* Now if you try to load a page where access is required, and you're not
logged in, you'll be redirected to a login page. After you login, you'll be redirected to the page you were originally trying to access.
This commit is contained in:
parent
935693a543
commit
c488864273
5
NEWS
5
NEWS
|
@ -1,3 +1,8 @@
|
||||||
|
1.3.1: April 18, 2008
|
||||||
|
* Now if you try to load a page where access is required, and you're not
|
||||||
|
logged in, you'll be redirected to a login page. After you login, you'll
|
||||||
|
be redirected to the page you were originally trying to access.
|
||||||
|
|
||||||
1.3.0: April 16, 2008
|
1.3.0: April 16, 2008
|
||||||
* Created a new hierarchical note tree area for browsing notes.
|
* Created a new hierarchical note tree area for browsing notes.
|
||||||
* Added a list of recent notes.
|
* Added a list of recent notes.
|
||||||
|
|
|
@ -58,6 +58,8 @@ def expose( view = None, rss = None ):
|
||||||
if hasattr( error, "to_dict" ):
|
if hasattr( error, "to_dict" ):
|
||||||
if not view: raise error
|
if not view: raise error
|
||||||
result = error.to_dict()
|
result = error.to_dict()
|
||||||
|
elif isinstance( error, cherrypy.HTTPRedirect ):
|
||||||
|
raise
|
||||||
else:
|
else:
|
||||||
import traceback
|
import traceback
|
||||||
traceback.print_exc()
|
traceback.print_exc()
|
||||||
|
|
|
@ -11,7 +11,7 @@ from threading import Lock, Event
|
||||||
from Expose import expose
|
from Expose import expose
|
||||||
from Validate import validate, Valid_int, Valid_bool, Validation_error
|
from Validate import validate, Valid_int, Valid_bool, Validation_error
|
||||||
from Database import Valid_id, end_transaction
|
from Database import Valid_id, end_transaction
|
||||||
from Users import grab_user_id
|
from Users import grab_user_id, Access_error
|
||||||
from Expire import strongly_expire
|
from Expire import strongly_expire
|
||||||
from model.File import File
|
from model.File import File
|
||||||
from model.User import User
|
from model.User import User
|
||||||
|
@ -22,20 +22,6 @@ from view.Progress_bar import stream_progress, stream_quota_error, quota_error_s
|
||||||
from view.File_preview_page import File_preview_page
|
from view.File_preview_page import File_preview_page
|
||||||
|
|
||||||
|
|
||||||
class Access_error( Exception ):
|
|
||||||
def __init__( self, message = None ):
|
|
||||||
if message is None:
|
|
||||||
message = u"Sorry, you don't have access to do that. Please make sure you're logged in as the correct user."
|
|
||||||
|
|
||||||
Exception.__init__( self, message )
|
|
||||||
self.__message = message
|
|
||||||
|
|
||||||
def to_dict( self ):
|
|
||||||
return dict(
|
|
||||||
error = self.__message
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
class Upload_error( Exception ):
|
class Upload_error( Exception ):
|
||||||
def __init__( self, message = None ):
|
def __init__( self, message = None ):
|
||||||
if message is None:
|
if message is None:
|
||||||
|
|
|
@ -5,7 +5,7 @@ from datetime import datetime
|
||||||
from Expose import expose
|
from Expose import expose
|
||||||
from Validate import validate, Valid_string, Validation_error, Valid_bool
|
from Validate import validate, Valid_string, Validation_error, Valid_bool
|
||||||
from Database import Valid_id, Valid_revision, end_transaction
|
from Database import Valid_id, Valid_revision, end_transaction
|
||||||
from Users import grab_user_id
|
from Users import grab_user_id, Access_error
|
||||||
from Expire import strongly_expire
|
from Expire import strongly_expire
|
||||||
from Html_nuker import Html_nuker
|
from Html_nuker import Html_nuker
|
||||||
from model.Notebook import Notebook
|
from model.Notebook import Notebook
|
||||||
|
@ -19,20 +19,6 @@ from view.Html_file import Html_file
|
||||||
from view.Note_tree_area import Note_tree_area
|
from view.Note_tree_area import Note_tree_area
|
||||||
|
|
||||||
|
|
||||||
class Access_error( Exception ):
|
|
||||||
def __init__( self, message = None ):
|
|
||||||
if message is None:
|
|
||||||
message = u"Sorry, you don't have access to do that. Please make sure you're logged in as the correct user."
