zulip/zerver/lib/response.py

from typing import Any, List, Mapping, Optional

import orjson
from django.http import HttpRequest, HttpResponse, HttpResponseNotAllowed
from django.utils.translation import gettext as _

from zerver.lib.exceptions import JsonableError


class HttpResponseUnauthorized(HttpResponse):
    status_code = 401

    def __init__(self, realm: str, www_authenticate: Optional[str] = None) -> None:
        HttpResponse.__init__(self)
        if www_authenticate is None:
            self["WWW-Authenticate"] = f'Basic realm="{realm}"'
        elif www_authenticate == "session":
            self["WWW-Authenticate"] = f'Session realm="{realm}"'
        else:
            raise AssertionError("Invalid www_authenticate value!")


def json_unauthorized(
    message: Optional[str] = None, www_authenticate: Optional[str] = None
) -> HttpResponse:
    if message is None:
        message = _("Not logged in: API authentication or user session required")
    resp = HttpResponseUnauthorized("zulip", www_authenticate=www_authenticate)
    resp.content = orjson.dumps(
        {"result": "error", "msg": message},
        option=orjson.OPT_APPEND_NEWLINE,
    )
    return resp


def json_method_not_allowed(methods: List[str]) -> HttpResponseNotAllowed:
    resp = HttpResponseNotAllowed(methods)
    resp.content = orjson.dumps(
        {"result": "error", "msg": "Method Not Allowed", "allowed_methods": methods}
    )
    return resp


def json_response(
    res_type: str = "success", msg: str = "", data: Mapping[str, Any] = {}, status: int = 200
) -> HttpResponse:
    content = {"result": res_type, "msg": msg}
    content.update(data)

    # Because we don't pass a default handler, OPT_PASSTHROUGH_DATETIME
    # actually causes orjson to raise a TypeError on datetime objects. This
    # helps us avoid relying on the particular serialization used by orjson.
    return HttpResponse(
        content=orjson.dumps(
            content,
            option=orjson.OPT_APPEND_NEWLINE | orjson.OPT_PASSTHROUGH_DATETIME,
        ),
        content_type="application/json",
        status=status,
    )


def json_success(request: HttpRequest, data: Mapping[str, Any] = {}) -> HttpResponse:
    return json_response(data=data)


def json_response_from_error(exception: JsonableError) -> HttpResponse:
    """
    This should only be needed in middleware; in app code, just raise.

    When app code raises a JsonableError, the JsonErrorHandler
    middleware takes care of transforming it into a response by
    calling this function.
    """
    response = json_response(
        "error", msg=exception.msg, data=exception.data, status=exception.http_status_code
    )

    for header, value in exception.extra_headers.items():
        response[header] = value

    return response
python: Replace None defaults with empty collections where appropriate. Use read-only types (List ↦ Sequence, Dict ↦ Mapping, Set ↦ AbstractSet) to guard against accidental mutation of the default value. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-13 03:34:01 +02:00			`from typing import Any, List, Mapping, Optional`
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-11 00:54:34 +02:00
python: Replace ujson with orjson. Fixes #6507. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-08-07 01:09:47 +02:00			`import orjson`
backend: Add request as parameter to json_success. Adds request as a parameter to json_success as a refactor towards making `ignored_parameters_unsupported` functionality available for all API endpoints. Also, removes any data parameters that are an empty dict or a dict with the generic success response values. 2022-01-31 13:44:02 +01:00			`from django.http import HttpRequest, HttpResponse, HttpResponseNotAllowed`
python: Convert deprecated Django ugettext alias to gettext. django.utils.translation.ugettext is a deprecated alias of django.utils.translation.gettext as of Django 3.0, and will be removed in Django 4.0. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-04-16 00:57:30 +02:00			`from django.utils.translation import gettext as _`
Move json response functions into their own file (imported from commit 91a786849bfa30dcacecef6b8339d8f1a9365156) 2012-11-06 20:31:53 +01:00
JsonErrorHandler: Take advantage of the new JsonableError structured data. 2017-07-21 02:19:52 +02:00			`from zerver.lib.exceptions import JsonableError`
Annotate debug.py, initial_password.py, narrow.py, response.py. Also, fixed up the annotations for tornadoviews to better align with how narrows was defined as `Iterable[Sequence[str]]` rather than `List[Tuple[str, str]]`. 2016-06-04 20:38:42 +02:00
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-11 00:54:34 +02:00
Implement generic rest_dispatch method for new API. (imported from commit 912ee803db03098f195d18648ab98401915fead6) 2013-03-21 20:15:27 +01:00			`class HttpResponseUnauthorized(HttpResponse):`
			`status_code = 401`

