2020-06-11 00:54:34 +02:00
|
|
|
import base64
|
|
|
|
|
import logging
|
2024-07-12 02:30:25 +02:00
|
|
|
from collections.abc import Callable, Sequence
|
2023-11-19 19:45:19 +01:00
|
|
|
from datetime import datetime
|
2020-06-11 00:54:34 +02:00
|
|
|
from functools import wraps
|
|
|
|
|
from io import BytesIO
|
2024-07-12 02:30:25 +02:00
|
|
|
from typing import TYPE_CHECKING, Concatenate, TypeVar, cast, overload
|
2023-12-05 21:25:00 +01:00
|
|
|
from urllib.parse import urlsplit
|
2017-07-12 09:50:19 +02:00
|
|
|
|
2020-06-11 00:54:34 +02:00
|
|
|
import django_otp
|
|
|
|
|
from django.conf import settings
|
2024-01-08 22:19:08 +01:00
|
|
|
from django.contrib.auth import REDIRECT_FIELD_NAME, authenticate
|
2020-06-11 00:54:34 +02:00
|
|
|
from django.contrib.auth import login as django_login
|
2017-07-12 10:16:02 +02:00
|
|
|
from django.contrib.auth.decorators import user_passes_test as django_user_passes_test
|
2022-08-10 08:25:40 +02:00
|
|
|
from django.contrib.auth.models import AbstractBaseUser, AnonymousUser
|
2020-09-15 03:04:07 +02:00
|
|
|
from django.contrib.auth.views import redirect_to_login
|
2020-08-22 13:52:39 +02:00
|
|
|
from django.http import HttpRequest, HttpResponse, HttpResponseRedirect, QueryDict
|
2013-03-21 20:18:44 +01:00
|
|
|
from django.http.multipartparser import MultiPartParser
|
2016-04-21 23:48:34 +02:00
|
|
|
from django.shortcuts import resolve_url
|
2020-08-22 13:52:39 +02:00
|
|
|
from django.template.response import SimpleTemplateResponse, TemplateResponse
|
2022-08-06 06:30:08 +02:00
|
|
|
from django.utils.crypto import constant_time_compare
|
2017-04-15 04:03:56 +02:00
|
|
|
from django.utils.timezone import now as timezone_now
|
2021-04-16 00:57:30 +02:00
|
|
|
from django.utils.translation import gettext as _
|
2020-06-11 00:54:34 +02:00
|
|
|
from django.views.decorators.csrf import csrf_exempt
|
|
|
|
|
from django_otp import user_has_device
|
|
|
|
|
from two_factor.utils import default_device
|
2024-07-12 02:30:25 +02:00
|
|
|
from typing_extensions import ParamSpec
|
2018-11-15 05:31:34 +01:00
|
|
|
|
2024-01-08 22:19:08 +01:00
|
|
|
from zerver.context_processors import get_valid_realm_from_request
|
2020-06-11 00:54:34 +02:00
|
|
|
from zerver.lib.exceptions import (
|
2021-07-04 08:45:34 +02:00
|
|
|
AccessDeniedError,
|
2022-11-17 09:30:48 +01:00
|
|
|
AnomalousWebhookPayloadError,
|
2020-06-11 00:54:34 +02:00
|
|
|
InvalidAPIKeyError,
|
|
|
|
|
InvalidAPIKeyFormatError,
|
|
|
|
|
InvalidJSONError,
|
|
|
|
|
JsonableError,
|
2022-11-17 09:30:48 +01:00
|
|
|
OrganizationAdministratorRequiredError,
|
|
|
|
|
OrganizationMemberRequiredError,
|
|
|
|
|
OrganizationOwnerRequiredError,
|
2021-03-31 13:14:08 +02:00
|
|
|
RealmDeactivatedError,
|
2022-07-13 03:29:39 +02:00
|
|
|
UnauthorizedError,
|
2022-11-17 09:30:48 +01:00
|
|
|
UnsupportedWebhookEventTypeError,
|
2021-03-31 12:00:56 +02:00
|
|
|
UserDeactivatedError,
|
2021-09-13 20:23:54 +02:00
|
|
|
WebhookError,
|
2020-06-11 00:54:34 +02:00
|
|
|
)
|
2013-07-29 23:03:31 +02:00
|
|
|
from zerver.lib.queue import queue_json_publish
|
2022-08-14 21:14:52 +02:00
|
|
|
from zerver.lib.rate_limiter import is_local_addr, rate_limit_request_by_ip, rate_limit_user
|
2024-08-15 10:45:39 +02:00
|
|
|
from zerver.lib.request import RequestNotes
|
2023-01-06 13:13:24 +01:00
|
|
|
from zerver.lib.response import json_method_not_allowed
|
2017-10-20 02:53:24 +02:00
|
|
|
from zerver.lib.subdomains import get_subdomain, user_matches_subdomain
|
2016-12-22 04:46:31 +01:00
|
|
|
from zerver.lib.timestamp import datetime_to_timestamp, timestamp_to_datetime
|
2024-08-15 10:45:39 +02:00
|
|
|
from zerver.lib.typed_endpoint import typed_endpoint
|
2022-07-08 23:06:28 +02:00
|
|
|
from zerver.lib.users import is_2fa_verified
|
2023-04-26 03:09:19 +02:00
|
|
|
from zerver.lib.utils import has_api_key_format
|
2023-10-12 15:48:39 +02:00
|
|
|
from zerver.lib.webhooks.common import notify_bot_owner_about_invalid_json
|
2023-12-15 04:33:19 +01:00
|
|
|
from zerver.models import UserProfile
|
|
|
|
|
from zerver.models.clients import get_client
|
2023-12-15 01:16:00 +01:00
|
|
|
from zerver.models.users import get_user_profile_by_api_key
|
2016-06-06 01:54:58 +02:00
|
|
|
|
2022-05-31 00:47:39 +02:00
|
|
|
if TYPE_CHECKING:
|
|
|
|
|
from django.http.request import _ImmutableQueryDict
|
|
|
|
|
|
2017-12-13 01:45:57 +01:00
|
|
|
webhook_logger = logging.getLogger("zulip.zerver.webhooks")
|
2020-08-19 22:36:07 +02:00
|
|
|
webhook_unsupported_events_logger = logging.getLogger("zulip.zerver.webhooks.unsupported")
|
2021-09-13 20:23:54 +02:00
|
|
|
webhook_anomalous_payloads_logger = logging.getLogger("zulip.zerver.webhooks.anomalous")
|
2019-06-06 05:55:09 +02:00
|
|
|
|
2022-04-13 16:43:23 +02:00
|
|
|
ParamT = ParamSpec("ParamT")
|
|
|
|
|
ReturnT = TypeVar("ReturnT")
|
2020-06-24 01:52:37 +02:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
|
|
|
|
def update_user_activity(
|
2024-07-12 02:30:23 +02:00
|
|
|
request: HttpRequest, user_profile: UserProfile, query: str | None
|
2021-02-12 08:19:30 +01:00
|
|
|
) -> None:
|
2020-10-23 02:43:28 +02:00
|
|
|
# update_active_status also pushes to RabbitMQ, and it seems
|
2013-03-25 20:37:00 +01:00
|
|
|
# redundant to log that here as well.
|
2021-02-12 08:20:45 +01:00
|
|
|
if request.META["PATH_INFO"] == "/json/users/me/presence":
|
2013-03-25 20:37:00 +01:00
|
|
|
return
|
2013-10-03 19:48:03 +02:00
|
|
|
|
2021-08-21 19:24:20 +02:00
|
|
|
request_notes = RequestNotes.get_notes(request)
|
2017-11-03 22:44:59 +01:00
|
|
|
if query is not None:
|
|
|
|
|
pass
|
2021-07-09 15:17:33 +02:00
|
|
|
elif request_notes.query is not None:
|
|
|
|
|
query = request_notes.query
|
2013-10-03 19:48:03 +02:00
|
|
|
else:
|
2021-02-12 08:20:45 +01:00
|
|
|
query = request.META["PATH_INFO"]
|
2013-10-03 19:48:03 +02:00
|
|
|
|
2021-07-09 18:10:51 +02:00
|
|
|
assert request_notes.client is not None
|
2021-02-12 08:19:30 +01:00
|
|
|
event = {
|
2021-02-12 08:20:45 +01:00
|
|
|
"query": query,
|
|
|
|
|
"user_profile_id": user_profile.id,
|
|
|
|
|
"time": datetime_to_timestamp(timezone_now()),
|
2021-07-09 18:10:51 +02:00
|
|
|
"client_id": request_notes.client.id,
|
2021-02-12 08:19:30 +01:00
|
|
|
}
|
2013-03-25 20:37:00 +01:00
|
|
|
queue_json_publish("user_activity", event, lambda event: None)
|
2013-01-11 21:16:42 +01:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2013-11-08 02:02:48 +01:00
|
|
|
# Based on django.views.decorators.http.require_http_methods
|
2022-07-15 22:14:51 +02:00
|
|
|
def require_post(
|
2023-12-05 18:45:07 +01:00
|
|
|
func: Callable[Concatenate[HttpRequest, ParamT], HttpResponse],
|
2022-07-15 22:14:51 +02:00
|
|
|
) -> Callable[Concatenate[HttpRequest, ParamT], HttpResponse]:
|
|
|
|
|
# Arguments before ParamT needs to be positional-only as required by Concatenate
|
2013-11-08 02:02:48 +01:00
|
|
|
@wraps(func)
|
2022-07-15 22:14:51 +02:00
|
|
|
def wrapper(
|
|
|
|
|
request: HttpRequest, /, *args: ParamT.args, **kwargs: ParamT.kwargs
|
|
|
|
|
) -> HttpResponse:
|
dependencies: Remove WebSockets system for sending messages.
Zulip has had a small use of WebSockets (specifically, for the code
path of sending messages, via the webapp only) since ~2013. We
originally added this use of WebSockets in the hope that the latency
benefits of doing so would allow us to avoid implementing a markdown
local echo; they were not. Further, HTTP/2 may have eliminated the
latency difference we hoped to exploit by using WebSockets in any
case.
While we’d originally imagined using WebSockets for other endpoints,
there was never a good justification for moving more components to the
WebSockets system.
This WebSockets code path had a lot of downsides/complexity,
including:
* The messy hack involving constructing an emulated request object to
hook into doing Django requests.
* The `message_senders` queue processor system, which increases RAM
needs and must be provisioned independently from the rest of the
server).
* A duplicate check_send_receive_time Nagios test specific to
WebSockets.
* The requirement for users to have their firewalls/NATs allow
WebSocket connections, and a setting to disable them for networks
where WebSockets don’t work.
* Dependencies on the SockJS family of libraries, which has at times
been poorly maintained, and periodically throws random JavaScript
exceptions in our production environments without a deep enough
traceback to effectively investigate.
