Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/zerver/decorator.py

830 lines
37 KiB
Python
Raw Normal View History

python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
import base64
import datetime
import logging
import urllib
from functools import wraps
from io import BytesIO
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
from typing import Callable, Dict, Optional, Tuple, TypeVar, Union, cast
2FA: Integrate with login feature.
2017-07-12 09:50:19 +02:00
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
import django_otp
from django.conf import settings
from django.contrib.auth import REDIRECT_FIELD_NAME
from django.contrib.auth import login as django_login
2FA: Add zulip_otp_required decorator. We need to add this because otp_required doesn't play well with tests.
2017-07-12 10:16:02 +02:00
from django.contrib.auth.decorators import user_passes_test as django_user_passes_test
decorators: Don't attempt to rate-limit AnonymousUser. This fixes our support for sending browser errors to the server for portico pages in production, which previously hit a rate-limiter exception.
2019-01-04 00:17:50 +01:00
from django.contrib.auth.models import AnonymousUser
api: Fix require_post decorator not returning 405 error body. require_post decorator returns an empty body when POST-only routes are requested with GET. Fixes: #16164.
2020-08-22 13:52:39 +02:00
from django.http import HttpRequest, HttpResponse, HttpResponseRedirect, QueryDict
Create update_subscriptions_backend to allow mass mutation of user subs. This includes a process_patch_as_post decorator which enables this view to be invoked as a PATCH on an object. Hopefully this decorator can go away once POST values are correctly parsed in Django for PATCH verb invocations. (imported from commit 6cf9d69cfb9dea5354ea37408566146757b5be54)
2013-03-21 20:18:44 +01:00
from django.http.multipartparser import MultiPartParser
Switch to using a Zulip version of @login_required. Currently the code is the unmodified Django upstream implementation; this commit is preparation for modifying it.
2016-04-21 23:48:34 +02:00
from django.shortcuts import resolve_url
api: Fix require_post decorator not returning 405 error body. require_post decorator returns an empty body when POST-only routes are requested with GET. Fixes: #16164.
2020-08-22 13:52:39 +02:00
from django.template.response import SimpleTemplateResponse, TemplateResponse
Replace timezone.now with timezone_now.
2017-04-15 04:03:56 +02:00
from django.utils.timezone import now as timezone_now
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from django.utils.translation import ugettext as _
from django.views.decorators.csrf import csrf_exempt
from django_otp import user_has_device
from two_factor.utils import default_device
webhook_decorator: Support notifying bot owner on invalid JSON. Our webhook-errors.log file is riddled with exceptions that are logged when a webhook is incorrectly configured to send data in a non-JSON format. To avoid this, api_key_only_webhook_view now supports an additional argument, notify_bot_owner_on_invalid_json. This argument, when True, will send a PM notification to the bot's owner notifying them of the configuration issue.
2018-11-15 05:31:34 +01:00
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from zerver.lib.exceptions import (
ErrorCode,
InvalidAPIKeyError,
InvalidAPIKeyFormatError,
InvalidJSONError,
JsonableError,
OrganizationAdministratorRequired,
billing: Don't allow guest users to upgrade.
2020-07-15 22:18:32 +02:00
OrganizationMemberRequired,
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
OrganizationOwnerRequired,
webhooks: Rename UnexpectedWebhookEventType to UnsupportedWebhookEventType. Any exception is an "unexpected event", which means talking about having an "unexpected event logger" or "unexpected event exception" is confusing. As the error message in `exceptions.py` already explains, this is about an _unsupported_ event type. This also switches the path that these exceptions are written to, accordingly.
2020-08-19 22:26:38 +02:00
UnsupportedWebhookEventType,
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
)
[manual] Rename Django app from zephyr to zerver. This needs to be deployed to both staging and prod at the same off-peak time (and the schema migration run). At the time it is deployed, we need to make a few changes directly in the database: (1) UPDATE django_content_type set app_label='zerver' where app_label='zephyr'; (2) UPDATE south_migrationhistory set app_name='zerver' where app_name='zephyr'; (imported from commit eb3fd719571740189514ef0b884738cb30df1320)
2013-07-29 23:03:31 +02:00
from zerver.lib.queue import queue_json_publish
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from zerver.lib.rate_limiter import RateLimitedUser
from zerver.lib.request import REQ, has_request_variables
api: Fix require_post decorator not returning 405 error body. require_post decorator returns an empty body when POST-only routes are requested with GET. Fixes: #16164.
2020-08-22 13:52:39 +02:00
from zerver.lib.response import json_error, json_method_not_allowed, json_success, json_unauthorized
subdomains: Refactor check_subdomain to a clearer interface. Now that every call site of check_subdomain produces its second argument in exactly the same way, push that shared bit of logic into a new wrapper for check_subdomain. Also give that new function a name that says more specifically what it's checking -- which I think is easier to articulate for this interface than for that of check_subdomain.
2017-10-20 02:53:24 +02:00
from zerver.lib.subdomains import get_subdomain, user_matches_subdomain
decorator.py: Add to_utc_datetime converter function.
2016-12-22 04:46:31 +01:00
from zerver.lib.timestamp import datetime_to_timestamp, timestamp_to_datetime
mypy: Centralize ViewFuncT definition into new file zerver/lib/types.py. Originally was going to centralize this in zerver/lib/request.pyi, but this file is not visible at run-time, being only a stub. The matching request.py file seemed inappropriate, as it doesn't actually use ViewFuncT.
2018-03-13 17:44:46 +01:00
from zerver.lib.types import ViewFuncT
python: Combine some split import groups. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-19 00:32:55 +02:00
from zerver.lib.user_agent import parse_user_agent
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from zerver.lib.utils import has_api_key_format, statsd
from zerver.models import Realm, UserProfile, get_client, get_user_profile_by_api_key
Annotate zerver/decorator.py.
2016-06-06 01:54:58 +02:00
Add support infrastructure for push notification bouncer service. This is an incomplete cleaned-up continuation of Lisa Neigut's push notification bouncer work. It supports registration and deregistration of individual push tokens with a central push notification bouncer server. It still is missing a few things before we can complete this effort: * A registration form for server admins to configure their server for this service, with tests. * Code (and tests) for actually bouncing the notifications.
2016-10-27 23:55:31 +02:00
if settings.ZILENCER_ENABLED:
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from zilencer.models import RemoteZulipServer, get_remote_server_by_uuid
Add support infrastructure for push notification bouncer service. This is an incomplete cleaned-up continuation of Lisa Neigut's push notification bouncer work. It supports registration and deregistration of individual push tokens with a central push notification bouncer server. It still is missing a few things before we can complete this effort: * A registration form for server admins to configure their server for this service, with tests. * Code (and tests) for actually bouncing the notifications.
2016-10-27 23:55:31 +02:00
logging: Reduce `create_logger` to new `log_to_file`. The name `create_logger` suggests something much bigger than what this function actually does -- the logger doesn't any more or less exist after the function is called than before. Its one real function is to send logs to a specific file. So, pull out that logic to an appropriately-named function just for it. We already use `logging.getLogger` in a number of places to simply get a logger by name, and the old `create_logger` callsites can do the same.
2017-12-13 01:45:57 +01:00
webhook_logger = logging.getLogger("zulip.zerver.webhooks")
webhooks: Adjust the name of the unsupported logger. `zulip.zerver.lib.webhooks.common` was very opaque previously, especially since none of the logging was actually done from that module. Adjust to a more explicit logger name.
2020-08-19 22:36:07 +02:00
webhook_unsupported_events_logger = logging.getLogger("zulip.zerver.webhooks.unsupported")
webhooks: Log unexpected webhook events separately. This change serves to declutter webhook-errors.log, which is filled with too many UnexpectedWebhookEventType exceptions. Keeping UnexpectedWebhookEventType in zerver/lib/webhooks/common.py led to a cyclic import when we tried to import the exception in zerver/decorators.py, so this commit also moves this exception to another appropriate module. Note that our webhooks still import this exception via zerver/lib/webhooks/common.py.
2019-06-06 05:55:09 +02:00
decorator: Strengthen types of signature-preserving decorators. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 01:52:37 +02:00
FuncT = TypeVar('FuncT', bound=Callable[..., object])
def cachify(method: FuncT) -> FuncT:
dct: Dict[Tuple[object, ...], object] = {}
Add cachify decorator.
2017-10-31 00:31:47 +01:00
decorator: Strengthen types of signature-preserving decorators. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 01:52:37 +02:00
def cache_wrapper(*args: object) -> object:
Add cachify decorator.
2017-10-31 00:31:47 +01:00
tup = tuple(args)
if tup in dct:
return dct[tup]
result = method(*args)
dct[tup] = result
return result
decorator: Strengthen types of signature-preserving decorators. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 01:52:37 +02:00
return cast(FuncT, cache_wrapper) # https://github.com/python/mypy/issues/1927
Add cachify decorator.
2017-10-31 00:31:47 +01:00
zerver: Use Python 3 syntax for typing. Tweaked by tabbott to fix some minor whitespace errors.
2017-11-27 07:33:05 +01:00
def update_user_activity(request: HttpRequest, user_profile: UserProfile,
query: Optional[str]) -> None:
Centralize dispatch logic for which queue processor to use. Previous we had around 4 copies of the logic for deciding whether we should publish data via a SimpleQueueClient queue, a TornadoQueueClient queue, or to directly handle the operation, which resulted in their getting out of sync and buggy (see e.g. the previous commit). We need to add a lock around adding things to the queue to work around a bug with pika's BlockingConnection. I should note that the previous logic in some places had a bunch of tests of the form "elif settings.TEST_SUITE" for doing the work that would have been done by the queue processor directly; these should have just been "else" clauses -- since we generally want that code to run on development environments whether or not the test suite is currently running. (imported from commit 16bdbed4fff04b1bda6fde3b16bee7359917720b)
2013-03-25 20:37:00 +01:00
# update_active_status also pushes to rabbitmq, and it seems
# redundant to log that here as well.
Replace /json/update_active_status with REST style route.
2016-04-03 07:58:06 +02:00
if request.META["PATH_INFO"] == '/json/users/me/presence':
Centralize dispatch logic for which queue processor to use. Previous we had around 4 copies of the logic for deciding whether we should publish data via a SimpleQueueClient queue, a TornadoQueueClient queue, or to directly handle the operation, which resulted in their getting out of sync and buggy (see e.g. the previous commit). We need to add a lock around adding things to the queue to work around a bug with pika's BlockingConnection. I should note that the previous logic in some places had a bunch of tests of the form "elif settings.TEST_SUITE" for doing the work that would have been done by the queue processor directly; these should have just been "else" clauses -- since we generally want that code to run on development environments whether or not the test suite is currently running. (imported from commit 16bdbed4fff04b1bda6fde3b16bee7359917720b)
2013-03-25 20:37:00 +01:00
return
Support request._query in update_user_activity(). If request._query is set in the call to update_user_activity(), we will use that instead of request.META['PATH_INFO'] for the query field of the UserActivity row we write. (imported from commit fcee30098e1c7c5cb4195a1e5905fc7b88af804f)
2013-10-03 19:48:03 +02:00
user_activity: Allow passing the `query` more directly. This won't work for all call paths without deeper refactoring, but for at least some paths we can make this more direct -- function arguments, rather than mutating a request attribute -- so it's easier to see how the data is flowing.
2017-11-03 22:44:59 +01:00
if query is not None:
pass
elif hasattr(request, '_query'):
Support request._query in update_user_activity(). If request._query is set in the call to update_user_activity(), we will use that instead of request.META['PATH_INFO'] for the query field of the UserActivity row we write. (imported from commit fcee30098e1c7c5cb4195a1e5905fc7b88af804f)
2013-10-03 19:48:03 +02:00
query = request._query
else:
query = request.META['PATH_INFO']
pep8: Fix E225 pep8 violations.
2016-11-28 23:29:01 +01:00
event = {'query': query,
'user_profile_id': user_profile.id,
Replace timezone.now with timezone_now.
2017-04-15 04:03:56 +02:00
'time': datetime_to_timestamp(timezone_now()),
user_activity: Put client id instead of name in event dicts. This saves the completely unnecessary work of mapping the Client name to its ID. Because we had in-process caching of the immutable Client objects, this isn't a material performance win, but it will eventually let us delete that caching logic and have a simpler system.
2020-03-27 16:33:06 +01:00
'client_id': request.client.id}
Centralize dispatch logic for which queue processor to use. Previous we had around 4 copies of the logic for deciding whether we should publish data via a SimpleQueueClient queue, a TornadoQueueClient queue, or to directly handle the operation, which resulted in their getting out of sync and buggy (see e.g. the previous commit). We need to add a lock around adding things to the queue to work around a bug with pika's BlockingConnection. I should note that the previous logic in some places had a bunch of tests of the form "elif settings.TEST_SUITE" for doing the work that would have been done by the queue processor directly; these should have just been "else" clauses -- since we generally want that code to run on development environments whether or not the test suite is currently running. (imported from commit 16bdbed4fff04b1bda6fde3b16bee7359917720b)
2013-03-25 20:37:00 +01:00
queue_json_publish("user_activity", event, lambda event: None)
[manual] Use rabbitmq queue to process UserActivity. Before this is deployed, we need to install rabbitmq and pika on the target server (see the puppet part of this commit for how). When this is deployed, we need to start the new user activity bot: ./manage.py process_user_activity in the screen session on the relevant server, or user_activity logs won't be processed (which will eventually result in all users getting notifications about how their mirrors are out of date). (imported from commit 44d605aca0290bef2c94fb99267e15e26b21673b)
2013-01-11 21:16:42 +01:00
socket: Build a real Request object to send through our full stack, including middleware One quirk here is that the Request object is built in the message_sender worker, not Tornado. This means that the request time only counts time taken for the actual sending and does not account for socket overhead. For this reason, I've left the fake logging in for now so we can compare the two times. (imported from commit b0c60a3017527a328cadf11ba68166e59cf23ddf)
2013-11-08 02:02:48 +01:00
# Based on django.views.decorators.http.require_http_methods
zerver: Use Python 3 syntax for typing. Tweaked by tabbott to fix some minor whitespace errors.
2017-11-27 07:33:05 +01:00
def require_post(func: ViewFuncT) -> ViewFuncT:
socket: Build a real Request object to send through our full stack, including middleware One quirk here is that the Request object is built in the message_sender worker, not Tornado. This means that the request time only counts time taken for the actual sending and does not account for socket overhead. For this reason, I've left the fake logging in for now so we can compare the two times. (imported from commit b0c60a3017527a328cadf11ba68166e59cf23ddf)
2013-11-08 02:02:48 +01:00
@wraps(func)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
def wrapper(request: HttpRequest, *args: object, **kwargs: object) -> HttpResponse:
dependencies: Remove WebSockets system for sending messages. Zulip has had a small use of WebSockets (specifically, for the code path of sending messages, via the webapp only) since ~2013. We originally added this use of WebSockets in the hope that the latency benefits of doing so would allow us to avoid implementing a markdown local echo; they were not. Further, HTTP/2 may have eliminated the latency difference we hoped to exploit by using WebSockets in any case. While we’d originally imagined using WebSockets for other endpoints, there was never a good justification for moving more components to the WebSockets system. This WebSockets code path had a lot of downsides/complexity, including: * The messy hack involving constructing an emulated request object to hook into doing Django requests. * The `message_senders` queue processor system, which increases RAM needs and must be provisioned independently from the rest of the server). * A duplicate check_send_receive_time Nagios test specific to WebSockets. * The requirement for users to have their firewalls/NATs allow WebSocket connections, and a setting to disable them for networks where WebSockets don’t work. * Dependencies on the SockJS family of libraries, which has at times been poorly maintained, and periodically throws random JavaScript exceptions in our production environments without a deep enough traceback to effectively investigate. * A total of about 1600 lines of our code related to the feature. * Increased load on the Tornado system, especially around a Zulip server restart, and especially for large installations like zulipchat.com, resulting in extra delay before messages can be sent again. As detailed in https://github.com/zulip/zulip/pull/12862#issuecomment-536152397, it appears that removing WebSockets moderately increases the time it takes for the `send_message` API query to return from the server, but does not significantly change the time between when a message is sent and when it is received by clients. We don’t understand the reason for that change (suggesting the possibility of a measurement error), and even if it is a real change, we consider that potential small latency regression to be acceptable. If we later want WebSockets, we’ll likely want to just use Django Channels. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-07-23 01:43:40 +02:00
if request.method != "POST":
err_method = request.method
socket: Build a real Request object to send through our full stack, including middleware One quirk here is that the Request object is built in the message_sender worker, not Tornado. This means that the request time only counts time taken for the actual sending and does not account for socket overhead. For this reason, I've left the fake logging in for now so we can compare the two times. (imported from commit b0c60a3017527a328cadf11ba68166e59cf23ddf)
2013-11-08 02:02:48 +01:00
logging.warning('Method Not Allowed (%s): %s', err_method, request.path,
extra={'status_code': 405, 'request': request})
api: Fix require_post decorator not returning 405 error body. require_post decorator returns an empty body when POST-only routes are requested with GET. Fixes: #16164.