python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`def __init__(self, realm: str, www_authenticate: Optional[str] = None) -> None:`
Implement generic rest_dispatch method for new API. (imported from commit 912ee803db03098f195d18648ab98401915fead6) 2013-03-21 20:15:27 +01:00			`HttpResponse.__init__(self)`
Fix HTTP Basic Auth popups caused by auth failures. If a user's session cookie expired, the next REST API request their browser did would go into the json_unauthorized code path. This returned a response with a WWW-Authenticate tag for HTTP Basic Auth (since that's what the REST API uses), even for /json requests which should only be authenticated using session auth. We fix this by explicitly passing the desired WWW-Authenticate state. Fixes: #800. 2016-05-18 03:42:07 +02:00			`if www_authenticate is None:`
python: Convert percent formatting to Python 3.6 f-strings. Generated by pyupgrade --py36-plus. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-10 06:41:04 +02:00			`self["WWW-Authenticate"] = f'Basic realm="{realm}"'`
Fix HTTP Basic Auth popups caused by auth failures. If a user's session cookie expired, the next REST API request their browser did would go into the json_unauthorized code path. This returned a response with a WWW-Authenticate tag for HTTP Basic Auth (since that's what the REST API uses), even for /json requests which should only be authenticated using session auth. We fix this by explicitly passing the desired WWW-Authenticate state. Fixes: #800. 2016-05-18 03:42:07 +02:00			`elif www_authenticate == "session":`
python: Convert percent formatting to Python 3.6 f-strings. Generated by pyupgrade --py36-plus. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-10 06:41:04 +02:00			`self["WWW-Authenticate"] = f'Session realm="{realm}"'`
Fix HTTP Basic Auth popups caused by auth failures. If a user's session cookie expired, the next REST API request their browser did would go into the json_unauthorized code path. This returned a response with a WWW-Authenticate tag for HTTP Basic Auth (since that's what the REST API uses), even for /json requests which should only be authenticated using session auth. We fix this by explicitly passing the desired WWW-Authenticate state. Fixes: #800. 2016-05-18 03:42:07 +02:00			`else:`
coverage: bring zerver/lib/response.py to 100% coverage. 2017-03-05 09:26:07 +01:00			`raise AssertionError("Invalid www_authenticate value!")`
Implement generic rest_dispatch method for new API. (imported from commit 912ee803db03098f195d18648ab98401915fead6) 2013-03-21 20:15:27 +01:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00
			`def json_unauthorized(`
			`message: Optional[str] = None, www_authenticate: Optional[str] = None`
			`) -> HttpResponse:`
exceptions: Move default json_unauthorized string to response.py. This small refactor should make it easier to reuse this exception for other situations as well. 2019-09-14 00:58:02 +02:00			`if message is None:`
			`message = _("Not logged in: API authentication or user session required")`
Fix HTTP Basic Auth popups caused by auth failures. If a user's session cookie expired, the next REST API request their browser did would go into the json_unauthorized code path. This returned a response with a WWW-Authenticate tag for HTTP Basic Auth (since that's what the REST API uses), even for /json requests which should only be authenticated using session auth. We fix this by explicitly passing the desired WWW-Authenticate state. Fixes: #800. 2016-05-18 03:42:07 +02:00			`resp = HttpResponseUnauthorized("zulip", www_authenticate=www_authenticate)`
python: Replace ujson with orjson. Fixes #6507. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-08-07 01:09:47 +02:00			`resp.content = orjson.dumps(`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`{"result": "error", "msg": message},`
			`option=orjson.OPT_APPEND_NEWLINE,`
python: Replace ujson with orjson. Fixes #6507. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-08-07 01:09:47 +02:00			`)`
Return a proper JSON error on HTTP authorization errors. (imported from commit da0249b4e8585d8adbd9c769e3ba85dc4b9d28de) 2013-07-30 23:20:16 +02:00			`return resp`