* A total of about 1600 lines of our code related to the feature.
* Increased load on the Tornado system, especially around a Zulip
server restart, and especially for large installations like
zulipchat.com, resulting in extra delay before messages can be sent
again.
As detailed in
https://github.com/zulip/zulip/pull/12862#issuecomment-536152397, it
appears that removing WebSockets moderately increases the time it
takes for the `send_message` API query to return from the server, but
does not significantly change the time between when a message is sent
and when it is received by clients. We don’t understand the reason
for that change (suggesting the possibility of a measurement error),
and even if it is a real change, we consider that potential small
latency regression to be acceptable.
If we later want WebSockets, we’ll likely want to just use Django
Channels.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-07-23 01:43:40 +02:00
|
|
|
if request.method != "POST":
|
|
|
|
|
err_method = request.method
|
2021-02-12 08:19:30 +01:00
|
|
|
logging.warning(
|
2021-02-12 08:20:45 +01:00
|
|
|
"Method Not Allowed (%s): %s",
|
2021-02-12 08:19:30 +01:00
|
|
|
err_method,
|
|
|
|
|
request.path,
|
2021-02-12 08:20:45 +01:00
|
|
|
extra={"status_code": 405, "request": request},
|
2021-02-12 08:19:30 +01:00
|
|
|
)
|
2021-08-21 19:24:20 +02:00
|
|
|
if RequestNotes.get_notes(request).error_format == "JSON":
|
2020-08-22 13:52:39 +02:00
|
|
|
return json_method_not_allowed(["POST"])
|
|
|
|
|
else:
|
2021-02-12 08:19:30 +01:00
|
|
|
return TemplateResponse(
|
2024-01-10 05:28:14 +01:00
|
|
|
request, "4xx.html", context={"status_code": 405}, status=405
|
2021-02-12 08:19:30 +01:00
|
|
|
)
|
2013-11-08 02:02:48 +01:00
|
|
|
return func(request, *args, **kwargs)
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-15 22:14:51 +02:00
|
|
|
return wrapper
|
2012-11-06 20:27:55 +01:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-28 03:11:10 +02:00
|
|
|
def require_realm_owner(
|
2023-12-05 18:45:07 +01:00
|
|
|
func: Callable[Concatenate[HttpRequest, UserProfile, ParamT], HttpResponse],
|
2022-07-28 03:11:10 +02:00
|
|
|
) -> Callable[Concatenate[HttpRequest, UserProfile, ParamT], HttpResponse]:
|
2020-06-11 00:26:49 +02:00
|
|
|
@wraps(func)
|
2021-02-12 08:19:30 +01:00
|
|
|
def wrapper(
|
2022-07-28 03:11:10 +02:00
|
|
|
request: HttpRequest,
|
|
|
|
|
user_profile: UserProfile,
|
|
|
|
|
/,
|
|
|
|
|
*args: ParamT.args,
|
|
|
|
|
**kwargs: ParamT.kwargs,
|
2021-02-12 08:19:30 +01:00
|
|
|
) -> HttpResponse:
|
2020-06-11 00:26:49 +02:00
|
|
|
if not user_profile.is_realm_owner:
|
2023-02-04 02:07:20 +01:00
|
|
|
raise OrganizationOwnerRequiredError
|
2020-06-11 00:26:49 +02:00
|
|
|
return func(request, user_profile, *args, **kwargs)
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-28 03:11:10 +02:00
|
|
|
return wrapper
|
2020-06-11 00:26:49 +02:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-28 03:11:10 +02:00
|
|
|
def require_realm_admin(
|
2023-12-05 18:45:07 +01:00
|
|
|
func: Callable[Concatenate[HttpRequest, UserProfile, ParamT], HttpResponse],
|
2022-07-28 03:11:10 +02:00
|
|
|
) -> Callable[Concatenate[HttpRequest, UserProfile, ParamT], HttpResponse]:
|
2013-12-09 22:12:18 +01:00
|
|
|
@wraps(func)
|
2021-02-12 08:19:30 +01:00
|
|
|
def wrapper(
|
2022-07-28 03:11:10 +02:00
|
|
|
request: HttpRequest,
|
|
|
|
|
user_profile: UserProfile,
|
|
|
|
|
/,
|
|
|
|
|
*args: ParamT.args,
|
|
|
|
|
**kwargs: ParamT.kwargs,
|
2021-02-12 08:19:30 +01:00
|
|
|
) -> HttpResponse:
|
2016-02-08 03:59:38 +01:00
|
|
|
if not user_profile.is_realm_admin:
|
2023-02-04 02:07:20 +01:00
|
|
|
raise OrganizationAdministratorRequiredError
|
2013-12-09 22:12:18 +01:00
|
|
|
return func(request, user_profile, *args, **kwargs)
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-28 03:11:10 +02:00
|
|
|
return wrapper
|
2013-12-09 22:12:18 +01:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-28 03:11:10 +02:00
|
|
|
def require_organization_member(
|
2023-12-05 18:45:07 +01:00
|
|
|
func: Callable[Concatenate[HttpRequest, UserProfile, ParamT], HttpResponse],
|
2022-07-28 03:11:10 +02:00
|
|
|
) -> Callable[Concatenate[HttpRequest, UserProfile, ParamT], HttpResponse]:
|
2020-07-15 22:18:32 +02:00
|
|
|
@wraps(func)
|
2021-02-12 08:19:30 +01:00
|
|
|
def wrapper(
|
2022-07-28 03:11:10 +02:00
|
|
|
request: HttpRequest,
|
|
|
|
|
user_profile: UserProfile,
|
|
|
|
|
/,
|
|
|
|
|
*args: ParamT.args,
|
|
|
|
|
**kwargs: ParamT.kwargs,
|
2021-02-12 08:19:30 +01:00
|
|
|
) -> HttpResponse:
|
2020-07-15 22:18:32 +02:00
|
|
|
if user_profile.role > UserProfile.ROLE_MEMBER:
|
2023-02-04 02:07:20 +01:00
|
|
|
raise OrganizationMemberRequiredError
|
2020-07-15 22:18:32 +02:00
|
|
|
return func(request, user_profile, *args, **kwargs)
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-28 03:11:10 +02:00
|
|
|
return wrapper
|
2020-07-15 22:18:32 +02:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-28 03:11:10 +02:00
|
|
|
def require_billing_access(
|
2023-12-05 18:45:07 +01:00
|
|
|
func: Callable[Concatenate[HttpRequest, UserProfile, ParamT], HttpResponse],
|
2022-07-28 03:11:10 +02:00
|
|
|
) -> Callable[Concatenate[HttpRequest, UserProfile, ParamT], HttpResponse]:
|
2018-11-01 11:26:29 +01:00
|
|
|
@wraps(func)
|
2021-02-12 08:19:30 +01:00
|
|
|
def wrapper(
|
2022-07-28 03:11:10 +02:00
|
|
|
request: HttpRequest,
|
|
|
|
|
user_profile: UserProfile,
|
|
|
|
|
/,
|
|
|
|
|
*args: ParamT.args,
|
|
|
|
|
**kwargs: ParamT.kwargs,
|
2021-02-12 08:19:30 +01:00
|
|
|
) -> HttpResponse:
|
2020-07-14 14:40:39 +02:00
|
|
|
if not user_profile.has_billing_access:
|
|
|
|
|
raise JsonableError(_("Must be a billing administrator or an organization owner"))
|
2018-11-01 11:26:29 +01:00
|
|
|
return func(request, user_profile, *args, **kwargs)
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-28 03:11:10 +02:00
|
|
|
return wrapper
|
2018-11-01 11:26:29 +01:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
|
|
|
|
def process_client(
|
|
|
|
|
request: HttpRequest,
|
2024-07-12 02:30:23 +02:00
|
|
|
user: UserProfile | AnonymousUser | None = None,
|
2021-02-12 08:19:30 +01:00
|
|
|
*,
|
|
|
|
|
is_browser_view: bool = False,
|
2024-07-12 02:30:23 +02:00
|
|
|
client_name: str | None = None,
|
|
|
|
|
query: str | None = None,
|
2021-02-12 08:19:30 +01:00
|
|
|
) -> None:
|
2022-06-12 21:31:23 +02:00
|
|
|
"""The optional user parameter requests that a UserActivity row be
|
|
|
|
|
created/updated to record this request.
|
|
|
|
|
|
|
|
|
|
In particular, unauthenticate requests and those authenticated to
|
|
|
|
|
a non-user object like RemoteZulipServer should not pass the
|
|
|
|
|
`user` parameter.
|
|
|
|
|
"""
|
2021-08-21 19:24:20 +02:00
|
|
|
request_notes = RequestNotes.get_notes(request)
|
2016-05-12 22:49:36 +02:00
|
|
|
if client_name is None:
|
2021-07-09 18:10:51 +02:00
|
|
|
client_name = request_notes.client_name
|
|
|
|
|
|
|
|
|
|
assert client_name is not None
|
2020-03-08 21:12:38 +01:00
|
|
|
|
|
|
|
|
# We could check for a browser's name being "Mozilla", but
|
|
|
|
|
# e.g. Opera and MobileSafari don't set that, and it seems
|
|
|
|
|
# more robust to just key off whether it was a browser view
|
|
|
|
|
if is_browser_view and not client_name.startswith("Zulip"):
|
|
|
|
|
# Avoid changing the client string for browsers, but let
|
|
|
|
|
# the Zulip desktop apps be themselves.
|
|
|
|
|
client_name = "website"
|
2014-01-08 17:52:36 +01:00
|
|
|
|
2021-07-09 18:10:51 +02:00
|
|
|
request_notes.client = get_client(client_name)
|
2022-06-12 21:31:23 +02:00
|
|
|
if user is not None and user.is_authenticated:
|
2021-07-24 20:37:35 +02:00
|
|
|
update_user_activity(request, user, query)
|
2013-03-21 19:21:46 +01:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
|
|
|
|
def validate_api_key(
|
|
|
|
|
request: HttpRequest,
|
2024-07-12 02:30:23 +02:00
|
|
|
role: str | None,
|
2021-02-12 08:19:30 +01:00
|
|
|
api_key: str,
|
|
|
|
|
allow_webhook_access: bool = False,
|
2024-07-12 02:30:23 +02:00
|
|
|
client_name: str | None = None,
|
2022-08-01 22:55:13 +02:00
|
|
|
) -> UserProfile:
|
2013-08-21 00:36:45 +02:00
|
|
|
# Remove whitespace to protect users from trivial errors.
|
2017-08-15 01:21:46 +02:00
|
|
|
api_key = api_key.strip()
|
|
|
|
|
if role is not None:
|
|
|
|
|
role = role.strip()
|
2013-08-21 00:36:45 +02:00
|
|
|
|
2017-08-15 00:59:57 +02:00
|
|
|
user_profile = access_user_by_api_key(request, api_key, email=role)
|
2020-09-22 00:38:29 +02:00
|
|
|
if user_profile.is_incoming_webhook and not allow_webhook_access:
|
2017-08-15 00:44:34 +02:00
|
|
|
raise JsonableError(_("This API is not available to incoming webhook bots."))