2020-08-22 13:52:39 +02:00
if request.error_format == 'JSON':
return json_method_not_allowed(["POST"])
else:
return TemplateResponse(request, "404.html", context={'status_code': 405}, status=405)
socket: Build a real Request object to send through our full stack, including middleware One quirk here is that the Request object is built in the message_sender worker, not Tornado. This means that the request time only counts time taken for the actual sending and does not account for socket overhead. For this reason, I've left the fake logging in for now so we can compare the two times. (imported from commit b0c60a3017527a328cadf11ba68166e59cf23ddf)
2013-11-08 02:02:48 +01:00
return func(request, *args, **kwargs)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
return cast(ViewFuncT, wrapper) # https://github.com/python/mypy/issues/1927
Move view decorators into decorator.py (imported from commit 737cff552b395493f44864ac06e901b0ba17fa29)
2012-11-06 20:27:55 +01:00
realm: Allow only organization owners to deactivate a realm. We now allow only organization owners to deactivate a realm. 'require_realm_owner' decorator has been added for this purpose.
2020-06-11 00:26:49 +02:00
def require_realm_owner(func: ViewFuncT) -> ViewFuncT:
@wraps(func)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
def wrapper(request: HttpRequest, user_profile: UserProfile, *args: object, **kwargs: object) -> HttpResponse:
realm: Allow only organization owners to deactivate a realm. We now allow only organization owners to deactivate a realm. 'require_realm_owner' decorator has been added for this purpose.
2020-06-11 00:26:49 +02:00
if not user_profile.is_realm_owner:
raise OrganizationOwnerRequired()
return func(request, user_profile, *args, **kwargs)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
return cast(ViewFuncT, wrapper) # https://github.com/python/mypy/issues/1927
realm: Allow only organization owners to deactivate a realm. We now allow only organization owners to deactivate a realm. 'require_realm_owner' decorator has been added for this purpose.
2020-06-11 00:26:49 +02:00
zerver: Use Python 3 syntax for typing. Tweaked by tabbott to fix some minor whitespace errors.
2017-11-27 07:33:05 +01:00
def require_realm_admin(func: ViewFuncT) -> ViewFuncT:
Add a decorator for checking whether a user is a realm administrator. (imported from commit 8ba2c54ccd0a92e8c7ab8f1a8873e581f6cadd51)
2013-12-09 22:12:18 +01:00
@wraps(func)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
def wrapper(request: HttpRequest, user_profile: UserProfile, *args: object, **kwargs: object) -> HttpResponse:
Replace use of django-guardian with fields on UserProfile. As documented in https://github.com/zulip/zulip/issues/441, Guardian has quite poor performance, and in fact almost 50% of the time spent running the Zulip backend test suite on my laptop was inside Guardian. As part of this migration, we also clean up the old API_SUPER_USERS variable used to mark EMAIL_GATEWAY_BOT as an API super user; now that permission is managed entirely via the database. When rebasing past this commit, developers will need to do a `manage.py migrate` in order to apply the migration changes before the server will run again. We can't yet remove Guardian from INSTALLED_APPS, requirements.txt, etc. in this release, because otherwise the reverse migration won't work. Fixes #441.
2016-02-08 03:59:38 +01:00
if not user_profile.is_realm_admin:
decorator: Extract OrganizationAdministratorRequired common exception. This eliminates significant code duplication of error messages for situations where an organization administrator is required.
2019-11-16 15:53:56 +01:00
raise OrganizationAdministratorRequired()
Add a decorator for checking whether a user is a realm administrator. (imported from commit 8ba2c54ccd0a92e8c7ab8f1a8873e581f6cadd51)
2013-12-09 22:12:18 +01:00
return func(request, user_profile, *args, **kwargs)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
return cast(ViewFuncT, wrapper) # https://github.com/python/mypy/issues/1927
Add a decorator for checking whether a user is a realm administrator. (imported from commit 8ba2c54ccd0a92e8c7ab8f1a8873e581f6cadd51)
2013-12-09 22:12:18 +01:00
billing: Don't allow guest users to upgrade.
2020-07-15 22:18:32 +02:00
def require_organization_member(func: ViewFuncT) -> ViewFuncT:
@wraps(func)
def wrapper(request: HttpRequest, user_profile: UserProfile, *args: object, **kwargs: object) -> HttpResponse:
if user_profile.role > UserProfile.ROLE_MEMBER:
raise OrganizationMemberRequired()
return func(request, user_profile, *args, **kwargs)
return cast(ViewFuncT, wrapper) # https://github.com/python/mypy/issues/1927
billing: Use require_billing_access decorator in JSON endpoints.
2018-11-01 11:26:29 +01:00
def require_billing_access(func: ViewFuncT) -> ViewFuncT:
@wraps(func)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
def wrapper(request: HttpRequest, user_profile: UserProfile, *args: object, **kwargs: object) -> HttpResponse:
billing: Restrict access to billing page to realm owners and billing admins.
2020-07-14 14:40:39 +02:00
if not user_profile.has_billing_access:
raise JsonableError(_("Must be a billing administrator or an organization owner"))
billing: Use require_billing_access decorator in JSON endpoints.
2018-11-01 11:26:29 +01:00
return func(request, user_profile, *args, **kwargs)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
return cast(ViewFuncT, wrapper) # https://github.com/python/mypy/issues/1927
billing: Use require_billing_access decorator in JSON endpoints.
2018-11-01 11:26:29 +01:00
decorators: Restructure get_client_name interface. Previously, get_client_name was responsible for both parsing the User-Agent data as well as handling the override behavior that we want to use "website" rather than "Mozilla" as the key for the Client object. Now, it's just responsible for User-Agent, and the override behavior is entirely within process_client (the function concerned with Client objects). This has the side effect of changing what `Client` object we'll use for HTTP requests to /json/ endpoints that set the `client` attribute. I think that's in line with our intent -- we only have a use case for API clients overriding the User-Agent parsing (that feature is a workaround for situations where the third party may not control HTTP headers but does control the HTTP request payload). This loses test coverage on the `request.GET['client']` code path; I disable that for now since we don't have a real use for that behavior. (We may want to change that logic to have Client recognize individual browsers; doing so requires first using a better User-Agent parsing library). Part of #14067.
2020-03-08 21:12:38 +01:00
def get_client_name(request: HttpRequest) -> str:
api: Extract client strings from UserAgent. (imported from commit 22468dd0eb06bb52ed7273f3067ae3e2461ee0a5)
2013-12-19 18:10:30 +01:00
# If the API request specified a client in the request content,
# that has priority. Otherwise, extract the client from the
# User-Agent.
decorators: Restructure get_client_name interface. Previously, get_client_name was responsible for both parsing the User-Agent data as well as handling the override behavior that we want to use "website" rather than "Mozilla" as the key for the Client object. Now, it's just responsible for User-Agent, and the override behavior is entirely within process_client (the function concerned with Client objects). This has the side effect of changing what `Client` object we'll use for HTTP requests to /json/ endpoints that set the `client` attribute. I think that's in line with our intent -- we only have a use case for API clients overriding the User-Agent parsing (that feature is a workaround for situations where the third party may not control HTTP headers but does control the HTTP request payload). This loses test coverage on the `request.GET['client']` code path; I disable that for now since we don't have a real use for that behavior. (We may want to change that logic to have Client recognize individual browsers; doing so requires first using a better User-Agent parsing library). Part of #14067.
2020-03-08 21:12:38 +01:00
if 'client' in request.GET: # nocoverage
Django 1.10: Deprecate request.REQUEST.
2016-11-03 13:00:18 +01:00
return request.GET['client']
decorator: Improve user agent parsing.
2017-02-11 05:26:10 +01:00
if 'client' in request.POST:
Django 1.10: Deprecate request.REQUEST.
2016-11-03 13:00:18 +01:00
return request.POST['client']
decorator: Improve user agent parsing.
2017-02-11 05:26:10 +01:00
if "HTTP_USER_AGENT" in request.META:
python: Convert assignment type annotations to Python 3.6 style. This commit was split by tabbott; this piece covers the vast majority of files in Zulip, but excludes scripts/, tools/, and puppet/ to help ensure we at least show the right error messages for Xenial systems. We can likely further refine the remaining pieces with some testing. Generated by com2ann, with whitespace fixes and various manual fixes for runtime issues: - invoiced_through: Optional[LicenseLedger] = models.ForeignKey( + invoiced_through: Optional["LicenseLedger"] = models.ForeignKey( -_apns_client: Optional[APNsClient] = None +_apns_client: Optional["APNsClient"] = None - notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) - signup_notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) + notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) + signup_notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) - author: Optional[UserProfile] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE) + author: Optional["UserProfile"] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE) - bot_owner: Optional[UserProfile] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL) + bot_owner: Optional["UserProfile"] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL) - default_sending_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) - default_events_register_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) + default_sending_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) + default_events_register_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) -descriptors_by_handler_id: Dict[int, ClientDescriptor] = {} +descriptors_by_handler_id: Dict[int, "ClientDescriptor"] = {} -worker_classes: Dict[str, Type[QueueProcessingWorker]] = {} -queues: Dict[str, Dict[str, Type[QueueProcessingWorker]]] = {} +worker_classes: Dict[str, Type["QueueProcessingWorker"]] = {} +queues: Dict[str, Dict[str, Type["QueueProcessingWorker"]]] = {} -AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional[LDAPSearch] = None +AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional["LDAPSearch"] = None Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-22 01:09:50 +02:00
user_agent: Optional[Dict[str, str]] = parse_user_agent(request.META["HTTP_USER_AGENT"])
decorator: Improve user agent parsing.
2017-02-11 05:26:10 +01:00
else:
user_agent = None
if user_agent is not None:
decorators: Restructure get_client_name interface. Previously, get_client_name was responsible for both parsing the User-Agent data as well as handling the override behavior that we want to use "website" rather than "Mozilla" as the key for the Client object. Now, it's just responsible for User-Agent, and the override behavior is entirely within process_client (the function concerned with Client objects). This has the side effect of changing what `Client` object we'll use for HTTP requests to /json/ endpoints that set the `client` attribute. I think that's in line with our intent -- we only have a use case for API clients overriding the User-Agent parsing (that feature is a workaround for situations where the third party may not control HTTP headers but does control the HTTP request payload). This loses test coverage on the `request.GET['client']` code path; I disable that for now since we don't have a real use for that behavior. (We may want to change that logic to have Client recognize individual browsers; doing so requires first using a better User-Agent parsing library). Part of #14067.
2020-03-08 21:12:38 +01:00
return user_agent["name"]
# In the future, we will require setting USER_AGENT, but for
# now we just want to tag these requests so we can review them
# in logs and figure out the extent of the problem
return "Unspecified"
Factor out client extraction and API key validation from authenticated_api_view (imported from commit b8e3fc2f956b4de07ea0fe9b6f596dd353013935)
2013-03-21 19:21:46 +01:00
mypy: Use Python 3 type syntax in decorator.py.
2017-12-09 06:40:18 +01:00
def process_client(request: HttpRequest, user_profile: UserProfile,
*, is_browser_view: bool=False,
zerver: Change use of typing.Text to str.
2018-05-11 01:39:17 +02:00
client_name: Optional[str]=None,
decorator: Rename remote_server_request to skip_update_user_activity. This makes it reasonable to call process_client from other contexts, like /server_settings, where we don't have an authenticated UserProfile object.
2018-12-11 20:09:11 +01:00
skip_update_user_activity: bool=False,
zerver: Change use of typing.Text to str.
2018-05-11 01:39:17 +02:00
query: Optional[str]=None) -> None:
Move getting client to api_key_only_webhook_view. This decreases the amount of convention developers need to understand in order to write a new webhook integration.
2016-05-12 22:49:36 +02:00
if client_name is None:
decorators: Restructure get_client_name interface. Previously, get_client_name was responsible for both parsing the User-Agent data as well as handling the override behavior that we want to use "website" rather than "Mozilla" as the key for the Client object. Now, it's just responsible for User-Agent, and the override behavior is entirely within process_client (the function concerned with Client objects). This has the side effect of changing what `Client` object we'll use for HTTP requests to /json/ endpoints that set the `client` attribute. I think that's in line with our intent -- we only have a use case for API clients overriding the User-Agent parsing (that feature is a workaround for situations where the third party may not control HTTP headers but does control the HTTP request payload). This loses test coverage on the `request.GET['client']` code path; I disable that for now since we don't have a real use for that behavior. (We may want to change that logic to have Client recognize individual browsers; doing so requires first using a better User-Agent parsing library). Part of #14067.
2020-03-08 21:12:38 +01:00
client_name = get_client_name(request)
# We could check for a browser's name being "Mozilla", but
# e.g. Opera and MobileSafari don't set that, and it seems
# more robust to just key off whether it was a browser view
if is_browser_view and not client_name.startswith("Zulip"):
# Avoid changing the client string for browsers, but let
# the Zulip desktop apps be themselves.
client_name = "website"
Replace "ios" with "ZulipiOS" in process_client(). (imported from commit 72b4f5ded6dbb86fe67884d6fe8da1ee2146c4c5)
2014-01-08 17:52:36 +01:00
DRY up process_client() by extracting get_client_name(). Avoid repeating request.client = get_client(foo) 5 times, and decouple the logic for determining the client name from how we represent the client as an ORM object and piggyback it on the Django request. (imported from commit efdf81cbaf9599a5606da18e06d7ffe9b88aaf6f)
2014-01-08 17:36:54 +01:00
request.client = get_client(client_name)
process_client: Don't update activity of unauthenticated users. This allows wrapper `add_logging_data` to be used to add client information for unauthenticated users (or web public guests).
2020-09-22 17:22:07 +02:00
if not skip_update_user_activity and user_profile.is_authenticated:
user_activity: Allow passing the `query` more directly. This won't work for all call paths without deeper refactoring, but for at least some paths we can make this more direct -- function arguments, rather than mutating a request attribute -- so it's easier to see how the data is flowing.
2017-11-03 22:44:59 +01:00
update_user_activity(request, user_profile, query)
Factor out client extraction and API key validation from authenticated_api_view (imported from commit b8e3fc2f956b4de07ea0fe9b6f596dd353013935)
2013-03-21 19:21:46 +01:00
push_notifications: Fix error message for unregistered bouncer. Previously, we were just returning a JSON error to the client, when it was a server problem. Fixes #6639.
2017-10-12 03:02:35 +02:00
class InvalidZulipServerError(JsonableError):
code = ErrorCode.INVALID_ZULIP_SERVER
data_fields = ['role']
zerver: Change use of typing.Text to str.
2018-05-11 01:39:17 +02:00
def __init__(self, role: str) -> None:
python: Convert assignment type annotations to Python 3.6 style. This commit was split by tabbott; this piece covers the vast majority of files in Zulip, but excludes scripts/, tools/, and puppet/ to help ensure we at least show the right error messages for Xenial systems. We can likely further refine the remaining pieces with some testing. Generated by com2ann, with whitespace fixes and various manual fixes for runtime issues: - invoiced_through: Optional[LicenseLedger] = models.ForeignKey( + invoiced_through: Optional["LicenseLedger"] = models.ForeignKey( -_apns_client: Optional[APNsClient] = None +_apns_client: Optional["APNsClient"] = None - notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) - signup_notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) + notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) + signup_notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) - author: Optional[UserProfile] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE) + author: Optional["UserProfile"] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE) - bot_owner: Optional[UserProfile] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL) + bot_owner: Optional["UserProfile"] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL) - default_sending_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) - default_events_register_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) + default_sending_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) + default_events_register_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) -descriptors_by_handler_id: Dict[int, ClientDescriptor] = {} +descriptors_by_handler_id: Dict[int, "ClientDescriptor"] = {} -worker_classes: Dict[str, Type[QueueProcessingWorker]] = {} -queues: Dict[str, Dict[str, Type[QueueProcessingWorker]]] = {} +worker_classes: Dict[str, Type["QueueProcessingWorker"]] = {} +queues: Dict[str, Dict[str, Type["QueueProcessingWorker"]]] = {} -AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional[LDAPSearch] = None +AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional["LDAPSearch"] = None Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-22 01:09:50 +02:00
self.role: str = role
push_notifications: Fix error message for unregistered bouncer. Previously, we were just returning a JSON error to the client, when it was a server problem. Fixes #6639.
2017-10-12 03:02:35 +02:00
@staticmethod
zerver: Change use of typing.Text to str.
