2012-08-28 21:31:32 +02:00
|
|
|
from django.conf import settings
|
2016-10-27 12:38:16 +02:00
|
|
|
from django.conf.urls import url, include
|
2016-05-19 17:33:30 +02:00
|
|
|
from django.conf.urls.i18n import i18n_patterns
|
errors: Force a super-simpler handler for 400 errors.
This works around a bug in Django in handling the error case of a
client sending an inappropriate HTTP `Host:` header. Various
internal Django machinery expects to be able to casually call
`request.get_host()`, which will attempt to parse that header, so an
exception will be raised. The exception-handling machinery attempts
to catch that exception and just turn it into a 400 response... but
in a certain case, that machinery itself ends up trying to call
`request.get_host()`, and we end up with an uncaught exception that
causes a 500 response, a chain of tracebacks in the logs, and an email
to the server admins. See example below.
That `request.get_host` call comes in the midst of some CSRF-related
middleware, which doesn't even serve any function unless you have a
form in your 400 response page that you want CSRF protection for.
We use the default 400 response page, which is a 26-byte static
HTML error message. So, just send that with no further ado.
Example exception from server logs (lightly edited):
2017-10-08 09:51:50.835 ERR [django.security.DisallowedHost] Invalid HTTP_HOST header: 'example.com'. You may need to add 'example.com' to ALLOWED_HOSTS.
2017-10-08 09:51:50.835 ERR [django.request] Internal Server Error: /loginWithSetCookie
Traceback (most recent call last):
File ".../django/core/handlers/exception.py", line 41, in inner
response = get_response(request)
File ".../django/utils/deprecation.py", line 138, in __call__
response = self.process_request(request)
File ".../django/middleware/common.py", line 57, in process_request
host = request.get_host()
File ".../django/http/request.py", line 113, in get_host
raise DisallowedHost(msg)
django.core.exceptions.DisallowedHost: Invalid HTTP_HOST header: 'example.com'. You may need to add 'example.com' to ALLOWED_HOSTS.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File ".../django/core/handlers/exception.py", line 109, in get_exception_response
response = callback(request, **dict(param_dict, exception=exception))
File ".../django/utils/decorators.py", line 145, in _wrapped_view
result = middleware.process_view(request, view_func, args, kwargs)
File ".../django/middleware/csrf.py", line 276, in process_view
good_referer = request.get_host()
File ".../django/http/request.py", line 113, in get_host
raise DisallowedHost(msg)
django.core.exceptions.DisallowedHost: Invalid HTTP_HOST header: 'example.com'. You may need to add 'example.com' to ALLOWED_HOSTS.
2017-10-10 06:39:36 +02:00
|
|
|
from django.http import HttpResponseBadRequest, HttpRequest, HttpResponse
|
2013-03-08 19:15:51 +01:00
|
|
|
from django.views.generic import TemplateView, RedirectView
|
2016-05-19 17:33:30 +02:00
|
|
|
from django.utils.module_loading import import_string
|
2017-09-22 18:30:18 +02:00
|
|
|
import os
|
2013-07-29 23:03:31 +02:00
|
|
|
import zerver.forms
|
2016-06-25 03:44:32 +02:00
|
|
|
from zproject import dev_urls
|
2016-06-24 01:06:20 +02:00
|
|
|
from zproject.legacy_urls import legacy_urls
|
2019-02-05 22:23:46 +01:00
|
|
|
from zerver.views.documentation import IntegrationView, MarkdownDirectoryView
|
2016-07-25 22:12:12 +02:00
|
|
|
from zerver.lib.integrations import WEBHOOK_INTEGRATIONS
|
2016-11-14 21:06:39 +01:00
|
|
|
|
2012-08-28 18:44:51 +02:00
|
|
|
|
2020-02-02 14:16:38 +01:00
|
|
|
from django.contrib.auth.views import (LoginView, PasswordResetDoneView,
|
2020-02-02 13:51:39 +01:00
|
|
|
PasswordResetConfirmView, password_reset_complete)
|
2016-10-27 14:52:56 +02:00
|
|
|
|
2016-11-27 06:50:54 +01:00
|
|
|
import zerver.tornado.views
|
2016-10-27 14:52:56 +02:00
|
|
|
import zerver.views
|
|
|
|
|
import zerver.views.auth
|
2018-04-27 15:48:55 +02:00
|
|
|
import zerver.views.archive
|
2018-12-17 17:27:05 +01:00
|
|
|
import zerver.views.camo
|
2017-01-30 07:21:13 +01:00
|
|
|
import zerver.views.compatibility
|
2017-01-07 21:19:52 +01:00
|
|
|
import zerver.views.home
|
2017-04-18 17:28:55 +02:00
|
|
|
import zerver.views.email_mirror
|
2017-01-07 21:46:03 +01:00
|
|
|
import zerver.views.registration
|
2020-01-29 20:41:23 +01:00
|
|
|
import zerver.views.portico
|
2016-10-27 14:52:56 +02:00
|
|
|
import zerver.views.zephyr
|
|
|
|
|
import zerver.views.users
|
|
|
|
|
import zerver.views.unsubscribe
|
2019-02-05 22:23:46 +01:00
|
|
|
import zerver.views.documentation
|
2017-11-01 10:04:16 +01:00
|
|
|
import zerver.views.user_groups
|
2017-01-20 12:27:38 +01:00
|
|
|
import zerver.views.user_settings
|
2017-03-13 22:05:35 +01:00
|
|
|
import zerver.views.muting
|
2017-05-09 07:01:42 +02:00
|
|
|
import zerver.views.streams
|
2018-01-25 19:08:40 +01:00
|
|
|
import zerver.views.realm
|
2018-08-12 22:09:34 +02:00
|
|
|
import zerver.views.digest
|
2019-06-30 19:16:33 +02:00
|
|
|
import zerver.views.messages
|
2019-03-20 13:13:44 +01:00
|
|
|
from zerver.context_processors import latest_info_context
|
2019-06-24 02:51:13 +02:00
|
|
|
import zerver.views.realm_export
|
2016-10-27 14:52:56 +02:00
|
|
|
|
|
|
|
|
from zerver.lib.rest import rest_dispatch
|
|
|
|
|
|
2017-07-12 09:36:51 +02:00
|
|
|
if settings.TWO_FACTOR_AUTHENTICATION_ENABLED:
|
|
|
|
|
from two_factor.urls import urlpatterns as tf_urls
|
|
|
|
|
from two_factor.gateways.twilio.urls import urlpatterns as tf_twilio_urls
|
|
|
|
|
|
2013-03-21 22:38:02 +01:00
|
|
|
# NB: There are several other pieces of code which route requests by URL:
|
|
|
|
|
#
|
2016-06-24 01:20:37 +02:00
|
|
|
# - legacy_urls.py contains API endpoint written before the redesign
|
|
|
|
|
# and should not be added to.
|
|
|
|
|
#
|
2013-03-21 22:38:02 +01:00
|
|
|
# - runtornado.py has its own URL list for Tornado views. See the
|
|
|
|
|
# invocation of web.Application in that file.
|
|
|
|
|
#
|
|
|
|
|
# - The Nginx config knows which URLs to route to Django or Tornado.
|
|
|
|
|
#
|
|
|
|
|
# - Likewise for the local dev server in tools/run-dev.py.
|
|
|
|
|
|
2017-10-18 07:09:22 +02:00
|
|
|
# These endpoints constitute the currently designed API (V1), which uses:
|
2016-06-25 00:36:28 +02:00
|
|
|
# * REST verbs
|
|
|
|
|
# * Basic auth (username:password is email:apiKey)
|
|
|
|
|
# * Take and return json-formatted data
|
2016-06-24 01:20:37 +02:00
|
|
|
#
|
|
|
|
|
# If you're adding a new endpoint to the code that requires authentication,
|
|
|
|
|
# please add it here.
|
|
|
|
|
# See rest_dispatch in zerver.lib.rest for an explanation of auth methods used
|
|
|
|
|
#
|
2017-10-18 07:09:22 +02:00
|
|
|
# All of these paths are accessed by either a /json or /api/v1 prefix;
|
|
|
|
|
# e.g. `PATCH /json/realm` or `PATCH /api/v1/realm`.
|
2016-06-24 02:26:09 +02:00
|
|
|
v1_api_and_json_patterns = [
|
2016-06-25 00:54:47 +02:00
|
|
|
# realm-level calls
|
2016-10-27 14:52:56 +02:00
|
|
|
url(r'^realm$', rest_dispatch,
|
2016-07-26 23:16:20 +02:00
|
|
|
{'PATCH': 'zerver.views.realm.update_realm'}),
|
2016-06-24 01:20:37 +02:00
|
|
|
|
2013-11-08 17:53:41 +01:00
|
|
|
# Returns a 204, used by desktop app to verify connectivity status
|
2019-08-20 00:33:09 +02:00
|
|
|
url(r'^generate_204$', zerver.views.registration.generate_204,
|
2017-10-27 02:31:10 +02:00
|
|
|
name='zerver.views.registration.generate_204'),
|
2016-06-24 02:26:09 +02:00
|
|
|
|
2019-08-20 00:33:09 +02:00
|
|
|
url(r'^realm/subdomain/(?P<subdomain>\S+)$', zerver.views.realm.check_subdomain_available,
|
2018-01-25 19:08:40 +01:00
|
|
|
name='zerver.views.realm.check_subdomain_available'),
|
|
|
|
|
|
2017-03-31 21:14:11 +02:00
|
|
|
# realm/domains -> zerver.views.realm_domains
|
2016-12-26 19:19:02 +01:00
|
|
|
url(r'^realm/domains$', rest_dispatch,
|
2017-03-31 21:14:11 +02:00
|
|
|
{'GET': 'zerver.views.realm_domains.list_realm_domains',
|
|
|
|
|
'POST': 'zerver.views.realm_domains.create_realm_domain'}),
|
2017-01-21 09:09:27 +01:00
|
|
|
url(r'^realm/domains/(?P<domain>\S+)$', rest_dispatch,
|
2017-03-31 21:14:11 +02:00
|
|
|
{'PATCH': 'zerver.views.realm_domains.patch_realm_domain',
|
|
|
|
|
'DELETE': 'zerver.views.realm_domains.delete_realm_domain'}),
|
2016-12-26 19:19:02 +01:00
|
|
|
|
2016-06-25 00:54:47 +02:00
|
|
|
# realm/emoji -> zerver.views.realm_emoji
|
2016-10-27 14:52:56 +02:00
|
|
|
url(r'^realm/emoji$', rest_dispatch,
|
2017-01-17 08:38:25 +01:00
|
|
|
{'GET': 'zerver.views.realm_emoji.list_emoji'}),
|
|
|
|
|
url(r'^realm/emoji/(?P<emoji_name>.*)$', rest_dispatch,
|
2017-07-05 19:13:11 +02:00
|
|
|
{'POST': 'zerver.views.realm_emoji.upload_emoji',
|
2019-07-04 18:12:53 +02:00
|
|
|
'DELETE': ('zerver.views.realm_emoji.delete_emoji', {"intentionally_undocumented"})}),