|
|
|
|
|
|
2017-08-15 00:59:19 +02:00
|
|
|
request.user = user_profile
|
2017-08-15 01:21:46 +02:00
|
|
|
process_client(request, user_profile, client_name=client_name)
|
2017-08-15 00:59:19 +02:00
|
|
|
|
2017-08-15 00:59:57 +02:00
|
|
|
return user_profile
|
2013-03-21 19:21:46 +01:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2017-11-27 07:33:05 +01:00
|
|
|
def validate_account_and_subdomain(request: HttpRequest, user_profile: UserProfile) -> None:
|
2017-08-15 00:28:39 +02:00
|
|
|
if user_profile.realm.deactivated:
|
2023-02-04 02:07:20 +01:00
|
|
|
raise RealmDeactivatedError
|
2018-08-10 00:57:18 +02:00
|
|
|
if not user_profile.is_active:
|
2023-02-04 02:07:20 +01:00
|
|
|
raise UserDeactivatedError
|
2017-08-15 00:28:39 +02:00
|
|
|
|
2024-09-05 23:04:56 +02:00
|
|
|
remote_addr = request.META.get("REMOTE_ADDR", None)
|
|
|
|
|
server_name = request.META.get("SERVER_NAME", None)
|
|
|
|
|
|
|
|
|
|
if (
|
2021-02-12 08:19:30 +01:00
|
|
|
settings.RUNNING_INSIDE_TORNADO
|
2024-09-05 23:04:56 +02:00
|
|
|
and remote_addr == "127.0.0.1"
|
|
|
|
|
and server_name == "127.0.0.1"
|
|
|
|
|
): # nocoverage
|
|
|
|
|
# We're accessing Tornado from and to localhost (aka spoofing
|
|
|
|
|
# a request as the user)
|
|
|
|
|
return
|
|
|
|
|
if remote_addr == "127.0.0.1" and server_name == "localhost": # nocoverage
|
|
|
|
|
# For tusd hook requests.
|
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
if user_matches_subdomain(get_subdomain(request), user_profile):
|
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
logging.warning(
|
|
|
|
|
"User %s (%s) attempted to access API on wrong subdomain (%s)",
|
|
|
|
|
user_profile.delivery_email,
|
|
|
|
|
user_profile.realm.subdomain,
|
|
|
|
|
get_subdomain(request),
|
|
|
|
|
)
|
|
|
|
|
raise JsonableError(_("Account is not associated with this subdomain"))
|
2017-08-15 00:28:39 +02:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
|
|
|
|
def access_user_by_api_key(
|
2024-07-12 02:30:23 +02:00
|
|
|
request: HttpRequest, api_key: str, email: str | None = None
|
2021-02-12 08:19:30 +01:00
|
|
|
) -> UserProfile:
|
2019-12-16 08:12:39 +01:00
|
|
|
if not has_api_key_format(api_key):
|
2023-02-04 02:07:20 +01:00
|
|
|
raise InvalidAPIKeyFormatError
|
2019-12-16 08:12:39 +01:00
|
|
|
|
2017-08-15 01:28:48 +02:00
|
|
|
try:
|
2017-08-25 07:43:38 +02:00
|
|
|
user_profile = get_user_profile_by_api_key(api_key)
|
2017-08-15 01:28:48 +02:00
|
|
|
except UserProfile.DoesNotExist:
|
2023-02-04 02:07:20 +01:00
|
|
|
raise InvalidAPIKeyError
|
2018-12-07 00:05:57 +01:00
|
|
|
if email is not None and email.lower() != user_profile.delivery_email.lower():
|
2017-08-15 01:28:48 +02:00
|
|
|
# This covers the case that the API key is correct, but for a
|
|
|
|
|
# different user. We may end up wanting to relaxing this
|
|
|
|
|
# constraint or give a different error message in the future.
|
2023-02-04 02:07:20 +01:00
|
|
|
raise InvalidAPIKeyError
|
2017-08-15 01:28:48 +02:00
|
|
|
|
|
|
|
|
validate_account_and_subdomain(request, user_profile)
|
|
|
|
|
|
2017-08-15 00:28:39 +02:00
|
|
|
return user_profile
|
|
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2023-07-10 22:17:30 +02:00
|
|
|
def log_unsupported_webhook_event(request: HttpRequest, summary: str) -> None:
|
2021-09-13 20:23:54 +02:00
|
|
|
# This helper is primarily used by some of our more complicated
|
|
|
|
|
# webhook integrations (e.g. GitHub) that need to log an unsupported
|
|
|
|
|
# event based on attributes nested deep within a complicated JSON
|
|
|
|
|
# payload. In such cases, the error message we want to log may not
|
2022-11-17 09:30:48 +01:00
|
|
|
# really fit what a regular UnsupportedWebhookEventTypeError exception
|
2021-09-13 20:23:54 +02:00
|
|
|
# represents.
|
2023-07-10 22:17:30 +02:00
|
|
|
extra = {"request": request}
|
|
|
|
|
webhook_unsupported_events_logger.exception(summary, stack_info=True, extra=extra)
|
2021-09-13 20:23:54 +02:00
|
|
|
|
|
|
|
|
|
2023-07-10 22:17:30 +02:00
|
|
|
def log_exception_to_webhook_logger(request: HttpRequest, err: Exception) -> None:
|
|
|
|
|
extra = {"request": request}
|
2023-10-11 20:51:41 +02:00
|
|
|
# We intentionally omit the stack_info for these events, where
|
|
|
|
|
# they are intentionally raised, and the stack_info between that
|
|
|
|
|
# point and this one is not interesting.
|
2022-11-17 09:30:48 +01:00
|
|
|
if isinstance(err, AnomalousWebhookPayloadError):
|
2023-10-11 20:51:41 +02:00
|
|
|
webhook_anomalous_payloads_logger.exception(err, extra=extra)
|
2022-11-17 09:30:48 +01:00
|
|
|
elif isinstance(err, UnsupportedWebhookEventTypeError):
|
2023-10-11 20:51:41 +02:00
|
|
|
webhook_unsupported_events_logger.exception(err, extra=extra)
|
2019-06-06 05:55:09 +02:00
|
|
|
else:
|
2023-10-11 20:48:00 +02:00
|
|
|
webhook_logger.exception(err, stack_info=True, extra=extra)
|
2018-02-25 01:54:29 +01:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2024-07-12 02:30:23 +02:00
|
|
|
def full_webhook_client_name(raw_client_name: str | None = None) -> str | None:
|
2018-03-16 23:37:32 +01:00
|
|
|
if raw_client_name is None:
|
|
|
|
|
return None
|
2020-06-09 00:25:09 +02:00
|
|
|
return f"Zulip{raw_client_name}Webhook"
|
2018-03-16 23:37:32 +01:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2013-10-03 01:12:57 +02:00
|
|
|
# Use this for webhook views that don't get an email passed in.
|
2020-08-20 00:32:15 +02:00
|
|
|
def webhook_view(
|
2021-02-12 08:19:30 +01:00
|
|
|
webhook_client_name: str,
|
|
|
|
|
notify_bot_owner_on_invalid_json: bool = True,
|
2024-07-12 02:30:23 +02:00
|
|
|
all_event_types: Sequence[str] | None = None,
|
2020-06-23 04:30:55 +02:00
|
|
|
) -> Callable[[Callable[..., HttpResponse]], Callable[..., HttpResponse]]:
|
2020-08-20 00:20:05 +02:00
|
|
|
# Unfortunately, callback protocols are insufficient for this:
|
|
|
|
|
# https://mypy.readthedocs.io/en/stable/protocols.html#callback-protocols
|
|
|
|
|
# Variadic generics are necessary: https://github.com/python/typing/issues/193
|
2020-06-23 04:30:55 +02:00
|
|
|
def _wrapped_view_func(view_func: Callable[..., HttpResponse]) -> Callable[..., HttpResponse]:
|
2016-05-12 22:49:36 +02:00
|
|
|
@csrf_exempt
|
|
|
|
|
@wraps(view_func)
|
2024-08-15 10:45:39 +02:00
|
|
|
@typed_endpoint
|
2021-02-12 08:19:30 +01:00
|
|
|
def _wrapped_func_arguments(
|
2024-08-15 10:45:39 +02:00
|
|
|
request: HttpRequest, /, *args: object, api_key: str, **kwargs: object
|
2021-02-12 08:19:30 +01:00
|
|
|
) -> HttpResponse:
|
|
|
|
|
user_profile = validate_api_key(
|
|
|
|
|
request,
|
|
|
|
|
None,
|
|
|
|
|
api_key,
|
|
|
|
|
allow_webhook_access=True,
|
|
|
|
|
client_name=full_webhook_client_name(webhook_client_name),
|
|
|
|
|
)
|
2016-05-12 22:49:36 +02:00
|
|
|
|
2022-08-25 18:22:07 +02:00
|
|
|
request_notes = RequestNotes.get_notes(request)
|
|
|
|
|
request_notes.is_webhook_view = True
|
|
|
|
|
|
2022-08-14 21:14:52 +02:00
|
|
|
rate_limit_user(request, user_profile, domain="api_by_user")
|
2017-05-12 05:21:09 +02:00
|
|
|
try:
|
|
|
|
|
return view_func(request, user_profile, *args, **kwargs)
|
2017-07-19 05:08:51 +02:00
|
|
|
except Exception as err:
|
2023-10-05 23:45:26 +02:00
|
|
|
if not isinstance(err, JsonableError):
|
|
|
|
|
# An unexpected exception of some form -- log it
|
|
|
|
|
log_exception_to_webhook_logger(request, err)
|
|
|
|
|
elif isinstance(err, WebhookError):
|
|
|
|
|
# Anything explicitly a webhook error deserves to
|
2023-10-11 20:49:57 +02:00
|
|
|
# go to the webhook logs. The error middleware
|
|
|
|
|
# skips logging these exceptions a second time.
|
2023-10-05 23:45:26 +02:00
|
|
|
err.webhook_name = webhook_client_name
|
|
|
|
|
log_exception_to_webhook_logger(request, err)
|
|
|
|
|
elif isinstance(err, InvalidJSONError) and notify_bot_owner_on_invalid_json:
|
|
|
|
|
# Invalid JSON is not notable for the logs -- it's
|
|
|
|
|
# the sender's fault, so tell the owner
|
2018-12-06 00:12:19 +01:00
|
|
|
notify_bot_owner_about_invalid_json(user_profile, webhook_client_name)