2018-05-11 01:39:17 +02:00
def msg_format() -> str:
push_notifications: Fix error message for unregistered bouncer. Previously, we were just returning a JSON error to the client, when it was a server problem. Fixes #6639.
2017-10-12 03:02:35 +02:00
return "Zulip server auth failure: {role} is not registered"
decorator: Fix exception format for invalid API key. This exception class was clearly missing the part where `role` gets stored, which was intended to be inherited from InvalidZulipServerError. This fixes an unnecessary 500 error in the push notifications bouncer.
2018-04-26 06:36:34 +02:00
class InvalidZulipServerKeyError(InvalidZulipServerError):
push_notifications: Fix error message for unregistered bouncer. Previously, we were just returning a JSON error to the client, when it was a server problem. Fixes #6639.
2017-10-12 03:02:35 +02:00
@staticmethod
zerver: Change use of typing.Text to str.
2018-05-11 01:39:17 +02:00
def msg_format() -> str:
push_notifications: Fix error message for unregistered bouncer. Previously, we were just returning a JSON error to the client, when it was a server problem. Fixes #6639.
2017-10-12 03:02:35 +02:00
return "Zulip server auth failure: key does not match role {role}"
zerver: Change use of typing.Text to str.
2018-05-11 01:39:17 +02:00
def validate_api_key(request: HttpRequest, role: Optional[str],
webhooks: Rename is_webhook to allow_webhook_access. This argument does not define if an endpoint "is a webhook"; it is set for "/api/v1/messages", which is not really a webhook, but allows access from webhooks.
2020-09-22 00:38:29 +02:00
api_key: str, allow_webhook_access: bool=False,
python: Remove unittest.mock.Mock uses from production code. It’s somewhat expensive to import and confuses mypy. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-08-27 22:19:00 +02:00
client_name: Optional[str]=None) -> Union[UserProfile, "RemoteZulipServer"]:
Strip whitespace from email/key during API auth Trac #1681 (imported from commit 4c97bfea052d2da7673ba5a9520f7ddc7515d975)
2013-08-21 00:36:45 +02:00
# Remove whitespace to protect users from trivial errors.
decorator: Use validate_api_key in api_key_only_webhook_view code path. This completes the effort to deduplicate the main code of our authentication decorators.
2017-08-15 01:21:46 +02:00
api_key = api_key.strip()
if role is not None:
role = role.strip()
Strip whitespace from email/key during API auth Trac #1681 (imported from commit 4c97bfea052d2da7673ba5a9520f7ddc7515d975)
2013-08-21 00:36:45 +02:00
tests: Add uuid_get and uuid_post. We want a clean codepath for the vast majority of cases of using api_get/api_post, which now uses email and which we'll soon convert to accepting `user` as a parameter. These apis that take two different types of values for the same parameter make sweeps like this kinda painful, and they're pretty easy to avoid by extracting helpers to do the actual common tasks. So, for example, here I still keep a common method to actually encode the credentials (since the whole encode/decode business is an annoying detail that you don't want to fix in two places): def encode_credentials(self, identifier: str, api_key: str) -> str: """ identifier: Can be an email or a remote server uuid. """ credentials = "%s:%s" % (identifier, api_key) return 'Basic ' + base64.b64encode(credentials.encode('utf-8')).decode('utf-8') But then the rest of the code has two separate codepaths. And for the uuid functions, we no longer have crufty references to realm. (In fairness, realm will also go away when we introduce users.) For the `is_remote_server` helper, I just inlined it, since it's now only needed in one place, and the name didn't make total sense anyway, plus it wasn't a super robust check. In context, it's easier just to use a comment now to say what we're doing: # If `role` doesn't look like an email, it might be a uuid. if settings.ZILENCER_ENABLED and role is not None and '@' not in role: # do stuff
2020-03-10 12:34:25 +01:00
# If `role` doesn't look like an email, it might be a uuid.
if settings.ZILENCER_ENABLED and role is not None and '@' not in role:
Add support infrastructure for push notification bouncer service. This is an incomplete cleaned-up continuation of Lisa Neigut's push notification bouncer work. It supports registration and deregistration of individual push tokens with a central push notification bouncer server. It still is missing a few things before we can complete this effort: * A registration form for server admins to configure their server for this service, with tests. * Code (and tests) for actually bouncing the notifications.
2016-10-27 23:55:31 +02:00
try:
decorator: Clean up 'profile' variable reuse.
2017-08-15 00:41:04 +02:00
remote_server = get_remote_server_by_uuid(role)
Add support infrastructure for push notification bouncer service. This is an incomplete cleaned-up continuation of Lisa Neigut's push notification bouncer work. It supports registration and deregistration of individual push tokens with a central push notification bouncer server. It still is missing a few things before we can complete this effort: * A registration form for server admins to configure their server for this service, with tests. * Code (and tests) for actually bouncing the notifications.
2016-10-27 23:55:31 +02:00
except RemoteZulipServer.DoesNotExist:
push_notifications: Fix error message for unregistered bouncer. Previously, we were just returning a JSON error to the client, when it was a server problem. Fixes #6639.
2017-10-12 03:02:35 +02:00
raise InvalidZulipServerError(role)
decorator: Clean up 'profile' variable reuse.
2017-08-15 00:41:04 +02:00
if api_key != remote_server.api_key:
push_notifications: Fix error message for unregistered bouncer. Previously, we were just returning a JSON error to the client, when it was a server problem. Fixes #6639.
2017-10-12 03:02:35 +02:00
raise InvalidZulipServerKeyError(role)
decorator: Reorganize remote Zulip server code into one block.
2017-08-15 00:39:36 +02:00
subdomains: Simplify out check_subdomain from an uncommon use. This also replaces an implicit use of "" for Realm.SUBDOMAIN_FOR_ROOT_DOMAIN.
2017-10-20 02:52:15 +02:00
if get_subdomain(request) != Realm.SUBDOMAIN_FOR_ROOT_DOMAIN:
push_notifications: Fix error message for unregistered bouncer. Previously, we were just returning a JSON error to the client, when it was a server problem. Fixes #6639.
2017-10-12 03:02:35 +02:00
raise JsonableError(_("Invalid subdomain for push notifications bouncer"))
decorator: Fix request.user handling of remote servers. The refactor in b46af40bd385f13e3731987832f5dd0eda649206 didn't correctly translate the code for managing request.user and request._email, resulting in requests for the push notification bouncer being rejected with this exception: AttributeError: 'AnonymousUser' object has no attribute 'rate_limits'
2017-08-16 06:04:19 +02:00
request.user = remote_server
decorator: Refactor more code into validate_api_key.
2017-08-15 00:59:19 +02:00
remote_server.rate_limits = ""
decorator: Rename remote_server_request to skip_update_user_activity. This makes it reasonable to call process_client from other contexts, like /server_settings, where we don't have an authenticated UserProfile object.
2018-12-11 20:09:11 +01:00
# Skip updating UserActivity, since remote_server isn't actually a UserProfile object.
process_client(request, remote_server, skip_update_user_activity=True)
decorator: Clean up 'profile' variable reuse.
2017-08-15 00:41:04 +02:00
return remote_server
decorator: Simplify control flow in validate_api_key. This technically changes the behavior in the case that !settings.ZILENCER_ENABLED but is_remote_zulip_server(role). Fortunately, that case is mostly irrelevant (in that remote zulip servers is a Zilencer feature). The old behavior was also probably slightly wrong, in that you'd get a zilencer-specific error message in that case.
2017-08-15 00:40:20 +02:00
validate_api_key: Stop using 'profile' local variable.
2017-08-15 00:59:57 +02:00
user_profile = access_user_by_api_key(request, api_key, email=role)
webhooks: Rename is_webhook to allow_webhook_access. This argument does not define if an endpoint "is a webhook"; it is set for "/api/v1/messages", which is not really a webhook, but allows access from webhooks.
2020-09-22 00:38:29 +02:00
if user_profile.is_incoming_webhook and not allow_webhook_access:
decorator: Fix check for incoming webhook bots and move later The check itself was correct, but the error message was in fact the opposite of what this check is for. In other words, the only things these users can do is post messages, and the error message when you tried to do something else was to tell you that the user can't post messages.
2017-08-15 00:44:34 +02:00
raise JsonableError(_("This API is not available to incoming webhook bots."))
decorator: Refactor more code into validate_api_key.
2017-08-15 00:59:19 +02:00
request.user = user_profile
decorator: Use validate_api_key in api_key_only_webhook_view code path. This completes the effort to deduplicate the main code of our authentication decorators.
2017-08-15 01:21:46 +02:00
process_client(request, user_profile, client_name=client_name)
decorator: Refactor more code into validate_api_key.
2017-08-15 00:59:19 +02:00
validate_api_key: Stop using 'profile' local variable.
2017-08-15 00:59:57 +02:00
return user_profile
Factor out client extraction and API key validation from authenticated_api_view (imported from commit b8e3fc2f956b4de07ea0fe9b6f596dd353013935)
2013-03-21 19:21:46 +01:00
zerver: Use Python 3 syntax for typing. Tweaked by tabbott to fix some minor whitespace errors.
2017-11-27 07:33:05 +01:00
def validate_account_and_subdomain(request: HttpRequest, user_profile: UserProfile) -> None:
decorators: Extract access_user_by_api_key.
2017-08-15 00:28:39 +02:00
if user_profile.realm.deactivated:
decorator: Improve error message for a deactivated organization.
2018-03-17 00:51:11 +01:00
raise JsonableError(_("This organization has been deactivated"))
decorator: Check for deactivated realm before deactivated user. Structurally, this is the right order-of-access for data.
2018-08-10 00:57:18 +02:00
if not user_profile.is_active:
decorator: Fix error message for accessing deactivated accounts. The previous message was potentially a lot more ambiguous about whether this was something about presence. "Deactivated" makes it explicit that some action was taken to deactivate the account.
2018-08-10 00:58:31 +02:00
raise JsonableError(_("Account is deactivated"))
decorators: Extract access_user_by_api_key.
2017-08-15 00:28:39 +02:00
dependencies: Remove WebSockets system for sending messages. Zulip has had a small use of WebSockets (specifically, for the code path of sending messages, via the webapp only) since ~2013. We originally added this use of WebSockets in the hope that the latency benefits of doing so would allow us to avoid implementing a markdown local echo; they were not. Further, HTTP/2 may have eliminated the latency difference we hoped to exploit by using WebSockets in any case. While we’d originally imagined using WebSockets for other endpoints, there was never a good justification for moving more components to the WebSockets system. This WebSockets code path had a lot of downsides/complexity, including: * The messy hack involving constructing an emulated request object to hook into doing Django requests. * The `message_senders` queue processor system, which increases RAM needs and must be provisioned independently from the rest of the server). * A duplicate check_send_receive_time Nagios test specific to WebSockets. * The requirement for users to have their firewalls/NATs allow WebSocket connections, and a setting to disable them for networks where WebSockets don’t work. * Dependencies on the SockJS family of libraries, which has at times been poorly maintained, and periodically throws random JavaScript exceptions in our production environments without a deep enough traceback to effectively investigate. * A total of about 1600 lines of our code related to the feature. * Increased load on the Tornado system, especially around a Zulip server restart, and especially for large installations like zulipchat.com, resulting in extra delay before messages can be sent again. As detailed in https://github.com/zulip/zulip/pull/12862#issuecomment-536152397, it appears that removing WebSockets moderately increases the time it takes for the `send_message` API query to return from the server, but does not significantly change the time between when a message is sent and when it is received by clients. We don’t understand the reason for that change (suggesting the possibility of a measurement error), and even if it is a real change, we consider that potential small latency regression to be acceptable. If we later want WebSockets, we’ll likely want to just use Django Channels. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-07-23 01:43:40 +02:00
# Either the subdomain matches, or we're accessing Tornado from
# and to localhost (aka spoofing a request as the user).
subdomains: Refactor check_subdomain to a clearer interface. Now that every call site of check_subdomain produces its second argument in exactly the same way, push that shared bit of logic into a new wrapper for check_subdomain. Also give that new function a name that says more specifically what it's checking -- which I think is easier to articulate for this interface than for that of check_subdomain.
2017-10-20 02:53:24 +02:00
if (not user_matches_subdomain(get_subdomain(request), user_profile) and
decorator: Add localhost/Tornado hack to access_user_by_api_key. This should make it possible to share that code with other code paths.
2017-08-15 00:42:16 +02:00
not (settings.RUNNING_INSIDE_TORNADO and
request.META["SERVER_NAME"] == "127.0.0.1" and
request.META["REMOTE_ADDR"] == "127.0.0.1")):
logging: Pass format arguments to logging. https://docs.python.org/3/howto/logging.html#optimization Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-05-02 08:44:14 +02:00
logging.warning(
"User %s (%s) attempted to access API on wrong subdomain (%s)",
user_profile.delivery_email, user_profile.realm.subdomain, get_subdomain(request),
)
decorators: Extract access_user_by_api_key.
2017-08-15 00:28:39 +02:00
raise JsonableError(_("Account is not associated with this subdomain"))
zerver: Change use of typing.Text to str.
2018-05-11 01:39:17 +02:00
def access_user_by_api_key(request: HttpRequest, api_key: str, email: Optional[str]=None) -> UserProfile:
api: Return a JsonableError if API key of invalid format is given.
2019-12-16 08:12:39 +01:00
if not has_api_key_format(api_key):
raise InvalidAPIKeyFormatError()
decorator: Extract validate_account_and_subdomain and deduplicate. This fixes the significant duplication of code between the authenticate_log_and_execute_json code path and the `validate_api_key` code path. These's till a bit of duplication, in the form of `process_client` and `request._email` interactions, but it is very minor at this point.
2017-08-15 01:28:48 +02:00
try:
models: Add new get_user_profile_by_api_key helper. This results in a slight performance increase.
2017-08-25 07:43:38 +02:00
user_profile = get_user_profile_by_api_key(api_key)
decorator: Extract validate_account_and_subdomain and deduplicate. This fixes the significant duplication of code between the authenticate_log_and_execute_json code path and the `validate_api_key` code path. These's till a bit of duplication, in the form of `process_client` and `request._email` interactions, but it is very minor at this point.
2017-08-15 01:28:48 +02:00
except UserProfile.DoesNotExist:
decorator: Set an error code for invalid API key errors. This should make it easily for mobile/terminal apps to handle situations like the user's API key changing. Also fix the fact we were incorrectly using a 400, not 401, status code for this case.
2019-01-05 20:18:18 +01:00
raise InvalidAPIKeyError()
email: Convert accounts code to use delivery_email. A key part of this is the new helper, get_user_by_delivery_email. Its verbose name is important for clarity; it should help avoid blind copy-pasting of get_user (which we'll also want to rename). Unfortunately, it requires detailed understanding of the context to figure out which one to use; each is used in about half of call sites. Another important note is that this PR doesn't migrate get_user calls in the tests except where not doing so would cause the tests to fail. This probably deserves a follow-up refactor to avoid bugs here.
2018-12-07 00:05:57 +01:00
if email is not None and email.lower() != user_profile.delivery_email.lower():
decorator: Extract validate_account_and_subdomain and deduplicate. This fixes the significant duplication of code between the authenticate_log_and_execute_json code path and the `validate_api_key` code path. These's till a bit of duplication, in the form of `process_client` and `request._email` interactions, but it is very minor at this point.
2017-08-15 01:28:48 +02:00
# This covers the case that the API key is correct, but for a
# different user. We may end up wanting to relaxing this
# constraint or give a different error message in the future.
decorator: Set an error code for invalid API key errors. This should make it easily for mobile/terminal apps to handle situations like the user's API key changing. Also fix the fact we were incorrectly using a 400, not 401, status code for this case.
2019-01-05 20:18:18 +01:00
raise InvalidAPIKeyError()
decorator: Extract validate_account_and_subdomain and deduplicate. This fixes the significant duplication of code between the authenticate_log_and_execute_json code path and the `validate_api_key` code path. These's till a bit of duplication, in the form of `process_client` and `request._email` interactions, but it is very minor at this point.
2017-08-15 01:28:48 +02:00
validate_account_and_subdomain(request, user_profile)
decorators: Extract access_user_by_api_key.
2017-08-15 00:28:39 +02:00
return user_profile
webhooks: Log unexpected webhook events separately. This change serves to declutter webhook-errors.log, which is filled with too many UnexpectedWebhookEventType exceptions. Keeping UnexpectedWebhookEventType in zerver/lib/webhooks/common.py led to a cyclic import when we tried to import the exception in zerver/decorators.py, so this commit also moves this exception to another appropriate module. Note that our webhooks still import this exception via zerver/lib/webhooks/common.py.
