2013-04-23 18:51:17 +02:00
|
|
|
from __future__ import absolute_import
|
|
|
|
|
2016-05-25 15:02:02 +02:00
|
|
|
from django.utils.translation import ugettext as _
|
2016-06-06 01:54:58 +02:00
|
|
|
from django.http import HttpResponseRedirect, HttpResponse
|
2016-04-21 23:48:34 +02:00
|
|
|
from django.contrib.auth import REDIRECT_FIELD_NAME
|
2012-11-06 20:27:55 +01:00
|
|
|
from django.views.decorators.csrf import csrf_exempt
|
2016-06-06 01:54:58 +02:00
|
|
|
from django.http import QueryDict, HttpResponseNotAllowed, HttpRequest
|
2013-03-21 20:18:44 +01:00
|
|
|
from django.http.multipartparser import MultiPartParser
|
2013-07-29 23:03:31 +02:00
|
|
|
from zerver.models import UserProfile, get_client, get_user_profile_by_email
|
2016-11-15 17:20:22 +01:00
|
|
|
from zerver.lib.response import json_error, json_unauthorized, json_success
|
2016-04-21 23:48:34 +02:00
|
|
|
from django.shortcuts import resolve_url
|
|
|
|
from django.utils.decorators import available_attrs
|
2017-04-15 04:03:56 +02:00
|
|
|
from django.utils.timezone import now as timezone_now
|
2012-11-28 05:37:13 +01:00
|
|
|
from django.conf import settings
|
2013-07-29 23:03:31 +02:00
|
|
|
from zerver.lib.queue import queue_json_publish
|
2016-12-22 04:46:31 +01:00
|
|
|
from zerver.lib.timestamp import datetime_to_timestamp, timestamp_to_datetime
|
2016-07-19 14:35:08 +02:00
|
|
|
from zerver.lib.utils import statsd, get_subdomain, check_subdomain
|
2013-07-29 23:03:31 +02:00
|
|
|
from zerver.exceptions import RateLimited
|
|
|
|
from zerver.lib.rate_limiter import incr_ratelimit, is_ratelimited, \
|
2017-01-24 07:06:13 +01:00
|
|
|
api_calls_left
|
2016-05-29 16:52:55 +02:00
|
|
|
from zerver.lib.request import REQ, has_request_variables, JsonableError, RequestVariableMissingError
|
2016-06-06 01:54:58 +02:00
|
|
|
from django.core.handlers import base
|
2013-10-17 16:33:04 +02:00
|
|
|
|
2012-11-02 00:23:26 +01:00
|
|
|
from functools import wraps
|
2013-03-21 20:15:27 +01:00
|
|
|
import base64
|
2016-12-22 04:46:31 +01:00
|
|
|
import datetime
|
2013-05-29 23:58:07 +02:00
|
|
|
import logging
|
2013-07-02 17:30:04 +02:00
|
|
|
import cProfile
|
2016-07-15 07:42:54 +02:00
|
|
|
from io import BytesIO
|
2016-04-21 23:48:34 +02:00
|
|
|
from six.moves import zip, urllib
|
2013-04-16 22:52:32 +02:00
|
|
|
|
2016-10-27 23:55:31 +02:00
|
|
|
from typing import Union, Any, Callable, Sequence, Dict, Optional, TypeVar, Text, cast
|
2016-07-07 21:50:08 +02:00
|
|
|
from zerver.lib.str_utils import force_bytes
|
2016-06-06 01:54:58 +02:00
|
|
|
|
2016-10-27 23:55:31 +02:00
|
|
|
# This is a hack to ensure that RemoteZulipServer always exists even
|
|
|
|
# if Zilencer isn't enabled.
|
|
|
|
if settings.ZILENCER_ENABLED:
|
|
|
|
from zilencer.models import get_remote_server_by_uuid, RemoteZulipServer
|
|
|
|
else:
|
|
|
|
from mock import Mock
|
|
|
|
get_remote_server_by_uuid = Mock()
|
|
|
|
RemoteZulipServer = Mock() # type: ignore # https://github.com/JukkaL/mypy/issues/1188
|
|
|
|
|
2016-07-22 15:10:19 +02:00
|
|
|
FuncT = TypeVar('FuncT', bound=Callable[..., Any])
|
|
|
|
ViewFuncT = TypeVar('ViewFuncT', bound=Callable[..., HttpResponse])
|
|
|
|
|
2012-11-28 06:16:28 +01:00
|
|
|
class _RespondAsynchronously(object):