|
2023-10-05 23:45:26 +02:00
|
|
|
|
2017-07-19 05:08:51 +02:00
|
|
|
raise err
|
2017-05-12 05:21:09 +02:00
|
|
|
|
2022-06-13 21:18:14 +02:00
|
|
|
# Store the event types registered for this webhook as an attribute, which can be access
|
|
|
|
|
# later conveniently in zerver.lib.test_classes.WebhookTestCase.
|
2022-10-08 06:10:17 +02:00
|
|
|
_wrapped_func_arguments._all_event_types = all_event_types # type: ignore[attr-defined] # custom attribute
|
2016-05-12 22:49:36 +02:00
|
|
|
return _wrapped_func_arguments
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2013-10-03 01:12:57 +02:00
|
|
|
return _wrapped_view_func
|
|
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2020-12-24 11:39:29 +01:00
|
|
|
def zulip_redirect_to_login(
|
|
|
|
|
request: HttpRequest,
|
2024-07-12 02:30:23 +02:00
|
|
|
login_url: str | None = None,
|
2020-12-24 11:39:29 +01:00
|
|
|
redirect_field_name: str = REDIRECT_FIELD_NAME,
|
|
|
|
|
) -> HttpResponseRedirect:
|
|
|
|
|
path = request.build_absolute_uri()
|
|
|
|
|
resolved_login_url = resolve_url(login_url or settings.LOGIN_URL)
|
|
|
|
|
# If the login URL is the same scheme and net location then just
|
|
|
|
|
# use the path as the "next" url.
|
2023-12-05 21:25:00 +01:00
|
|
|
login_scheme, login_netloc = urlsplit(resolved_login_url)[:2]
|
|
|
|
|
current_scheme, current_netloc = urlsplit(path)[:2]
|
2020-12-24 11:39:29 +01:00
|
|
|
if (not login_scheme or login_scheme == current_scheme) and (
|
|
|
|
|
not login_netloc or login_netloc == current_netloc
|
|
|
|
|
):
|
|
|
|
|
path = request.get_full_path()
|
|
|
|
|
|
2020-10-07 07:10:02 +02:00
|
|
|
if path == "/":
|
2020-12-24 11:39:29 +01:00
|
|
|
# Don't add ?next=/, to keep our URLs clean
|
|
|
|
|
return HttpResponseRedirect(resolved_login_url)
|
|
|
|
|
return redirect_to_login(path, resolved_login_url, redirect_field_name)
|
|
|
|
|
|
|
|
|
|
|
2020-08-14 10:10:18 +02:00
|
|
|
# From Django 2.2, modified to pass the request rather than just the
|
|
|
|
|
# user into test_func; this is useful so that we can revalidate the
|
|
|
|
|
# subdomain matches the user's realm. It is likely that we could make
|
|
|
|
|
# the subdomain validation happen elsewhere and switch to using the
|
|
|
|
|
# stock Django version.
|
2021-02-12 08:19:30 +01:00
|
|
|
def user_passes_test(
|
2021-07-26 16:29:19 +02:00
|
|
|
test_func: Callable[[HttpRequest], bool],
|
2024-07-12 02:30:23 +02:00
|
|
|
login_url: str | None = None,
|
2021-02-12 08:19:30 +01:00
|
|
|
redirect_field_name: str = REDIRECT_FIELD_NAME,
|
2022-07-15 21:55:53 +02:00
|
|
|
) -> Callable[
|
|
|
|
|
[Callable[Concatenate[HttpRequest, ParamT], HttpResponse]],
|
|
|
|
|
Callable[Concatenate[HttpRequest, ParamT], HttpResponse],
|
|
|
|
|
]:
|
2016-04-21 23:48:34 +02:00
|
|
|
"""
|
|
|
|
|
Decorator for views that checks that the user passes the given test,
|
|
|
|
|
redirecting to the log-in page if necessary. The test should be a callable
|
|
|
|
|
that takes the user object and returns True if the user passes.
|
|
|
|
|
"""
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-15 21:55:53 +02:00
|
|
|
def decorator(
|
2023-12-05 18:45:07 +01:00
|
|
|
view_func: Callable[Concatenate[HttpRequest, ParamT], HttpResponse],
|
2022-07-15 21:55:53 +02:00
|
|
|
) -> Callable[Concatenate[HttpRequest, ParamT], HttpResponse]:
|
2020-08-14 10:10:18 +02:00
|
|
|
@wraps(view_func)
|
2022-07-15 21:55:53 +02:00
|
|
|
def _wrapped_view(
|
|
|
|
|
request: HttpRequest, /, *args: ParamT.args, **kwargs: ParamT.kwargs
|
|
|
|
|
) -> HttpResponse:
|
2016-07-19 14:22:13 +02:00
|
|
|
if test_func(request):
|
2016-04-21 23:48:34 +02:00
|
|
|
return view_func(request, *args, **kwargs)
|
2020-12-24 11:39:29 +01:00
|
|
|
return zulip_redirect_to_login(request, login_url, redirect_field_name)
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-15 21:55:53 +02:00
|
|
|
return _wrapped_view
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2016-04-21 23:48:34 +02:00
|
|
|
return decorator
|
|
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2017-11-27 07:33:05 +01:00
|
|
|
def logged_in_and_active(request: HttpRequest) -> bool:
|
2017-05-18 11:42:19 +02:00
|
|
|
if not request.user.is_authenticated:
|
2016-04-22 00:56:39 +02:00
|
|
|
return False
|
2016-07-19 14:22:13 +02:00
|
|
|
if not request.user.is_active:
|
2016-04-22 00:56:39 +02:00
|
|
|
return False
|
2016-07-19 14:22:13 +02:00
|
|
|
if request.user.realm.deactivated:
|
2016-04-22 00:56:39 +02:00
|
|
|
return False
|
2017-10-20 02:53:24 +02:00
|
|
|
return user_matches_subdomain(get_subdomain(request), request.user)
|
2016-04-22 00:56:39 +02:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2017-07-12 09:50:19 +02:00
|
|
|
def do_two_factor_login(request: HttpRequest, user_profile: UserProfile) -> None:
|
|
|
|
|
device = default_device(user_profile)
|
|
|
|
|
if device:
|
|
|
|
|
django_otp.login(request, device)
|
|
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2017-11-27 07:33:05 +01:00
|
|
|
def do_login(request: HttpRequest, user_profile: UserProfile) -> None:
|
2017-08-25 01:11:30 +02:00
|
|
|
"""Creates a session, logging in the user, using the Django method,
|
|
|
|
|
and also adds helpful data needed by our server logs.
|
|
|
|
|
"""
|
2024-01-08 22:19:08 +01:00
|
|
|
|
|
|
|
|
# As a hardening measure, pass the user_profile through the dummy backend,
|
|
|
|
|
# which does the minimal validation that the user is allowed to log in.
|
|
|
|
|
# This, and stronger validation, should have already been done by the
|
|
|
|
|
# caller, so we raise an AssertionError if this doesn't work as expected.
|
|
|
|
|
# This is to prevent misuse of this function, as it would pose a major
|
|
|
|
|
# security issue.
|
|
|
|
|
realm = get_valid_realm_from_request(request)
|
|
|
|
|
validated_user_profile = authenticate(
|
|
|
|
|
request=request, username=user_profile.delivery_email, realm=realm, use_dummy_backend=True
|
|
|
|
|
)
|
|
|
|
|
if validated_user_profile is None or validated_user_profile != user_profile:
|
|
|
|
|
raise AssertionError("do_login called for a user_profile that shouldn't be able to log in")
|
|
|
|
|
|
|
|
|
|
assert isinstance(validated_user_profile, UserProfile)
|
|
|
|
|
|
|
|
|
|
django_login(request, validated_user_profile)
|
2023-12-05 18:45:07 +01:00
|
|
|
RequestNotes.get_notes(
|
|
|
|
|
request
|
|
|
|
|
).requester_for_logs = validated_user_profile.format_requester_for_logs()
|
2024-01-08 22:19:08 +01:00
|
|
|
process_client(request, validated_user_profile, is_browser_view=True)
|
2017-07-12 09:50:19 +02:00
|
|
|
if settings.TWO_FACTOR_AUTHENTICATION_ENABLED:
|
docs: Add missing space to compound verbs “log in”, “set up”, etc.
Noun: backup, checkout, cleanup, login, logout, setup, shutdown, signup,
timeout.
Verb: back up, check out, clean up, log in, log out, set up, shut
down, sign up, time out.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-25 23:05:38 +02:00
|
|
|
# Log in with two factor authentication as well.
|
2024-01-08 22:19:08 +01:00
|
|
|
do_two_factor_login(request, validated_user_profile)
|
2017-08-25 01:11:30 +02:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-15 22:14:51 +02:00
|
|
|
def log_view_func(
|
2023-12-05 18:45:07 +01:00
|
|
|
view_func: Callable[Concatenate[HttpRequest, ParamT], HttpResponse],
|
2022-07-15 22:14:51 +02:00
|
|
|
) -> Callable[Concatenate[HttpRequest, ParamT], HttpResponse]:
|
2017-11-03 22:26:31 +01:00
|
|
|
@wraps(view_func)
|
2022-07-15 22:14:51 +02:00
|
|
|
def _wrapped_view_func(
|
|
|
|
|
request: HttpRequest, /, *args: ParamT.args, **kwargs: ParamT.kwargs
|
|
|
|
|
) -> HttpResponse:
|
2021-08-21 19:24:20 +02:00
|
|
|
RequestNotes.get_notes(request).query = view_func.__name__
|
2017-11-03 22:26:31 +01:00
|
|
|
return view_func(request, *args, **kwargs)
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-15 22:14:51 +02:00
|
|
|
return _wrapped_view_func
|
2017-11-03 22:26:31 +01:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-15 21:55:53 +02:00
|
|
|
def add_logging_data(
|
2023-12-05 18:45:07 +01:00
|
|
|
view_func: Callable[Concatenate[HttpRequest, ParamT], HttpResponse],
|
2022-07-15 21:55:53 +02:00
|
|
|
) -> Callable[Concatenate[HttpRequest, ParamT], HttpResponse]:
|
2017-02-20 20:55:18 +01:00
|
|
|
@wraps(view_func)
|
2022-07-15 21:55:53 +02:00
|
|
|
def _wrapped_view_func(
|
|
|
|
|
request: HttpRequest, /, *args: ParamT.args, **kwargs: ParamT.kwargs
|
|
|
|
|
) -> HttpResponse:
|
2021-02-12 08:19:30 +01:00
|
|
|
process_client(request, request.user, is_browser_view=True, query=view_func.__name__)
|
2022-08-14 21:14:52 +02:00
|
|
|
|
|
|
|
|
if request.user.is_authenticated:
|
|
|
|
|
rate_limit_user(request, request.user, domain="api_by_user")
|
|
|
|
|
else:
|
|
|
|
|
rate_limit_request_by_ip(request, domain="api_by_ip")
|
|
|
|
|
|
2022-07-28 13:59:22 +02:00
|
|
|
return view_func(request, *args, **kwargs)
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-15 21:55:53 +02:00
|
|
|
return _wrapped_view_func
|
2017-04-15 20:51:51 +02:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-15 22:14:51 +02:00
|
|
|
def human_users_only(
|
2023-12-05 18:45:07 +01:00
|
|
|
view_func: Callable[Concatenate[HttpRequest, ParamT], HttpResponse],
|
2022-07-15 22:14:51 +02:00
|
|
|
) -> Callable[Concatenate[HttpRequest, ParamT], HttpResponse]:
|
2017-04-15 20:51:51 +02:00
|
|
|
@wraps(view_func)
|
2022-07-15 22:14:51 +02:00
|
|
|
def _wrapped_view_func(
|
|
|
|
|
request: HttpRequest, /, *args: ParamT.args, **kwargs: ParamT.kwargs
|
|
|
|
|
) -> HttpResponse:
|
2021-07-24 20:37:35 +02:00
|
|
|
assert request.user.is_authenticated
|
2017-04-15 20:51:51 +02:00
|
|
|
if request.user.is_bot:
|
2021-06-30 18:35:50 +02:00
|
|
|
raise JsonableError(_("This endpoint does not accept bot requests."))