2019-06-06 05:55:09 +02:00
def log_exception_to_webhook_logger(
webhook logger: Add summary field. Before this the only way we took advantage of the summary from UnexpectedWebhookEventType was by looking at exc_info(). Now we just explicitly add it to the log message, which also sets us up to call log_exception_to_webhook_logger directly with some sort of "summary" info when we don't actually want a real exception (for example, we might want to report anomalous webhook data but still continue the transaction). A minor change in passing is that I move the payload parameter lexically.
2020-09-02 10:03:58 +02:00
summary: str,
webhooks: Rename UnexpectedWebhookEventType to UnsupportedWebhookEventType. Any exception is an "unexpected event", which means talking about having an "unexpected event logger" or "unexpected event exception" is confusing. As the error message in `exceptions.py` already explains, this is about an _unsupported_ event type. This also switches the path that these exceptions are written to, accordingly.
2020-08-19 22:26:38 +02:00
unsupported_event: bool,
webhooks: Log unexpected webhook events separately. This change serves to declutter webhook-errors.log, which is filled with too many UnexpectedWebhookEventType exceptions. Keeping UnexpectedWebhookEventType in zerver/lib/webhooks/common.py led to a cyclic import when we tried to import the exception in zerver/decorators.py, so this commit also moves this exception to another appropriate module. Note that our webhooks still import this exception via zerver/lib/webhooks/common.py.
2019-06-06 05:55:09 +02:00
) -> None:
webhooks: Rename UnexpectedWebhookEventType to UnsupportedWebhookEventType. Any exception is an "unexpected event", which means talking about having an "unexpected event logger" or "unexpected event exception" is confusing. As the error message in `exceptions.py` already explains, this is about an _unsupported_ event type. This also switches the path that these exceptions are written to, accordingly.
2020-08-19 22:26:38 +02:00
if unsupported_event:
webhooks: Move the extra logging information into a formatter. This clears it out of the data sent to Sentry, where it is duplicative with the indexed metadata -- and potentially exposes PHI if Sentry's "make this issue public" feature is used.
2020-09-04 03:38:24 +02:00
webhook_unsupported_events_logger.exception(summary, stack_info=True)
webhooks: Log unexpected webhook events separately. This change serves to declutter webhook-errors.log, which is filled with too many UnexpectedWebhookEventType exceptions. Keeping UnexpectedWebhookEventType in zerver/lib/webhooks/common.py led to a cyclic import when we tried to import the exception in zerver/decorators.py, so this commit also moves this exception to another appropriate module. Note that our webhooks still import this exception via zerver/lib/webhooks/common.py.
2019-06-06 05:55:09 +02:00
else:
webhooks: Move the extra logging information into a formatter. This clears it out of the data sent to Sentry, where it is duplicative with the indexed metadata -- and potentially exposes PHI if Sentry's "make this issue public" feature is used.
2020-09-04 03:38:24 +02:00
webhook_logger.exception(summary, stack_info=True)
decorators: Refactor the webhook_logger code. Just to make the code a bit cleaner and to be able to reuse the same logging code in other decorator functions.
2018-02-25 01:54:29 +01:00
webhooks: Fix passing client string to authenticated webhook API views. This fixes a regression in 93678e89cd29da5b8106e278fa776f90f6fed33f and a4979410f983e7aaa10f4833a9c302110bea685c, where the webhooks using authenticated_rest_api_view were migrated to a new model that didn't include setting a custom Client string for the webhook. When restoring these webhooks' client strings, we also fix places where the client string was not capitalized the same was as the product's name.
2018-03-16 23:37:32 +01:00
def full_webhook_client_name(raw_client_name: Optional[str]=None) -> Optional[str]:
if raw_client_name is None:
return None
python: Convert "".format to Python 3.6 f-strings. Generated by pyupgrade --py36-plus --keep-percent-format, but with the NamedTuple changes reverted (see commit ba7906a3c657905fa35bbcfb4e97b053f050272d, #15132). Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-09 00:25:09 +02:00
return f"Zulip{raw_client_name}Webhook"
webhooks: Fix passing client string to authenticated webhook API views. This fixes a regression in 93678e89cd29da5b8106e278fa776f90f6fed33f and a4979410f983e7aaa10f4833a9c302110bea685c, where the webhooks using authenticated_rest_api_view were migrated to a new model that didn't include setting a custom Client string for the webhook. When restoring these webhooks' client strings, we also fix places where the client string was not capitalized the same was as the product's name.
2018-03-16 23:37:32 +01:00
Add api_key_only_webhook_view decorator. This is for webhook API endpoints that only get passed in an api_key, not an email. An example would be api_jira_webhook, and some of the code is borrowed from there. The rest of the code is from authenticated_api_view(). (imported from commit b5b2a4ea52f9b317f00357ef3142c76534fabf20)
2013-10-03 01:12:57 +02:00
# Use this for webhook views that don't get an email passed in.
webhooks: Rename api_key_only_webhook_view to webhook_view. There are no other types of webhook views; this is more concise.
2020-08-20 00:32:15 +02:00
def webhook_view(
webhook_decorator: Support notifying bot owner on invalid JSON. Our webhook-errors.log file is riddled with exceptions that are logged when a webhook is incorrectly configured to send data in a non-JSON format. To avoid this, api_key_only_webhook_view now supports an additional argument, notify_bot_owner_on_invalid_json. This argument, when True, will send a PM notification to the bot's owner notifying them of the configuration issue.
2018-11-15 05:31:34 +01:00
webhook_client_name: str,
python: Fix misuse of Optional types for optional parameters. There seems to have been a confusion between two different uses of the word “optional”: • An optional parameter may be omitted and replaced with a default value. • An Optional type has None as a possible value. Sometimes an optional parameter has a default value of None, or None is otherwise a meaningful value to provide, in which case it makes sense for the optional parameter to have an Optional type. But in other cases, optional parameters should not have Optional type. Fix them. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-13 01:57:21 +02:00
notify_bot_owner_on_invalid_json: bool=True,
decorator: Fix type of signature-changing decorators. In a decorator annotated with generic type (ViewFuncT) -> ViewFuncT, the type variable ViewFuncT = TypeVar(…) must be instantiated to the *same* type in both places. This amounts to a claim that the decorator preserves the signature of the view function, which is not the case for decorators that add a user_profile parameter. The corrected annotations enforce no particular relationship between the input and output signatures, which is not the ideal type we might get if mypy supported variadic generics, but is better than enforcing a relationship that is guaranteed to be wrong. This removes a bunch of ‘# type: ignore[call-arg] # mypy doesn't seem to apply the decorator’ annotations. Mypy does apply the decorator, but the decorator’s incorrect annotation as signature-preserving made it appear as if it didn’t. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-23 04:30:55 +02:00
) -> Callable[[Callable[..., HttpResponse]], Callable[..., HttpResponse]]:
webhooks: Update comment about typing the webhook decorator. The previous link was to "extended callable" types, which are deprecated in favor of callback protocols. Unfortunately, defining a protocol class can't express the typing -- we need some sort of variadic generics[1]. Specifically, we wish to support hitting the endpoint with additional parameters; thus, this protocol is insufficient: ``` class WebhookHandler(Protocol): def __call__(request: HttpRequest, api_key: str) -> HttpResponse: ... ``` ...since it prohibits additional parameters. And allowing extra arguments: ``` class WebhookHandler(Protocol): def __call__(request: HttpRequest, api_key: str, *args: object, **kwargs: object) -> HttpResponse: ... ``` ...is similarly problematic, since the view handlers do not support _arbitrary_ keyword arguments. [1] https://github.com/python/typing/issues/193
2020-08-20 00:20:05 +02:00
# Unfortunately, callback protocols are insufficient for this:
# https://mypy.readthedocs.io/en/stable/protocols.html#callback-protocols
# Variadic generics are necessary: https://github.com/python/typing/issues/193
decorator: Fix type of signature-changing decorators. In a decorator annotated with generic type (ViewFuncT) -> ViewFuncT, the type variable ViewFuncT = TypeVar(…) must be instantiated to the *same* type in both places. This amounts to a claim that the decorator preserves the signature of the view function, which is not the case for decorators that add a user_profile parameter. The corrected annotations enforce no particular relationship between the input and output signatures, which is not the ideal type we might get if mypy supported variadic generics, but is better than enforcing a relationship that is guaranteed to be wrong. This removes a bunch of ‘# type: ignore[call-arg] # mypy doesn't seem to apply the decorator’ annotations. Mypy does apply the decorator, but the decorator’s incorrect annotation as signature-preserving made it appear as if it didn’t. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-23 04:30:55 +02:00
def _wrapped_view_func(view_func: Callable[..., HttpResponse]) -> Callable[..., HttpResponse]:
Move getting client to api_key_only_webhook_view. This decreases the amount of convention developers need to understand in order to write a new webhook integration.
2016-05-12 22:49:36 +02:00
@csrf_exempt
@has_request_variables
@wraps(view_func)
zerver: Change use of typing.Text to str.
2018-05-11 01:39:17 +02:00
def _wrapped_func_arguments(request: HttpRequest, api_key: str=REQ(),
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
*args: object, **kwargs: object) -> HttpResponse:
webhooks: Rename is_webhook to allow_webhook_access. This argument does not define if an endpoint "is a webhook"; it is set for "/api/v1/messages", which is not really a webhook, but allows access from webhooks.
2020-09-22 00:38:29 +02:00
user_profile = validate_api_key(request, None, api_key, allow_webhook_access=True,
webhooks: Fix passing client string to authenticated webhook API views. This fixes a regression in 93678e89cd29da5b8106e278fa776f90f6fed33f and a4979410f983e7aaa10f4833a9c302110bea685c, where the webhooks using authenticated_rest_api_view were migrated to a new model that didn't include setting a custom Client string for the webhook. When restoring these webhooks' client strings, we also fix places where the client string was not capitalized the same was as the product's name.
2018-03-16 23:37:32 +01:00
client_name=full_webhook_client_name(webhook_client_name))
Move getting client to api_key_only_webhook_view. This decreases the amount of convention developers need to understand in order to write a new webhook integration.
2016-05-12 22:49:36 +02:00
if settings.RATE_LIMITING:
rate_limiter: Rename 'all' domain to 'api_by_user'.
2019-08-03 20:39:49 +02:00
rate_limit_user(request, user_profile, domain='api_by_user')
zerver/decorators: Log all exceptions raised in api_key_only_webhook_view. Fixes #4742.
2017-05-12 05:21:09 +02:00
try:
return view_func(request, user_profile, *args, **kwargs)
decorator: Handle invalid JSON in api_key_only_webhook_view. Exception logging within api_key_only_webhook_view fails when ValueError is raised if the request.body passed to ujson.loads isn't valid JSON. In this case, we now just convert the payload to a string and log that. This allows us to inspect JSON payloads that aren't being decoded properly.
2017-07-19 05:08:51 +02:00
except Exception as err:
webhooks: Fix HttpResponse with notify_bot_owner_on_invalid_json. Apparently, there was a bug in notify_bot_owner_on_invalid_json, where we didn't reraise the JsonableError. We fix this with a refactoring that makes the exception layering clearer as well.
2018-12-06 00:12:19 +01:00
if isinstance(err, InvalidJSONError) and notify_bot_owner_on_invalid_json:
# NOTE: importing this at the top of file leads to a
# cyclic import; correct fix is probably to move
# notify_bot_owner_about_invalid_json to a smaller file.
from zerver.lib.webhooks.common import notify_bot_owner_about_invalid_json
notify_bot_owner_about_invalid_json(user_profile, webhook_client_name)
webhooks: Never log JsonableError to webook loggers. These represent known errors in what the user submitted. This is slightly complicated by UnsupportedWebhookEventType being an instance of JsonableError.
2020-09-22 00:50:08 +02:00
elif isinstance(err, JsonableError) and not isinstance(err, UnsupportedWebhookEventType):
pass
webhooks: Fix HttpResponse with notify_bot_owner_on_invalid_json. Apparently, there was a bug in notify_bot_owner_on_invalid_json, where we didn't reraise the JsonableError. We fix this with a refactoring that makes the exception layering clearer as well.
2018-12-06 00:12:19 +01:00
else:
webhooks: Remove repetitive argument to UnsupportedWebhookEventType. The name of the webhook can be added by the webhook decorator.
2020-08-20 00:50:06 +02:00
if isinstance(err, UnsupportedWebhookEventType):
err.webhook_name = webhook_client_name
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
log_exception_to_webhook_logger(
webhook logger: Add summary field. Before this the only way we took advantage of the summary from UnexpectedWebhookEventType was by looking at exc_info(). Now we just explicitly add it to the log message, which also sets us up to call log_exception_to_webhook_logger directly with some sort of "summary" info when we don't actually want a real exception (for example, we might want to report anomalous webhook data but still continue the transaction). A minor change in passing is that I move the payload parameter lexically.
2020-09-02 10:03:58 +02:00
summary=str(err),
webhooks: Rename UnexpectedWebhookEventType to UnsupportedWebhookEventType. Any exception is an "unexpected event", which means talking about having an "unexpected event logger" or "unexpected event exception" is confusing. As the error message in `exceptions.py` already explains, this is about an _unsupported_ event type. This also switches the path that these exceptions are written to, accordingly.
2020-08-19 22:26:38 +02:00
unsupported_event=isinstance(err, UnsupportedWebhookEventType),
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
)
decorator: Handle invalid JSON in api_key_only_webhook_view. Exception logging within api_key_only_webhook_view fails when ValueError is raised if the request.body passed to ujson.loads isn't valid JSON. In this case, we now just convert the payload to a string and log that. This allows us to inspect JSON payloads that aren't being decoded properly.
2017-07-19 05:08:51 +02:00
raise err
zerver/decorators: Log all exceptions raised in api_key_only_webhook_view. Fixes #4742.
2017-05-12 05:21:09 +02:00
Move getting client to api_key_only_webhook_view. This decreases the amount of convention developers need to understand in order to write a new webhook integration.
2016-05-12 22:49:36 +02:00
return _wrapped_func_arguments
Add api_key_only_webhook_view decorator. This is for webhook API endpoints that only get passed in an api_key, not an email. An example would be api_jira_webhook, and some of the code is borrowed from there. The rest of the code is from authenticated_api_view(). (imported from commit b5b2a4ea52f9b317f00357ef3142c76534fabf20)
2013-10-03 01:12:57 +02:00
return _wrapped_view_func
Fix slightly ugly login page URL of /login?next=/.
2016-04-21 23:41:28 +02:00
# From Django 1.8, modified to leave off ?next=/
zerver: Change use of typing.Text to str.
2018-05-11 01:39:17 +02:00
def redirect_to_login(next: str, login_url: Optional[str]=None,
redirect_field_name: str=REDIRECT_FIELD_NAME) -> HttpResponseRedirect:
Switch to using a Zulip version of @login_required. Currently the code is the unmodified Django upstream implementation; this commit is preparation for modifying it.
2016-04-21 23:48:34 +02:00
"""
Redirects the user to the login page, passing the given 'next' page
"""
resolved_url = resolve_url(login_url or settings.LOGIN_URL)
login_url_parts = list(urllib.parse.urlparse(resolved_url))
if redirect_field_name:
querystring = QueryDict(login_url_parts[4], mutable=True)
querystring[redirect_field_name] = next
Fix slightly ugly login page URL of /login?next=/.
2016-04-21 23:41:28 +02:00
# Don't add ?next=/, to keep our URLs clean
if next != '/':
login_url_parts[4] = querystring.urlencode(safe='/')
Switch to using a Zulip version of @login_required. Currently the code is the unmodified Django upstream implementation; this commit is preparation for modifying it.
2016-04-21 23:48:34 +02:00
return HttpResponseRedirect(urllib.parse.urlunparse(login_url_parts))
decorator: Updated user_passes_test function from Django 2.2. Since bug https://bugs.python.org/issue3445 was resolved in Python 3.3, we can avoid the use of assigned=available_attrs(view_func) in wraps decorator (which we were only using because we'd copied code that handled that from Django). Also available_attrs is now depreciated from Django 3.0 onwards.
2020-08-14 10:10:18 +02:00
# From Django 2.2, modified to pass the request rather than just the
# user into test_func; this is useful so that we can revalidate the
# subdomain matches the user's realm. It is likely that we could make
# the subdomain validation happen elsewhere and switch to using the
# stock Django version.
zerver: Change use of typing.Text to str.
2018-05-11 01:39:17 +02:00
def user_passes_test(test_func: Callable[[HttpResponse], bool], login_url: Optional[str]=None,
redirect_field_name: str=REDIRECT_FIELD_NAME) -> Callable[[ViewFuncT], ViewFuncT]:
Switch to using a Zulip version of @login_required. Currently the code is the unmodified Django upstream implementation; this commit is preparation for modifying it.
2016-04-21 23:48:34 +02:00
"""
Decorator for views that checks that the user passes the given test,
redirecting to the log-in page if necessary. The test should be a callable
that takes the user object and returns True if the user passes.
