>>> print restrict_next('node1.example.com') |
|
127 |
node1.example.com |
|
128 |
""" |
|
129 |
if not url: |
|
130 |
return |
|
131 |
parts = urlparse(url, scheme='http') |
|
132 |
if not parts.netloc: |
|
133 |
# fix url if does not conforms RFC 1808 |
|
134 |
url = '//%s' % url |
|
135 |
parts = urlparse(url, scheme='http') |
|
136 |
# TODO more scientific checks? |
|
137 |
if not parts.netloc: # internal url |
|
138 |
return url |
|
139 |
elif not domain: |
|
140 |
return url |
|
141 |
elif parts.netloc.endswith(domain): |
|
142 |
return url |
|
143 |
elif parts.scheme in allowed_schemes: |
|
144 |
return url |
|
145 |
|
|
99 | 146 |
def prepare_response(request, user, next='', renew=False): |
100 | 147 |
"""Return the unique username and the token |
101 | 148 |
as 'X-Auth-User' and 'X-Auth-Token' headers, |
... | ... | |
115 | 162 |
except ValidationError, e: |
116 | 163 |
return HttpResponseBadRequest(e) |
117 | 164 |
|
165 |
next = restrict_next(next, domain=COOKIE_DOMAIN) |
|
166 |
|
|
118 | 167 |
if FORCE_PROFILE_UPDATE and not user.is_verified and not user.is_superuser: |
119 | 168 |
params = '' |
120 | 169 |
if next: |
Also available in: Unified diff