|
2017-04-15 20:51:51 +02:00
|
|
|
return view_func(request, *args, **kwargs)
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-15 22:14:51 +02:00
|
|
|
return _wrapped_view_func
|
2017-02-20 20:55:18 +01:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2024-01-29 00:32:21 +01:00
|
|
|
# Based on Django 1.8's @login_required
|
2021-07-26 17:03:22 +02:00
|
|
|
@overload
|
|
|
|
|
def zulip_login_required(
|
2022-07-15 21:55:53 +02:00
|
|
|
function: Callable[Concatenate[HttpRequest, ParamT], HttpResponse],
|
2021-07-26 17:03:22 +02:00
|
|
|
redirect_field_name: str = REDIRECT_FIELD_NAME,
|
|
|
|
|
login_url: str = settings.HOME_NOT_LOGGED_IN,
|
2024-01-29 00:32:21 +01:00
|
|
|
) -> Callable[Concatenate[HttpRequest, ParamT], HttpResponse]: ...
|
2021-07-26 17:03:22 +02:00
|
|
|
@overload
|
|
|
|
|
def zulip_login_required(
|
|
|
|
|
function: None,
|
|
|
|
|
redirect_field_name: str = REDIRECT_FIELD_NAME,
|
|
|
|
|
login_url: str = settings.HOME_NOT_LOGGED_IN,
|
2022-07-15 21:55:53 +02:00
|
|
|
) -> Callable[
|
|
|
|
|
[Callable[Concatenate[HttpRequest, ParamT], HttpResponse]],
|
|
|
|
|
Callable[Concatenate[HttpRequest, ParamT], HttpResponse],
|
2024-01-29 00:32:21 +01:00
|
|
|
]: ...
|
2017-12-09 06:40:18 +01:00
|
|
|
def zulip_login_required(
|
2024-07-12 02:30:23 +02:00
|
|
|
function: Callable[Concatenate[HttpRequest, ParamT], HttpResponse] | None = None,
|
2021-02-12 08:19:30 +01:00
|
|
|
redirect_field_name: str = REDIRECT_FIELD_NAME,
|
|
|
|
|
login_url: str = settings.HOME_NOT_LOGGED_IN,
|
2024-07-12 02:30:23 +02:00
|
|
|
) -> (
|
2022-07-15 21:55:53 +02:00
|
|
|
Callable[
|
|
|
|
|
[Callable[Concatenate[HttpRequest, ParamT], HttpResponse]],
|
|
|
|
|
Callable[Concatenate[HttpRequest, ParamT], HttpResponse],
|
2024-07-12 02:30:23 +02:00
|
|
|
]
|
|
|
|
|
| Callable[Concatenate[HttpRequest, ParamT], HttpResponse]
|
|
|
|
|
):
|
2020-06-24 01:52:07 +02:00
|
|
|
actual_decorator = lambda function: user_passes_test(
|
2016-04-22 00:56:39 +02:00
|
|
|
logged_in_and_active,
|
2016-04-21 23:48:34 +02:00
|
|
|
login_url=login_url,
|
python: Use trailing commas consistently.
Automatically generated by the following script, based on the output
of lint with flake8-comma:
import re
import sys
last_filename = None
last_row = None
lines = []
for msg in sys.stdin:
m = re.match(
r"\x1b\[35mflake8 \|\x1b\[0m \x1b\[1;31m(.+):(\d+):(\d+): (\w+)", msg
)
if m:
filename, row_str, col_str, err = m.groups()
row, col = int(row_str), int(col_str)
if filename == last_filename:
assert last_row != row
else:
if last_filename is not None:
with open(last_filename, "w") as f:
f.writelines(lines)
with open(filename) as f:
lines = f.readlines()
last_filename = filename
last_row = row
line = lines[row - 1]
if err in ["C812", "C815"]:
lines[row - 1] = line[: col - 1] + "," + line[col - 1 :]
elif err in ["C819"]:
assert line[col - 2] == ","
lines[row - 1] = line[: col - 2] + line[col - 1 :].lstrip(" ")
if last_filename is not None:
with open(last_filename, "w") as f:
f.writelines(lines)
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-10 05:23:40 +02:00
|
|
|
redirect_field_name=redirect_field_name,
|
2020-06-24 01:52:07 +02:00
|
|
|
)(
|
2022-07-11 16:33:02 +02:00
|
|
|
zulip_otp_required_if_logged_in(
|
2021-02-12 08:19:30 +01:00
|
|
|
redirect_field_name=redirect_field_name,
|
|
|
|
|
login_url=login_url,
|
2020-06-24 01:52:07 +02:00
|
|
|
)(add_logging_data(function))
|
2017-07-12 10:16:02 +02:00
|
|
|
)
|
|
|
|
|
|
2016-04-21 23:48:34 +02:00
|
|
|
if function:
|
2020-06-24 01:52:07 +02:00
|
|
|
return actual_decorator(function)
|
|
|
|
|
return actual_decorator # nocoverage # We don't use this without a function
|
2016-04-21 23:48:34 +02:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2020-09-27 06:49:16 +02:00
|
|
|
def web_public_view(
|
2022-07-15 22:14:51 +02:00
|
|
|
view_func: Callable[Concatenate[HttpRequest, ParamT], HttpResponse],
|
2021-02-12 08:19:30 +01:00
|
|
|
redirect_field_name: str = REDIRECT_FIELD_NAME,
|
|
|
|
|
login_url: str = settings.HOME_NOT_LOGGED_IN,
|
2022-07-15 22:14:51 +02:00
|
|
|
) -> Callable[Concatenate[HttpRequest, ParamT], HttpResponse]:
|
2020-09-27 06:49:16 +02:00
|
|
|
"""
|
|
|
|
|
This wrapper adds client info for unauthenticated users but
|
|
|
|
|
forces authenticated users to go through 2fa.
|
|
|
|
|
"""
|
2022-07-11 16:33:02 +02:00
|
|
|
actual_decorator = lambda view_func: zulip_otp_required_if_logged_in(
|
2021-02-12 08:19:30 +01:00
|
|
|
redirect_field_name=redirect_field_name, login_url=login_url
|
|
|
|
|
)(add_logging_data(view_func))
|
2020-09-27 06:49:16 +02:00
|
|
|
|
|
|
|
|
return actual_decorator(view_func)
|
|
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-15 22:14:51 +02:00
|
|
|
def require_server_admin(
|
2023-12-05 18:45:07 +01:00
|
|
|
view_func: Callable[Concatenate[HttpRequest, ParamT], HttpResponse],
|
2022-07-15 22:14:51 +02:00
|
|
|
) -> Callable[Concatenate[HttpRequest, ParamT], HttpResponse]:
|
2016-04-21 23:48:34 +02:00
|
|
|
@zulip_login_required
|
2013-11-01 18:43:38 +01:00
|
|
|
@wraps(view_func)
|
2022-07-15 22:14:51 +02:00
|
|
|
def _wrapped_view_func(
|
|
|
|
|
request: HttpRequest, /, *args: ParamT.args, **kwargs: ParamT.kwargs
|
|
|
|
|
) -> HttpResponse:
|
2016-12-14 06:02:50 +01:00
|
|
|
if not request.user.is_staff:
|
2013-10-22 15:39:39 +02:00
|
|
|
return HttpResponseRedirect(settings.HOME_NOT_LOGGED_IN)
|
2013-10-22 21:03:34 +02:00
|
|
|
|
2017-02-20 20:55:18 +01:00
|
|
|
return add_logging_data(view_func)(request, *args, **kwargs)
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-15 22:14:51 +02:00
|
|
|
return _wrapped_view_func
|
2013-10-03 01:12:57 +02:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-15 21:39:46 +02:00
|
|
|
def require_server_admin_api(
|
2023-12-05 18:45:07 +01:00
|
|
|
view_func: Callable[Concatenate[HttpRequest, ParamT], HttpResponse],
|
2022-07-15 21:39:46 +02:00
|
|
|
) -> Callable[Concatenate[HttpRequest, ParamT], HttpResponse]:
|
2018-04-15 18:29:06 +02:00
|
|
|
@zulip_login_required
|
|
|
|
|
@wraps(view_func)
|
2021-02-12 08:19:30 +01:00
|
|
|
def _wrapped_view_func(
|
2022-07-15 21:39:46 +02:00
|
|
|
request: HttpRequest,
|
|
|
|
|
/,
|
|
|
|
|
*args: ParamT.args,
|
|
|
|
|
**kwargs: ParamT.kwargs,
|
2021-02-12 08:19:30 +01:00
|
|
|
) -> HttpResponse:
|
2022-07-15 21:39:46 +02:00
|
|
|
if not request.user.is_staff:
|
2018-04-15 18:29:06 +02:00
|
|
|
raise JsonableError(_("Must be an server administrator"))
|
2022-07-15 21:39:46 +02:00
|
|
|
return view_func(request, *args, **kwargs)
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-15 21:39:46 +02:00
|
|
|
return _wrapped_view_func
|
2018-04-15 18:29:06 +02:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-28 03:11:10 +02:00
|
|
|
def require_non_guest_user(
|
2023-12-05 18:45:07 +01:00
|
|
|
view_func: Callable[Concatenate[HttpRequest, UserProfile, ParamT], HttpResponse],
|
2022-07-28 03:11:10 +02:00
|
|
|
) -> Callable[Concatenate[HttpRequest, UserProfile, ParamT], HttpResponse]:
|
2018-05-04 19:14:29 +02:00
|
|
|
@wraps(view_func)
|
2021-02-12 08:19:30 +01:00
|
|
|
def _wrapped_view_func(
|
2022-07-28 03:11:10 +02:00
|
|
|
request: HttpRequest,
|
|
|
|
|
user_profile: UserProfile,
|
|
|
|
|
/,
|
|
|
|
|
*args: ParamT.args,
|
|
|
|
|
**kwargs: ParamT.kwargs,
|
2021-02-12 08:19:30 +01:00
|
|
|
) -> HttpResponse:
|
2018-05-04 19:14:29 +02:00
|
|
|
if user_profile.is_guest:
|
|
|
|
|
raise JsonableError(_("Not allowed for guest users"))
|
|
|
|
|
return view_func(request, user_profile, *args, **kwargs)
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-28 03:11:10 +02:00
|
|
|
return _wrapped_view_func
|
2018-05-04 19:14:29 +02:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-28 03:11:10 +02:00
|
|
|
def require_member_or_admin(
|
2023-12-05 18:45:07 +01:00
|
|
|
view_func: Callable[Concatenate[HttpRequest, UserProfile, ParamT], HttpResponse],
|
2022-07-28 03:11:10 +02:00
|
|
|
) -> Callable[Concatenate[HttpRequest, UserProfile, ParamT], HttpResponse]:
|
2018-05-04 19:14:29 +02:00
|
|
|
@wraps(view_func)
|
2021-02-12 08:19:30 +01:00
|
|
|
def _wrapped_view_func(
|
2022-07-28 03:11:10 +02:00
|
|
|
request: HttpRequest,
|
|
|
|
|
user_profile: UserProfile,
|
|
|
|
|
/,
|
|
|
|
|
*args: ParamT.args,
|
|
|
|
|
**kwargs: ParamT.kwargs,
|
2021-02-12 08:19:30 +01:00
|
|
|
) -> HttpResponse:
|
2018-05-04 19:14:29 +02:00
|
|
|
if user_profile.is_guest:
|
|
|
|
|
raise JsonableError(_("Not allowed for guest users"))
|
|
|
|
|
if user_profile.is_bot:
|
2021-06-30 18:35:50 +02:00
|
|
|
raise JsonableError(_("This endpoint does not accept bot requests."))