"""
mypy: Fully use ViewFuncT in decorators.py; remove WrappedViewFuncT. Many declarations were previously annotated with Callable[..., HttpResponse]; this is equivalent to ViewFuncT, so here we switch to it. To enable this migration, the WrappedViewFuncT alias is removed; this is equivalent to the simple & legible Callable[[ViewFuncT], ViewFuncT], so for relatively no space change, a clearer return type is possible.
2018-03-13 23:03:41 +01:00
def decorator(view_func: ViewFuncT) -> ViewFuncT:
decorator: Updated user_passes_test function from Django 2.2. Since bug https://bugs.python.org/issue3445 was resolved in Python 3.3, we can avoid the use of assigned=available_attrs(view_func) in wraps decorator (which we were only using because we'd copied code that handled that from Django). Also available_attrs is now depreciated from Django 3.0 onwards.
2020-08-14 10:10:18 +02:00
@wraps(view_func)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
def _wrapped_view(request: HttpRequest, *args: object, **kwargs: object) -> HttpResponse:
Replace UserProfile with HttpRequest in logged_in_and_active.
2016-07-19 14:22:13 +02:00
if test_func(request):
Switch to using a Zulip version of @login_required. Currently the code is the unmodified Django upstream implementation; this commit is preparation for modifying it.
2016-04-21 23:48:34 +02:00
return view_func(request, *args, **kwargs)
path = request.build_absolute_uri()
resolved_login_url = resolve_url(login_url or settings.LOGIN_URL)
# If the login url is the same scheme and net location then just
# use the path as the "next" url.
login_scheme, login_netloc = urllib.parse.urlparse(resolved_login_url)[:2]
current_scheme, current_netloc = urllib.parse.urlparse(path)[:2]
if ((not login_scheme or login_scheme == current_scheme) and
(not login_netloc or login_netloc == current_netloc)):
path = request.get_full_path()
return redirect_to_login(
path, resolved_login_url, redirect_field_name)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
return cast(ViewFuncT, _wrapped_view) # https://github.com/python/mypy/issues/1927
Switch to using a Zulip version of @login_required. Currently the code is the unmodified Django upstream implementation; this commit is preparation for modifying it.
2016-04-21 23:48:34 +02:00
return decorator
zerver: Use Python 3 syntax for typing. Tweaked by tabbott to fix some minor whitespace errors.
2017-11-27 07:33:05 +01:00
def logged_in_and_active(request: HttpRequest) -> bool:
Django 1.11: is_authenticated is now a property.
2017-05-18 11:42:19 +02:00
if not request.user.is_authenticated:
zulip_login_required: Add checks for active users and realms. Like the recent change blocking JSON endpoints for deactivated users and users in deactivated realms, this change is a hardening improvement. Those users should be unable to get an active session anyway, but if somehow one is leaked, this means they won't be able to access any user data.
2016-04-22 00:56:39 +02:00
return False
Replace UserProfile with HttpRequest in logged_in_and_active.
2016-07-19 14:22:13 +02:00
if not request.user.is_active:
zulip_login_required: Add checks for active users and realms. Like the recent change blocking JSON endpoints for deactivated users and users in deactivated realms, this change is a hardening improvement. Those users should be unable to get an active session anyway, but if somehow one is leaked, this means they won't be able to access any user data.
2016-04-22 00:56:39 +02:00
return False
Replace UserProfile with HttpRequest in logged_in_and_active.
2016-07-19 14:22:13 +02:00
if request.user.realm.deactivated:
zulip_login_required: Add checks for active users and realms. Like the recent change blocking JSON endpoints for deactivated users and users in deactivated realms, this change is a hardening improvement. Those users should be unable to get an active session anyway, but if somehow one is leaked, this means they won't be able to access any user data.
2016-04-22 00:56:39 +02:00
return False
subdomains: Refactor check_subdomain to a clearer interface. Now that every call site of check_subdomain produces its second argument in exactly the same way, push that shared bit of logic into a new wrapper for check_subdomain. Also give that new function a name that says more specifically what it's checking -- which I think is easier to articulate for this interface than for that of check_subdomain.
2017-10-20 02:53:24 +02:00
return user_matches_subdomain(get_subdomain(request), request.user)
zulip_login_required: Add checks for active users and realms. Like the recent change blocking JSON endpoints for deactivated users and users in deactivated realms, this change is a hardening improvement. Those users should be unable to get an active session anyway, but if somehow one is leaked, this means they won't be able to access any user data.
2016-04-22 00:56:39 +02:00
2FA: Integrate with login feature.
2017-07-12 09:50:19 +02:00
def do_two_factor_login(request: HttpRequest, user_profile: UserProfile) -> None:
device = default_device(user_profile)
if device:
django_otp.login(request, device)
zerver: Use Python 3 syntax for typing. Tweaked by tabbott to fix some minor whitespace errors.
2017-11-27 07:33:05 +01:00
def do_login(request: HttpRequest, user_profile: UserProfile) -> None:
login: Fix logging for login/register actions. Previously, Zulip's server logs would not show which user or client was involved in login or user registration actions, which made debugging more annoying than it needed to be.
2017-08-25 01:11:30 +02:00
"""Creates a session, logging in the user, using the Django method,
and also adds helpful data needed by our server logs.
"""
django_login(request, user_profile)
middleware: Log user.id/realm.string_id instead of _email.
2020-03-09 11:39:20 +01:00
request._requestor_for_logs = user_profile.format_requestor_for_logs()
login: Fix logging for login/register actions. Previously, Zulip's server logs would not show which user or client was involved in login or user registration actions, which made debugging more annoying than it needed to be.
2017-08-25 01:11:30 +02:00
process_client(request, user_profile, is_browser_view=True)
2FA: Integrate with login feature.
2017-07-12 09:50:19 +02:00
if settings.TWO_FACTOR_AUTHENTICATION_ENABLED:
# Login with two factor authentication as well.
do_two_factor_login(request, user_profile)
login: Fix logging for login/register actions. Previously, Zulip's server logs would not show which user or client was involved in login or user registration actions, which made debugging more annoying than it needed to be.
2017-08-25 01:11:30 +02:00
zerver: Use Python 3 syntax for typing. Tweaked by tabbott to fix some minor whitespace errors.
2017-11-27 07:33:05 +01:00
def log_view_func(view_func: ViewFuncT) -> ViewFuncT:
auth: Set user_activity `query` nicely for several auth views. This gets used when we call `process_client`, which we generally do at some kind of login; and in particular, we do in the shared auth codepath `login_or_register_remote_user`. Add a decorator to make it easy, and use it on the various views that wind up there. In particular, this ensures that the `query` is some reasonable constant corresponding to the view, as intended. When not set, we fall back in `update_user_activity` on the URL path, but in particular for `log_into_subdomain` that can now contain a bunch of request-specific data, which makes it (a) not aggregate properly, and (b) not even fit in the `CHARACTER VARYING(50)` database field we've allotted it.
2017-11-03 22:26:31 +01:00
@wraps(view_func)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
def _wrapped_view_func(request: HttpRequest, *args: object, **kwargs: object) -> HttpResponse:
auth: Set user_activity `query` nicely for several auth views. This gets used when we call `process_client`, which we generally do at some kind of login; and in particular, we do in the shared auth codepath `login_or_register_remote_user`. Add a decorator to make it easy, and use it on the various views that wind up there. In particular, this ensures that the `query` is some reasonable constant corresponding to the view, as intended. When not set, we fall back in `update_user_activity` on the URL path, but in particular for `log_into_subdomain` that can now contain a bunch of request-specific data, which makes it (a) not aggregate properly, and (b) not even fit in the `CHARACTER VARYING(50)` database field we've allotted it.
2017-11-03 22:26:31 +01:00
request._query = view_func.__name__
return view_func(request, *args, **kwargs)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
return cast(ViewFuncT, _wrapped_view_func) # https://github.com/python/mypy/issues/1927
auth: Set user_activity `query` nicely for several auth views. This gets used when we call `process_client`, which we generally do at some kind of login; and in particular, we do in the shared auth codepath `login_or_register_remote_user`. Add a decorator to make it easy, and use it on the various views that wind up there. In particular, this ensures that the `query` is some reasonable constant corresponding to the view, as intended. When not set, we fall back in `update_user_activity` on the URL path, but in particular for `log_into_subdomain` that can now contain a bunch of request-specific data, which makes it (a) not aggregate properly, and (b) not even fit in the `CHARACTER VARYING(50)` database field we've allotted it.
2017-11-03 22:26:31 +01:00
zerver: Use Python 3 syntax for typing. Tweaked by tabbott to fix some minor whitespace errors.
2017-11-27 07:33:05 +01:00
def add_logging_data(view_func: ViewFuncT) -> ViewFuncT:
decorator: Add logging data to zulip_login_required. This fixes an issue that many logged=in pages such as /stats did not correctly report either the connecting client or the user in server logs.
2017-02-20 20:55:18 +01:00
@wraps(view_func)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
def _wrapped_view_func(request: HttpRequest, *args: object, **kwargs: object) -> HttpResponse:
user_activity: Allow passing the `query` more directly. This won't work for all call paths without deeper refactoring, but for at least some paths we can make this more direct -- function arguments, rather than mutating a request attribute -- so it's easier to see how the data is flowing.
2017-11-03 22:44:59 +01:00
process_client(request, request.user, is_browser_view=True,
query=view_func.__name__)
decorator: Add rate limiting to zulip_login_required.
2017-03-26 07:00:59 +02:00
return rate_limit()(view_func)(request, *args, **kwargs)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
return cast(ViewFuncT, _wrapped_view_func) # https://github.com/python/mypy/issues/1927
decorator: Add human_users_only decorator. Applies it to presence.update_active_status_backend as an example of usage.
2017-04-15 20:51:51 +02:00
zerver: Use Python 3 syntax for typing. Tweaked by tabbott to fix some minor whitespace errors.
2017-11-27 07:33:05 +01:00
def human_users_only(view_func: ViewFuncT) -> ViewFuncT:
decorator: Add human_users_only decorator. Applies it to presence.update_active_status_backend as an example of usage.
2017-04-15 20:51:51 +02:00
@wraps(view_func)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
def _wrapped_view_func(request: HttpRequest, *args: object, **kwargs: object) -> HttpResponse:
decorator: Add human_users_only decorator. Applies it to presence.update_active_status_backend as an example of usage.
2017-04-15 20:51:51 +02:00
if request.user.is_bot:
return json_error(_("This endpoint does not accept bot requests."))
return view_func(request, *args, **kwargs)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
return cast(ViewFuncT, _wrapped_view_func) # https://github.com/python/mypy/issues/1927
decorator: Add logging data to zulip_login_required. This fixes an issue that many logged=in pages such as /stats did not correctly report either the connecting client or the user in server logs.
2017-02-20 20:55:18 +01:00
Switch to using a Zulip version of @login_required. Currently the code is the unmodified Django upstream implementation; this commit is preparation for modifying it.
2016-04-21 23:48:34 +02:00
# Based on Django 1.8's @login_required
mypy: Use Python 3 type syntax in decorator.py.
2017-12-09 06:40:18 +01:00
def zulip_login_required(
mypy: Rewrite zulip_login_required annotations in terms of ViewFuncT.
2018-03-14 20:56:20 +01:00
function: Optional[ViewFuncT]=None,
zerver: Change use of typing.Text to str.
2018-05-11 01:39:17 +02:00
redirect_field_name: str=REDIRECT_FIELD_NAME,
login_url: str=settings.HOME_NOT_LOGGED_IN,
mypy: Rewrite zulip_login_required annotations in terms of ViewFuncT.
2018-03-14 20:56:20 +01:00
) -> Union[Callable[[ViewFuncT], ViewFuncT], ViewFuncT]:
decorator: Fix bogus function=None case of zulip_login_required. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 01:52:07 +02:00
actual_decorator = lambda function: user_passes_test(
zulip_login_required: Add checks for active users and realms. Like the recent change blocking JSON endpoints for deactivated users and users in deactivated realms, this change is a hardening improvement. Those users should be unable to get an active session anyway, but if somehow one is leaked, this means they won't be able to access any user data.
2016-04-22 00:56:39 +02:00
logged_in_and_active,
Switch to using a Zulip version of @login_required. Currently the code is the unmodified Django upstream implementation; this commit is preparation for modifying it.
2016-04-21 23:48:34 +02:00
login_url=login_url,
python: Use trailing commas consistently. Automatically generated by the following script, based on the output of lint with flake8-comma: import re import sys last_filename = None last_row = None lines = [] for msg in sys.stdin: m = re.match( r"\x1b\[35mflake8 \|\x1b\[0m \x1b\[1;31m(.+):(\d+):(\d+): (\w+)", msg ) if m: filename, row_str, col_str, err = m.groups() row, col = int(row_str), int(col_str) if filename == last_filename: assert last_row != row else: if last_filename is not None: with open(last_filename, "w") as f: f.writelines(lines) with open(filename) as f: lines = f.readlines() last_filename = filename last_row = row line = lines[row - 1] if err in ["C812", "C815"]: lines[row - 1] = line[: col - 1] + "," + line[col - 1 :] elif err in ["C819"]: assert line[col - 2] == "," lines[row - 1] = line[: col - 2] + line[col - 1 :].lstrip(" ") if last_filename is not None: with open(last_filename, "w") as f: f.writelines(lines) Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-10 05:23:40 +02:00
redirect_field_name=redirect_field_name,
decorator: Fix bogus function=None case of zulip_login_required. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 01:52:07 +02:00
)(
zulip_otp_required(
redirect_field_name=redirect_field_name, login_url=login_url,
)(add_logging_data(function))
2FA: Add zulip_otp_required decorator. We need to add this because otp_required doesn't play well with tests.
2017-07-12 10:16:02 +02:00
)
Switch to using a Zulip version of @login_required. Currently the code is the unmodified Django upstream implementation; this commit is preparation for modifying it.
2016-04-21 23:48:34 +02:00
if function:
decorator: Fix bogus function=None case of zulip_login_required. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 01:52:07 +02:00
return actual_decorator(function)
return actual_decorator # nocoverage # We don't use this without a function
Switch to using a Zulip version of @login_required. Currently the code is the unmodified Django upstream implementation; this commit is preparation for modifying it.
2016-04-21 23:48:34 +02:00
zerver: Use Python 3 syntax for typing. Tweaked by tabbott to fix some minor whitespace errors.
2017-11-27 07:33:05 +01:00
def require_server_admin(view_func: ViewFuncT) -> ViewFuncT:
Switch to using a Zulip version of @login_required. Currently the code is the unmodified Django upstream implementation; this commit is preparation for modifying it.
2016-04-21 23:48:34 +02:00
@zulip_login_required
Improve zulip_internal decorator. I added the @wraps decorator, and I point request._query at the function name to override the URL, since some of the internal URLs have realm names and domain names in them. I basically prefer the function names in most cases, so I just made this automatic for zulip_internal functions, rather than having to remember to address URL-vs.-function-name for every new endpoint. (imported from commit 5583607f395be4dfae0bac31e1cdbffdf51fb3e8)
2013-11-01 18:43:38 +01:00
@wraps(view_func)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
def _wrapped_view_func(request: HttpRequest, *args: object, **kwargs: object) -> HttpResponse:
decorator: Change /activity to be gated on is_staff. Zulip doesn't previously make use of the standard Django is_staff flag (in that the Django admin site is disabled), but since conceptually the /activity page would be part of the Django admin site if we were using it (i.e. for server-level administrators), it makes sense to key off of that rather than the previous, fragile, check for the realm domain name.
2016-12-14 06:02:50 +01:00
if not request.user.is_staff:
Add zulip_internal decorator for internal Zulip reports. (This also ensures that /queries is viewable only from inside Zulip.) (imported from commit 697da768889943ab6cea62b3e922cc43afa04759)
2013-10-22 15:39:39 +02:00
return HttpResponseRedirect(settings.HOME_NOT_LOGGED_IN)
Log client/email in zulip_internal decorator. (imported from commit 43b7ae75bd5cd3e8a086f82b31507079d999a42b)
2013-10-22 21:03:34 +02:00
decorator: Add logging data to zulip_login_required. This fixes an issue that many logged=in pages such as /stats did not correctly report either the connecting client or the user in server logs.
2017-02-20 20:55:18 +01:00
return add_logging_data(view_func)(request, *args, **kwargs)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
return cast(ViewFuncT, _wrapped_view_func) # https://github.com/python/mypy/issues/1927
Add api_key_only_webhook_view decorator. This is for webhook API endpoints that only get passed in an api_key, not an email. An example would be api_jira_webhook, and some of the code is borrowed from there. The rest of the code is from authenticated_api_view(). (imported from commit b5b2a4ea52f9b317f00357ef3142c76534fabf20)
2013-10-03 01:12:57 +02:00
decorator: Add decorator for checking whether user is server admin. This is just variabnt of `require_server_admin` for JSON/api views.