|
|
|
|
pass
|
2012-08-28 22:56:21 +02:00
|
|
|
|
2012-11-28 06:16:28 +01:00
|
|
|
# Return RespondAsynchronously from an @asynchronous view if the
|
2013-08-06 22:21:12 +02:00
|
|
|
# response will be provided later by calling handler.zulip_finish(),
|
2013-03-15 17:28:03 +01:00
|
|
|
# or has already been provided this way. We use this for longpolling
|
|
|
|
# mode.
|
2012-11-28 06:16:28 +01:00
|
|
|
RespondAsynchronously = _RespondAsynchronously()
|
2012-08-28 22:56:21 +02:00
|
|
|
|
|
|
|
def asynchronous(method):
|
2016-06-06 01:54:58 +02:00
|
|
|
# type: (Callable[..., Union[HttpResponse, _RespondAsynchronously]]) -> Callable[..., Union[HttpResponse, _RespondAsynchronously]]
|
|
|
|
# TODO: this should be the correct annotation when mypy gets fixed: type:
|
|
|
|
# (Callable[[HttpRequest, base.BaseHandler, Sequence[Any], Dict[str, Any]], Union[HttpResponse, _RespondAsynchronously]]) ->
|
|
|
|
# Callable[[HttpRequest, Sequence[Any], Dict[str, Any]], Union[HttpResponse, _RespondAsynchronously]]
|
|
|
|
# TODO: see https://github.com/python/mypy/issues/1655
|
2012-11-02 00:23:26 +01:00
|
|
|
@wraps(method)
|
2012-08-28 22:56:21 +02:00
|
|
|
def wrapper(request, *args, **kwargs):
|
2016-06-06 01:54:58 +02:00
|
|
|
# type: (HttpRequest, *Any, **Any) -> Union[HttpResponse, _RespondAsynchronously]
|
2012-11-28 06:16:28 +01:00
|
|
|
return method(request, handler=request._tornado_handler, *args, **kwargs)
|
2012-10-27 23:56:01 +02:00
|
|
|
if getattr(method, 'csrf_exempt', False):
|
2016-01-27 20:38:00 +01:00
|
|
|
wrapper.csrf_exempt = True # type: ignore # https://github.com/JukkaL/mypy/issues/1170
|
2012-08-28 22:56:21 +02:00
|
|
|
return wrapper
|
2012-11-06 20:27:55 +01:00
|
|
|
|
2013-03-26 20:29:47 +01:00
|
|
|
def update_user_activity(request, user_profile):
|
2016-06-06 01:54:58 +02:00
|
|
|
# type: (HttpRequest, UserProfile) -> None
|
2013-03-25 20:37:00 +01:00
|
|
|
# update_active_status also pushes to rabbitmq, and it seems
|
|
|
|
# redundant to log that here as well.
|
2016-04-03 07:58:06 +02:00
|
|
|
if request.META["PATH_INFO"] == '/json/users/me/presence':
|
2013-03-25 20:37:00 +01:00
|
|
|
return
|
2013-10-03 19:48:03 +02:00
|
|
|
|
|
|
|
if hasattr(request, '_query'):
|
|
|
|
query = request._query
|
|
|
|
else:
|
|
|
|
query = request.META['PATH_INFO']
|
|
|
|
|
2016-11-28 23:29:01 +01:00
|
|
|
event = {'query': query,
|
|
|
|
'user_profile_id': user_profile.id,
|
2017-04-15 04:03:56 +02:00
|
|
|
'time': datetime_to_timestamp(timezone_now()),
|
2016-11-28 23:29:01 +01:00
|
|
|
'client': request.client.name}
|
2013-03-25 20:37:00 +01:00
|
|
|
queue_json_publish("user_activity", event, lambda event: None)
|
2013-01-11 21:16:42 +01:00
|
|
|
|
2013-11-08 02:02:48 +01:00
|
|
|
# Based on django.views.decorators.http.require_http_methods
|
|
|
|
def require_post(func):
|
2016-07-22 15:10:19 +02:00
|
|
|
# type: (ViewFuncT) -> ViewFuncT
|
2013-11-08 02:02:48 +01:00
|
|
|
@wraps(func)
|
|
|
|
def wrapper(request, *args, **kwargs):
|
2016-06-06 01:54:58 +02:00
|
|
|
# type: (HttpRequest, *Any, **Any) -> HttpResponse
|
2017-01-24 05:50:04 +01:00
|
|
|
if (request.method != "POST" and
|
|
|
|
not (request.method == "SOCKET" and
|
|
|
|
request.META['zulip.emulated_method'] == "POST")):
|
2013-11-08 02:02:48 +01:00
|
|
|
if request.method == "SOCKET":
|
|
|
|
err_method = "SOCKET/%s" % (request.META['zulip.emulated_method'],)
|
|
|
|
else:
|
|
|
|
err_method = request.method
|
|
|
|
logging.warning('Method Not Allowed (%s): %s', err_method, request.path,
|
|
|
|
extra={'status_code': 405, 'request': request})
|
|
|
|
return HttpResponseNotAllowed(["POST"])
|
|
|
|
return func(request, *args, **kwargs)
|
2016-07-22 20:20:30 +02:00
|
|
|
return wrapper # type: ignore # https://github.com/python/mypy/issues/1927
|
2012-11-06 20:27:55 +01:00
|
|
|
|
2013-12-09 22:12:18 +01:00
|
|
|
def require_realm_admin(func):
|
2016-07-22 15:10:19 +02:00
|
|
|
# type: (ViewFuncT) -> ViewFuncT
|
2013-12-09 22:12:18 +01:00
|
|
|
@wraps(func)
|
|
|
|
def wrapper(request, user_profile, *args, **kwargs):
|
2016-06-06 01:54:58 +02:00
|
|
|
# type: (HttpRequest, UserProfile, *Any, **Any) -> HttpResponse
|
2016-02-08 03:59:38 +01:00
|
|
|
if not user_profile.is_realm_admin:
|
2016-05-25 15:02:02 +02:00
|
|
|
raise JsonableError(_("Must be a realm administrator"))
|
2013-12-09 22:12:18 +01:00
|
|
|
return func(request, user_profile, *args, **kwargs)
|
2016-07-22 20:20:30 +02:00
|
|
|
return wrapper # type: ignore # https://github.com/python/mypy/issues/1927
|
2013-12-09 22:12:18 +01:00
|
|
|
|
2013-12-19 18:10:30 +01:00
|
|
|
from zerver.lib.user_agent import parse_user_agent
|
2013-06-27 20:21:21 +02:00
|
|
|
|
2014-01-08 17:36:54 +01:00
|
|
|
def get_client_name(request, is_json_view):