|
|
||||||
|
|
||||||
Exception.__init__( self, message )
|
|
||||||
self.__message = message
|
|
||||||
|
|
||||||
def to_dict( self ):
|
|
||||||
return dict(
|
|
||||||
error = self.__message
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
class Notebooks( object ):
|
class Notebooks( object ):
|
||||||
WHITESPACE_PATTERN = re.compile( u"\s+" )
|
WHITESPACE_PATTERN = re.compile( u"\s+" )
|
||||||
LINK_PATTERN = re.compile( u'<a\s+((?:[^>]+\s)?href="([^"]+)"(?:\s+target="([^"]*)")?[^>]*)>([^<]+)</a>', re.IGNORECASE )
|
LINK_PATTERN = re.compile( u'<a\s+((?:[^>]+\s)?href="([^"]+)"(?:\s+target="([^"]*)")?[^>]*)>([^<]+)</a>', re.IGNORECASE )
|
||||||
|
|
|
@ -131,7 +131,17 @@ def grab_user_id( function ):
|
||||||
else:
|
else:
|
||||||
kwargs[ "user_id" ] = cherrypy.session.get( "user_id" )
|
kwargs[ "user_id" ] = cherrypy.session.get( "user_id" )
|
||||||
|
|
||||||
|
try:
|
||||||
return function( *args, **kwargs )
|
return function( *args, **kwargs )
|
||||||
|
except Access_error:
|
||||||
|
# if there was an Access_error, and the user isn't logged in, and this is an HTTP GET request,
|
||||||
|
# redirect to the login page
|
||||||
|
if cherrypy.session.get( "user_id" ) is None and cherrypy.request.method == "GET":
|
||||||
|
original_path = cherrypy.request.path + \
|
||||||
|
( cherrypy.request.query_string and u"?%s" % cherrypy.request.query_string or "" )
|
||||||
|
raise cherrypy.HTTPRedirect( u"/login?after_login=%s" % urllib.quote( original_path ) )
|
||||||
|
else:
|
||||||
|
raise
|
||||||
|
|
||||||
return get_id
|
return get_id
|
||||||
|
|
||||||
|
|
|
@ -286,11 +286,12 @@ class Test_files( Test_controller ):
|
||||||
session_id = self.session_id,
|
session_id = self.session_id,
|
||||||
)
|
)
|
||||||
|
|
||||||
result = self.http_get(
|
path = "/files/download?file_id=%s" % self.file_id
|
||||||
"/files/download?file_id=%s" % self.file_id,
|
result = self.http_get( path )
|
||||||
)
|
|
||||||
|
|
||||||
assert u"access" in result[ u"body" ][ 0 ]
|
headers = result.get( "headers" )
|
||||||
|
assert headers
|
||||||
|
assert headers.get( "Location" ) == u"http:///login?after_login=%s" % urllib.quote( path )
|
||||||
|
|
||||||
def test_download_without_access( self ):
|
def test_download_without_access( self ):
|
||||||
self.login()
|
self.login()
|
||||||
|
@ -413,11 +414,12 @@ class Test_files( Test_controller ):
|
||||||
session_id = self.session_id,
|
session_id = self.session_id,
|
||||||
)
|
)
|
||||||
|
|
||||||
result = self.http_get(
|
path = "/files/preview?file_id=%s" % self.file_id
|
||||||
"/files/preview?file_id=%s" % self.file_id,
|
result = self.http_get( path )
|
||||||
)
|
|
||||||
|
|
||||||
assert u"access" in result[ u"error" ]
|
headers = result.get( "headers" )
|
||||||
|
assert headers
|
||||||
|
assert headers.get( "Location" ) == u"http:///login?after_login=%s" % urllib.quote( path )
|
||||||
|
|
||||||
def test_preview_without_access( self ):
|
def test_preview_without_access( self ):
|
||||||
self.login()
|
self.login()
|
||||||
|
@ -611,11 +613,12 @@ class Test_files( Test_controller ):