2018-04-15 18:29:06 +02:00
def require_server_admin_api(view_func: ViewFuncT) -> ViewFuncT:
@zulip_login_required
@wraps(view_func)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
def _wrapped_view_func(request: HttpRequest, user_profile: UserProfile, *args: object,
**kwargs: object) -> HttpResponse:
decorator: Add decorator for checking whether user is server admin. This is just variabnt of `require_server_admin` for JSON/api views.
2018-04-15 18:29:06 +02:00
if not user_profile.is_staff:
raise JsonableError(_("Must be an server administrator"))
return view_func(request, user_profile, *args, **kwargs)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
return cast(ViewFuncT, _wrapped_view_func) # https://github.com/python/mypy/issues/1927
decorator: Add decorator for checking whether user is server admin. This is just variabnt of `require_server_admin` for JSON/api views.
2018-04-15 18:29:06 +02:00
decorators: Add new decorators for guest users. These decorators will be part of the process for disabling access to various features for guest users. Adding this decorator to the subscribe endpoint breaks the guest users test we'd just added for the subscribe code path; we address this by adding a more base-level test on filter_stream_authorization.
2018-05-04 19:14:29 +02:00
def require_non_guest_user(view_func: ViewFuncT) -> ViewFuncT:
@wraps(view_func)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
def _wrapped_view_func(request: HttpRequest, user_profile: UserProfile, *args: object,
**kwargs: object) -> HttpResponse:
decorators: Add new decorators for guest users. These decorators will be part of the process for disabling access to various features for guest users. Adding this decorator to the subscribe endpoint breaks the guest users test we'd just added for the subscribe code path; we address this by adding a more base-level test on filter_stream_authorization.
2018-05-04 19:14:29 +02:00
if user_profile.is_guest:
raise JsonableError(_("Not allowed for guest users"))
return view_func(request, user_profile, *args, **kwargs)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
return cast(ViewFuncT, _wrapped_view_func) # https://github.com/python/mypy/issues/1927
decorators: Add new decorators for guest users. These decorators will be part of the process for disabling access to various features for guest users. Adding this decorator to the subscribe endpoint breaks the guest users test we'd just added for the subscribe code path; we address this by adding a more base-level test on filter_stream_authorization.
2018-05-04 19:14:29 +02:00
decorator: Refactor @require_non_guest_human_user decorator. Rename @require_non_guest_human_user to @require_member_or_admin. This is a refactor commit prior to introduction of Administrator Bots.
2019-06-18 16:43:22 +02:00
def require_member_or_admin(view_func: ViewFuncT) -> ViewFuncT:
decorators: Add new decorators for guest users. These decorators will be part of the process for disabling access to various features for guest users. Adding this decorator to the subscribe endpoint breaks the guest users test we'd just added for the subscribe code path; we address this by adding a more base-level test on filter_stream_authorization.
2018-05-04 19:14:29 +02:00
@wraps(view_func)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
def _wrapped_view_func(request: HttpRequest, user_profile: UserProfile, *args: object,
**kwargs: object) -> HttpResponse:
decorators: Add new decorators for guest users. These decorators will be part of the process for disabling access to various features for guest users. Adding this decorator to the subscribe endpoint breaks the guest users test we'd just added for the subscribe code path; we address this by adding a more base-level test on filter_stream_authorization.
2018-05-04 19:14:29 +02:00
if user_profile.is_guest:
raise JsonableError(_("Not allowed for guest users"))
if user_profile.is_bot:
return json_error(_("This endpoint does not accept bot requests."))
return view_func(request, user_profile, *args, **kwargs)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
return cast(ViewFuncT, _wrapped_view_func) # https://github.com/python/mypy/issues/1927
settings: Add setting for who can edit user groups. Fixes #12380.
2019-11-02 17:58:55 +01:00
decorator: Extract require_user_group_edit_permission. We move the check that the user is a member or admin inot this decorator. This name better communicates that this may do other checks beyond just verifying the policy.
2019-11-16 15:56:40 +01:00
def require_user_group_edit_permission(view_func: ViewFuncT) -> ViewFuncT:
@require_member_or_admin
settings: Add setting for who can edit user groups. Fixes #12380.
2019-11-02 17:58:55 +01:00
@wraps(view_func)
def _wrapped_view_func(request: HttpRequest, user_profile: UserProfile,
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
*args: object, **kwargs: object) -> HttpResponse:
settings: Add setting for who can edit user groups. Fixes #12380.
2019-11-02 17:58:55 +01:00
realm = user_profile.realm
if realm.user_group_edit_policy != Realm.USER_GROUP_EDIT_POLICY_MEMBERS and \
not user_profile.is_realm_admin:
decorator: Extract OrganizationAdministratorRequired common exception. This eliminates significant code duplication of error messages for situations where an organization administrator is required.
2019-11-16 15:53:56 +01:00
raise OrganizationAdministratorRequired()
settings: Add setting for who can edit user groups. Fixes #12380.
2019-11-02 17:58:55 +01:00
return view_func(request, user_profile, *args, **kwargs)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
return cast(ViewFuncT, _wrapped_view_func) # https://github.com/python/mypy/issues/1927
decorators: Add new decorators for guest users. These decorators will be part of the process for disabling access to various features for guest users. Adding this decorator to the subscribe endpoint breaks the guest users test we'd just added for the subscribe code path; we address this by adding a more base-level test on filter_stream_authorization.
2018-05-04 19:14:29 +02:00
uploads: Add new way of querying for mobile uploads endpoint. This extends the /user_uploads API endpoint to support passing the authentication credentials via the URL, not the HTTP_AUTHORIZATION headers. This is an important workaround for the fact that React Native's Webview system doesn't support setting HTTP_AUTHORIZATION; the app will be responsible for rewriting URLs for uploaded files directly to add this parameter.
2018-04-13 19:04:39 +02:00
# This API endpoint is used only for the mobile apps. It is part of a
# workaround for the fact that React Native doesn't support setting
# HTTP basic authentication headers.
decorator: Fix type of signature-changing decorators. In a decorator annotated with generic type (ViewFuncT) -> ViewFuncT, the type variable ViewFuncT = TypeVar(…) must be instantiated to the *same* type in both places. This amounts to a claim that the decorator preserves the signature of the view function, which is not the case for decorators that add a user_profile parameter. The corrected annotations enforce no particular relationship between the input and output signatures, which is not the ideal type we might get if mypy supported variadic generics, but is better than enforcing a relationship that is guaranteed to be wrong. This removes a bunch of ‘# type: ignore[call-arg] # mypy doesn't seem to apply the decorator’ annotations. Mypy does apply the decorator, but the decorator’s incorrect annotation as signature-preserving made it appear as if it didn’t. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-23 04:30:55 +02:00
def authenticated_uploads_api_view(
skip_rate_limiting: bool = False,
) -> Callable[[Callable[..., HttpResponse]], Callable[..., HttpResponse]]:
def _wrapped_view_func(view_func: Callable[..., HttpResponse]) -> Callable[..., HttpResponse]:
uploads: Add new way of querying for mobile uploads endpoint. This extends the /user_uploads API endpoint to support passing the authentication credentials via the URL, not the HTTP_AUTHORIZATION headers. This is an important workaround for the fact that React Native's Webview system doesn't support setting HTTP_AUTHORIZATION; the app will be responsible for rewriting URLs for uploaded files directly to add this parameter.
2018-04-13 19:04:39 +02:00
@csrf_exempt
@has_request_variables
@wraps(view_func)
def _wrapped_func_arguments(request: HttpRequest,
api_key: str=REQ(),
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
*args: object, **kwargs: object) -> HttpResponse:
uploads: Add new way of querying for mobile uploads endpoint. This extends the /user_uploads API endpoint to support passing the authentication credentials via the URL, not the HTTP_AUTHORIZATION headers. This is an important workaround for the fact that React Native's Webview system doesn't support setting HTTP_AUTHORIZATION; the app will be responsible for rewriting URLs for uploaded files directly to add this parameter.
2018-04-13 19:04:39 +02:00
user_profile = validate_api_key(request, None, api_key, False)
decorator: Skip rate limiting when accessing user uploads. The code paths for accessing user-uploaded files are both (A) highly optimized so as to not require a ton of work, and (B) a code path where it's totally reasonable for a client to need to fetch 100+ images all at once (e.g. if it's the first browser open in a setting with a lot of distinct senders with avatars or a lot of image previews). Additionally, we've been seeing exceptions logged in the production redis configuration caused by this code path (basically, locking failures trying to update the rate-limit data structures). So we skip running our current rate limiting algorithm for these views.
2018-12-11 20:46:52 +01:00
if not skip_rate_limiting:
limited_func = rate_limit()(view_func)
else:
limited_func = view_func
uploads: Add new way of querying for mobile uploads endpoint. This extends the /user_uploads API endpoint to support passing the authentication credentials via the URL, not the HTTP_AUTHORIZATION headers. This is an important workaround for the fact that React Native's Webview system doesn't support setting HTTP_AUTHORIZATION; the app will be responsible for rewriting URLs for uploaded files directly to add this parameter.
2018-04-13 19:04:39 +02:00
return limited_func(request, user_profile, *args, **kwargs)
return _wrapped_func_arguments
return _wrapped_view_func
Comment that authenticated_rest_api_view does Basic auth (imported from commit 145ea6b0a17ab904c32e23e809410f56448baa72)
2013-08-29 20:47:04 +02:00
# A more REST-y authentication decorator, using, in particular, HTTP Basic
# authentication.
webhooks: Fix passing client string to authenticated webhook API views. This fixes a regression in 93678e89cd29da5b8106e278fa776f90f6fed33f and a4979410f983e7aaa10f4833a9c302110bea685c, where the webhooks using authenticated_rest_api_view were migrated to a new model that didn't include setting a custom Client string for the webhook. When restoring these webhooks' client strings, we also fix places where the client string was not capitalized the same was as the product's name.
2018-03-16 23:37:32 +01:00
#
# If webhook_client_name is specific, the request is a webhook view
# with that string as the basis for the client string.
decorator: Fix type of signature-changing decorators. In a decorator annotated with generic type (ViewFuncT) -> ViewFuncT, the type variable ViewFuncT = TypeVar(…) must be instantiated to the *same* type in both places. This amounts to a claim that the decorator preserves the signature of the view function, which is not the case for decorators that add a user_profile parameter. The corrected annotations enforce no particular relationship between the input and output signatures, which is not the ideal type we might get if mypy supported variadic generics, but is better than enforcing a relationship that is guaranteed to be wrong. This removes a bunch of ‘# type: ignore[call-arg] # mypy doesn't seem to apply the decorator’ annotations. Mypy does apply the decorator, but the decorator’s incorrect annotation as signature-preserving made it appear as if it didn’t. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-23 04:30:55 +02:00
def authenticated_rest_api_view(
*,
webhook_client_name: Optional[str] = None,
webhooks: Rename is_webhook to allow_webhook_access. This argument does not define if an endpoint "is a webhook"; it is set for "/api/v1/messages", which is not really a webhook, but allows access from webhooks.
2020-09-22 00:38:29 +02:00
allow_webhook_access: bool = False,
decorator: Fix type of signature-changing decorators. In a decorator annotated with generic type (ViewFuncT) -> ViewFuncT, the type variable ViewFuncT = TypeVar(…) must be instantiated to the *same* type in both places. This amounts to a claim that the decorator preserves the signature of the view function, which is not the case for decorators that add a user_profile parameter. The corrected annotations enforce no particular relationship between the input and output signatures, which is not the ideal type we might get if mypy supported variadic generics, but is better than enforcing a relationship that is guaranteed to be wrong. This removes a bunch of ‘# type: ignore[call-arg] # mypy doesn't seem to apply the decorator’ annotations. Mypy does apply the decorator, but the decorator’s incorrect annotation as signature-preserving made it appear as if it didn’t. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-23 04:30:55 +02:00
skip_rate_limiting: bool = False,
) -> Callable[[Callable[..., HttpResponse]], Callable[..., HttpResponse]]:
webhooks: Simplify logic around is_webhook_access. We clearly allow webhook access if we are setting the webhook_client_name. This removes the need for the `or`s later.
2020-09-22 00:42:29 +02:00
if webhook_client_name is not None:
allow_webhook_access = True
decorator: Fix type of signature-changing decorators. In a decorator annotated with generic type (ViewFuncT) -> ViewFuncT, the type variable ViewFuncT = TypeVar(…) must be instantiated to the *same* type in both places. This amounts to a claim that the decorator preserves the signature of the view function, which is not the case for decorators that add a user_profile parameter. The corrected annotations enforce no particular relationship between the input and output signatures, which is not the ideal type we might get if mypy supported variadic generics, but is better than enforcing a relationship that is guaranteed to be wrong. This removes a bunch of ‘# type: ignore[call-arg] # mypy doesn't seem to apply the decorator’ annotations. Mypy does apply the decorator, but the decorator’s incorrect annotation as signature-preserving made it appear as if it didn’t. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-23 04:30:55 +02:00
def _wrapped_view_func(view_func: Callable[..., HttpResponse]) -> Callable[..., HttpResponse]:
Add is_webhook option to authentication decorats. Modified: authenticated_rest_api_view authenticated_api_view and validate_api_key.
2016-05-18 20:35:35 +02:00
@csrf_exempt
@wraps(view_func)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
def _wrapped_func_arguments(request: HttpRequest, *args: object, **kwargs: object) -> HttpResponse:
Add is_webhook option to authentication decorats. Modified: authenticated_rest_api_view authenticated_api_view and validate_api_key.
2016-05-18 20:35:35 +02:00
# First try block attempts to get the credentials we need to do authentication
try:
# Grab the base64-encoded authentication string, decode it, and split it into
# the email and API key
zerver/decorator.py: Use force_bytes instead of encode. The value type of request.META is str, not text type. So use force_bytes on the data instead of encode('utf-8').
2016-07-07 21:50:08 +02:00
auth_type, credentials = request.META['HTTP_AUTHORIZATION'].split()
Add is_webhook option to authentication decorats. Modified: authenticated_rest_api_view authenticated_api_view and validate_api_key.
2016-05-18 20:35:35 +02:00
# case insensitive per RFC 1945
if auth_type.lower() != "basic":
capitalization: Fix Only Basic authentication is supported.
2017-03-08 18:04:59 +01:00
return json_error(_("This endpoint requires HTTP basic authentication."))
Don't use force_bytes() in decorator.py. In python3 base64.b64decode() can take an ASCII string, and any legit data will be ASCII. If you pass in non-ASCII data, the function will properly throw a ValueError (verified in python3 shell). >>> s = '안녕하세요' >>> import base64 >>> base64.b64decode(s) Traceback (most recent call last): File "/srv/zulip-py3-venv/lib/python3.4/base64.py", line 37, in _bytes_from_decode_data return s.encode('ascii') UnicodeEncodeError: 'ascii' codec can't encode characters in position 0-4: ordinal not in range(128) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/srv/zulip-py3-venv/lib/python3.4/base64.py", line 83, in b64decode s = _bytes_from_decode_data(s) File "/srv/zulip-py3-venv/lib/python3.4/base64.py", line 39, in _bytes_from_decode_data raise ValueError('string argument should contain only ASCII characters') ValueError: string argument should contain only ASCII characters
2017-11-04 16:53:23 +01:00
role, api_key = base64.b64decode(credentials).decode('utf-8').split(":")
Add is_webhook option to authentication decorats. Modified: authenticated_rest_api_view authenticated_api_view and validate_api_key.
2016-05-18 20:35:35 +02:00
except ValueError:
Fix unnecessary traceback in authenticated_rest_api_view. Apparently, we weren't returning the `json_error`, resulting in users encountering this condition receiving a 500, rather than the proper 40x error. This fixes a regresion introduced in 9ae68ade8b514940a49764ac6ecc802a57519d5b.
2017-01-29 21:48:10 +01:00
return json_unauthorized(_("Invalid authorization header for basic auth"))
Add is_webhook option to authentication decorats. Modified: authenticated_rest_api_view authenticated_api_view and validate_api_key.
2016-05-18 20:35:35 +02:00
except KeyError:
decorator: Test error cases for authenticated_rest_api_view. We now have 100% coverage on this important function.
2018-04-26 07:14:21 +02:00
return json_unauthorized(_("Missing authorization header for basic auth"))
Add is_webhook option to authentication decorats. Modified: authenticated_rest_api_view authenticated_api_view and validate_api_key.
2016-05-18 20:35:35 +02:00
# Now we try to do authentication or die
try:
Add support infrastructure for push notification bouncer service. This is an incomplete cleaned-up continuation of Lisa Neigut's push notification bouncer work. It supports registration and deregistration of individual push tokens with a central push notification bouncer server. It still is missing a few things before we can complete this effort: * A registration form for server admins to configure their server for this service, with tests. * Code (and tests) for actually bouncing the notifications.