|
|
|
|
|
# this endpoint throws a status code 400 JsonableError when it should be a 404.
|
2016-06-24 02:26:09 +02:00
|
|
|
|
2017-02-21 03:41:20 +01:00
|
|
|
# realm/icon -> zerver.views.realm_icon
|
|
|
|
|
url(r'^realm/icon$', rest_dispatch,
|
2017-07-05 19:02:54 +02:00
|
|
|
{'POST': 'zerver.views.realm_icon.upload_icon',
|
2017-02-21 03:41:20 +01:00
|
|
|
'DELETE': 'zerver.views.realm_icon.delete_icon_backend',
|
|
|
|
|
'GET': 'zerver.views.realm_icon.get_icon_backend'}),
|
|
|
|
|
|
2019-01-27 08:25:10 +01:00
|
|
|
# realm/logo -> zerver.views.realm_logo
|
2018-08-16 01:26:55 +02:00
|
|
|
url(r'^realm/logo$', rest_dispatch,
|
|
|
|
|
{'POST': 'zerver.views.realm_logo.upload_logo',
|
|
|
|
|
'DELETE': 'zerver.views.realm_logo.delete_logo_backend',
|
|
|
|
|
'GET': 'zerver.views.realm_logo.get_logo_backend'}),
|
|
|
|
|
|
2016-02-13 19:17:15 +01:00
|
|
|
# realm/filters -> zerver.views.realm_filters
|
|
|
|
|
url(r'^realm/filters$', rest_dispatch,
|
|
|
|
|
{'GET': 'zerver.views.realm_filters.list_filters',
|
|
|
|
|
'POST': 'zerver.views.realm_filters.create_filter'}),
|
|
|
|
|
url(r'^realm/filters/(?P<filter_id>\d+)$', rest_dispatch,
|
|
|
|
|
{'DELETE': 'zerver.views.realm_filters.delete_filter'}),
|
|
|
|
|
|
2017-03-17 10:07:22 +01:00
|
|
|
# realm/profile_fields -> zerver.views.custom_profile_fields
|
|
|
|
|
url(r'^realm/profile_fields$', rest_dispatch,
|
|
|
|
|
{'GET': 'zerver.views.custom_profile_fields.list_realm_custom_profile_fields',
|
2018-04-08 18:13:37 +02:00
|
|
|
'PATCH': 'zerver.views.custom_profile_fields.reorder_realm_custom_profile_fields',
|
2017-03-17 10:07:22 +01:00
|
|
|
'POST': 'zerver.views.custom_profile_fields.create_realm_custom_profile_field'}),
|
|
|
|
|
url(r'^realm/profile_fields/(?P<field_id>\d+)$', rest_dispatch,
|
|
|
|
|
{'PATCH': 'zerver.views.custom_profile_fields.update_realm_custom_profile_field',
|
|
|
|
|
'DELETE': 'zerver.views.custom_profile_fields.delete_realm_custom_profile_field'}),