|
2016-12-27 07:09:35 +01:00
|
|
|
# type: (HttpRequest, bool) -> Text
|
2013-12-19 18:10:30 +01:00
|
|
|
# If the API request specified a client in the request content,
|
|
|
|
# that has priority. Otherwise, extract the client from the
|
|
|
|
# User-Agent.
|
2016-11-03 13:00:18 +01:00
|
|
|
if 'client' in request.GET:
|
|
|
|
return request.GET['client']
|
2017-02-11 05:26:10 +01:00
|
|
|
if 'client' in request.POST:
|
2016-11-03 13:00:18 +01:00
|
|
|
return request.POST['client']
|
2017-02-11 05:26:10 +01:00
|
|
|
if "HTTP_USER_AGENT" in request.META:
|
2013-12-19 18:10:30 +01:00
|
|
|
user_agent = parse_user_agent(request.META["HTTP_USER_AGENT"])
|
2017-02-11 05:26:10 +01:00
|
|
|
else:
|
|
|
|
user_agent = None
|
|
|
|
if user_agent is not None:
|
2013-12-19 18:10:30 +01:00
|
|
|
# We could check for a browser's name being "Mozilla", but
|
|
|
|
# e.g. Opera and MobileSafari don't set that, and it seems
|
|
|
|
# more robust to just key off whether it was a json view
|
2017-02-17 22:12:10 +01:00
|
|
|
if is_json_view and user_agent["name"] not in {"ZulipDesktop", "ZulipElectron"}:
|
2013-12-19 18:10:30 +01:00
|
|
|
# Avoid changing the client string for browsers Once this
|
|
|
|
# is out to prod, we can name the field to something like
|
|
|
|
# Browser for consistency.
|
2014-01-08 17:36:54 +01:00
|
|
|
return "website"
|
2013-12-19 18:10:30 +01:00
|
|
|
else:
|
2014-01-08 17:36:54 +01:00
|
|
|
return user_agent["name"]
|
2014-01-08 17:25:49 +01:00
|
|
|
else:
|
|
|
|
# In the future, we will require setting USER_AGENT, but for
|
|
|
|
# now we just want to tag these requests so we can review them
|
|
|
|
# in logs and figure out the extent of the problem
|
|
|
|
if is_json_view:
|
2014-01-08 17:36:54 +01:00
|
|
|
return "website"
|
2014-01-08 17:25:49 +01:00
|
|
|
else:
|
2016-12-01 06:20:27 +01:00
|
|
|
return "Unspecified"
|
2013-03-21 19:21:46 +01:00
|
|
|
|
2016-05-12 22:49:36 +02:00
|
|
|
def process_client(request, user_profile, is_json_view=False, client_name=None):
|
2016-12-27 07:09:35 +01:00
|
|
|
# type: (HttpRequest, UserProfile, bool, Optional[Text]) -> None
|
2016-05-12 22:49:36 +02:00
|
|
|
if client_name is None:
|
|
|
|
client_name = get_client_name(request, is_json_view)
|
2014-01-08 17:52:36 +01:00
|
|
|
|
|
|
|
# Transitional hack for early 2014. Eventually the ios clients
|
|
|
|
# will all report ZulipiOS, and we can remove the next couple lines.
|
|
|
|
if client_name == 'ios':
|
|
|
|
client_name = 'ZulipiOS'
|
|
|
|
|
2014-01-08 17:36:54 +01:00
|
|
|
request.client = get_client(client_name)
|
2013-03-21 19:21:46 +01:00
|
|
|
update_user_activity(request, user_profile)
|
|
|
|
|
2016-09-28 06:13:43 +02:00
|
|
|
def validate_api_key(request, role, api_key, is_webhook=False):
|
2016-10-27 23:55:31 +02:00
|
|
|
# type: (HttpRequest, Text, Text, bool) -> Union[UserProfile, RemoteZulipServer]
|
2013-08-21 00:36:45 +02:00
|
|
|
# Remove whitespace to protect users from trivial errors.
|
2013-10-17 16:33:04 +02:00
|
|
|
role, api_key = role.strip(), api_key.strip()
|
2013-08-21 00:36:45 +02:00
|
|
|
|
2016-10-27 23:55:31 +02:00
|
|
|
if "@" in role:
|
|
|
|
try:
|
|
|
|
profile = get_user_profile_by_email(role) # type: Union[UserProfile, RemoteZulipServer]
|
|
|
|
except UserProfile.DoesNotExist:
|
|
|
|
raise JsonableError(_("Invalid user: %s") % (role,))
|
|
|
|
else:
|
|
|
|
try:
|
|
|
|
profile = get_remote_server_by_uuid(role)
|
|
|
|
except RemoteZulipServer.DoesNotExist:
|
|
|
|
raise JsonableError(_("Invalid Zulip server: %s") % (role,))
|
2013-08-21 00:36:45 +02:00
|
|
|
|
2013-10-17 16:33:04 +02:00
|
|
|
if api_key != profile.api_key:
|
2013-08-21 00:09:49 +02:00
|
|
|
if len(api_key) != 32:
|
2016-05-25 15:02:02 +02:00
|
|
|
reason = _("Incorrect API key length (keys should be 32 "
|
|
|
|
"characters long) for role '%s'")
|
2013-08-21 00:09:49 +02:00
|
|
|
else:
|
2016-05-25 15:02:02 +02:00
|
|
|
reason = _("Invalid API key for role '%s'")
|
|
|
|
raise JsonableError(reason % (role,))
|
2016-10-27 23:55:31 +02:00
|
|
|
|
|
|
|
# early exit for RemoteZulipServer instances
|
|
|
|
if settings.ZILENCER_ENABLED and isinstance(profile, RemoteZulipServer):
|
|
|
|
if not check_subdomain(get_subdomain(request), ""):
|
|
|
|
raise JsonableError(_("This API key only works on the root subdomain"))
|
|
|
|
return profile
|
|
|
|
|
|
|
|
profile = cast(UserProfile, profile) # is UserProfile
|
2013-10-17 16:33:04 +02:00
|
|
|
if not profile.is_active:
|
2016-05-25 15:02:02 +02:00
|
|
|
raise JsonableError(_("Account not active"))
|
2016-05-18 20:35:35 +02:00
|
|
|
if profile.is_incoming_webhook and not is_webhook:
|
|
|
|
raise JsonableError(_("Account is not valid to post webhook messages"))
|
2017-03-06 09:17:34 +01:00
|
|
|
|
|
|
|
if profile.realm.deactivated:
|
|
|
|
raise JsonableError(_("Realm for account has been deactivated"))
|
|
|
|
|
2017-01-24 05:50:04 +01:00
|
|
|
if (not check_subdomain(get_subdomain(request), profile.realm.subdomain) and
|
2016-08-14 04:16:39 +02:00
|
|
|
# Allow access to localhost for Tornado
|
2017-01-24 05:50:04 +01:00
|
|
|
not (settings.RUNNING_INSIDE_TORNADO and
|
|
|
|
request.META["SERVER_NAME"] == "127.0.0.1" and
|
|
|
|
request.META["REMOTE_ADDR"] == "127.0.0.1")):
|
2016-08-14 04:16:39 +02:00
|
|
|
logging.warning("User %s attempted to access API on wrong subdomain %s" % (
|
|
|
|
profile.email, get_subdomain(request)))
|
|
|
|
raise JsonableError(_("Account is not associated with this subdomain"))