|
2018-05-04 19:14:29 +02:00
|
|
|
return view_func(request, user_profile, *args, **kwargs)
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-28 03:11:10 +02:00
|
|
|
return _wrapped_view_func
|
2019-11-02 17:58:55 +01:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2023-07-17 09:20:50 +02:00
|
|
|
def require_user_group_create_permission(
|
|
|
|
|
view_func: Callable[Concatenate[HttpRequest, UserProfile, ParamT], HttpResponse],
|
|
|
|
|
) -> Callable[Concatenate[HttpRequest, UserProfile, ParamT], HttpResponse]:
|
|
|
|
|
@require_member_or_admin
|
|
|
|
|
@wraps(view_func)
|
|
|
|
|
def _wrapped_view_func(
|
|
|
|
|
request: HttpRequest,
|
|
|
|
|
user_profile: UserProfile,
|
|
|
|
|
/,
|
|
|
|
|
*args: ParamT.args,
|
|
|
|
|
**kwargs: ParamT.kwargs,
|
|
|
|
|
) -> HttpResponse:
|
|
|
|
|
if not user_profile.can_create_user_groups():
|
|
|
|
|
raise JsonableError(_("Insufficient permission"))
|
|
|
|
|
return view_func(request, user_profile, *args, **kwargs)
|
|
|
|
|
|
|
|
|
|
return _wrapped_view_func
|
|
|
|
|
|
|
|
|
|
|
2018-04-13 19:04:39 +02:00
|
|
|
# This API endpoint is used only for the mobile apps. It is part of a
|
|
|
|
|
# workaround for the fact that React Native doesn't support setting
|
|
|
|
|
# HTTP basic authentication headers.
|
2020-06-23 04:30:55 +02:00
|
|
|
def authenticated_uploads_api_view(
|
|
|
|
|
skip_rate_limiting: bool = False,
|
|
|
|
|
) -> Callable[[Callable[..., HttpResponse]], Callable[..., HttpResponse]]:
|
|
|
|
|
def _wrapped_view_func(view_func: Callable[..., HttpResponse]) -> Callable[..., HttpResponse]:
|
2018-04-13 19:04:39 +02:00
|
|
|
@csrf_exempt
|
|
|
|
|
@wraps(view_func)
|
2024-08-15 10:45:39 +02:00
|
|
|
@typed_endpoint
|
2021-02-12 08:19:30 +01:00
|
|
|
def _wrapped_func_arguments(
|
2024-08-15 10:45:39 +02:00
|
|
|
request: HttpRequest, /, *args: object, api_key: str, **kwargs: object
|
2021-02-12 08:19:30 +01:00
|
|
|
) -> HttpResponse:
|
2018-04-13 19:04:39 +02:00
|
|
|
user_profile = validate_api_key(request, None, api_key, False)
|
2018-12-11 20:46:52 +01:00
|
|
|
if not skip_rate_limiting:
|
2022-08-14 21:14:52 +02:00
|
|
|
rate_limit_user(request, user_profile, domain="api_by_user")
|
2022-07-28 13:59:22 +02:00
|
|
|
return view_func(request, user_profile, *args, **kwargs)
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2018-04-13 19:04:39 +02:00
|
|
|
return _wrapped_func_arguments
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2018-04-13 19:04:39 +02:00
|
|
|
return _wrapped_view_func
|
|
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-08-01 22:50:38 +02:00
|
|
|
def get_basic_credentials(
|
|
|
|
|
request: HttpRequest, beanstalk_email_decode: bool = False
|
2024-07-12 02:30:17 +02:00
|
|
|
) -> tuple[str, str]:
|
2022-08-01 22:50:38 +02:00
|
|
|
"""
|
|
|
|
|
Extracts the role and API key as a tuple from the Authorization header
|
|
|
|
|
for HTTP basic authentication.
|
|
|
|
|
"""
|
|
|
|
|
try:
|
|
|
|
|
# Grab the base64-encoded authentication string, decode it, and split it into
|
|
|
|
|
# the email and API key
|
|
|
|
|
auth_type, credentials = request.headers["Authorization"].split()
|
|
|
|
|
# case insensitive per RFC 1945
|
|
|
|
|
if auth_type.lower() != "basic":
|
|
|
|
|
raise JsonableError(_("This endpoint requires HTTP basic authentication."))
|
|
|
|
|
role, api_key = base64.b64decode(credentials).decode().split(":")
|
|
|
|
|
if beanstalk_email_decode:
|
|
|
|
|
# Beanstalk's web hook UI rejects URL with a @ in the username section
|
|
|
|
|
# So we ask the user to replace them with %40
|
|
|
|
|
role = role.replace("%40", "@")
|
|
|
|
|
except ValueError:
|
|
|
|
|
raise UnauthorizedError(_("Invalid authorization header for basic auth"))
|
|
|
|
|
except KeyError:
|
|
|
|
|
raise UnauthorizedError(_("Missing authorization header for basic auth"))
|
|
|
|
|
|
|
|
|
|
return role, api_key
|
|
|
|
|
|
|
|
|
|
|
2020-10-23 02:43:28 +02:00
|
|
|
# A more REST-y authentication decorator, using, in particular, HTTP basic
|
2013-08-29 20:47:04 +02:00
|
|
|
# authentication.
|
2018-03-16 23:37:32 +01:00
|
|
|
#
|
|
|
|
|
# If webhook_client_name is specific, the request is a webhook view
|
|
|
|
|
# with that string as the basis for the client string.
|
2020-06-23 04:30:55 +02:00
|
|
|
def authenticated_rest_api_view(
|
|
|
|
|
*,
|
2024-07-12 02:30:23 +02:00
|
|
|
webhook_client_name: str | None = None,
|
2020-09-22 00:38:29 +02:00
|
|
|
allow_webhook_access: bool = False,
|
2020-06-23 04:30:55 +02:00
|
|
|
skip_rate_limiting: bool = False,
|
2022-05-12 07:53:37 +02:00
|
|
|
beanstalk_email_decode: bool = False,
|
2022-07-28 16:39:32 +02:00
|
|
|
) -> Callable[
|
|
|
|
|
[Callable[Concatenate[HttpRequest, UserProfile, ParamT], HttpResponse]],
|
|
|
|
|
Callable[Concatenate[HttpRequest, ParamT], HttpResponse],
|
|
|
|
|
]:
|
2020-09-22 00:42:29 +02:00
|
|
|
if webhook_client_name is not None:
|
|
|
|
|
allow_webhook_access = True
|
|
|
|
|
|
2022-07-28 16:39:32 +02:00
|
|
|
def _wrapped_view_func(
|
2023-12-05 18:45:07 +01:00
|
|
|
view_func: Callable[Concatenate[HttpRequest, UserProfile, ParamT], HttpResponse],
|
2022-07-28 16:39:32 +02:00
|
|
|
) -> Callable[Concatenate[HttpRequest, ParamT], HttpResponse]:
|
2016-05-18 20:35:35 +02:00
|
|
|
@csrf_exempt
|
|
|
|
|
@wraps(view_func)
|
2021-02-12 08:19:30 +01:00
|
|
|
def _wrapped_func_arguments(
|
2022-07-28 16:39:32 +02:00
|
|
|
request: HttpRequest, /, *args: ParamT.args, **kwargs: ParamT.kwargs
|
2021-02-12 08:19:30 +01:00
|
|
|
) -> HttpResponse:
|
2022-08-01 22:50:38 +02:00
|
|
|
role, api_key = get_basic_credentials(
|
|
|
|
|
request, beanstalk_email_decode=beanstalk_email_decode
|
|
|
|
|
)
|
2016-05-18 20:35:35 +02:00
|
|
|
|
|
|
|
|
# Now we try to do authentication or die
|
|
|
|
|
try:
|
2022-08-17 16:25:02 +02:00
|
|
|
user_profile = validate_api_key(
|
2021-02-12 08:19:30 +01:00
|
|
|
request,
|
|
|
|
|
role,
|
|
|
|
|
api_key,
|
|
|
|
|
allow_webhook_access=allow_webhook_access,
|
|
|
|
|
client_name=full_webhook_client_name(webhook_client_name),
|
|
|
|
|
)
|
2022-08-25 18:22:07 +02:00
|
|
|
|
|
|
|
|
if webhook_client_name is not None:
|
|
|
|
|
request_notes = RequestNotes.get_notes(request)
|
|
|
|
|
request_notes.is_webhook_view = True
|
|
|
|
|
|
2016-05-18 20:35:35 +02:00
|
|
|
except JsonableError as e:
|
2022-07-13 03:29:39 +02:00
|
|
|
raise UnauthorizedError(e.msg)
|
2018-03-27 04:34:43 +02:00
|
|
|
try:
|
2018-12-11 20:46:52 +01:00
|
|
|
if not skip_rate_limiting:
|
2022-08-17 16:25:02 +02:00
|
|
|
rate_limit_user(request, user_profile, domain="api_by_user")
|
|
|
|
|
return view_func(request, user_profile, *args, **kwargs)
|
2018-03-27 04:34:43 +02:00
|
|
|
except Exception as err:
|
2020-09-22 00:50:08 +02:00
|
|
|
if not webhook_client_name:
|
|
|
|
|
raise err
|
|
|
|
|
|
2023-10-05 23:45:26 +02:00
|
|
|
if not isinstance(err, JsonableError):
|
|
|
|
|
# An unexpected exception of some form -- log it
|
|
|
|
|
log_exception_to_webhook_logger(request, err)
|
|
|
|
|
elif isinstance(err, WebhookError):