|
||||||
session_id = self.session_id,
|
session_id = self.session_id,
|
||||||
)
|
)
|
||||||
|
|
||||||
result = self.http_get(
|
path = "/files/thumbnail?file_id=%s" % self.file_id
|
||||||
"/files/thumbnail?file_id=%s" % self.file_id,
|
result = self.http_get( path )
|
||||||
)
|
|
||||||
|
|
||||||
assert u"access" in result[ u"body" ][ 0 ]
|
headers = result.get( "headers" )
|
||||||
|
assert headers
|
||||||
|
assert headers.get( "Location" ) == u"http:///login?after_login=%s" % urllib.quote( path )
|
||||||
|
|
||||||
def test_thumbnail_without_access( self ):
|
def test_thumbnail_without_access( self ):
|
||||||
self.login()
|
self.login()
|
||||||
|
@ -720,11 +723,12 @@ class Test_files( Test_controller ):
|
||||||
session_id = self.session_id,
|
session_id = self.session_id,
|
||||||
)
|
)
|
||||||
|
|
||||||
result = self.http_get(
|
path = "/files/image?file_id=%s" % self.file_id
|
||||||
"/files/image?file_id=%s" % self.file_id,
|
result = self.http_get( path )
|
||||||
)
|
|
||||||
|
|
||||||
assert u"access" in result[ u"body" ][ 0 ]
|
headers = result.get( "headers" )
|
||||||
|
assert headers
|
||||||
|
assert headers.get( "Location" ) == u"http:///login?after_login=%s" % urllib.quote( path )
|
||||||
|
|
||||||
def test_image_without_access( self ):
|
def test_image_without_access( self ):
|
||||||
self.login()
|
self.login()
|
||||||
|
@ -773,11 +777,12 @@ class Test_files( Test_controller ):
|
||||||
assert result.get( u"file_id" )
|
assert result.get( u"file_id" )
|
||||||
|
|
||||||
def test_upload_page_without_login( self ):
|
def test_upload_page_without_login( self ):
|
||||||
result = self.http_get(
|
path = "/files/upload_page?notebook_id=%s¬e_id=%s" % ( self.notebook.object_id, self.note.object_id )
|
||||||
"/files/upload_page?notebook_id=%s¬e_id=%s" % ( self.notebook.object_id, self.note.object_id ),
|
result = self.http_get( path )
|
||||||
)
|
|
||||||
|
|
||||||
assert u"access" in result.get( u"error" )
|
headers = result.get( "headers" )
|
||||||
|
assert headers
|
||||||
|
assert headers.get( "Location" ) == u"http:///login?after_login=%s" % urllib.quote( path )
|
||||||
|
|
||||||
def test_upload( self, filename = None ):
|
def test_upload( self, filename = None ):
|
||||||
self.login()
|
self.login()
|
||||||
|
@ -1063,11 +1068,12 @@ class Test_files( Test_controller ):
|
||||||
self.upload_thread.start()
|
self.upload_thread.start()
|
||||||
|
|
||||||
# report on that file's upload progress
|
# report on that file's upload progress
|
||||||
result = self.http_get(
|
path = "/files/progress?file_id=%s&filename=%s" % ( self.file_id, self.filename )
|
||||||
"/files/progress?file_id=%s&filename=%s" % ( self.file_id, self.filename ),
|
result = self.http_get( path )
|
||||||
)
|
|
||||||
|
|
||||||
assert u"access" in result[ u"body" ][ 0 ]
|
headers = result.get( "headers" )
|
||||||
|
assert headers
|
||||||
|
assert headers.get( "Location" ) == u"http:///login?after_login=%s" % urllib.quote( path )
|
||||||
|
|
||||||
def test_progress_for_completed_upload( self ):
|
def test_progress_for_completed_upload( self ):