|
|
|
|
|
2013-10-17 16:33:04 +02:00
|
|
|
return profile
|
2013-03-21 19:21:46 +01:00
|
|
|
|
2013-10-03 01:12:57 +02:00
|
|
|
# Use this for webhook views that don't get an email passed in.
|
2016-05-12 22:49:36 +02:00
|
|
|
def api_key_only_webhook_view(client_name):
|
2016-12-27 07:09:35 +01:00
|
|
|
# type: (Text) -> Callable[..., HttpResponse]
|
2016-07-22 15:10:19 +02:00
|
|
|
# This function can't be typed perfectly because returning a generic function
|
|
|
|
# isn't supported in mypy - https://github.com/python/mypy/issues/1551.
|
2016-05-12 22:49:36 +02:00
|
|
|
def _wrapped_view_func(view_func):
|
2016-06-06 01:54:58 +02:00
|
|
|
# type: (Callable[..., HttpResponse]) -> Callable[..., HttpResponse]
|
2016-05-12 22:49:36 +02:00
|
|
|
@csrf_exempt
|
|
|
|
@has_request_variables
|
|
|
|
@wraps(view_func)
|
2016-05-31 16:29:39 +02:00
|
|
|
def _wrapped_func_arguments(request, api_key=REQ(),
|
2016-05-12 22:49:36 +02:00
|
|
|
*args, **kwargs):
|
2016-12-27 07:09:35 +01:00
|
|
|
# type: (HttpRequest, Text, *Any, **Any) -> HttpResponse
|
2016-05-12 22:49:36 +02:00
|
|
|
try:
|
|
|
|
user_profile = UserProfile.objects.get(api_key=api_key)
|
|
|
|
except UserProfile.DoesNotExist:
|
2016-05-25 15:02:02 +02:00
|
|
|
raise JsonableError(_("Invalid API key"))
|
2016-05-12 22:49:36 +02:00
|
|
|
if not user_profile.is_active:
|
2016-05-25 15:02:02 +02:00
|
|
|
raise JsonableError(_("Account not active"))
|
2016-05-12 22:49:36 +02:00
|
|
|
if user_profile.realm.deactivated:
|
2016-05-25 15:02:02 +02:00
|
|
|
raise JsonableError(_("Realm for account has been deactivated"))
|
2016-08-14 04:16:39 +02:00
|
|
|
if not check_subdomain(get_subdomain(request), user_profile.realm.subdomain):
|
|
|
|
logging.warning("User %s attempted to access webhook API on wrong subdomain %s" % (
|
|
|
|
user_profile.email, get_subdomain(request)))
|
|
|
|
raise JsonableError(_("Account is not associated with this subdomain"))
|
2016-05-12 22:49:36 +02:00
|
|
|
|
|
|
|
request.user = user_profile
|
|
|
|
request._email = user_profile.email
|
|
|
|
webhook_client_name = "Zulip{}Webhook".format(client_name)
|
|
|
|
process_client(request, user_profile, client_name=webhook_client_name)
|
|
|
|
if settings.RATE_LIMITING:
|
|
|
|
rate_limit_user(request, user_profile, domain='all')
|
2017-05-02 01:00:50 +02:00
|
|
|
return view_func(request, user_profile, *args, **kwargs)
|
2016-05-12 22:49:36 +02:00
|
|
|
return _wrapped_func_arguments
|
2013-10-03 01:12:57 +02:00
|
|
|
return _wrapped_view_func
|
|
|
|
|
2016-04-21 23:41:28 +02:00
|
|
|
# From Django 1.8, modified to leave off ?next=/
|
2016-04-21 23:48:34 +02:00
|
|
|
def redirect_to_login(next, login_url=None,
|
|
|
|
redirect_field_name=REDIRECT_FIELD_NAME):
|
2016-12-27 07:09:35 +01:00
|
|
|
# type: (Text, Optional[Text], Text) -> HttpResponseRedirect
|
2016-04-21 23:48:34 +02:00
|
|
|
"""
|
|
|
|
Redirects the user to the login page, passing the given 'next' page
|
|
|
|
"""
|
|
|
|
resolved_url = resolve_url(login_url or settings.LOGIN_URL)
|
|
|
|
|
|
|
|
login_url_parts = list(urllib.parse.urlparse(resolved_url))
|
|
|
|
if redirect_field_name:
|
|
|
|
querystring = QueryDict(login_url_parts[4], mutable=True)
|
|
|
|
querystring[redirect_field_name] = next
|
2016-04-21 23:41:28 +02:00
|
|
|
# Don't add ?next=/, to keep our URLs clean
|
|
|
|
if next != '/':
|
|
|
|
login_url_parts[4] = querystring.urlencode(safe='/')
|
2016-04-21 23:48:34 +02:00
|
|
|
|
|
|
|
return HttpResponseRedirect(urllib.parse.urlunparse(login_url_parts))
|
|
|
|
|
|
|
|
# From Django 1.8
|
|
|
|
def user_passes_test(test_func, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME):
|
2016-12-27 07:09:35 +01:00
|
|
|
# type: (Callable[[UserProfile], bool], Optional[Text], Text) -> Callable[[Callable[..., HttpResponse]], Callable[..., HttpResponse]]
|
2016-04-21 23:48:34 +02:00
|
|
|
"""
|
|
|
|
Decorator for views that checks that the user passes the given test,
|
|
|
|
redirecting to the log-in page if necessary. The test should be a callable
|
|
|
|
that takes the user object and returns True if the user passes.