|
|
|
|
|
|
2018-01-30 14:58:50 +01:00
|
|
|
# realm/deactivate -> zerver.views.deactivate_realm
|
|
|
|
|
url(r'^realm/deactivate$', rest_dispatch,
|
|
|
|
|
{'POST': 'zerver.views.realm.deactivate_realm'}),
|
|
|
|
|
|
2018-10-14 19:22:04 +02:00
|
|
|
url(r'^realm/presence$', rest_dispatch,
|
|
|
|
|
{'GET': 'zerver.views.presence.get_statuses_for_realm'}),
|
|
|
|
|
|
2016-06-25 00:54:47 +02:00
|
|
|
# users -> zerver.views.users
|
2017-02-19 00:18:19 +01:00
|
|
|
#
|
|
|
|
|
# Since some of these endpoints do something different if used on
|
|
|
|
|
# yourself with `/me` as the email, we need to make sure that we
|
|
|
|
|
# don't accidentally trigger these. The cleanest way to do that
|
|
|
|
|
# is to add a regular expression assertion that it isn't `/me/`
|
|
|
|
|
# (or ends with `/me`, in the case of hitting the root URL).
|
2016-10-27 14:52:56 +02:00
|
|
|
url(r'^users$', rest_dispatch,
|
2016-06-24 02:26:09 +02:00
|
|
|
{'GET': 'zerver.views.users.get_members_backend',
|
2016-12-31 08:07:22 +01:00
|
|
|
'POST': 'zerver.views.users.create_user_backend'}),
|
2018-05-17 19:45:13 +02:00
|
|
|
url(r'^users/(?P<user_id>[0-9]+)/reactivate$', rest_dispatch,
|
2016-06-24 02:26:09 +02:00
|
|
|
{'POST': 'zerver.views.users.reactivate_user_backend'}),
|
2017-02-19 00:18:19 +01:00
|
|
|
url(r'^users/(?!me/)(?P<email>[^/]*)/presence$', rest_dispatch,
|
2017-02-11 08:38:16 +01:00
|
|
|
{'GET': 'zerver.views.presence.get_presence_backend'}),
|
2018-05-17 19:36:33 +02:00
|
|
|
url(r'^users/(?P<user_id>[0-9]+)$', rest_dispatch,
|
2016-06-24 02:26:09 +02:00
|
|
|
{'PATCH': 'zerver.views.users.update_user_backend',
|
|
|
|
|
'DELETE': 'zerver.views.users.deactivate_user_backend'}),
|
2016-10-27 14:52:56 +02:00
|
|
|
url(r'^bots$', rest_dispatch,
|
2016-06-24 02:26:09 +02:00
|
|
|
{'GET': 'zerver.views.users.get_bots_backend',
|
|
|
|
|
'POST': 'zerver.views.users.add_bot_backend'}),
|
2018-05-15 18:13:07 +02:00
|
|
|
url(r'^bots/(?P<bot_id>[0-9]+)/api_key/regenerate$', rest_dispatch,
|
2016-06-24 02:26:09 +02:00
|
|
|
{'POST': 'zerver.views.users.regenerate_bot_api_key'}),
|
2018-05-15 15:26:04 +02:00
|
|
|
url(r'^bots/(?P<bot_id>[0-9]+)$', rest_dispatch,
|
2016-06-24 02:26:09 +02:00
|
|
|
{'PATCH': 'zerver.views.users.patch_bot_backend',
|
|
|
|
|
'DELETE': 'zerver.views.users.deactivate_bot_backend'}),
|
|
|
|
|
|
2017-07-31 20:55:57 +02:00
|
|
|
# invites -> zerver.views.invite
|
|
|
|
|
url(r'^invites$', rest_dispatch,
|
2017-10-21 03:15:12 +02:00
|
|
|
{'GET': 'zerver.views.invite.get_user_invites',
|
|
|
|
|
'POST': 'zerver.views.invite.invite_users_backend'}),
|
|
|
|
|
url(r'^invites/(?P<prereg_id>[0-9]+)$', rest_dispatch,
|
|
|
|
|
{'DELETE': 'zerver.views.invite.revoke_user_invite'}),
|
|
|
|
|
url(r'^invites/(?P<prereg_id>[0-9]+)/resend$', rest_dispatch,
|
|
|
|
|
{'POST': 'zerver.views.invite.resend_user_invite_email'}),
|
2017-07-31 20:55:57 +02:00
|
|
|
|
2018-03-02 12:27:57 +01:00
|
|
|
# invites/multiuse -> zerver.views.invite
|
|
|
|
|
url(r'^invites/multiuse$', rest_dispatch,
|
|
|
|
|
{'POST': 'zerver.views.invite.generate_multiuse_invite_backend'}),
|
2019-02-15 19:09:25 +01:00
|
|
|
# invites/multiuse -> zerver.views.invite
|
|
|
|
|
url(r'^invites/multiuse/(?P<invite_id>[0-9]+)$', rest_dispatch,
|
|
|
|
|
{'DELETE': 'zerver.views.invite.revoke_multiuse_invite'}),
|
|
|
|
|
|
2017-08-04 20:26:38 +02:00
|
|
|
# mark messages as read (in bulk)
|
|
|
|
|
url(r'^mark_all_as_read$', rest_dispatch,
|
|
|
|
|
{'POST': 'zerver.views.messages.mark_all_as_read'}),
|
2017-08-08 16:11:45 +02:00
|
|
|
url(r'^mark_stream_as_read$', rest_dispatch,
|
|
|
|
|
{'POST': 'zerver.views.messages.mark_stream_as_read'}),
|
|
|
|
|
url(r'^mark_topic_as_read$', rest_dispatch,
|
|
|
|
|
{'POST': 'zerver.views.messages.mark_topic_as_read'}),
|
2017-08-04 20:26:38 +02:00
|
|
|
|
2018-06-02 13:59:02 +02:00
|
|
|
url(r'^zcommand$', rest_dispatch,
|
|
|
|
|
{'POST': 'zerver.views.messages.zcommand_backend'}),
|
|
|
|
|
|
2016-06-25 00:54:47 +02:00
|
|
|
# messages -> zerver.views.messages
|
2013-12-12 18:36:32 +01:00
|
|
|
# GET returns messages, possibly filtered, POST sends a message
|
2016-10-27 14:52:56 +02:00
|
|
|
url(r'^messages$', rest_dispatch,
|
2017-03-24 07:51:46 +01:00
|
|
|
{'GET': 'zerver.views.messages.get_messages_backend',
|
2017-08-22 19:01:17 +02:00
|
|
|
'POST': ('zerver.views.messages.send_message_backend',
|
|
|
|
|
{'allow_incoming_webhooks'})}),
|
2016-12-21 20:31:16 +01:00
|
|
|
url(r'^messages/(?P<message_id>[0-9]+)$', rest_dispatch,
|
2016-12-22 10:17:49 +01:00
|
|
|
{'GET': 'zerver.views.messages.json_fetch_raw_message',
|
2017-05-14 21:14:26 +02:00
|
|
|
'PATCH': 'zerver.views.messages.update_message_backend',
|
|
|
|
|
'DELETE': 'zerver.views.messages.delete_message_backend'}),
|
2016-10-27 14:52:56 +02:00
|
|
|
url(r'^messages/render$', rest_dispatch,
|
2017-01-13 01:10:19 +01:00
|
|
|
{'POST': 'zerver.views.messages.render_message_backend'}),
|
2016-10-27 14:52:56 +02:00
|
|
|
url(r'^messages/flags$', rest_dispatch,
|
2016-06-24 02:26:09 +02:00
|
|
|
{'POST': 'zerver.views.messages.update_message_flags'}),
|
2017-02-20 00:19:29 +01:00
|
|
|
url(r'^messages/(?P<message_id>\d+)/history$', rest_dispatch,
|
|
|
|
|
{'GET': 'zerver.views.messages.get_message_edit_history'}),
|
2017-07-31 21:09:55 +02:00
|
|
|
url(r'^messages/matches_narrow$', rest_dispatch,
|
|
|
|
|
{'GET': 'zerver.views.messages.messages_in_narrow_backend'}),
|
2016-06-24 02:26:09 +02:00
|
|
|
|
2017-05-09 07:01:42 +02:00
|
|
|
url(r'^users/me/subscriptions/properties$', rest_dispatch,
|
|
|
|
|
{'POST': 'zerver.views.streams.update_subscription_properties_backend'}),
|
|
|
|
|
|
2019-06-06 21:58:10 +02:00
|
|
|
url(r'^users/me/subscriptions/(?P<stream_id>\d+)$', rest_dispatch,
|
2017-05-09 22:29:59 +02:00
|
|
|
{'PATCH': 'zerver.views.streams.update_subscriptions_property'}),
|
|
|
|
|
|
2018-02-12 10:53:36 +01:00
|
|
|
url(r'^submessage$',
|
|
|
|
|
rest_dispatch,
|
|
|
|
|
{'POST': 'zerver.views.submessage.process_submessage'}),
|
|
|
|
|
|
2017-10-08 09:34:59 +02:00
|
|
|
# New endpoint for handling reactions.
|
2019-10-10 19:03:09 +02:00
|
|
|
# reactions -> zerver.view.reactions
|
|
|
|
|
# POST adds a reaction to a message
|
|
|
|
|
# DELETE removes a reaction from a message
|
2017-10-08 09:34:59 +02:00
|
|
|
url(r'^messages/(?P<message_id>[0-9]+)/reactions$',
|
|
|
|
|
rest_dispatch,
|
|
|
|
|
{'POST': 'zerver.views.reactions.add_reaction',
|
|
|
|
|
'DELETE': 'zerver.views.reactions.remove_reaction'}),
|
|
|
|
|
|
2016-12-28 14:46:42 +01:00
|
|
|
# attachments -> zerver.views.attachments
|
|
|
|
|
url(r'^attachments$', rest_dispatch,
|
|
|
|
|
{'GET': 'zerver.views.attachments.list_by_user'}),
|
|
|
|
|
url(r'^attachments/(?P<attachment_id>[0-9]+)$', rest_dispatch,