python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00
zerver/lib: Change use of typing.Text to str. 2018-05-10 19:13:36 +02:00			`def json_method_not_allowed(methods: List[str]) -> HttpResponseNotAllowed:`
Implement generic rest_dispatch method for new API. (imported from commit 912ee803db03098f195d18648ab98401915fead6) 2013-03-21 20:15:27 +01:00			`resp = HttpResponseNotAllowed(methods)`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`resp.content = orjson.dumps(`
			`{"result": "error", "msg": "Method Not Allowed", "allowed_methods": methods}`
			`)`
Implement generic rest_dispatch method for new API. (imported from commit 912ee803db03098f195d18648ab98401915fead6) 2013-03-21 20:15:27 +01:00			`return resp`

python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00
			`def json_response(`
			`res_type: str = "success", msg: str = "", data: Mapping[str, Any] = {}, status: int = 200`
			`) -> HttpResponse:`
Move json response functions into their own file (imported from commit 91a786849bfa30dcacecef6b8339d8f1a9365156) 2012-11-06 20:31:53 +01:00			`content = {"result": res_type, "msg": msg}`
python: Replace None defaults with empty collections where appropriate. Use read-only types (List ↦ Sequence, Dict ↦ Mapping, Set ↦ AbstractSet) to guard against accidental mutation of the default value. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-13 03:34:01 +02:00			`content.update(data)`
python: Replace ujson with orjson. Fixes #6507. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-08-07 01:09:47 +02:00
			`# Because we don't pass a default handler, OPT_PASSTHROUGH_DATETIME`
			`# actually causes orjson to raise a TypeError on datetime objects. This`
			`# helps us avoid relying on the particular serialization used by orjson.`
			`return HttpResponse(`
			`content=orjson.dumps(`
			`content,`
			`option=orjson.OPT_APPEND_NEWLINE \| orjson.OPT_PASSTHROUGH_DATETIME,`
			`),`
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:20:45 +01:00			`content_type="application/json",`
python: Replace ujson with orjson. Fixes #6507. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-08-07 01:09:47 +02:00			`status=status,`
			`)`
Move json response functions into their own file (imported from commit 91a786849bfa30dcacecef6b8339d8f1a9365156) 2012-11-06 20:31:53 +01:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00
backend: Add request as parameter to json_success. Adds request as a parameter to json_success as a refactor towards making `ignored_parameters_unsupported` functionality available for all API endpoints. Also, removes any data parameters that are an empty dict or a dict with the generic success response values. 2022-01-31 13:44:02 +01:00			`def json_success(request: HttpRequest, data: Mapping[str, Any] = {}) -> HttpResponse:`
Move json response functions into their own file (imported from commit 91a786849bfa30dcacecef6b8339d8f1a9365156) 2012-11-06 20:31:53 +01:00			`return json_response(data=data)`

python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00
zerver/lib: Use python 3 syntax for typing. With tweaks by tabbott to fix line spacing. 2017-11-05 11:15:10 +01:00			`def json_response_from_error(exception: JsonableError) -> HttpResponse:`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`"""`
errors: Eliminate redundant `json_response_to_error` calls. 2017-07-25 22:17:55 +02:00			`This should only be needed in middleware; in app code, just raise.`

			`When app code raises a JsonableError, the JsonErrorHandler`
			`middleware takes care of transforming it into a response by`
			`calling this function.`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`"""`
			`response = json_response(`
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:20:45 +01:00			`"error", msg=exception.msg, data=exception.data, status=exception.http_status_code`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`)`
exceptions: Make RateLimited into a subclass of JsonableError. This simplifies the code, as it allows using the mechanism of converting JsonableErrors into a response instead of having separate, but ultimately similar, logic in RateLimitMiddleware. We don't touch tests here because "rate limited" error responses are already verified in test_external.py. 2020-11-27 16:33:01 +01:00
			`for header, value in exception.extra_headers.items():`
			`response[header] = value`

			`return response`