|
|
|
|
"""
|
|
|
|
def decorator(view_func):
|
2016-06-06 01:54:58 +02:00
|
|
|
# type: (Callable[..., HttpResponse]) -> Callable[..., HttpResponse]
|
2016-04-21 23:48:34 +02:00
|
|
|
@wraps(view_func, assigned=available_attrs(view_func))
|
|
|
|
def _wrapped_view(request, *args, **kwargs):
|
2016-06-06 01:54:58 +02:00
|
|
|
# type: (HttpRequest, *Any, **Any) -> HttpResponse
|
2016-07-19 14:22:13 +02:00
|
|
|
if test_func(request):
|
2016-04-21 23:48:34 +02:00
|
|
|
return view_func(request, *args, **kwargs)
|
|
|
|
path = request.build_absolute_uri()
|
|
|
|
resolved_login_url = resolve_url(login_url or settings.LOGIN_URL)
|
|
|
|
# If the login url is the same scheme and net location then just
|
|
|
|
# use the path as the "next" url.
|
|
|
|
login_scheme, login_netloc = urllib.parse.urlparse(resolved_login_url)[:2]
|
|
|
|
current_scheme, current_netloc = urllib.parse.urlparse(path)[:2]
|
|
|
|
if ((not login_scheme or login_scheme == current_scheme) and
|
|
|
|
(not login_netloc or login_netloc == current_netloc)):
|
|
|
|
path = request.get_full_path()
|
|
|
|
return redirect_to_login(
|
|
|
|
path, resolved_login_url, redirect_field_name)
|
|
|
|
return _wrapped_view
|
|
|
|
return decorator
|
|
|
|
|
2016-07-19 14:22:13 +02:00
|
|
|
def logged_in_and_active(request):
|
|
|
|
# type: (HttpRequest) -> bool
|
|
|
|
if not request.user.is_authenticated():
|
2016-04-22 00:56:39 +02:00
|
|
|
return False
|
2016-07-19 14:22:13 +02:00
|
|
|
if not request.user.is_active:
|
2016-04-22 00:56:39 +02:00
|
|
|
return False
|
2016-07-19 14:22:13 +02:00
|
|
|
if request.user.realm.deactivated:
|
2016-04-22 00:56:39 +02:00
|
|
|
return False
|
2016-07-19 14:35:08 +02:00
|
|
|
return check_subdomain(get_subdomain(request), request.user.realm.subdomain)
|
2016-04-22 00:56:39 +02:00
|
|
|
|
2017-02-20 20:55:18 +01:00
|
|
|
def add_logging_data(view_func):
|
|
|
|
# type: (ViewFuncT) -> ViewFuncT
|
|
|
|
@wraps(view_func)
|
|
|
|
def _wrapped_view_func(request, *args, **kwargs):
|
|
|
|
# type: (HttpRequest, *Any, **Any) -> HttpResponse
|
|
|
|
request._email = request.user.email
|
2017-03-26 05:21:03 +02:00
|
|
|
request._query = view_func.__name__
|
2017-02-20 20:55:18 +01:00
|
|
|
process_client(request, request.user, is_json_view=True)
|
2017-03-26 07:00:59 +02:00
|
|
|
return rate_limit()(view_func)(request, *args, **kwargs)
|
2017-02-20 20:55:18 +01:00
|
|
|
return _wrapped_view_func # type: ignore # https://github.com/python/mypy/issues/1927
|
2017-04-15 20:51:51 +02:00
|
|
|
|
|
|
|
def human_users_only(view_func):
|
|
|
|
# type: (ViewFuncT) -> ViewFuncT
|
|
|
|
@wraps(view_func)
|
|
|
|
def _wrapped_view_func(request, *args, **kwargs):
|
|
|
|
# type: (HttpRequest, *Any, **Any) -> HttpResponse
|
|
|
|
if request.user.is_bot:
|
|
|
|
return json_error(_("This endpoint does not accept bot requests."))
|
|
|
|
return view_func(request, *args, **kwargs)
|
|
|
|
return _wrapped_view_func # type: ignore # https://github.com/python/mypy/issues/1927
|
2017-02-20 20:55:18 +01:00
|
|
|
|
2016-04-21 23:48:34 +02:00
|
|
|
# Based on Django 1.8's @login_required
|
|
|
|
def zulip_login_required(function=None,
|
|
|
|
redirect_field_name=REDIRECT_FIELD_NAME,
|
|
|
|
login_url=settings.HOME_NOT_LOGGED_IN):
|
2016-12-27 07:09:35 +01:00
|
|
|
# type: (Optional[Callable[..., HttpResponse]], Text, Text) -> Union[Callable[[Callable[..., HttpResponse]], Callable[..., HttpResponse]], Callable[..., HttpResponse]]
|
2016-04-21 23:48:34 +02:00
|
|
|
actual_decorator = user_passes_test(
|
2016-04-22 00:56:39 +02:00
|
|
|
logged_in_and_active,
|
2016-04-21 23:48:34 +02:00
|
|
|
login_url=login_url,
|
|
|
|
redirect_field_name=redirect_field_name
|
|
|
|
)
|
|
|
|
if function:
|
2017-02-20 20:55:18 +01:00
|
|
|
# Add necessary logging data via add_logging_data
|
|
|
|
return actual_decorator(add_logging_data(function))
|
2016-04-21 23:48:34 +02:00
|
|
|
return actual_decorator
|
|
|
|
|
2017-04-06 12:59:18 +02:00
|
|
|
def require_server_admin(view_func):
|
2016-07-22 15:10:19 +02:00
|
|
|
# type: (ViewFuncT) -> ViewFuncT
|
2016-04-21 23:48:34 +02:00
|
|
|
@zulip_login_required
|
2013-11-01 18:43:38 +01:00
|
|
|
@wraps(view_func)
|
2013-10-22 15:39:39 +02:00
|
|
|
def _wrapped_view_func(request, *args, **kwargs):
|
2016-07-30 00:55:00 +02:00
|
|
|
# type: (HttpRequest, *Any, **Any) -> HttpResponse
|
2013-11-01 18:43:38 +01:00
|
|
|
request._query = view_func.__name__
|
2016-12-14 06:02:50 +01:00
|
|
|
if not request.user.is_staff:
|
2013-10-22 15:39:39 +02:00
|
|
|
return HttpResponseRedirect(settings.HOME_NOT_LOGGED_IN)
|
2013-10-22 21:03:34 +02:00
|
|
|
|
2017-02-20 20:55:18 +01:00
|
|
|
return add_logging_data(view_func)(request, *args, **kwargs)
|
2016-07-22 20:20:30 +02:00
|
|
|
return _wrapped_view_func # type: ignore # https://github.com/python/mypy/issues/1927