|
|
|
|
|
{'DELETE': 'zerver.views.attachments.remove'}),
|
|
|
|
|
|
2016-10-12 20:57:59 +02:00
|
|
|
# typing -> zerver.views.typing
|
|
|
|
|
# POST sends a typing notification event to recipients
|
2016-10-27 14:52:56 +02:00
|
|
|
url(r'^typing$', rest_dispatch,
|
2016-10-12 20:57:59 +02:00
|
|
|
{'POST': 'zerver.views.typing.send_notification_backend'}),
|
|
|
|
|
|
2016-06-25 11:05:59 +02:00
|
|
|
# user_uploads -> zerver.views.upload
|
2016-10-27 14:52:56 +02:00
|
|
|
url(r'^user_uploads$', rest_dispatch,
|
2016-06-25 11:05:59 +02:00
|
|
|
{'POST': 'zerver.views.upload.upload_file_backend'}),
|
|
|
|
|
|
2017-11-24 10:18:29 +01:00
|
|
|
# bot_storage -> zerver.views.storage
|
|
|
|
|
url(r'^bot_storage$', rest_dispatch,
|
|
|
|
|
{'PUT': 'zerver.views.storage.update_storage',
|
|
|
|
|
'GET': 'zerver.views.storage.get_storage',
|
|
|
|
|
'DELETE': 'zerver.views.storage.remove_storage'}),
|
2017-11-20 14:40:51 +01:00
|
|
|
|
2016-06-25 00:54:47 +02:00
|
|
|
# users/me -> zerver.views
|
2016-10-27 14:52:56 +02:00
|
|
|
url(r'^users/me$', rest_dispatch,
|
2016-12-15 12:22:24 +01:00
|
|
|
{'GET': 'zerver.views.users.get_profile_backend',
|
2016-11-30 21:55:59 +01:00
|
|
|
'DELETE': 'zerver.views.users.deactivate_user_own_backend'}),
|
2016-12-31 08:54:00 +01:00
|
|
|
# PUT is currently used by mobile apps, we intend to remove the PUT version
|
|
|
|
|
# as soon as possible. POST exists to correct the erroneous use of PUT.
|
2016-10-27 14:52:56 +02:00
|
|
|
url(r'^users/me/pointer$', rest_dispatch,
|
2016-09-14 02:20:36 +02:00
|
|
|
{'GET': 'zerver.views.pointer.get_pointer_backend',
|
2016-12-31 08:54:00 +01:00
|
|
|
'PUT': 'zerver.views.pointer.update_pointer_backend',
|
|
|
|
|
'POST': 'zerver.views.pointer.update_pointer_backend'}),
|
2016-10-27 14:52:56 +02:00
|
|
|
url(r'^users/me/presence$', rest_dispatch,
|
2016-07-26 23:26:39 +02:00
|
|
|
{'POST': 'zerver.views.presence.update_active_status_backend'}),
|
2018-12-17 22:04:07 +01:00
|
|
|
url(r'^users/me/status$', rest_dispatch,
|
|
|
|
|
{'POST': 'zerver.views.presence.update_user_status_backend'}),
|
2016-06-25 01:04:14 +02:00
|
|
|
# Endpoint used by mobile devices to register their push
|
|
|
|
|
# notification credentials
|
2016-10-27 14:52:56 +02:00
|
|
|
url(r'^users/me/apns_device_token$', rest_dispatch,
|
2016-07-26 23:43:38 +02:00
|
|
|
{'POST': 'zerver.views.push_notifications.add_apns_device_token',
|
|
|
|
|
'DELETE': 'zerver.views.push_notifications.remove_apns_device_token'}),
|
2016-10-27 14:52:56 +02:00
|
|
|
url(r'^users/me/android_gcm_reg_id$', rest_dispatch,
|
2016-07-26 23:43:38 +02:00
|
|
|
{'POST': 'zerver.views.push_notifications.add_android_reg_id',
|
|
|
|
|
'DELETE': 'zerver.views.push_notifications.remove_android_reg_id'}),
|
2016-06-24 02:26:09 +02:00
|
|
|
|
2017-11-01 10:04:16 +01:00
|
|
|
# user_groups -> zerver.views.user_groups
|
2018-08-16 02:44:51 +02:00
|
|
|
url(r'^user_groups$', rest_dispatch,
|
|
|
|
|
{'GET': 'zerver.views.user_groups.get_user_group'}),
|
2017-11-01 10:04:16 +01:00
|
|
|
url(r'^user_groups/create$', rest_dispatch,
|
|
|
|
|
{'POST': 'zerver.views.user_groups.add_user_group'}),
|
2017-11-02 07:53:08 +01:00
|
|
|
url(r'^user_groups/(?P<user_group_id>\d+)$', rest_dispatch,
|
2017-11-02 08:15:14 +01:00
|
|
|
{'PATCH': 'zerver.views.user_groups.edit_user_group',
|
|
|
|
|
'DELETE': 'zerver.views.user_groups.delete_user_group'}),
|
2017-11-02 08:53:30 +01:00
|
|
|
url(r'^user_groups/(?P<user_group_id>\d+)/members$', rest_dispatch,
|
|
|
|
|
{'POST': 'zerver.views.user_groups.update_user_group_backend'}),
|
2017-11-01 10:04:16 +01:00
|
|
|
|
2016-06-25 00:54:47 +02:00
|
|
|
# users/me -> zerver.views.user_settings
|
2016-10-27 14:52:56 +02:00
|
|
|
url(r'^users/me/api_key/regenerate$', rest_dispatch,
|
2016-06-24 02:26:09 +02:00
|
|
|
{'POST': 'zerver.views.user_settings.regenerate_api_key'}),
|
2016-10-27 14:52:56 +02:00
|
|
|
url(r'^users/me/enter-sends$', rest_dispatch,
|
2019-07-01 13:22:54 +02:00
|
|
|
{'POST': ('zerver.views.user_settings.change_enter_sends',
|
|
|
|
|
# This endpoint should be folded into user settings
|
|
|
|
|
{'intentionally_undocumented'})}),
|
2016-12-21 21:29:46 +01:00
|
|
|
url(r'^users/me/avatar$', rest_dispatch,
|
2017-07-05 19:15:15 +02:00
|
|
|
{'POST': 'zerver.views.user_settings.set_avatar_backend',
|
2016-12-21 18:34:03 +01:00
|
|
|
'DELETE': 'zerver.views.user_settings.delete_avatar_backend'}),
|
2016-12-22 18:29:14 +01:00
|
|
|
|
2017-01-24 01:48:35 +01:00
|
|
|
# users/me/hotspots -> zerver.views.hotspots
|
|
|
|
|
url(r'^users/me/hotspots$', rest_dispatch,
|
2019-07-01 13:22:54 +02:00
|
|
|
{'POST': ('zerver.views.hotspots.mark_hotspot_as_read',
|
|
|
|
|
# This endpoint is low priority for documentation as
|
|
|
|
|
# it is part of the webapp-specific tutorial.
|
|
|
|
|
{'intentionally_undocumented'})}),
|
2017-01-24 01:48:35 +01:00
|
|
|
|
2017-10-09 22:55:38 +02:00
|
|
|
# users/me/tutorial_status -> zerver.views.tutorial
|
|
|
|
|
url(r'^users/me/tutorial_status$', rest_dispatch,
|
2019-07-01 13:22:54 +02:00
|
|
|
{'POST': ('zerver.views.tutorial.set_tutorial_status',
|
|
|
|
|
# This is a relic of an old Zulip tutorial model and
|
|
|
|
|
# should be deleted.
|
|
|
|
|
{'intentionally_undocumented'})}),
|
2017-10-09 22:55:38 +02:00
|
|
|
|
2016-12-22 18:29:14 +01:00
|
|
|
# settings -> zerver.views.user_settings
|
2017-07-31 20:44:52 +02:00
|
|
|
url(r'^settings$', rest_dispatch,
|
|
|
|
|
{'PATCH': 'zerver.views.user_settings.json_change_settings'}),
|
2016-12-22 09:54:27 +01:00
|
|
|
url(r'^settings/display$', rest_dispatch,
|
2016-12-22 15:57:06 +01:00
|
|
|
{'PATCH': 'zerver.views.user_settings.update_display_settings_backend'}),
|
2016-12-22 18:29:14 +01:00
|
|
|
url(r'^settings/notifications$', rest_dispatch,
|
|
|
|
|
{'PATCH': 'zerver.views.user_settings.json_change_notify_settings'}),
|
2016-06-25 00:51:07 +02:00
|
|
|
|
2016-06-25 00:54:47 +02:00
|
|
|
# users/me/alert_words -> zerver.views.alert_words
|
2016-10-27 14:52:56 +02:00
|
|
|
url(r'^users/me/alert_words$', rest_dispatch,
|
2016-06-24 02:26:09 +02:00
|
|
|
{'GET': 'zerver.views.alert_words.list_alert_words',
|
2017-09-25 23:48:14 +02:00
|
|
|
'POST': 'zerver.views.alert_words.add_alert_words',
|
2016-06-24 02:26:09 +02:00
|
|
|
'DELETE': 'zerver.views.alert_words.remove_alert_words'}),
|
2015-11-24 04:56:24 +01:00
|
|
|
|
2017-03-17 10:07:22 +01:00
|
|
|
# users/me/custom_profile_data -> zerver.views.custom_profile_data
|
|
|
|
|
url(r'^users/me/profile_data$', rest_dispatch,
|
2018-06-05 12:57:02 +02:00
|
|
|
{'PATCH': 'zerver.views.custom_profile_fields.update_user_custom_profile_data',
|
|
|
|
|
'DELETE': 'zerver.views.custom_profile_fields.remove_user_custom_profile_data'}),