|
|
|
|
|
# Anything explicitly a webhook error deserves to
|
2023-10-11 20:49:57 +02:00
|
|
|
# go to the webhook logs. The error middleware
|
|
|
|
|
# skips logging these exceptions a second time.
|
2020-09-22 00:50:08 +02:00
|
|
|
err.webhook_name = webhook_client_name
|
2023-10-05 23:45:26 +02:00
|
|
|
log_exception_to_webhook_logger(request, err)
|
|
|
|
|
|
2018-03-27 04:34:43 +02:00
|
|
|
raise err
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2016-05-18 20:35:35 +02:00
|
|
|
return _wrapped_func_arguments
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2013-03-21 20:15:27 +01:00
|
|
|
return _wrapped_view_func
|
|
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-15 22:14:51 +02:00
|
|
|
def process_as_post(
|
2023-12-05 18:45:07 +01:00
|
|
|
view_func: Callable[Concatenate[HttpRequest, ParamT], HttpResponse],
|
2022-07-15 22:14:51 +02:00
|
|
|
) -> Callable[Concatenate[HttpRequest, ParamT], HttpResponse]:
|
2013-03-21 20:18:44 +01:00
|
|
|
@wraps(view_func)
|
2022-07-15 22:14:51 +02:00
|
|
|
def _wrapped_view_func(
|
|
|
|
|
request: HttpRequest, /, *args: ParamT.args, **kwargs: ParamT.kwargs
|
|
|
|
|
) -> HttpResponse:
|
2013-03-21 20:18:44 +01:00
|
|
|
# Adapted from django/http/__init__.py.
|
|
|
|
|
# So by default Django doesn't populate request.POST for anything besides
|
2013-04-03 21:44:12 +02:00
|
|
|
# POST requests. We want this dict populated for PATCH/PUT, so we have to
|
2013-03-21 20:18:44 +01:00
|
|
|
# do it ourselves.
|
|
|
|
|
#
|
|
|
|
|
# This will not be required in the future, a bug will be filed against
|
|
|
|
|
# Django upstream.
|
2013-04-03 22:01:58 +02:00
|
|
|
|
|
|
|
|
if not request.POST:
|
|
|
|
|
# Only take action if POST is empty.
|
2022-05-12 06:54:12 +02:00
|
|
|
if request.content_type == "multipart/form-data":
|
2022-10-08 06:10:17 +02:00
|
|
|
POST, files = MultiPartParser(
|
2016-12-03 00:04:17 +01:00
|
|
|
request.META,
|
|
|
|
|
BytesIO(request.body),
|
|
|
|
|
request.upload_handlers,
|
python: Use trailing commas consistently.
Automatically generated by the following script, based on the output
of lint with flake8-comma:
import re
import sys
last_filename = None
last_row = None
lines = []
for msg in sys.stdin:
m = re.match(
r"\x1b\[35mflake8 \|\x1b\[0m \x1b\[1;31m(.+):(\d+):(\d+): (\w+)", msg
)
if m:
filename, row_str, col_str, err = m.groups()
row, col = int(row_str), int(col_str)
if filename == last_filename:
assert last_row != row
else:
if last_filename is not None:
with open(last_filename, "w") as f:
f.writelines(lines)
with open(filename) as f:
lines = f.readlines()
last_filename = filename
last_row = row
line = lines[row - 1]
if err in ["C812", "C815"]:
lines[row - 1] = line[: col - 1] + "," + line[col - 1 :]
elif err in ["C819"]:
assert line[col - 2] == ","
lines[row - 1] = line[: col - 2] + line[col - 1 :].lstrip(" ")
if last_filename is not None:
with open(last_filename, "w") as f:
f.writelines(lines)
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-10 05:23:40 +02:00
|
|
|
request.encoding,
|
2016-12-03 00:04:17 +01:00
|
|
|
).parse()
|
2022-05-31 00:47:39 +02:00
|
|
|
# request.POST is an immutable QueryDict in most cases, while
|
|
|
|
|
# MultiPartParser.parse() returns a mutable instance of QueryDict.
|
|
|
|
|
# This can be fix when https://code.djangoproject.com/ticket/17235
|
|
|
|
|
# is resolved.
|
|
|
|
|
# django-stubs makes QueryDict of different mutabilities incompatible
|
|
|
|
|
# types. There is no way to acknowledge the django-stubs mypy plugin
|
|
|
|
|
# the change of POST's mutability, so we bypass the check with cast.
|
|
|
|
|
# See also: https://github.com/typeddjango/django-stubs/pull/925#issue-1206399444
|
|
|
|
|
POST._mutable = False
|
|
|
|
|
request.POST = cast("_ImmutableQueryDict", POST)
|
2022-10-08 06:10:17 +02:00
|
|
|
request.FILES.update(files)
|
2022-06-24 05:18:42 +02:00
|
|
|
elif request.content_type == "application/x-www-form-urlencoded":
|
2013-04-03 22:01:58 +02:00
|
|
|
request.POST = QueryDict(request.body, encoding=request.encoding)
|
2013-03-21 20:18:44 +01:00
|
|
|
|
|
|
|
|
return view_func(request, *args, **kwargs)
|
|
|
|
|
|
2022-07-15 22:14:51 +02:00
|
|
|
return _wrapped_view_func
|
2013-03-21 20:18:44 +01:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-08-01 20:46:23 +02:00
|
|
|
def public_json_view(
|
|
|
|
|
view_func: Callable[
|
2024-07-12 02:30:23 +02:00
|
|
|
Concatenate[HttpRequest, UserProfile | AnonymousUser, ParamT], HttpResponse
|
2022-08-01 20:46:23 +02:00
|
|
|
],
|
2020-06-23 04:30:55 +02:00
|
|
|
skip_rate_limiting: bool = False,
|
2022-07-28 16:39:32 +02:00
|
|
|
) -> Callable[Concatenate[HttpRequest, ParamT], HttpResponse]:
|
2012-12-02 20:51:51 +01:00
|
|
|
@wraps(view_func)
|
2022-07-28 16:39:32 +02:00
|
|
|
def _wrapped_view_func(
|
|
|
|
|
request: HttpRequest,
|
|
|
|
|
/,
|
|
|
|
|
*args: ParamT.args,
|
|
|
|
|
**kwargs: ParamT.kwargs,
|
|
|
|
|
) -> HttpResponse:
|
2022-08-09 20:10:29 +02:00
|
|
|
if request.user.is_authenticated:
|
|
|
|
|
# For authenticated users, process the request with their permissions.
|
|
|
|
|
return authenticated_json_view(view_func, skip_rate_limiting=skip_rate_limiting)(
|
|
|
|
|
request, *args, **kwargs
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# Otherwise, process the request for a logged-out visitor.
|
2022-07-28 16:39:32 +02:00
|
|
|
if not skip_rate_limiting:
|
2022-08-14 21:14:52 +02:00
|
|
|
rate_limit_request_by_ip(request, domain="api_by_ip")
|
2022-07-28 16:39:32 +02:00
|
|
|
|
2022-08-09 20:10:29 +02:00
|
|
|
process_client(
|
|
|
|
|
request,
|
|
|
|
|
is_browser_view=True,
|
|
|
|
|
query=view_func.__name__,
|
|
|
|
|
)
|
|
|
|
|
return view_func(request, request.user, *args, **kwargs)
|
2022-08-01 20:46:23 +02:00
|
|
|
|
|
|
|
|
return _wrapped_view_func
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Checks if the user is logged in. If not, return an error (the
|
|
|
|
|
# @login_required behavior of redirecting to a login page doesn't make
|
|
|
|
|
# sense for json views)
|
|
|
|
|
def authenticated_json_view(
|
|
|
|
|
view_func: Callable[Concatenate[HttpRequest, UserProfile, ParamT], HttpResponse],
|
|
|
|
|
skip_rate_limiting: bool = False,
|
|
|
|
|
) -> Callable[Concatenate[HttpRequest, ParamT], HttpResponse]:
|
|
|
|
|
@wraps(view_func)
|
|
|
|
|
def _wrapped_view_func(
|
|
|
|
|
request: HttpRequest,
|
|
|
|
|
/,
|
|
|
|
|
*args: ParamT.args,
|
|
|
|
|
**kwargs: ParamT.kwargs,
|
|
|
|
|
) -> HttpResponse:
|
2024-03-29 02:00:07 +01:00
|
|
|
if not request.user.is_authenticated:
|
2023-02-04 02:07:20 +01:00
|
|
|
raise UnauthorizedError
|
2022-08-01 20:46:23 +02:00
|
|
|
|
2022-07-28 16:39:32 +02:00
|
|
|
user_profile = request.user
|
2022-08-09 20:16:43 +02:00
|
|
|
if not skip_rate_limiting:
|
2022-08-14 21:14:52 +02:00
|
|
|
rate_limit_user(request, user_profile, domain="api_by_user")
|
2022-08-09 20:16:43 +02:00
|
|
|
|
2022-07-28 16:39:32 +02:00
|
|
|
validate_account_and_subdomain(request, user_profile)
|
|
|
|
|
|
2024-03-29 02:00:07 +01:00
|
|
|
if user_profile.is_incoming_webhook:
|
2022-07-28 16:39:32 +02:00
|
|
|
raise JsonableError(_("Webhook bots can only access webhooks"))
|
|
|
|
|
|
|
|
|
|
process_client(request, user_profile, is_browser_view=True, query=view_func.__name__)
|
|
|
|
|
return view_func(request, user_profile, *args, **kwargs)
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2020-06-23 04:30:55 +02:00
|
|
|
return _wrapped_view_func
|
2012-11-01 23:21:12 +01:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2024-02-08 20:22:43 +01:00
|
|
|
# These views are used for communication from Django to Tornado, or
|
|
|
|
|
# from command-line tools into Django. We protect them from the
|
|
|
|
|
# outside world by checking a shared secret, and also the originating
|
|
|
|
|
# IP (for now).
|
2024-08-15 10:45:39 +02:00
|
|
|
def authenticate_internal_api(request: HttpRequest, *, secret: str) -> bool:
|
2022-08-07 07:36:06 +02:00
|
|
|
return is_local_addr(request.META["REMOTE_ADDR"]) and constant_time_compare(
|
|
|
|
|
secret, settings.SHARED_SECRET
|
|
|
|
|
)
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2012-11-28 05:37:13 +01:00
|
|
|
|
2024-02-08 20:40:39 +01:00
|
|
|
def internal_api_view(
|
2021-07-26 17:32:10 +02:00
|
|
|
is_tornado_view: bool,
|
2022-07-15 22:14:51 +02:00
|
|
|
) -> Callable[
|
|
|
|
|
[Callable[Concatenate[HttpRequest, ParamT], HttpResponse]],
|
|
|
|
|
Callable[Concatenate[HttpRequest, ParamT], HttpResponse],
|
|
|
|
|
]:
|
2017-04-18 18:56:19 +02:00
|
|
|
"""Used for situations where something running on the Zulip server
|
|
|
|
|
needs to make a request to the (other) Django/Tornado processes running on
|
|
|
|
|
the server."""