|
2013-10-03 01:12:57 +02:00
|
|
|
|
2013-12-11 20:50:49 +01:00
|
|
|
# authenticated_api_view will add the authenticated user's
|
|
|
|
# user_profile to the view function's arguments list, since we have to
|
|
|
|
# look it up anyway. It is deprecated in favor on the REST API
|
|
|
|
# versions.
|
2016-05-18 20:35:35 +02:00
|
|
|
def authenticated_api_view(is_webhook=False):
|
2016-06-06 01:54:58 +02:00
|
|
|
# type: (bool) -> Callable[[Callable[..., HttpResponse]], Callable[..., HttpResponse]]
|
2016-05-18 20:35:35 +02:00
|
|
|
def _wrapped_view_func(view_func):
|
2016-06-06 01:54:58 +02:00
|
|
|
# type: (Callable[..., HttpResponse]) -> Callable[..., HttpResponse]
|
2016-05-18 20:35:35 +02:00
|
|
|
@csrf_exempt
|
|
|
|
@require_post
|
|
|
|
@has_request_variables
|
|
|
|
@wraps(view_func)
|
|
|
|
def _wrapped_func_arguments(request, email=REQ(), api_key=REQ(default=None),
|
|
|
|
api_key_legacy=REQ('api-key', default=None),
|
|
|
|
*args, **kwargs):
|
2016-12-27 07:09:35 +01:00
|
|
|
# type: (HttpRequest, Text, Optional[Text], Optional[Text], *Any, **Any) -> HttpResponse
|
2017-02-11 05:28:20 +01:00
|
|
|
if api_key is None:
|
2016-05-18 20:35:35 +02:00
|
|
|
api_key = api_key_legacy
|
2017-02-11 05:28:20 +01:00
|
|
|
if api_key is None:
|
|
|
|
raise RequestVariableMissingError("api_key")
|
2016-09-28 06:13:43 +02:00
|
|
|
user_profile = validate_api_key(request, email, api_key, is_webhook)
|
2016-05-18 20:35:35 +02:00
|
|
|
request.user = user_profile
|
|
|
|
request._email = user_profile.email
|
|
|
|
process_client(request, user_profile)
|
|
|
|
# Apply rate limiting
|
|
|
|
limited_func = rate_limit()(view_func)
|
|
|
|
return limited_func(request, user_profile, *args, **kwargs)
|
|
|
|
return _wrapped_func_arguments
|
2012-11-06 20:27:55 +01:00
|
|
|
return _wrapped_view_func
|
|
|
|
|
2013-08-29 20:47:04 +02:00
|
|
|
# A more REST-y authentication decorator, using, in particular, HTTP Basic
|
|
|
|
# authentication.
|
2016-05-18 20:35:35 +02:00
|
|
|
def authenticated_rest_api_view(is_webhook=False):
|
2016-06-06 01:54:58 +02:00
|
|
|
# type: (bool) -> Callable[[Callable[..., HttpResponse]], Callable[..., HttpResponse]]
|
2016-05-18 20:35:35 +02:00
|
|
|
def _wrapped_view_func(view_func):
|
2016-06-06 01:54:58 +02:00
|
|
|
# type: (Callable[..., HttpResponse]) -> Callable[..., HttpResponse]
|
2016-05-18 20:35:35 +02:00
|
|
|
@csrf_exempt
|
|
|
|
@wraps(view_func)
|
|
|
|
def _wrapped_func_arguments(request, *args, **kwargs):
|
2016-06-06 01:54:58 +02:00
|
|
|
# type: (HttpRequest, *Any, **Any) -> HttpResponse
|
2016-05-18 20:35:35 +02:00
|
|
|
# First try block attempts to get the credentials we need to do authentication
|
|
|
|
try:
|
|
|
|
# Grab the base64-encoded authentication string, decode it, and split it into
|
|
|
|
# the email and API key
|
2016-07-07 21:50:08 +02:00
|
|
|
auth_type, credentials = request.META['HTTP_AUTHORIZATION'].split()
|
2016-05-18 20:35:35 +02:00
|
|
|
# case insensitive per RFC 1945
|
|
|
|
if auth_type.lower() != "basic":
|
2017-03-08 18:04:59 +01:00
|
|
|
return json_error(_("This endpoint requires HTTP basic authentication."))