|
2017-03-17 10:07:22 +01:00
|
|
|
|
2016-10-27 14:52:56 +02:00
|
|
|
url(r'^users/me/(?P<stream_id>\d+)/topics$', rest_dispatch,
|
2016-10-27 15:54:49 +02:00
|
|
|
{'GET': 'zerver.views.streams.get_topics_backend'}),
|
|
|
|
|
|
|
|
|
|
|
2016-06-25 00:54:47 +02:00
|
|
|
# streams -> zerver.views.streams
|
2016-10-25 22:45:39 +02:00
|
|
|
# (this API is only used externally)
|
2016-10-27 14:52:56 +02:00
|
|
|
url(r'^streams$', rest_dispatch,
|
2016-06-24 02:26:09 +02:00
|
|
|
{'GET': 'zerver.views.streams.get_streams_backend'}),
|
2016-10-25 22:45:39 +02:00
|
|
|
|
2017-01-03 18:31:43 +01:00
|
|
|
# GET returns `stream_id`, stream name should be encoded in the url query (in `stream` param)
|
2019-06-06 21:58:10 +02:00
|
|
|
url(r'^get_stream_id$', rest_dispatch,
|
2017-01-03 18:31:43 +01:00
|
|
|
{'GET': 'zerver.views.streams.json_get_stream_id'}),
|
|
|
|
|
|
2015-11-23 14:35:16 +01:00
|
|
|
# GET returns "stream info" (undefined currently?), HEAD returns whether stream exists (200 or 404)
|
2016-12-30 11:42:59 +01:00
|
|
|
url(r'^streams/(?P<stream_id>\d+)/members$', rest_dispatch,
|
2016-06-24 02:26:09 +02:00
|
|
|
{'GET': 'zerver.views.streams.get_subscribers_backend'}),
|
2016-12-30 11:42:59 +01:00
|
|
|
url(r'^streams/(?P<stream_id>\d+)$', rest_dispatch,
|
2017-01-30 02:29:21 +01:00
|
|
|
{'PATCH': 'zerver.views.streams.update_stream_backend',
|
2016-06-24 02:26:09 +02:00
|
|
|
'DELETE': 'zerver.views.streams.deactivate_stream_backend'}),
|
2019-01-18 17:40:54 +01:00
|
|
|
|
|
|
|
|
# Delete topic in stream
|
|
|
|
|
url(r'^streams/(?P<stream_id>\d+)/delete_topic$', rest_dispatch,
|
|
|
|
|
{'POST': 'zerver.views.streams.delete_in_topic'}),
|
|
|
|
|
|
2016-10-27 14:52:56 +02:00
|
|
|
url(r'^default_streams$', rest_dispatch,
|
2016-12-31 08:31:34 +01:00
|
|
|
{'POST': 'zerver.views.streams.add_default_stream',
|
2016-06-24 02:26:09 +02:00
|
|
|
'DELETE': 'zerver.views.streams.remove_default_stream'}),
|
2017-11-14 20:33:09 +01:00
|
|
|
url(r'^default_stream_groups/create$', rest_dispatch,
|
|
|
|
|
{'POST': 'zerver.views.streams.create_default_stream_group'}),
|
|
|
|
|
url(r'^default_stream_groups/(?P<group_id>\d+)$', rest_dispatch,
|
2017-11-14 20:51:34 +01:00
|
|
|
{'PATCH': 'zerver.views.streams.update_default_stream_group_info',
|
|
|
|
|
'DELETE': 'zerver.views.streams.remove_default_stream_group'}),
|
2017-11-14 20:33:09 +01:00
|
|
|
url(r'^default_stream_groups/(?P<group_id>\d+)/streams$', rest_dispatch,
|
|
|
|
|
{'PATCH': 'zerver.views.streams.update_default_stream_group_streams'}),
|
2015-11-23 14:35:16 +01:00
|
|
|
# GET lists your streams, POST bulk adds, PATCH bulk modifies/removes
|
2016-10-27 14:52:56 +02:00
|
|
|
url(r'^users/me/subscriptions$', rest_dispatch,
|
2016-06-24 02:26:09 +02:00
|
|
|
{'GET': 'zerver.views.streams.list_subscriptions_backend',
|
|
|
|
|
'POST': 'zerver.views.streams.add_subscriptions_backend',
|
2016-12-23 02:37:10 +01:00
|
|
|
'PATCH': 'zerver.views.streams.update_subscriptions_backend',
|
|
|
|
|
'DELETE': 'zerver.views.streams.remove_subscriptions_backend'}),
|
2017-01-10 01:23:53 +01:00
|
|
|
# muting -> zerver.views.muting
|
|
|
|
|
url(r'^users/me/subscriptions/muted_topics$', rest_dispatch,
|
2017-08-29 21:40:38 +02:00
|
|
|
{'PATCH': 'zerver.views.muting.update_muted_topic'}),
|
2015-11-23 14:35:16 +01:00
|
|
|
|
2016-06-24 02:26:09 +02:00
|
|
|
# used to register for an event queue in tornado
|
2016-10-27 14:52:56 +02:00
|
|
|
url(r'^register$', rest_dispatch,
|
2017-02-20 07:53:47 +01:00
|
|
|
{'POST': 'zerver.views.events_register.events_register_backend'}),
|
2016-06-25 00:51:07 +02:00
|
|
|
|
2016-11-27 06:50:54 +01:00
|
|
|
# events -> zerver.tornado.views
|
2016-10-27 14:52:56 +02:00
|
|
|
url(r'^events$', rest_dispatch,
|
2018-07-13 13:10:12 +02:00
|
|
|
{'GET': 'zerver.tornado.views.get_events',
|
2016-11-27 06:50:54 +01:00
|
|
|
'DELETE': 'zerver.tornado.views.cleanup_event_queue'}),
|
2017-10-16 22:07:19 +02:00
|
|
|
|
|
|
|
|
# report -> zerver.views.report
|
2019-07-01 13:22:54 +02:00
|
|
|
#
|
|
|
|
|
# These endpoints are for internal error/performance reporting
|
|
|
|
|
# from the browser to the webapp, and we don't expect to ever
|
|
|
|
|
# include in our API documentation.
|
2017-10-16 22:07:19 +02:00
|
|
|
url(r'^report/error$', rest_dispatch,
|
2018-12-17 00:10:20 +01:00
|
|
|
# Logged-out browsers can hit this endpoint, for portico page JS exceptions.
|
2019-07-01 13:22:54 +02:00
|
|
|
{'POST': ('zerver.views.report.report_error', {'allow_anonymous_user_web',
|
|
|
|
|
'intentionally_undocumented'})}),
|
2017-10-16 22:07:19 +02:00
|
|
|
url(r'^report/send_times$', rest_dispatch,
|
2019-07-01 13:22:54 +02:00
|
|
|
{'POST': ('zerver.views.report.report_send_times', {'intentionally_undocumented'})}),
|
2017-10-16 22:07:19 +02:00
|
|
|
url(r'^report/narrow_times$', rest_dispatch,
|
2019-07-01 13:22:54 +02:00
|
|
|
{'POST': ('zerver.views.report.report_narrow_times', {'intentionally_undocumented'})}),
|
2017-10-16 22:07:19 +02:00
|
|
|
url(r'^report/unnarrow_times$', rest_dispatch,
|
2019-07-01 13:22:54 +02:00
|
|
|
{'POST': ('zerver.views.report.report_unnarrow_times', {'intentionally_undocumented'})}),
|
2018-12-28 20:45:54 +01:00
|
|
|
|
|
|
|
|
# Used to generate a Zoom video call URL
|
|
|
|
|
url(r'^calls/create$', rest_dispatch,
|
2019-03-27 00:57:33 +01:00
|
|
|
{'GET': 'zerver.views.video_calls.get_zoom_url'}),
|
|
|
|
|
|
2019-08-01 19:59:36 +02:00
|
|
|
# export/realm -> zerver.views.realm_export
|
2019-06-06 21:58:10 +02:00
|
|
|
url(r'^export/realm$', rest_dispatch,
|
2019-06-24 02:51:13 +02:00
|
|
|
{'POST': 'zerver.views.realm_export.export_realm',
|
|
|
|
|
'GET': 'zerver.views.realm_export.get_realm_exports'}),
|
2019-08-01 19:59:36 +02:00
|
|
|
url(r'^export/realm/(?P<export_id>.*)$', rest_dispatch,
|
|
|
|
|
{'DELETE': 'zerver.views.realm_export.delete_realm_export'}),
|
2016-06-24 02:26:09 +02:00
|
|
|
]
|
2013-11-05 23:50:19 +01:00
|
|
|
|
2017-10-18 07:09:22 +02:00
|
|
|
# These views serve pages (HTML). As such, their internationalization
|
|
|
|
|
# must depend on the url.
|
|
|
|
|
#
|
|
|
|
|
# If you're adding a new page to the website (as opposed to a new
|
|
|
|
|
# endpoint for use by code), you should add it here.
|
|
|
|
|
i18n_urls = [
|
|
|
|
|
url(r'^$', zerver.views.home.home, name='zerver.views.home.home'),
|
|
|
|
|
# We have a desktop-specific landing page in case we change our /
|
|
|
|
|
# to not log in in the future. We don't want to require a new
|
|
|
|
|
# desktop app build for everyone in that case
|
2017-10-27 02:31:10 +02:00
|
|
|
url(r'^desktop_home/$', zerver.views.home.desktop_home,
|
|
|
|
|
name='zerver.views.home.desktop_home'),
|
2017-10-18 07:09:22 +02:00
|
|
|
|
2019-08-27 04:56:51 +02:00
|
|
|
# Backwards-compatibility (legacy) Google auth URL for the mobile
|
|
|
|
|
# apps; see https://github.com/zulip/zulip/issues/13081 for
|
|
|
|
|
# background. We can remove this once older versions of the
|
|
|
|
|
# mobile app are no longer present in the wild.
|
|
|
|
|
url(r'^accounts/login/(google)/$', zerver.views.auth.start_social_login,
|
|
|
|
|
name='login-social'),
|
|
|
|
|
|
2019-11-02 00:05:57 +01:00
|
|
|
url(r'^accounts/login/sso/$', zerver.views.auth.remote_user_sso, name='login-sso'),
|
|
|
|
|
url(r'^accounts/login/jwt/$', zerver.views.auth.remote_user_jwt, name='login-jwt'),
|
|
|
|
|
url(r'^accounts/login/social/([\w,-]+)$', zerver.views.auth.start_social_login,
|
|
|
|
|
name='login-social'),
|
|
|
|
|
url(r'^accounts/login/social/([\w,-]+)/([\w,-]+)$', zerver.views.auth.start_social_login,