2016-10-27 23:55:31 +02:00
# profile is a Union[UserProfile, RemoteZulipServer]
webhooks: Fix passing client string to authenticated webhook API views. This fixes a regression in 93678e89cd29da5b8106e278fa776f90f6fed33f and a4979410f983e7aaa10f4833a9c302110bea685c, where the webhooks using authenticated_rest_api_view were migrated to a new model that didn't include setting a custom Client string for the webhook. When restoring these webhooks' client strings, we also fix places where the client string was not capitalized the same was as the product's name.
2018-03-16 23:37:32 +01:00
profile = validate_api_key(request, role, api_key,
webhooks: Simplify logic around is_webhook_access. We clearly allow webhook access if we are setting the webhook_client_name. This removes the need for the `or`s later.
2020-09-22 00:42:29 +02:00
allow_webhook_access=allow_webhook_access,
webhooks: Fix passing client string to authenticated webhook API views. This fixes a regression in 93678e89cd29da5b8106e278fa776f90f6fed33f and a4979410f983e7aaa10f4833a9c302110bea685c, where the webhooks using authenticated_rest_api_view were migrated to a new model that didn't include setting a custom Client string for the webhook. When restoring these webhooks' client strings, we also fix places where the client string was not capitalized the same was as the product's name.
2018-03-16 23:37:32 +01:00
client_name=full_webhook_client_name(webhook_client_name))
Add is_webhook option to authentication decorats. Modified: authenticated_rest_api_view authenticated_api_view and validate_api_key.
2016-05-18 20:35:35 +02:00
except JsonableError as e:
JsonableError: Rename message from `error` to `msg`. The whole thing is an error, so "message" is a more apt word for the error message specifically. We abbreviate that as `msg` in the actual HTTP responses and in the signatures of `json_error` and friends, so do the same here.
2017-07-20 00:22:36 +02:00
return json_unauthorized(e.msg)
decorators: Log webhook error payloads in authenticated_rest_api_view. This completes the effort to ensure that all of our webhooks that do parsing of the third-party message format log something that we can use to debug cases where we're not parsing the payloads correctly.
2018-03-27 04:34:43 +02:00
try:
decorator: Skip rate limiting when accessing user uploads. The code paths for accessing user-uploaded files are both (A) highly optimized so as to not require a ton of work, and (B) a code path where it's totally reasonable for a client to need to fetch 100+ images all at once (e.g. if it's the first browser open in a setting with a lot of distinct senders with avatars or a lot of image previews). Additionally, we've been seeing exceptions logged in the production redis configuration caused by this code path (basically, locking failures trying to update the rate-limit data structures). So we skip running our current rate limiting algorithm for these views.
2018-12-11 20:46:52 +01:00
if not skip_rate_limiting:
# Apply rate limiting
target_view_func = rate_limit()(view_func)
else:
target_view_func = view_func
return target_view_func(request, profile, *args, **kwargs)
decorators: Log webhook error payloads in authenticated_rest_api_view. This completes the effort to ensure that all of our webhooks that do parsing of the third-party message format log something that we can use to debug cases where we're not parsing the payloads correctly.
2018-03-27 04:34:43 +02:00
except Exception as err:
webhooks: Never log JsonableError to webook loggers. These represent known errors in what the user submitted. This is slightly complicated by UnsupportedWebhookEventType being an instance of JsonableError.
2020-09-22 00:50:08 +02:00
if not webhook_client_name:
raise err
if isinstance(err, JsonableError) and not isinstance(err, UnsupportedWebhookEventType): # nocoverage
raise err
if isinstance(err, UnsupportedWebhookEventType):
err.webhook_name = webhook_client_name
log_exception_to_webhook_logger(
summary=str(err),
unsupported_event=isinstance(err, UnsupportedWebhookEventType),
)
decorators: Log webhook error payloads in authenticated_rest_api_view. This completes the effort to ensure that all of our webhooks that do parsing of the third-party message format log something that we can use to debug cases where we're not parsing the payloads correctly.
2018-03-27 04:34:43 +02:00
raise err
Add is_webhook option to authentication decorats. Modified: authenticated_rest_api_view authenticated_api_view and validate_api_key.
2016-05-18 20:35:35 +02:00
return _wrapped_func_arguments
Implement generic rest_dispatch method for new API. (imported from commit 912ee803db03098f195d18648ab98401915fead6)
2013-03-21 20:15:27 +01:00
return _wrapped_view_func
zerver: Use Python 3 syntax for typing. Tweaked by tabbott to fix some minor whitespace errors.
2017-11-27 07:33:05 +01:00
def process_as_post(view_func: ViewFuncT) -> ViewFuncT:
Create update_subscriptions_backend to allow mass mutation of user subs. This includes a process_patch_as_post decorator which enables this view to be invoked as a PATCH on an object. Hopefully this decorator can go away once POST values are correctly parsed in Django for PATCH verb invocations. (imported from commit 6cf9d69cfb9dea5354ea37408566146757b5be54)
2013-03-21 20:18:44 +01:00
@wraps(view_func)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
def _wrapped_view_func(request: HttpRequest, *args: object, **kwargs: object) -> HttpResponse:
Create update_subscriptions_backend to allow mass mutation of user subs. This includes a process_patch_as_post decorator which enables this view to be invoked as a PATCH on an object. Hopefully this decorator can go away once POST values are correctly parsed in Django for PATCH verb invocations. (imported from commit 6cf9d69cfb9dea5354ea37408566146757b5be54)
2013-03-21 20:18:44 +01:00
# Adapted from django/http/__init__.py.
# So by default Django doesn't populate request.POST for anything besides
Rename process_patch_as_post to process_as_post for generality (imported from commit c920216176a8b6d4b0172a60b6e65df6a58fc79a)
2013-04-03 21:44:12 +02:00
# POST requests. We want this dict populated for PATCH/PUT, so we have to
Create update_subscriptions_backend to allow mass mutation of user subs. This includes a process_patch_as_post decorator which enables this view to be invoked as a PATCH on an object. Hopefully this decorator can go away once POST values are correctly parsed in Django for PATCH verb invocations. (imported from commit 6cf9d69cfb9dea5354ea37408566146757b5be54)
2013-03-21 20:18:44 +01:00
# do it ourselves.
#
# This will not be required in the future, a bug will be filed against
# Django upstream.
Don't convert to POST vars if POST is already populated. Otherwise you could encounter errors if you POST to a method with this decorator applied. (imported from commit bcb31f336ea2a1eeee6b9e3e9dfeed1d205ae26a)
2013-04-03 22:01:58 +02:00
if not request.POST:
# Only take action if POST is empty.
if request.META.get('CONTENT_TYPE', '').startswith('multipart'):
Support request.FILES in process_as_post. (imported from commit 646019b5efe4ae3f6f66f99f76f2036d9fd9ec8e)
2013-08-01 19:33:30 +02:00
# Note that request._files is just the private attribute that backs the
# FILES property, so we are essentially setting request.FILES here. (In
# Django 1.5 FILES was still a read-only property.)
pep8: Fix many rule E128 violations. [Tweaked by tabbott to adjust some approaches used in wrapping]
2016-12-03 00:04:17 +01:00
request.POST, request._files = MultiPartParser(
request.META,
BytesIO(request.body),
request.upload_handlers,
python: Use trailing commas consistently. Automatically generated by the following script, based on the output of lint with flake8-comma: import re import sys last_filename = None last_row = None lines = [] for msg in sys.stdin: m = re.match( r"\x1b\[35mflake8 \|\x1b\[0m \x1b\[1;31m(.+):(\d+):(\d+): (\w+)", msg ) if m: filename, row_str, col_str, err = m.groups() row, col = int(row_str), int(col_str) if filename == last_filename: assert last_row != row else: if last_filename is not None: with open(last_filename, "w") as f: f.writelines(lines) with open(filename) as f: lines = f.readlines() last_filename = filename last_row = row line = lines[row - 1] if err in ["C812", "C815"]: lines[row - 1] = line[: col - 1] + "," + line[col - 1 :] elif err in ["C819"]: assert line[col - 2] == "," lines[row - 1] = line[: col - 2] + line[col - 1 :].lstrip(" ") if last_filename is not None: with open(last_filename, "w") as f: f.writelines(lines) Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-10 05:23:40 +02:00
request.encoding,
pep8: Fix many rule E128 violations. [Tweaked by tabbott to adjust some approaches used in wrapping]
2016-12-03 00:04:17 +01:00
).parse()
Don't convert to POST vars if POST is already populated. Otherwise you could encounter errors if you POST to a method with this decorator applied. (imported from commit bcb31f336ea2a1eeee6b9e3e9dfeed1d205ae26a)
2013-04-03 22:01:58 +02:00
else:
request.POST = QueryDict(request.body, encoding=request.encoding)
Create update_subscriptions_backend to allow mass mutation of user subs. This includes a process_patch_as_post decorator which enables this view to be invoked as a PATCH on an object. Hopefully this decorator can go away once POST values are correctly parsed in Django for PATCH verb invocations. (imported from commit 6cf9d69cfb9dea5354ea37408566146757b5be54)
2013-03-21 20:18:44 +01:00
return view_func(request, *args, **kwargs)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
return cast(ViewFuncT, _wrapped_view_func) # https://github.com/python/mypy/issues/1927
Create update_subscriptions_backend to allow mass mutation of user subs. This includes a process_patch_as_post decorator which enables this view to be invoked as a PATCH on an object. Hopefully this decorator can go away once POST values are correctly parsed in Django for PATCH verb invocations. (imported from commit 6cf9d69cfb9dea5354ea37408566146757b5be54)
2013-03-21 20:18:44 +01:00
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
def authenticate_log_and_execute_json(
request: HttpRequest,
view_func: ViewFuncT,
*args: object,
skip_rate_limiting: bool = False,
allow_unauthenticated: bool = False,
**kwargs: object,
) -> HttpResponse:
report: Allow error-reporting views from unauthed users. This should make it possible for blueslip error reports to be sent on our logged-out portico pages, which should in turn make it possible to debug any such issues as they occur.
2018-12-17 00:10:20 +01:00
if not skip_rate_limiting:
limited_view_func = rate_limit()(view_func)
else:
limited_view_func = view_func
Django 1.11: is_authenticated is now a property.
2017-05-18 11:42:19 +02:00
if not request.user.is_authenticated:
report: Allow error-reporting views from unauthed users. This should make it possible for blueslip error reports to be sent on our logged-out portico pages, which should in turn make it possible to debug any such issues as they occur.
2018-12-17 00:10:20 +01:00
if not allow_unauthenticated:
exceptions: Move default json_unauthorized string to response.py. This small refactor should make it easier to reuse this exception for other situations as well.
2019-09-14 00:58:02 +02:00
return json_unauthorized()
report: Allow error-reporting views from unauthed users. This should make it possible for blueslip error reports to be sent on our logged-out portico pages, which should in turn make it possible to debug any such issues as they occur.
2018-12-17 00:10:20 +01:00
process_client(request, request.user, is_browser_view=True,
skip_update_user_activity=True,
query=view_func.__name__)
return limited_view_func(request, request.user, *args, **kwargs)
[manual] Authenticate using a user_profile as request.user. When this is deployed to staging, we need to run ./manage.py logout_all_users --realm=humbughq.com When this is deployed to prod, we need to run ./manage.py logout_all_users (imported from commit d6c6ea4b1c347f3d9122742db23c7b67767a7349)
2013-03-29 17:39:53 +01:00
user_profile = request.user
decorator: Extract validate_account_and_subdomain and deduplicate. This fixes the significant duplication of code between the authenticate_log_and_execute_json code path and the `validate_api_key` code path. These's till a bit of duplication, in the form of `process_client` and `request._email` interactions, but it is very minor at this point.
2017-08-15 01:28:48 +02:00
validate_account_and_subdomain(request, user_profile)
Add new is_incoming_webhook bot type. This type of bot is only able to send messages via webhook endpoints.
2016-05-19 23:44:58 +02:00
if user_profile.is_incoming_webhook:
raise JsonableError(_("Webhook bots can only access webhooks"))
subdomains: Enforce subdomain checks on every API endpoint. This ensures that everything is using the correct subdomain for requests. While it probably wouldn't be a real security problem for the wrong subdomain to work, this enforcement is essential to catching bugs in the product and users' API scripts.
2016-08-14 04:16:39 +02:00
decorator: Set the user_activity query in another case. Now that this is a little less mysterious-looking to do, let's do it in this spot too.
2017-11-03 22:58:33 +01:00
process_client(request, user_profile, is_browser_view=True,
query=view_func.__name__)
report: Allow error-reporting views from unauthed users. This should make it possible for blueslip error reports to be sent on our logged-out portico pages, which should in turn make it possible to debug any such issues as they occur.
2018-12-17 00:10:20 +01:00
return limited_view_func(request, user_profile, *args, **kwargs)
decorators: split authenticated_json_view into POST and non-POST versions. (imported from commit cdcfdb51c379c07e94ebc763cf925e6a73747fc0)
2012-12-02 20:51:51 +01:00
decorator: Remove authenticated_json_post_view. It’s effectively a combination of require_post with authenticated_json_view and has one use. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 03:22:41 +02:00
# Checks if the user is logged in. If not, return an error (the
# @login_required behavior of redirecting to a login page doesn't make
# sense for json views)
decorator: Fix type of signature-changing decorators. In a decorator annotated with generic type (ViewFuncT) -> ViewFuncT, the type variable ViewFuncT = TypeVar(…) must be instantiated to the *same* type in both places. This amounts to a claim that the decorator preserves the signature of the view function, which is not the case for decorators that add a user_profile parameter. The corrected annotations enforce no particular relationship between the input and output signatures, which is not the ideal type we might get if mypy supported variadic generics, but is better than enforcing a relationship that is guaranteed to be wrong. This removes a bunch of ‘# type: ignore[call-arg] # mypy doesn't seem to apply the decorator’ annotations. Mypy does apply the decorator, but the decorator’s incorrect annotation as signature-preserving made it appear as if it didn’t. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-23 04:30:55 +02:00
def authenticated_json_view(
view_func: Callable[..., HttpResponse],
skip_rate_limiting: bool = False,
allow_unauthenticated: bool = False,
) -> Callable[..., HttpResponse]:
decorators: split authenticated_json_view into POST and non-POST versions. (imported from commit cdcfdb51c379c07e94ebc763cf925e6a73747fc0)
2012-12-02 20:51:51 +01:00
@wraps(view_func)
mypy: Use Python 3 type syntax in decorator.py.
2017-12-09 06:40:18 +01:00
def _wrapped_view_func(request: HttpRequest,
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
*args: object, **kwargs: object) -> HttpResponse:
return authenticate_log_and_execute_json(
request,
view_func,
*args,
skip_rate_limiting=skip_rate_limiting,
allow_unauthenticated=allow_unauthenticated,
**kwargs,
)
decorator: Fix type of signature-changing decorators. In a decorator annotated with generic type (ViewFuncT) -> ViewFuncT, the type variable ViewFuncT = TypeVar(…) must be instantiated to the *same* type in both places. This amounts to a claim that the decorator preserves the signature of the view function, which is not the case for decorators that add a user_profile parameter. The corrected annotations enforce no particular relationship between the input and output signatures, which is not the ideal type we might get if mypy supported variadic generics, but is better than enforcing a relationship that is guaranteed to be wrong. This removes a bunch of ‘# type: ignore[call-arg] # mypy doesn't seem to apply the decorator’ annotations. Mypy does apply the decorator, but the decorator’s incorrect annotation as signature-preserving made it appear as if it didn’t. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-23 04:30:55 +02:00
return _wrapped_view_func
Add magic request variable extractor decorator Functions with the @has_request_variables decorator can have some of their arguments extracted from the HTTP request. For each such argument, its default value should be an instance of the POST class. The arguments to the POST constructor control the request variable name that the function parameter should be populated from (it defaults to the same as the parameter name), whether the value should be converted before being passed, and whether a default value should be supplied if the parameter is missing from the request. (imported from commit ba1c25d73ba3980e44abec1458e6496807fcdaa4)
2012-11-01 23:21:12 +01:00
zerver: Change use of typing.Text to str.
2018-05-11 01:39:17 +02:00
def is_local_addr(addr: str) -> bool:
decorators: Extract is_local_addr().
2016-07-09 20:37:09 +02:00
return addr in ('127.0.0.1', '::1')
Create and use @internal_notify_view Resolves #288. (imported from commit 982bf5651a34fa66cd81c882ed0351829eaadf86)
2012-11-28 05:37:13 +01:00
# These views are used by the main Django server to notify the Tornado server
# of events. We protect them from the outside world by checking a shared
# secret, and also the originating IP (for now).
zerver: Use Python 3 syntax for typing. Tweaked by tabbott to fix some minor whitespace errors.