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-15 22:14:51 +02:00
|
|
|
def _wrapped_view_func(
|
2023-12-05 18:45:07 +01:00
|
|
|
view_func: Callable[Concatenate[HttpRequest, ParamT], HttpResponse],
|
2024-08-15 10:45:39 +02:00
|
|
|
) -> Callable[..., HttpResponse]:
|
2017-04-18 18:56:19 +02:00
|
|
|
@csrf_exempt
|
|
|
|
|
@require_post
|
|
|
|
|
@wraps(view_func)
|
2024-08-15 10:45:39 +02:00
|
|
|
@typed_endpoint
|
2021-02-12 08:19:30 +01:00
|
|
|
def _wrapped_func_arguments(
|
2024-08-15 10:45:39 +02:00
|
|
|
request: HttpRequest, /, *args: ParamT.args, secret: str, **kwargs: ParamT.kwargs
|
2021-02-12 08:19:30 +01:00
|
|
|
) -> HttpResponse:
|
2024-08-15 10:45:39 +02:00
|
|
|
if not authenticate_internal_api(request, secret=secret):
|
2023-02-04 02:07:20 +01:00
|
|
|
raise AccessDeniedError
|
2021-08-21 19:24:20 +02:00
|
|
|
request_notes = RequestNotes.get_notes(request)
|
2022-06-24 10:20:46 +02:00
|
|
|
is_tornado_request = request_notes.tornado_handler_id is not None
|
2017-04-18 18:56:19 +02:00
|
|
|
# These next 2 are not security checks; they are internal
|
|
|
|
|
# assertions to help us find bugs.
|
|
|
|
|
if is_tornado_view and not is_tornado_request:
|
2021-02-12 08:20:45 +01:00
|
|
|
raise RuntimeError("Tornado notify view called with no Tornado handler")
|
2017-04-18 18:56:19 +02:00
|
|
|
if not is_tornado_view and is_tornado_request:
|
2021-02-12 08:20:45 +01:00
|
|
|
raise RuntimeError("Django notify view called with Tornado handler")
|
2023-06-20 22:52:31 +02:00
|
|
|
request_notes.requester_for_logs = "internal"
|
2017-04-18 18:56:19 +02:00
|
|
|
return view_func(request, *args, **kwargs)
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2017-04-18 18:56:19 +02:00
|
|
|
return _wrapped_func_arguments
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2012-11-28 05:37:13 +01:00
|
|
|
return _wrapped_view_func
|
|
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2024-08-25 08:59:58 +02:00
|
|
|
def to_utc_datetime(timestamp: str) -> datetime:
|
2016-12-22 04:46:31 +01:00
|
|
|
return timestamp_to_datetime(float(timestamp))
|
|
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-15 22:14:51 +02:00
|
|
|
def return_success_on_head_request(
|
2023-12-05 18:45:07 +01:00
|
|
|
view_func: Callable[Concatenate[HttpRequest, ParamT], HttpResponse],
|
2022-07-15 22:14:51 +02:00
|
|
|
) -> Callable[Concatenate[HttpRequest, ParamT], HttpResponse]:
|
2016-11-15 17:20:22 +01:00
|
|
|
@wraps(view_func)
|
2022-07-15 22:14:51 +02:00
|
|
|
def _wrapped_view_func(
|
|
|
|
|
request: HttpRequest, /, *args: ParamT.args, **kwargs: ParamT.kwargs
|
|
|
|
|
) -> HttpResponse:
|
2021-02-12 08:20:45 +01:00
|
|
|
if request.method == "HEAD":
|
2023-01-06 13:13:24 +01:00
|
|
|
return HttpResponse()
|
2016-11-15 17:20:22 +01:00
|
|
|
return view_func(request, *args, **kwargs)
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-15 22:14:51 +02:00
|
|
|
return _wrapped_view_func
|
2017-07-12 10:16:02 +02:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-11 16:33:02 +02:00
|
|
|
def zulip_otp_required_if_logged_in(
|
2021-02-12 08:20:45 +01:00
|
|
|
redirect_field_name: str = "next",
|
2021-02-12 08:19:30 +01:00
|
|
|
login_url: str = settings.HOME_NOT_LOGGED_IN,
|
2022-07-15 21:55:53 +02:00
|
|
|
) -> Callable[
|
|
|
|
|
[Callable[Concatenate[HttpRequest, ParamT], HttpResponse]],
|
|
|
|
|
Callable[Concatenate[HttpRequest, ParamT], HttpResponse],
|
|
|
|
|
]:
|
2017-07-12 10:16:02 +02:00
|
|
|
"""
|
|
|
|
|
The reason we need to create this function is that the stock
|
|
|
|
|
otp_required decorator doesn't play well with tests. We cannot
|
|
|
|
|
enable/disable if_configured parameter during tests since the decorator
|
|
|
|
|
retains its value due to closure.
|
|
|
|
|
|
|
|
|
|
Similar to :func:`~django.contrib.auth.decorators.login_required`, but
|
|
|
|
|
requires the user to be :term:`verified`. By default, this redirects users
|
2022-07-11 16:33:02 +02:00
|
|
|
to :setting:`OTP_LOGIN_URL`. Returns True if the user is not authenticated.
|
2017-07-12 10:16:02 +02:00
|
|
|
"""
|
|
|
|
|
|
2024-07-12 02:30:23 +02:00
|
|
|
def test(user: AbstractBaseUser | AnonymousUser) -> bool:
|
2017-07-12 10:16:02 +02:00
|
|
|
"""
|
|
|
|
|
:if_configured: If ``True``, an authenticated user with no confirmed
|
2020-09-22 17:16:53 +02:00
|
|
|
OTP devices will be allowed. Also, non-authenticated users will be
|
2021-06-15 18:03:32 +02:00
|
|
|
allowed as spectator users. Default is ``False``. If ``False``,
|
2017-07-12 10:16:02 +02:00
|
|
|
2FA will not do any authentication.
|
|
|
|
|
"""
|
|
|
|
|
if_configured = settings.TWO_FACTOR_AUTHENTICATION_ENABLED
|
|
|
|
|
if not if_configured:
|
|
|
|
|
return True
|
|
|
|
|
|
2020-09-22 17:16:53 +02:00
|
|
|
# This request is unauthenticated (logged-out) access; 2FA is
|
|
|
|
|
# not required or possible.
|
2022-07-08 22:07:15 +02:00
|
|
|
if not user.is_authenticated:
|
2020-09-22 17:16:53 +02:00
|
|
|
return True
|
|
|
|
|
|
2022-08-10 08:25:40 +02:00
|
|
|
assert isinstance(user, UserProfile)
|
2022-07-23 00:02:23 +02:00
|
|
|
# User has completed 2FA verification
|
|
|
|
|
if is_2fa_verified(user):
|
|
|
|
|
return True
|
|
|
|
|
|
2020-10-13 23:50:18 +02:00
|
|
|
# If the user doesn't have 2FA set up, we can't enforce 2FA.
|
2020-09-22 17:16:53 +02:00
|
|
|
if not user_has_device(user):
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
# User has configured 2FA and is not verified, so the user
|
|
|
|
|
# fails the test (and we should redirect to the 2FA view).
|
|
|
|
|
return False
|
2017-07-12 10:16:02 +02:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
decorator = django_user_passes_test(
|
|
|
|
|
test, login_url=login_url, redirect_field_name=redirect_field_name
|
|
|
|
|
)
|
2017-07-12 10:16:02 +02:00
|
|
|
|
2020-06-24 01:52:07 +02:00
|
|
|
return decorator
|
2020-05-08 06:37:58 +02:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2024-07-12 02:30:17 +02:00
|
|
|
def add_google_analytics_context(context: dict[str, object]) -> None:
|
2020-05-08 06:37:58 +02:00
|
|
|
if settings.GOOGLE_ANALYTICS_ID is not None: # nocoverage
|
2020-06-24 02:10:50 +02:00
|
|
|
page_params = context.setdefault("page_params", {})
|
|
|
|
|
assert isinstance(page_params, dict)
|
|
|
|
|
page_params["google_analytics_id"] = settings.GOOGLE_ANALYTICS_ID
|
2020-05-08 06:37:58 +02:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-15 22:14:51 +02:00
|
|
|
def add_google_analytics(
|
2023-12-05 18:45:07 +01:00
|
|
|
view_func: Callable[Concatenate[HttpRequest, ParamT], HttpResponse],
|
2022-07-15 22:14:51 +02:00
|
|
|
) -> Callable[Concatenate[HttpRequest, ParamT], HttpResponse]:
|
2020-05-08 06:37:58 +02:00
|
|
|
@wraps(view_func)
|
2022-07-15 22:14:51 +02:00
|
|
|
def _wrapped_view_func(
|
|
|
|
|
request: HttpRequest, /, *args: ParamT.args, **kwargs: ParamT.kwargs
|
|
|
|
|
) -> HttpResponse:
|
2020-05-08 06:37:58 +02:00
|
|
|
response = view_func(request, *args, **kwargs)
|
|
|
|
|
if isinstance(response, SimpleTemplateResponse):
|
|
|
|
|
if response.context_data is None:
|
|
|
|
|
response.context_data = {}
|
|
|
|
|
add_google_analytics_context(response.context_data)
|
|
|
|
|
elif response.status_code == 200: # nocoverage
|
|
|
|
|
raise TypeError("add_google_analytics requires a TemplateResponse")
|
|
|
|
|
return response
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2022-07-15 22:14:51 +02:00
|
|
|
return _wrapped_view_func
|