|
|
|
|
|
name='login-social-extra-arg'),
|
|
|
|
|
|
2019-07-09 23:18:21 +02:00
|
|
|
url(r'^accounts/register/social/([\w,-]+)$',
|
|
|
|
|
zerver.views.auth.start_social_signup,
|
|
|
|
|
name='signup-social'),
|
2019-10-22 18:23:57 +02:00
|
|
|
url(r'^accounts/register/social/([\w,-]+)/([\w,-]+)$',
|
|
|
|
|
zerver.views.auth.start_social_signup,
|
|
|
|
|
name='signup-social-extra-arg'),
|
2017-10-27 02:45:38 +02:00
|
|
|
url(r'^accounts/login/subdomain/([^/]+)$', zerver.views.auth.log_into_subdomain,
|
2017-10-27 02:31:10 +02:00
|
|
|
name='zerver.views.auth.log_into_subdomain'),
|
|
|
|
|
url(r'^accounts/login/local/$', zerver.views.auth.dev_direct_login,
|
|
|
|
|
name='zerver.views.auth.dev_direct_login'),
|
2019-03-25 22:12:51 +01:00
|
|
|
# We have two entries for accounts/login; only the first one is
|
|
|
|
|
# used for URL resolution. The second here is to allow
|
|
|
|
|
# reverse("django.contrib.auth.views.login") in templates to
|
|
|
|
|
# return `/accounts/login/`.
|
2019-08-27 05:45:37 +02:00
|
|
|
url(r'^accounts/login/$', zerver.views.auth.login_page,
|
2017-10-27 02:31:10 +02:00
|
|
|
{'template_name': 'zerver/login.html'}, name='zerver.views.auth.login_page'),
|
2020-02-02 13:12:38 +01:00
|
|
|
url(r'^accounts/login/$', LoginView.as_view(template_name='zerver/login.html'),
|
2017-10-18 07:09:22 +02:00
|
|
|
name='django.contrib.auth.views.login'),
|
2019-08-27 05:45:37 +02:00
|
|
|
url(r'^accounts/logout/$', zerver.views.auth.logout_then_login,
|
2017-10-27 02:31:10 +02:00
|
|
|
name='zerver.views.auth.logout_then_login'),
|
2017-10-18 07:09:22 +02:00
|
|
|
|
2019-08-27 05:45:37 +02:00
|
|
|
url(r'^accounts/webathena_kerberos_login/$',
|
2017-10-18 07:09:22 +02:00
|
|
|
zerver.views.zephyr.webathena_kerberos_login,
|
|
|
|
|
name='zerver.views.zephyr.webathena_kerberos_login'),
|
|
|
|
|
|
2017-11-18 03:30:07 +01:00
|
|
|
url(r'^accounts/password/reset/$', zerver.views.auth.password_reset,
|
|
|
|
|
name='zerver.views.auth.password_reset'),
|
2020-02-02 14:16:38 +01:00
|
|
|
url(r'^accounts/password/reset/done/$',
|
|
|
|
|
PasswordResetDoneView.as_view(template_name='zerver/reset_emailed.html')),
|
2017-10-18 07:09:22 +02:00
|
|
|
url(r'^accounts/password/reset/(?P<uidb64>[0-9A-Za-z]+)/(?P<token>.+)/$',
|
2020-02-02 13:51:39 +01:00
|
|
|
PasswordResetConfirmView.as_view(success_url='/accounts/password/done/',
|
|
|
|
|
template_name='zerver/reset_confirm.html',
|
|
|
|
|
form_class=zerver.forms.LoggingSetPasswordForm),
|
2017-10-18 07:09:22 +02:00
|
|
|
name='django.contrib.auth.views.password_reset_confirm'),
|
|
|
|
|
url(r'^accounts/password/done/$', password_reset_complete,
|
|
|
|
|
{'template_name': 'zerver/reset_done.html'}),
|
2019-08-27 05:45:37 +02:00
|
|
|
url(r'^accounts/deactivated/$',
|
2017-10-27 00:27:59 +02:00
|
|
|
zerver.views.auth.show_deactivation_notice,
|
|
|
|
|
name='zerver.views.auth.show_deactivation_notice'),
|
2017-10-18 07:09:22 +02:00
|
|
|
|
2018-08-12 22:09:34 +02:00
|
|
|
# Displays digest email content in browser.
|
|
|
|
|
url(r'^digest/$', zerver.views.digest.digest_page),
|
|
|
|
|
|
2017-10-18 07:09:22 +02:00
|
|
|
# Registration views, require a confirmation ID.
|
2019-08-27 05:45:37 +02:00
|
|
|
url(r'^accounts/home/$', zerver.views.registration.accounts_home,
|
2017-10-18 07:09:22 +02:00
|
|
|
name='zerver.views.registration.accounts_home'),
|
2019-08-27 05:45:37 +02:00
|
|
|
url(r'^accounts/send_confirm/(?P<email>[\S]+)?$',
|
2017-10-27 02:31:10 +02:00
|
|
|
TemplateView.as_view(template_name='zerver/accounts_send_confirm.html'),
|
2018-08-24 10:01:42 +02:00
|
|
|
name='signup_send_confirm'),
|
2019-08-27 05:45:37 +02:00
|
|
|
url(r'^accounts/new/send_confirm/(?P<email>[\S]+)?$',
|
2018-08-24 10:01:42 +02:00
|
|
|
TemplateView.as_view(template_name='zerver/accounts_send_confirm.html'),
|
2018-08-24 10:22:11 +02:00
|
|
|
{'realm_creation': True}, name='new_realm_send_confirm'),
|
2019-08-27 05:45:37 +02:00
|
|
|
url(r'^accounts/register/$', zerver.views.registration.accounts_register,
|
2017-10-18 07:09:22 +02:00
|
|
|
name='zerver.views.registration.accounts_register'),
|
2019-08-27 05:45:37 +02:00
|
|
|
url(r'^accounts/do_confirm/(?P<confirmation_key>[\w]+)$',
|
2017-11-30 05:07:18 +01:00
|
|
|
zerver.views.registration.check_prereg_key_and_redirect,
|
2017-11-30 04:39:42 +01:00
|
|
|
name='check_prereg_key_and_redirect'),
|
2017-10-18 07:09:22 +02:00
|
|
|
|
2019-08-27 05:45:37 +02:00
|
|
|
url(r'^accounts/confirm_new_email/(?P<confirmation_key>[\w]+)$',
|
2017-10-18 07:09:22 +02:00
|
|
|
zerver.views.user_settings.confirm_email_change,
|
|
|
|
|
name='zerver.views.user_settings.confirm_email_change'),
|
|
|
|
|
|
|
|
|
|
# Email unsubscription endpoint. Allows for unsubscribing from various types of emails,
|
|
|
|
|
# including the welcome emails (day 1 & 2), missed PMs, etc.
|
2019-08-27 05:45:37 +02:00
|
|
|
url(r'^accounts/unsubscribe/(?P<email_type>[\w]+)/(?P<confirmation_key>[\w]+)$',
|
2017-10-27 02:31:10 +02:00
|
|
|
zerver.views.unsubscribe.email_unsubscribe,
|
|
|
|
|
name='zerver.views.unsubscribe.email_unsubscribe'),
|
2017-10-18 07:09:22 +02:00
|
|
|
|
|
|
|
|
# Portico-styled page used to provide email confirmation of terms acceptance.
|
2017-10-27 02:31:10 +02:00
|
|
|
url(r'^accounts/accept_terms/$', zerver.views.home.accounts_accept_terms,
|
|
|
|
|
name='zerver.views.home.accounts_accept_terms'),
|
2017-10-18 07:09:22 +02:00
|
|
|
|
|
|
|
|
# Find your account
|
2017-10-27 02:31:10 +02:00
|
|
|
url(r'^accounts/find/$', zerver.views.registration.find_account,
|
|
|
|
|
name='zerver.views.registration.find_account'),
|
2017-10-18 07:09:22 +02:00
|
|
|
|
2018-08-25 14:06:17 +02:00
|
|
|
# Go to organization subdomain
|
|
|
|
|
url(r'^accounts/go/$', zerver.views.registration.realm_redirect,
|
|
|
|
|
name='zerver.views.registration.realm_redirect'),
|
|
|
|
|
|
2017-10-18 07:09:22 +02:00
|
|
|
# Realm Creation
|
2018-02-28 16:41:21 +01:00
|
|
|
url(r'^new/$', zerver.views.registration.create_realm,
|
2017-10-27 02:31:10 +02:00
|
|
|
name='zerver.views.create_realm'),
|
2018-02-28 16:41:21 +01:00
|
|
|
url(r'^new/(?P<creation_key>[\w]+)$',
|
2017-10-27 02:31:10 +02:00
|
|
|
zerver.views.registration.create_realm, name='zerver.views.create_realm'),
|
2017-10-18 07:09:22 +02:00
|
|
|
|
2018-11-12 14:15:49 +01:00
|
|
|
# Realm Reactivation
|
2019-08-27 05:45:37 +02:00
|
|
|
url(r'^reactivate/(?P<confirmation_key>[\w]+)$', zerver.views.realm.realm_reactivation,
|
2018-11-12 14:15:49 +01:00
|
|
|
name='zerver.views.realm.realm_reactivation'),
|
|
|
|
|
|
2018-04-27 15:48:55 +02:00
|
|
|
# Global public streams (Zulip's way of doing archives)
|
2018-07-12 10:27:14 +02:00
|
|
|
url(r'^archive/streams/(?P<stream_id>\d+)/topics/(?P<topic_name>[^/]+)$',
|
2018-04-27 15:48:55 +02:00
|
|
|
zerver.views.archive.archive,
|
|
|
|
|
name='zerver.views.archive.archive'),
|
2018-06-14 00:44:22 +02:00
|
|
|
url(r'^archive/streams/(?P<stream_id>\d+)/topics$',
|
|
|
|
|
zerver.views.archive.get_web_public_topics_backend,
|
|
|
|
|
name='zerver.views.archive.get_web_public_topics_backend'),
|
2018-04-27 15:48:55 +02:00
|
|
|
|
2017-10-18 07:09:22 +02:00
|
|
|
# Login/registration
|
|
|
|
|
url(r'^register/$', zerver.views.registration.accounts_home, name='register'),
|
2017-10-27 02:31:10 +02:00
|
|
|
url(r'^login/$', zerver.views.auth.login_page, {'template_name': 'zerver/login.html'},
|
|
|
|
|
name='zerver.views.auth.login_page'),
|
2017-10-18 07:09:22 +02:00
|
|
|
|
2017-10-27 02:31:10 +02:00
|
|
|
url(r'^join/(?P<confirmation_key>\S+)/$',
|
|
|
|
|
zerver.views.registration.accounts_home_from_multiuse_invite,
|
2017-10-18 07:09:22 +02:00
|
|
|
name='zerver.views.registration.accounts_home_from_multiuse_invite'),
|
|
|
|
|
|
|
|
|
|
# API and integrations documentation
|
2017-10-27 02:31:10 +02:00
|
|
|
url(r'^integrations/doc-html/(?P<integration_name>[^/]*)$',
|
2019-02-05 22:23:46 +01:00
|
|
|
zerver.views.documentation.integration_doc,
|
|
|
|
|
name="zerver.views.documentation.integration_doc"),
|
2019-08-27 05:45:37 +02:00
|
|
|
url(r'^integrations/(.*)$', IntegrationView.as_view()),
|
2017-10-18 07:09:22 +02:00
|
|
|
|
|
|
|
|
# Landing page, features pages, signup form, etc.
|
2019-03-20 13:13:44 +01:00
|
|
|
url(r'^hello/$', TemplateView.as_view(template_name='zerver/hello.html',
|
|
|
|
|
get_context_data=latest_info_context),
|
|
|
|
|
name='landing-page'),
|
2017-10-18 07:09:22 +02:00
|
|
|
url(r'^new-user/$', RedirectView.as_view(url='/hello', permanent=True)),
|
|
|
|
|
url(r'^features/$', TemplateView.as_view(template_name='zerver/features.html')),
|
2020-01-29 21:11:23 +01:00
|
|
|
url(r'^plans/$', zerver.views.portico.plans_view, name='plans'),
|
|
|
|
|
url(r'^apps/(.*)$', zerver.views.portico.apps_view, name='zerver.views.home.apps_view'),
|
|
|
|
|
url(r'^team/$', zerver.views.portico.team_view),
|
|
|
|
|
url(r'^history/$', TemplateView.as_view(template_name='zerver/history.html')),
|
2017-10-18 07:09:22 +02:00
|
|
|
url(r'^why-zulip/$', TemplateView.as_view(template_name='zerver/why-zulip.html')),
|
|
|
|
|
url(r'^for/open-source/$', TemplateView.as_view(template_name='zerver/for-open-source.html')),
|
|
|
|
|
url(r'^for/companies/$', TemplateView.as_view(template_name='zerver/for-companies.html')),
|
2017-10-27 02:31:10 +02:00
|
|
|
url(r'^for/working-groups-and-communities/$',
|
|
|
|
|
TemplateView.as_view(template_name='zerver/for-working-groups-and-communities.html')),
|
2017-11-18 03:40:30 +01:00
|
|
|
url(r'^for/mystery-hunt/$', TemplateView.as_view(template_name='zerver/for-mystery-hunt.html')),
|
2018-10-31 02:23:02 +01:00
|
|
|
url(r'^security/$', TemplateView.as_view(template_name='zerver/security.html')),
|
2018-12-15 00:12:09 +01:00
|
|
|
url(r'^atlassian/$', TemplateView.as_view(template_name='zerver/atlassian.html')),
|
2017-10-18 07:09:22 +02:00
|
|
|
|
|
|
|
|
# Terms of Service and privacy pages.
|
2020-01-29 00:05:06 +01:00
|
|
|
url(r'^terms/$', zerver.views.portico.terms_view, name='terms'),
|
|
|
|
|
url(r'^privacy/$', zerver.views.portico.privacy_view, name='privacy'),
|
2017-10-18 07:09:22 +02:00
|
|
|
|
|
|
|
|
url(r'^config-error/google$', TemplateView.as_view(
|
|
|
|
|
template_name='zerver/config_error.html',),
|
|
|
|
|
{'google_error': True},),
|
|
|
|
|
url(r'^config-error/github$', TemplateView.as_view(
|
|
|
|
|
template_name='zerver/config_error.html',),
|
|
|
|
|
{'github_error': True},),
|
|
|
|
|
url(r'^config-error/smtp$', TemplateView.as_view(
|
|
|
|
|
template_name='zerver/config_error.html',),
|
|
|
|
|
{'smtp_error': True},),
|
|
|
|
|
url(r'^config-error/ldap$', TemplateView.as_view(
|
|
|
|
|
template_name='zerver/config_error.html',),
|
|
|
|
|
{'ldap_error_realm_is_none': True},
|
|
|
|
|
name='ldap_error_realm_is_none'),
|
2018-02-21 06:31:53 +01:00
|
|
|
url(r'^config-error/dev$', TemplateView.as_view(
|
|
|
|
|
template_name='zerver/config_error.html',),
|
|
|
|
|
{'dev_not_supported_error': True},
|
|
|
|
|
name='dev_not_supported'),
|
2019-09-29 06:32:56 +02:00
|
|
|
url(r'^config-error/saml$', TemplateView.as_view(
|
|
|
|
|
template_name='zerver/config_error.html',),
|
|
|
|
|
{'saml_error': True},),
|
2019-12-11 23:13:21 +01:00
|
|
|
url(r'^config-error/remoteuser/backend_disabled$', TemplateView.as_view(
|
|
|
|
|
template_name='zerver/config_error.html',),
|
|
|
|
|
{'remoteuser_error_backend_disabled': True},),
|
|
|
|
|
url(r'^config-error/remoteuser/remote_user_header_missing$', TemplateView.as_view(
|
|
|
|
|
template_name='zerver/config_error.html',),
|
|
|
|
|
{'remoteuser_error_remote_user_header_missing': True},),
|
2017-10-18 07:09:22 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
|
|
# Make a copy of i18n_urls so that they appear without prefix for english
|
|
|
|
|
urls = list(i18n_urls)
|
|
|
|
|
|
2016-06-25 00:33:50 +02:00
|
|
|
# Include the dual-use patterns twice
|
2016-06-25 00:38:41 +02:00
|
|
|
urls += [
|
2016-06-25 00:33:50 +02:00
|
|
|
url(r'^api/v1/', include(v1_api_and_json_patterns)),
|
|
|
|
|
url(r'^json/', include(v1_api_and_json_patterns)),
|
|
|
|
|
]