|
2016-07-07 21:50:08 +02:00
|
|
|
role, api_key = base64.b64decode(force_bytes(credentials)).decode('utf-8').split(":")
|
2016-05-18 20:35:35 +02:00
|
|
|
except ValueError:
|
2017-01-29 21:48:10 +01:00
|
|
|
return json_unauthorized(_("Invalid authorization header for basic auth"))
|
2016-05-18 20:35:35 +02:00
|
|
|
except KeyError:
|
|
|
|
return json_unauthorized("Missing authorization header for basic auth")
|
|
|
|
|
|
|
|
# Now we try to do authentication or die
|
|
|
|
try:
|
2016-10-27 23:55:31 +02:00
|
|
|
# profile is a Union[UserProfile, RemoteZulipServer]
|
2016-09-28 06:13:43 +02:00
|
|
|
profile = validate_api_key(request, role, api_key, is_webhook)
|
2016-05-18 20:35:35 +02:00
|
|
|
except JsonableError as e:
|
|
|
|
return json_unauthorized(e.error)
|
|
|
|
request.user = profile
|
|
|
|
process_client(request, profile)
|
2016-10-27 23:55:31 +02:00
|
|
|
if isinstance(profile, UserProfile):
|
|
|
|
request._email = profile.email
|
|
|
|
else:
|
|
|
|
assert isinstance(profile, RemoteZulipServer) # type: ignore # https://github.com/python/mypy/issues/2957
|
|
|
|
request._email = "zulip-server:" + role
|
|
|
|
profile.rate_limits = ""
|
2016-05-18 20:35:35 +02:00
|
|
|
# Apply rate limiting
|
|
|
|
return rate_limit()(view_func)(request, profile, *args, **kwargs)
|
|
|
|
return _wrapped_func_arguments
|
2013-03-21 20:15:27 +01:00
|
|
|
return _wrapped_view_func
|
|
|
|
|
2013-04-03 21:44:12 +02:00
|
|
|
def process_as_post(view_func):
|
2016-07-22 15:10:19 +02:00
|
|
|
# type: (ViewFuncT) -> ViewFuncT
|
2013-03-21 20:18:44 +01:00
|
|
|
@wraps(view_func)
|
|
|
|
def _wrapped_view_func(request, *args, **kwargs):
|
2016-06-06 01:54:58 +02:00
|
|
|
# type: (HttpRequest, *Any, **Any) -> HttpResponse
|
2013-03-21 20:18:44 +01:00
|
|
|
# Adapted from django/http/__init__.py.
|
|
|
|
# So by default Django doesn't populate request.POST for anything besides
|
2013-04-03 21:44:12 +02:00
|
|
|
# POST requests. We want this dict populated for PATCH/PUT, so we have to
|
2013-03-21 20:18:44 +01:00
|
|
|
# do it ourselves.
|
|
|
|
#
|
|
|
|
# This will not be required in the future, a bug will be filed against
|
|
|
|
# Django upstream.
|
2013-04-03 22:01:58 +02:00
|
|
|
|
|
|
|
if not request.POST:
|
|
|
|
# Only take action if POST is empty.
|
|
|
|
if request.META.get('CONTENT_TYPE', '').startswith('multipart'):
|
2013-08-01 19:33:30 +02:00
|
|
|
# Note that request._files is just the private attribute that backs the
|
|
|
|
# FILES property, so we are essentially setting request.FILES here. (In
|
|
|
|
# Django 1.5 FILES was still a read-only property.)
|
2016-12-03 00:04:17 +01:00
|
|
|
request.POST, request._files = MultiPartParser(
|
|
|
|
request.META,
|
|
|
|
BytesIO(request.body),
|
|
|
|
request.upload_handlers,
|
|
|
|
request.encoding
|
|
|
|
).parse()
|
2013-04-03 22:01:58 +02:00
|
|
|
else:
|
|
|
|
request.POST = QueryDict(request.body, encoding=request.encoding)
|
2013-03-21 20:18:44 +01:00
|
|
|
|
|
|
|
return view_func(request, *args, **kwargs)
|
|
|
|
|
2016-07-22 20:20:30 +02:00
|
|
|
return _wrapped_view_func # type: ignore # https://github.com/python/mypy/issues/1927
|
2013-03-21 20:18:44 +01:00
|
|
|
|
2013-06-27 20:21:21 +02:00
|
|
|
def authenticate_log_and_execute_json(request, view_func, *args, **kwargs):
|
2016-06-06 01:54:58 +02:00
|
|
|
# type: (HttpRequest, Callable[..., HttpResponse], *Any, **Any) -> HttpResponse
|
2012-12-02 20:51:51 +01:00
|
|
|
if not request.user.is_authenticated():
|
2016-05-25 15:02:02 +02:00
|
|
|
return json_error(_("Not logged in"), status=401)
|
2013-03-29 17:39:53 +01:00
|
|
|
user_profile = request.user
|
2016-04-21 21:12:55 +02:00
|
|
|
if not user_profile.is_active:
|
2016-05-25 15:02:02 +02:00
|
|
|
raise JsonableError(_("Account not active"))
|
2016-04-21 21:12:55 +02:00
|
|
|
if user_profile.realm.deactivated:
|
2016-05-25 15:02:02 +02:00
|
|
|
raise JsonableError(_("Realm for account has been deactivated"))
|
2016-05-19 23:44:58 +02:00
|
|
|
if user_profile.is_incoming_webhook:
|
|
|
|
raise JsonableError(_("Webhook bots can only access webhooks"))
|
2016-08-14 04:16:39 +02:00
|
|
|
if (not check_subdomain(get_subdomain(request), user_profile.realm.subdomain) and
|
|
|
|
# Exclude the SOCKET requests from this filter; they were
|
|
|
|
# checked when the original websocket request reached Tornado
|
|
|
|
not (request.method == "SOCKET" and
|
|
|
|
request.META['SERVER_NAME'] == "127.0.0.1")):
|
|
|
|
logging.warning("User %s attempted to access JSON API on wrong subdomain %s" % (
|
|
|
|
user_profile.email, get_subdomain(request)))
|
|
|
|
raise JsonableError(_("Account is not associated with this subdomain"))
|