2017-11-27 07:33:05 +01:00
def authenticate_notify(request: HttpRequest) -> bool:
lint: Clean up W503 PEP-8 warning.
2017-01-24 05:50:04 +01:00
return (is_local_addr(request.META['REMOTE_ADDR']) and
request.POST.get('secret') == settings.SHARED_SECRET)
Create and use @internal_notify_view Resolves #288. (imported from commit 982bf5651a34fa66cd81c882ed0351829eaadf86)
2012-11-28 05:37:13 +01:00
zerver: Use Python 3 syntax for typing. Tweaked by tabbott to fix some minor whitespace errors.
2017-11-27 07:33:05 +01:00
def client_is_exempt_from_rate_limiting(request: HttpRequest) -> bool:
Extracted client_is_exempt_from_rate_limiting().
2016-07-09 08:08:42 +02:00
# Don't rate limit requests from Django that come from our own servers,
# and don't rate-limit dev instances
lint: Clean up W503 PEP-8 warning.
2017-01-24 05:50:04 +01:00
return ((request.client and request.client.name.lower() == 'internal') and
(is_local_addr(request.META['REMOTE_ADDR']) or
settings.DEBUG_RATE_LIMITING))
Extracted client_is_exempt_from_rate_limiting().
2016-07-09 08:08:42 +02:00
mypy: Fully use ViewFuncT in decorators.py; remove WrappedViewFuncT. Many declarations were previously annotated with Callable[..., HttpResponse]; this is equivalent to ViewFuncT, so here we switch to it. To enable this migration, the WrappedViewFuncT alias is removed; this is equivalent to the simple & legible Callable[[ViewFuncT], ViewFuncT], so for relatively no space change, a clearer return type is possible.
2018-03-13 23:03:41 +01:00
def internal_notify_view(is_tornado_view: bool) -> Callable[[ViewFuncT], ViewFuncT]:
mypy: Improve return type of internal_notify_view decorator.
2017-10-28 05:52:10 +02:00
# The typing here could be improved by using the Extended Callable types:
# https://mypy.readthedocs.io/en/latest/kinds_of_types.html#extended-callable-types
decorator: Add support for Django internal_notify_view.
2017-04-18 18:56:19 +02:00
"""Used for situations where something running on the Zulip server
needs to make a request to the (other) Django/Tornado processes running on
the server."""
mypy: Fully use ViewFuncT in decorators.py; remove WrappedViewFuncT. Many declarations were previously annotated with Callable[..., HttpResponse]; this is equivalent to ViewFuncT, so here we switch to it. To enable this migration, the WrappedViewFuncT alias is removed; this is equivalent to the simple & legible Callable[[ViewFuncT], ViewFuncT], so for relatively no space change, a clearer return type is possible.
2018-03-13 23:03:41 +01:00
def _wrapped_view_func(view_func: ViewFuncT) -> ViewFuncT:
decorator: Add support for Django internal_notify_view.
2017-04-18 18:56:19 +02:00
@csrf_exempt
@require_post
@wraps(view_func)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
def _wrapped_func_arguments(request: HttpRequest, *args: object, **kwargs: object) -> HttpResponse:
decorator: Add support for Django internal_notify_view.
2017-04-18 18:56:19 +02:00
if not authenticate_notify(request):
return json_error(_('Access denied'), status=403)
is_tornado_request = hasattr(request, '_tornado_handler')
# These next 2 are not security checks; they are internal
# assertions to help us find bugs.
if is_tornado_view and not is_tornado_request:
raise RuntimeError('Tornado notify view called with no Tornado handler')
if not is_tornado_view and is_tornado_request:
raise RuntimeError('Django notify view called with Tornado handler')
middleware: Log user.id/realm.string_id instead of _email.
2020-03-09 11:39:20 +01:00
request._requestor_for_logs = "internal"
decorator: Add support for Django internal_notify_view.
2017-04-18 18:56:19 +02:00
return view_func(request, *args, **kwargs)
return _wrapped_func_arguments
Create and use @internal_notify_view Resolves #288. (imported from commit 982bf5651a34fa66cd81c882ed0351829eaadf86)
2012-11-28 05:37:13 +01:00
return _wrapped_view_func
zerver: Change use of typing.Text to str.
2018-05-11 01:39:17 +02:00
def to_utc_datetime(timestamp: str) -> datetime.datetime:
decorator.py: Add to_utc_datetime converter function.
2016-12-22 04:46:31 +01:00
return timestamp_to_datetime(float(timestamp))
decorator: Strengthen types of signature-preserving decorators. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 01:52:37 +02:00
def statsd_increment(counter: str, val: int=1) -> Callable[[FuncT], FuncT]:
Add a decorator for sending count information to statsd (imported from commit 5263e39d8c235ac56517f0a69a1b1337e6f8942a)
2013-04-16 22:52:32 +02:00
"""Increments a statsd counter on completion of the
decorated function.
Pass the name of the counter to this decorator-returning function."""
decorator: Strengthen types of signature-preserving decorators. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 01:52:37 +02:00
def wrapper(func: FuncT) -> FuncT:
Add a decorator for sending count information to statsd (imported from commit 5263e39d8c235ac56517f0a69a1b1337e6f8942a)
2013-04-16 22:52:32 +02:00
@wraps(func)
decorator: Strengthen types of signature-preserving decorators. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 01:52:37 +02:00
def wrapped_func(*args: object, **kwargs: object) -> object:
Add a rate limiting system to our backend (imported from commit a1218618918b4dedc77307e2f277665e7dd8fa22)
2013-05-29 23:58:07 +02:00
ret = func(*args, **kwargs)
Add a decorator for sending count information to statsd (imported from commit 5263e39d8c235ac56517f0a69a1b1337e6f8942a)
2013-04-16 22:52:32 +02:00
statsd.incr(counter, val)
Add a rate limiting system to our backend (imported from commit a1218618918b4dedc77307e2f277665e7dd8fa22)
2013-05-29 23:58:07 +02:00
return ret
decorator: Strengthen types of signature-preserving decorators. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 01:52:37 +02:00
return cast(FuncT, wrapped_func) # https://github.com/python/mypy/issues/1927
Add a rate limiting system to our backend (imported from commit a1218618918b4dedc77307e2f277665e7dd8fa22)
2013-05-29 23:58:07 +02:00
return wrapper
zerver: Change use of typing.Text to str.
2018-05-11 01:39:17 +02:00
def rate_limit_user(request: HttpRequest, user: UserProfile, domain: str) -> None:
Rate limit jira and beanstalk API endpoints (imported from commit ea299df983d53ee3f917f3c7314e78e813fe95a2)
2013-06-06 20:08:02 +02:00
"""Returns whether or not a user was rate limited. Will raise a RateLimited exception
if the user has been rate limited, otherwise returns and modifies request to contain
the rate limit information"""
rate_limit: Move functions called by external code to RateLimitedObject.
2020-03-04 14:05:25 +01:00
RateLimitedUser(user, domain=domain).rate_limit_request(request)
Rate limit jira and beanstalk API endpoints (imported from commit ea299df983d53ee3f917f3c7314e78e813fe95a2)
2013-06-06 20:08:02 +02:00
rate_limiter: Rename 'all' domain to 'api_by_user'.
2019-08-03 20:39:49 +02:00
def rate_limit(domain: str='api_by_user') -> Callable[[ViewFuncT], ViewFuncT]:
zerver: Fix bare except clause.
2017-01-08 16:40:03 +01:00
"""Rate-limits a view. Takes an optional 'domain' param if you wish to
rate limit different types of API calls independently.
Add a rate limiting system to our backend (imported from commit a1218618918b4dedc77307e2f277665e7dd8fa22)
2013-05-29 23:58:07 +02:00
Returns a decorator"""
mypy: Migrate some Callable[..., HttpResponse] to ViewFuncT in decorator.py.
2018-03-13 17:51:56 +01:00
def wrapper(func: ViewFuncT) -> ViewFuncT:
Add a rate limiting system to our backend (imported from commit a1218618918b4dedc77307e2f277665e7dd8fa22)
2013-05-29 23:58:07 +02:00
@wraps(func)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
def wrapped_func(request: HttpRequest, *args: object, **kwargs: object) -> HttpResponse:
Extracted client_is_exempt_from_rate_limiting().
2016-07-09 08:08:42 +02:00
Clean up rate_limit() for deployments that opt out. If settings.RATE_LIMITING is False, short circuit rate limiting earlier in rate_limit(). This change particularly avoids inspect request.user and possibly spamming the error log for sites that don't care about rate limiting.
2016-07-09 20:25:31 +02:00
# It is really tempting to not even wrap our original function
# when settings.RATE_LIMITING is False, but it would make
# for awkward unit testing in some situations.
if not settings.RATE_LIMITING:
return func(request, *args, **kwargs)
Extracted client_is_exempt_from_rate_limiting().
2016-07-09 08:08:42 +02:00
if client_is_exempt_from_rate_limiting(request):
Add a rate limiting system to our backend (imported from commit a1218618918b4dedc77307e2f277665e7dd8fa22)
2013-05-29 23:58:07 +02:00
return func(request, *args, **kwargs)
rate_limit: Delete code handling impossible cases with request.user. I can find no evidence of it being possible to get an Exception when accessing request.user or for it to be falsy. Django should always set request.user to either a UserProfile (if logged in) or AnonymousUser instance. Thus, this seems to be dead code that's handling cases that can't happen.
2020-08-21 13:28:14 +02:00
user = request.user
Add a rate limiting system to our backend (imported from commit a1218618918b4dedc77307e2f277665e7dd8fa22)
2013-05-29 23:58:07 +02:00
decorator: Avoid accessing mock RemoteZulipServer. It's never safe to access the mock RemoteZulipServer object; this caused exceptions on every request in production for any server with ZILENCER_ENABLED=False.
2020-08-27 21:47:26 +02:00
if isinstance(user, AnonymousUser) or (settings.ZILENCER_ENABLED and
isinstance(user, RemoteZulipServer)):
decorators: Don't attempt to rate-limit AnonymousUser. This fixes our support for sending browser errors to the server for portico pages in production, which previously hit a rate-limiter exception.
2019-01-04 00:17:50 +01:00
# We can only rate-limit logged-in users for now.
# We also only support rate-limiting authenticated
# views right now.
# TODO: implement per-IP non-authed rate limiting
return func(request, *args, **kwargs)
rate_limit: Improve dummy request objects in RateLimitTestCase. Django always sets request.user to a UserProfile or AnonymousUser instance, so it's better to mimic that in the tests where we pass a dummy request objects for rate limiter testing purposes.
2020-08-21 16:40:40 +02:00
assert isinstance(user, UserProfile)
Rate limit jira and beanstalk API endpoints (imported from commit ea299df983d53ee3f917f3c7314e78e813fe95a2)
2013-06-06 20:08:02 +02:00
rate_limit_user(request, user, domain)
Add a rate limiting system to our backend (imported from commit a1218618918b4dedc77307e2f277665e7dd8fa22)
2013-05-29 23:58:07 +02:00
return func(request, *args, **kwargs)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
return cast(ViewFuncT, wrapped_func) # https://github.com/python/mypy/issues/1927
Add a decorator for sending count information to statsd (imported from commit 5263e39d8c235ac56517f0a69a1b1337e6f8942a)
2013-04-16 22:52:32 +02:00
return wrapper
Add profiled decorator and a tool to show profiler results. The goal here is to make it easier to do ad hoc profiling on our codebase, particularly by running tests. (imported from commit 71da06feb3a369dec8dc4d8391f7f40e4c2d02ff)
2013-07-02 17:30:04 +02:00
mypy: Migrate some Callable[..., HttpResponse] to ViewFuncT in decorator.py.
2018-03-13 17:51:56 +01:00
def return_success_on_head_request(view_func: ViewFuncT) -> ViewFuncT:
Fix trello integration by adding handling HEAD confirmation request. Previously, we rejected the HEAD requests that the trello integration uses to check if the server accepts the integration. Add decorator for returning 200 status code if request is HEAD. Fixes: #2311.
2016-11-15 17:20:22 +01:00
@wraps(view_func)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
def _wrapped_view_func(request: HttpRequest, *args: object, **kwargs: object) -> HttpResponse:
Fix trello integration by adding handling HEAD confirmation request. Previously, we rejected the HEAD requests that the trello integration uses to check if the server accepts the integration. Add decorator for returning 200 status code if request is HEAD. Fixes: #2311.
2016-11-15 17:20:22 +01:00
if request.method == 'HEAD':
return json_success()
return view_func(request, *args, **kwargs)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
return cast(ViewFuncT, _wrapped_view_func) # https://github.com/python/mypy/issues/1927
2FA: Add zulip_otp_required decorator. We need to add this because otp_required doesn't play well with tests.
2017-07-12 10:16:02 +02:00
decorator: Fix bogus function=None case of zulip_login_required. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 01:52:07 +02:00
def zulip_otp_required(
redirect_field_name: str='next',
login_url: str=settings.HOME_NOT_LOGGED_IN,
) -> Callable[[ViewFuncT], ViewFuncT]:
2FA: Add zulip_otp_required decorator. We need to add this because otp_required doesn't play well with tests.
2017-07-12 10:16:02 +02:00
"""
The reason we need to create this function is that the stock
otp_required decorator doesn't play well with tests. We cannot
enable/disable if_configured parameter during tests since the decorator
retains its value due to closure.
Similar to :func:`~django.contrib.auth.decorators.login_required`, but
requires the user to be :term:`verified`. By default, this redirects users
to :setting:`OTP_LOGIN_URL`.
"""
def test(user: UserProfile) -> bool:
"""
:if_configured: If ``True``, an authenticated user with no confirmed
zulip_otp_required: Don't 2fa logged out users. For users who are not authenticated, we don't need to 2fa them, we only need it once they are trying to login. Tweaked by tabbott to be much more readable; the new style might require new test coverage.
2020-09-22 17:16:53 +02:00
OTP devices will be allowed. Also, non-authenticated users will be
allowed as web_public_guest users. Default is ``False``. If ``False``,
2FA: Add zulip_otp_required decorator. We need to add this because otp_required doesn't play well with tests.
2017-07-12 10:16:02 +02:00
2FA will not do any authentication.
"""
if_configured = settings.TWO_FACTOR_AUTHENTICATION_ENABLED
if not if_configured:
return True
zulip_otp_required: Don't 2fa logged out users. For users who are not authenticated, we don't need to 2fa them, we only need it once they are trying to login. Tweaked by tabbott to be much more readable; the new style might require new test coverage.
2020-09-22 17:16:53 +02:00
# User has completed 2FA verification
if user.is_verified():
return True
# This request is unauthenticated (logged-out) access; 2FA is
# not required or possible.
if not user.is_authenticated: # nocoverage
return True
# If the user doesn't have 2FA setup, we can't enforce 2FA.
if not user_has_device(user):
return True
# User has configured 2FA and is not verified, so the user
# fails the test (and we should redirect to the 2FA view).
return False
2FA: Add zulip_otp_required decorator. We need to add this because otp_required doesn't play well with tests.
2017-07-12 10:16:02 +02:00
decorator = django_user_passes_test(test,
login_url=login_url,
redirect_field_name=redirect_field_name)
decorator: Fix bogus function=None case of zulip_login_required. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 01:52:07 +02:00
return decorator
portico: Add setting to put Google Analytics on selected portico pages. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-05-08 06:37:58 +02:00
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
def add_google_analytics_context(context: Dict[str, object]) -> None:
portico: Add setting to put Google Analytics on selected portico pages. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-05-08 06:37:58 +02:00
if settings.GOOGLE_ANALYTICS_ID is not None: # nocoverage
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
page_params = context.setdefault("page_params", {})
assert isinstance(page_params, dict)
page_params["google_analytics_id"] = settings.GOOGLE_ANALYTICS_ID
portico: Add setting to put Google Analytics on selected portico pages. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-05-08 06:37:58 +02:00
def add_google_analytics(view_func: ViewFuncT) -> ViewFuncT:
@wraps(view_func)
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
def _wrapped_view_func(request: HttpRequest, *args: object, **kwargs: object) -> HttpResponse:
portico: Add setting to put Google Analytics on selected portico pages. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-05-08 06:37:58 +02:00
response = view_func(request, *args, **kwargs)
if isinstance(response, SimpleTemplateResponse):
if response.context_data is None:
response.context_data = {}
add_google_analytics_context(response.context_data)
elif response.status_code == 200: # nocoverage
raise TypeError("add_google_analytics requires a TemplateResponse")
return response
decorator: Replace type: ignore with cast, avoid Any. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-24 02:10:50 +02:00
return cast(ViewFuncT, _wrapped_view_func) # https://github.com/python/mypy/issues/1927