|
|
|
|
|
|
2016-06-27 16:41:58 +02:00
|
|
|
# user_uploads -> zerver.views.upload.serve_file_backend
|
|
|
|
|
#
|
|
|
|
|
# This url is an exception to the url naming schemes for endpoints. It
|
|
|
|
|
# supports both API and session cookie authentication, using a single
|
|
|
|
|
# URL for both (not 'api/v1/' or 'json/' prefix). This is required to
|
|
|
|
|
# easily support the mobile apps fetching uploaded files without
|
|
|
|
|
# having to rewrite URLs, and is implemented using the
|
|
|
|
|
# 'override_api_url_scheme' flag passed to rest_dispatch
|
2018-08-13 19:09:09 +02:00
|
|
|
urls += [
|
2019-08-27 05:45:37 +02:00
|
|
|
url(r'^user_uploads/(?P<realm_id_str>(\d*|unk))/(?P<filename>.*)$',
|
2018-08-13 19:09:09 +02:00
|
|
|
rest_dispatch,
|
|
|
|
|
{'GET': ('zerver.views.upload.serve_file_backend',
|
|
|
|
|
{'override_api_url_scheme'})}),
|
|
|
|
|
# This endpoint serves thumbnailed versions of images using thumbor;
|
|
|
|
|
# it requires an exception for the same reason.
|
|
|
|
|
url(r'^thumbnail', rest_dispatch,
|
|
|
|
|
{'GET': ('zerver.views.thumbnail.backend_serve_thumbnail',
|
|
|
|
|
{'override_api_url_scheme'})}),
|
|
|
|
|
# Avatars have the same constraint due to `!avatar` syntax.
|
2019-08-27 05:45:37 +02:00
|
|
|
url(r'^avatar/(?P<email_or_id>[\S]+)/(?P<medium>[\S]+)?$',
|
2018-08-13 19:09:09 +02:00
|
|
|
rest_dispatch,
|
|
|
|
|
{'GET': ('zerver.views.users.avatar',
|
|
|
|
|
{'override_api_url_scheme'})}),
|
2019-08-27 05:45:37 +02:00
|
|
|
url(r'^avatar/(?P<email_or_id>[\S]+)$',
|
2018-08-13 19:09:09 +02:00
|
|
|
rest_dispatch,
|
|
|
|
|
{'GET': ('zerver.views.users.avatar',
|
|
|
|
|
{'override_api_url_scheme'})}),
|
|
|
|
|
]
|
2016-06-27 16:41:58 +02:00
|
|
|
|
2018-04-11 05:50:08 +02:00
|
|
|
# This url serves as a way to recieve CSP violation reports from the users.
|
|
|
|
|
# We use this endpoint to just log these reports.
|
|
|
|
|
urls += url(r'^report/csp_violations$', zerver.views.report.report_csp_violations,
|
|
|
|
|
name='zerver.views.report.report_csp_violations'),
|
2018-03-08 09:37:09 +01:00
|
|
|
|
2018-12-17 17:27:05 +01:00
|
|
|
# This url serves as a way to provide backward compatibility to messages
|
|
|
|
|
# rendered at the time Zulip used camo for doing http -> https conversion for
|
|
|
|
|
# such links with images previews. Now thumbor can be used for serving such
|
|
|
|
|
# images.
|
2019-08-27 05:45:37 +02:00
|
|
|
urls += url(r'^external_content/(?P<digest>[\S]+)/(?P<received_url>[\S]+)$',
|
2018-12-17 17:27:05 +01:00
|
|
|
zerver.views.camo.handle_camo_url,
|
|
|
|
|
name='zerver.views.camo.handle_camo_url'),
|
|
|
|
|
|
2016-06-25 18:30:30 +02:00
|
|
|
# Incoming webhook URLs
|
2016-11-14 21:06:39 +01:00
|
|
|
# We don't create urls for particular git integrations here
|
|
|
|
|
# because of generic one below
|
2016-07-25 22:12:12 +02:00
|
|
|
for incoming_webhook in WEBHOOK_INTEGRATIONS:
|
2016-11-14 21:06:39 +01:00
|
|
|
if incoming_webhook.url_object:
|
|
|
|
|
urls.append(incoming_webhook.url_object)
|
|
|
|
|
|
2018-01-05 21:30:55 +01:00
|
|
|
# Desktop-specific authentication URLs
|
|
|
|
|
urls += [
|
|
|
|
|
url(r'^json/fetch_api_key$', rest_dispatch,
|
|
|
|
|
{'POST': 'zerver.views.auth.json_fetch_api_key'}),
|
|
|
|
|
]
|
|
|
|
|
|
2016-06-25 18:30:30 +02:00
|
|
|
# Mobile-specific authentication URLs
|
|
|
|
|
urls += [
|
2019-08-20 00:33:09 +02:00
|
|
|
# Used as a global check by all mobile clients, which currently send
|
|
|
|
|
# requests to https://zulipchat.com/compatibility almost immediately after
|
|
|
|
|
# starting up.
|
|
|
|
|
url(r'^compatibility$', zerver.views.compatibility.check_global_compatibility),
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
v1_api_mobile_patterns = [
|
2017-05-04 01:13:56 +02:00
|
|
|
# This json format view used by the mobile apps lists which
|
|
|
|
|
# authentication backends the server allows as well as details
|
2018-12-06 02:49:34 +01:00
|
|
|
# like the requested subdomains'd realm icon (if known) and
|
|
|
|
|
# server-specific compatibility.
|
2019-08-20 00:33:09 +02:00
|
|
|
url(r'^server_settings$', zerver.views.auth.api_get_server_settings),
|
2016-06-21 03:32:23 +02:00
|
|
|
|
2016-06-25 18:30:30 +02:00
|
|
|
# This json format view used by the mobile apps accepts a username
|
|
|
|
|
# password/pair and returns an API key.
|
2019-08-20 00:33:09 +02:00
|
|
|
url(r'^fetch_api_key$', zerver.views.auth.api_fetch_api_key,
|
2017-10-27 02:31:10 +02:00
|
|
|
name='zerver.views.auth.api_fetch_api_key'),
|
2016-06-25 18:30:30 +02:00
|
|
|
|
|
|
|
|
# This is for the signing in through the devAuthBackEnd on mobile apps.
|
2019-08-20 00:33:09 +02:00
|
|
|
url(r'^dev_fetch_api_key$', zerver.views.auth.api_dev_fetch_api_key,
|
2017-10-27 02:31:10 +02:00
|
|
|
name='zerver.views.auth.api_dev_fetch_api_key'),
|
2016-06-25 18:30:30 +02:00
|
|
|
# This is for fetching the emails of the admins and the users.
|
2019-08-20 00:33:09 +02:00
|
|
|
url(r'^dev_list_users$', zerver.views.auth.api_dev_list_users,
|
2018-04-05 21:16:56 +02:00
|
|
|
name='zerver.views.auth.api_dev_list_users'),
|
2016-06-25 18:30:30 +02:00
|
|
|
|
|
|
|
|
# Used to present the GOOGLE_CLIENT_ID to mobile apps
|
2019-08-20 00:33:09 +02:00
|
|
|
url(r'^fetch_google_client_id$',
|
2016-10-27 14:52:56 +02:00
|
|
|
zerver.views.auth.api_fetch_google_client_id,
|
|
|
|
|
name='zerver.views.auth.api_fetch_google_client_id'),
|
2016-06-25 18:30:30 +02:00
|
|
|
]
|
2019-08-20 00:33:09 +02:00
|
|
|
urls += [
|
|
|
|
|
url(r'^api/v1/', include(v1_api_mobile_patterns)),
|
|
|
|
|
]
|
2016-06-25 18:30:30 +02:00
|
|
|
|
2017-04-18 17:28:55 +02:00
|
|
|
# View for uploading messages from email mirror
|
|
|
|
|
urls += [
|
|
|
|
|
url(r'^email_mirror_message$', zerver.views.email_mirror.email_mirror_message,
|
|
|
|
|
name='zerver.views.email_mirror.email_mirror_message'),
|
|
|
|
|
]
|
|
|
|
|
|
2016-04-27 06:39:34 +02:00
|
|
|
# Include URL configuration files for site-specified extra installed
|
|
|
|
|
# Django apps
|
|
|
|
|
for app_name in settings.EXTRA_INSTALLED_APPS:
|
|
|
|
|
app_dir = os.path.join(settings.DEPLOY_ROOT, app_name)
|
|
|
|
|
if os.path.exists(os.path.join(app_dir, 'urls.py')):
|
2016-06-25 00:38:41 +02:00
|
|
|
urls += [url(r'^', include('%s.urls' % (app_name,)))]
|
2016-05-19 17:33:30 +02:00
|
|
|
i18n_urls += import_string("{}.urls.i18n_urlpatterns".format(app_name))
|
2013-07-05 20:04:47 +02:00
|
|
|
|
2016-06-25 00:38:41 +02:00
|
|
|
# Tornado views
|
|
|
|
|
urls += [
|
2012-10-09 22:21:03 +02:00
|
|
|
# Used internally for communication between Django and Tornado processes
|
2016-11-27 06:50:54 +01:00
|
|
|
url(r'^notify_tornado$', zerver.tornado.views.notify, name='zerver.tornado.views.notify'),
|
2018-07-13 12:58:16 +02:00
|
|
|
url(r'^api/v1/events/internal$', zerver.tornado.views.get_events_internal),
|
2016-06-24 01:02:44 +02:00
|
|
|
]