|
||||||
self.login()
|
self.login()
|
||||||
|
@ -1192,11 +1198,12 @@ class Test_files( Test_controller ):
|
||||||
session_id = self.session_id,
|
session_id = self.session_id,
|
||||||
)
|
)
|
||||||
|
|
||||||
result = self.http_get(
|
path = "/files/stats?file_id=%s" % self.file_id
|
||||||
"/files/stats?file_id=%s" % self.file_id,
|
result = self.http_get( path )
|
||||||
)
|
|
||||||
|
|
||||||
assert u"access" in result[ u"error" ]
|
headers = result.get( "headers" )
|
||||||
|
assert headers
|
||||||
|
assert headers.get( "Location" ) == u"http:///login?after_login=%s" % urllib.quote( path )
|
||||||
|
|
||||||
def test_stats_without_access( self ):
|
def test_stats_without_access( self ):
|
||||||
self.login()
|
self.login()
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
import cherrypy
|
import cherrypy
|
||||||
import cgi
|
import cgi
|
||||||
|
import urllib
|
||||||
from nose.tools import raises
|
from nose.tools import raises
|
||||||
from urllib import quote
|
from urllib import quote
|
||||||
from Test_controller import Test_controller
|
from Test_controller import Test_controller
|
||||||
|
@ -99,11 +100,13 @@ class Test_notebooks( Test_controller ):
|
||||||
self.database.save( self.invite, commit = False )
|
self.database.save( self.invite, commit = False )
|
||||||
|
|
||||||
def test_default_without_login( self ):
|
def test_default_without_login( self ):
|
||||||
result = self.http_get(
|
path = "/notebooks/%s" % self.notebook.object_id
|
||||||
"/notebooks/%s" % self.notebook.object_id,
|
result = self.http_get( path )
|
||||||
)
|
|
||||||
|
headers = result.get( "headers" )
|
||||||
|
assert headers
|
||||||
|
assert headers.get( "Location" ) == u"http:///login?after_login=%s" % urllib.quote( path )
|
||||||
|
|
||||||
assert u"access" in result[ u"error" ]
|
|
||||||
user = self.database.load( User, self.user.object_id )
|
user = self.database.load( User, self.user.object_id )
|
||||||
assert user.storage_bytes == 0
|
assert user.storage_bytes == 0
|
||||||
|
|
||||||
|
@ -2503,12 +2506,15 @@ class Test_notebooks( Test_controller ):
|
||||||
note3 = Note.create( "55", u"<h3>blah</h3>foo", notebook_id = self.notebook.object_id )
|
note3 = Note.create( "55", u"<h3>blah</h3>foo", notebook_id = self.notebook.object_id )
|
||||||
self.database.save( note3 )
|
self.database.save( note3 )
|
||||||
|
|
||||||
|
path = "/notebooks/download_html/%s" % self.notebook.object_id
|
||||||
result = self.http_get(
|
result = self.http_get(
|
||||||
"/notebooks/download_html/%s" % self.notebook.object_id,
|
path,
|
||||||
session_id = self.session_id,
|
session_id = self.session_id,
|
||||||
)
|
)
|
||||||
|
|
||||||
assert result.get( "error" )
|
headers = result.get( "headers" )
|
||||||
|
assert headers
|
||||||
|
assert headers.get( "Location" ) == u"http:///login?after_login=%s" % urllib.quote( path )
|
||||||
|
|
||||||
def test_download_html_with_unknown_notebook( self ):
|
def test_download_html_with_unknown_notebook( self ):
|
||||||
self.login()
|
self.login()
|
||||||
|
|
Reference in New Issue