|
2012-10-15 22:47:52 +02:00
|
|
|
|
2016-07-20 13:33:27 +02:00
|
|
|
# Python Social Auth
|
2020-01-27 12:05:32 +01:00
|
|
|
|
|
|
|
|
# This overrides the analogical entry in social_django.urls, because we want run our own code
|
|
|
|
|
# at the beginning of social auth process. If deleting this override in the future,
|
|
|
|
|
# it should be possible to remove urls.W003 from SILENCED_SYSTEM_CHECKS.
|
|
|
|
|
urls += [url(r'^login/(?P<backend>[^/]+)/$', zerver.views.auth.social_auth, name='social:begin')]
|
|
|
|
|
|
2017-01-21 16:52:59 +01:00
|
|
|
urls += [url(r'^', include('social_django.urls', namespace='social'))]
|
2019-09-29 06:32:56 +02:00
|
|
|
urls += [url(r'^saml/metadata.xml$', zerver.views.auth.saml_sp_metadata)]
|
2016-07-20 13:33:27 +02:00
|
|
|
|
2016-11-09 01:45:36 +01:00
|
|
|
# User documentation site
|
2017-07-25 02:35:22 +02:00
|
|
|
urls += [url(r'^help/(?P<article>.*)$',
|
2018-08-18 15:42:01 +02:00
|
|
|
MarkdownDirectoryView.as_view(template_name='zerver/documentation_main.html',
|
2017-07-25 02:35:22 +02:00
|
|
|
path_template='/zerver/help/%s.md'))]
|
2017-11-11 02:49:43 +01:00
|
|
|
urls += [url(r'^api/(?P<article>[-\w]*\/?)$',
|
2018-08-18 15:42:01 +02:00
|
|
|
MarkdownDirectoryView.as_view(template_name='zerver/documentation_main.html',
|
2017-07-25 02:37:04 +02:00
|
|
|
path_template='/zerver/api/%s.md'))]
|
2016-11-09 01:45:36 +01:00
|
|
|
|
2017-07-12 09:36:51 +02:00
|
|
|
# Two Factor urls
|
|
|
|
|
if settings.TWO_FACTOR_AUTHENTICATION_ENABLED:
|
2018-05-01 07:53:37 +02:00
|
|
|
urls += [url(r'', include(tf_urls)),
|
|
|
|
|
url(r'', include(tf_twilio_urls))]
|
2017-07-12 09:36:51 +02:00
|
|
|
|
2015-08-21 08:55:12 +02:00
|
|
|
if settings.DEVELOPMENT:
|
2016-06-25 03:44:32 +02:00
|
|
|
urls += dev_urls.urls
|
2016-06-25 19:04:36 +02:00
|
|
|
i18n_urls += dev_urls.i18n_urls
|
2016-06-25 00:33:07 +02:00
|
|
|
|
2016-05-19 17:33:30 +02:00
|
|
|
# The sequence is important; if i18n urls don't come first then
|
|
|
|
|
# reverse url mapping points to i18n urls which causes the frontend
|
|
|
|
|
# tests to fail
|
2016-06-25 00:38:41 +02:00
|
|
|
urlpatterns = i18n_patterns(*i18n_urls) + urls + legacy_urls
|
errors: Force a super-simpler handler for 400 errors.
This works around a bug in Django in handling the error case of a
client sending an inappropriate HTTP `Host:` header. Various
internal Django machinery expects to be able to casually call
`request.get_host()`, which will attempt to parse that header, so an
exception will be raised. The exception-handling machinery attempts
to catch that exception and just turn it into a 400 response... but
in a certain case, that machinery itself ends up trying to call
`request.get_host()`, and we end up with an uncaught exception that
causes a 500 response, a chain of tracebacks in the logs, and an email
to the server admins. See example below.
That `request.get_host` call comes in the midst of some CSRF-related
middleware, which doesn't even serve any function unless you have a
form in your 400 response page that you want CSRF protection for.
We use the default 400 response page, which is a 26-byte static
HTML error message. So, just send that with no further ado.
Example exception from server logs (lightly edited):
2017-10-08 09:51:50.835 ERR [django.security.DisallowedHost] Invalid HTTP_HOST header: 'example.com'. You may need to add 'example.com' to ALLOWED_HOSTS.
2017-10-08 09:51:50.835 ERR [django.request] Internal Server Error: /loginWithSetCookie
Traceback (most recent call last):
File ".../django/core/handlers/exception.py", line 41, in inner
response = get_response(request)
File ".../django/utils/deprecation.py", line 138, in __call__
response = self.process_request(request)
File ".../django/middleware/common.py", line 57, in process_request
host = request.get_host()
File ".../django/http/request.py", line 113, in get_host
raise DisallowedHost(msg)
django.core.exceptions.DisallowedHost: Invalid HTTP_HOST header: 'example.com'. You may need to add 'example.com' to ALLOWED_HOSTS.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File ".../django/core/handlers/exception.py", line 109, in get_exception_response
response = callback(request, **dict(param_dict, exception=exception))
File ".../django/utils/decorators.py", line 145, in _wrapped_view
result = middleware.process_view(request, view_func, args, kwargs)
File ".../django/middleware/csrf.py", line 276, in process_view
good_referer = request.get_host()
File ".../django/http/request.py", line 113, in get_host
raise DisallowedHost(msg)
django.core.exceptions.DisallowedHost: Invalid HTTP_HOST header: 'example.com'. You may need to add 'example.com' to ALLOWED_HOSTS.
2017-10-10 06:39:36 +02:00
|
|
|
|
2017-10-27 13:03:15 +02:00
|
|
|
def handler400(request: HttpRequest, exception: Exception) -> HttpResponse:
|
2018-02-15 19:37:29 +01:00
|
|
|
# (This workaround should become obsolete with Django 2.1; the
|
|
|
|
|
# issue was fixed upstream in commit 7ec0fdf62 on 2018-02-14.)
|
2017-10-16 20:17:10 +02:00
|
|
|
#
|
errors: Force a super-simpler handler for 400 errors.
This works around a bug in Django in handling the error case of a
client sending an inappropriate HTTP `Host:` header. Various
internal Django machinery expects to be able to casually call
`request.get_host()`, which will attempt to parse that header, so an
exception will be raised. The exception-handling machinery attempts
to catch that exception and just turn it into a 400 response... but
in a certain case, that machinery itself ends up trying to call
`request.get_host()`, and we end up with an uncaught exception that
causes a 500 response, a chain of tracebacks in the logs, and an email
to the server admins. See example below.
That `request.get_host` call comes in the midst of some CSRF-related
middleware, which doesn't even serve any function unless you have a
form in your 400 response page that you want CSRF protection for.
We use the default 400 response page, which is a 26-byte static
HTML error message. So, just send that with no further ado.
Example exception from server logs (lightly edited):
2017-10-08 09:51:50.835 ERR [django.security.DisallowedHost] Invalid HTTP_HOST header: 'example.com'. You may need to add 'example.com' to ALLOWED_HOSTS.
2017-10-08 09:51:50.835 ERR [django.request] Internal Server Error: /loginWithSetCookie
Traceback (most recent call last):
File ".../django/core/handlers/exception.py", line 41, in inner
response = get_response(request)
File ".../django/utils/deprecation.py", line 138, in __call__
response = self.process_request(request)
File ".../django/middleware/common.py", line 57, in process_request
host = request.get_host()
File ".../django/http/request.py", line 113, in get_host
raise DisallowedHost(msg)
django.core.exceptions.DisallowedHost: Invalid HTTP_HOST header: 'example.com'. You may need to add 'example.com' to ALLOWED_HOSTS.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File ".../django/core/handlers/exception.py", line 109, in get_exception_response
response = callback(request, **dict(param_dict, exception=exception))
File ".../django/utils/decorators.py", line 145, in _wrapped_view
result = middleware.process_view(request, view_func, args, kwargs)
File ".../django/middleware/csrf.py", line 276, in process_view
good_referer = request.get_host()
File ".../django/http/request.py", line 113, in get_host
raise DisallowedHost(msg)
django.core.exceptions.DisallowedHost: Invalid HTTP_HOST header: 'example.com'. You may need to add 'example.com' to ALLOWED_HOSTS.
2017-10-10 06:39:36 +02:00
|
|
|
# This behaves exactly like the default Django implementation in
|
|
|
|
|
# the case where you haven't made a template "400.html", which we
|
|
|
|
|
# haven't -- except that it doesn't call `@requires_csrf_token` to
|
|
|
|
|
# attempt to set a `csrf_token` variable that the template could
|
2017-10-16 20:17:10 +02:00
|
|
|
# use if there were a template. We skip @requires_csrf_token
|
|
|
|
|
# because that codepath can raise an error on a bad request, which
|
|
|
|
|
# is exactly the case we're trying to handle when we get here.
|
|
|
|
|
# Bug filed upstream: https://code.djangoproject.com/ticket/28693
|
errors: Force a super-simpler handler for 400 errors.
This works around a bug in Django in handling the error case of a
client sending an inappropriate HTTP `Host:` header. Various
internal Django machinery expects to be able to casually call
`request.get_host()`, which will attempt to parse that header, so an
exception will be raised. The exception-handling machinery attempts
to catch that exception and just turn it into a 400 response... but
in a certain case, that machinery itself ends up trying to call
`request.get_host()`, and we end up with an uncaught exception that
causes a 500 response, a chain of tracebacks in the logs, and an email
to the server admins. See example below.
That `request.get_host` call comes in the midst of some CSRF-related
middleware, which doesn't even serve any function unless you have a
form in your 400 response page that you want CSRF protection for.
We use the default 400 response page, which is a 26-byte static
HTML error message. So, just send that with no further ado.
Example exception from server logs (lightly edited):
2017-10-08 09:51:50.835 ERR [django.security.DisallowedHost] Invalid HTTP_HOST header: 'example.com'. You may need to add 'example.com' to ALLOWED_HOSTS.
2017-10-08 09:51:50.835 ERR [django.request] Internal Server Error: /loginWithSetCookie
Traceback (most recent call last):
File ".../django/core/handlers/exception.py", line 41, in inner
response = get_response(request)
File ".../django/utils/deprecation.py", line 138, in __call__
response = self.process_request(request)
File ".../django/middleware/common.py", line 57, in process_request
host = request.get_host()
File ".../django/http/request.py", line 113, in get_host
raise DisallowedHost(msg)
django.core.exceptions.DisallowedHost: Invalid HTTP_HOST header: 'example.com'. You may need to add 'example.com' to ALLOWED_HOSTS.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File ".../django/core/handlers/exception.py", line 109, in get_exception_response
response = callback(request, **dict(param_dict, exception=exception))
File ".../django/utils/decorators.py", line 145, in _wrapped_view
result = middleware.process_view(request, view_func, args, kwargs)
File ".../django/middleware/csrf.py", line 276, in process_view
good_referer = request.get_host()
File ".../django/http/request.py", line 113, in get_host
raise DisallowedHost(msg)
django.core.exceptions.DisallowedHost: Invalid HTTP_HOST header: 'example.com'. You may need to add 'example.com' to ALLOWED_HOSTS.
2017-10-10 06:39:36 +02:00
|
|
|
#
|
|
|
|
|
# This function is used just because it has this special name in
|
|
|
|
|
# the root urls.py file; for more details, see:
|
|
|
|
|
# https://docs.djangoproject.com/en/1.11/topics/http/views/#customizing-error-views
|
|
|
|
|
return HttpResponseBadRequest(
|
|
|
|
|
'<h1>Bad Request (400)</h1>', content_type='text/html')
|