|
|
|
|
2013-12-19 18:10:30 +01:00
|
|
|
process_client(request, user_profile, True)
|
2013-03-28 20:43:34 +01:00
|
|
|
request._email = user_profile.email
|
2017-03-26 06:36:39 +02:00
|
|
|
return rate_limit()(view_func)(request, user_profile, *args, **kwargs)
|
2012-12-02 20:51:51 +01:00
|
|
|
|
2012-11-06 20:27:55 +01:00
|
|
|
# Checks if the request is a POST request and that the user is logged
|
|
|
|
# in. If not, return an error (the @login_required behavior of
|
|
|
|
# redirecting to a login page doesn't make sense for json views)
|
2012-12-02 20:51:51 +01:00
|
|
|
def authenticated_json_post_view(view_func):
|
2016-07-22 15:10:19 +02:00
|
|
|
# type: (ViewFuncT) -> ViewFuncT
|
2012-11-06 20:27:55 +01:00
|
|
|
@require_post
|
2012-11-28 21:15:50 +01:00
|
|
|
@has_request_variables
|
2012-11-06 20:27:55 +01:00
|
|
|
@wraps(view_func)
|
2012-11-28 21:15:50 +01:00
|
|
|
def _wrapped_view_func(request,
|
|
|
|
*args, **kwargs):
|
2016-06-06 01:54:58 +02:00
|
|
|
# type: (HttpRequest, *Any, **Any) -> HttpResponse
|
2013-06-27 20:21:21 +02:00
|
|
|
return authenticate_log_and_execute_json(request, view_func, *args, **kwargs)
|
2016-07-22 20:20:30 +02:00
|
|
|
return _wrapped_view_func # type: ignore # https://github.com/python/mypy/issues/1927
|
2012-12-02 20:51:51 +01:00
|
|
|
|
|
|
|
def authenticated_json_view(view_func):
|
2016-07-22 15:10:19 +02:00
|
|
|
# type: (ViewFuncT) -> ViewFuncT
|
2012-12-02 20:51:51 +01:00
|
|
|
@wraps(view_func)
|
|
|
|
def _wrapped_view_func(request,
|
|
|
|
*args, **kwargs):
|
2016-06-06 01:54:58 +02:00
|
|
|
# type: (HttpRequest, *Any, **Any) -> HttpResponse
|
2013-06-27 20:21:21 +02:00
|
|
|
return authenticate_log_and_execute_json(request, view_func, *args, **kwargs)
|
2016-07-22 20:20:30 +02:00
|
|
|
return _wrapped_view_func # type: ignore # https://github.com/python/mypy/issues/1927
|
2012-11-01 23:21:12 +01:00
|
|
|
|
2016-07-09 20:37:09 +02:00
|
|
|
def is_local_addr(addr):
|
2016-12-27 07:09:35 +01:00
|
|
|
# type: (Text) -> bool
|
2016-07-09 20:37:09 +02:00
|
|
|
return addr in ('127.0.0.1', '::1')
|
|
|
|
|
2012-11-28 05:37:13 +01:00
|
|
|
# These views are used by the main Django server to notify the Tornado server
|
|
|
|
# of events. We protect them from the outside world by checking a shared
|
|
|
|
# secret, and also the originating IP (for now).
|
|
|
|
def authenticate_notify(request):
|
2016-06-06 01:54:58 +02:00
|
|
|
# type: (HttpRequest) -> bool
|
2017-01-24 05:50:04 +01:00
|
|
|
return (is_local_addr(request.META['REMOTE_ADDR']) and
|
|
|
|
request.POST.get('secret') == settings.SHARED_SECRET)
|
2012-11-28 05:37:13 +01:00
|
|
|
|
2016-07-09 08:08:42 +02:00
|
|
|
def client_is_exempt_from_rate_limiting(request):
|
|
|
|
# type: (HttpRequest) -> bool
|
|
|
|
|
|
|
|
# Don't rate limit requests from Django that come from our own servers,
|
|
|
|
# and don't rate-limit dev instances
|
2017-01-24 05:50:04 +01:00
|
|
|
return ((request.client and request.client.name.lower() == 'internal') and
|
|
|
|
(is_local_addr(request.META['REMOTE_ADDR']) or
|
|
|
|
settings.DEBUG_RATE_LIMITING))
|
2016-07-09 08:08:42 +02:00
|
|
|
|
2017-04-18 18:56:19 +02:00
|
|
|
def internal_notify_view(is_tornado_view):
|
|
|
|
# type: (bool) -> Callable[..., HttpResponse]
|
|
|
|
# This function can't be typed perfectly because returning a generic function
|
|
|
|
# isn't supported in mypy - https://github.com/python/mypy/issues/1551.
|
|
|
|
"""Used for situations where something running on the Zulip server
|
|
|
|
needs to make a request to the (other) Django/Tornado processes running on
|
|
|
|
the server."""
|
|
|
|
def _wrapped_view_func(view_func):
|
|
|
|
# type: (Callable[..., HttpResponse]) -> Callable[..., HttpResponse]
|
|
|
|
@csrf_exempt
|
|
|
|
@require_post
|
|
|
|
@wraps(view_func)
|
|
|
|
def _wrapped_func_arguments(request, *args, **kwargs):
|
|
|
|
# type: (HttpRequest, *Any, **Any) -> HttpResponse
|
|
|
|
if not authenticate_notify(request):
|
|
|
|
return json_error(_('Access denied'), status=403)
|
|
|
|
is_tornado_request = hasattr(request, '_tornado_handler')
|
|
|
|
# These next 2 are not security checks; they are internal
|
|
|
|
# assertions to help us find bugs.
|
|
|
|
if is_tornado_view and not is_tornado_request:
|
|
|
|
raise RuntimeError('Tornado notify view called with no Tornado handler')
|
|
|
|
if not is_tornado_view and is_tornado_request:
|
|
|
|
raise RuntimeError('Django notify view called with Tornado handler')
|
|
|
|
request._email = "internal"
|
|
|
|
return view_func(request, *args, **kwargs)
|
|
|
|
return _wrapped_func_arguments
|
2012-11-28 05:37:13 +01:00
|
|
|
return _wrapped_view_func
|
|
|
|
|
2013-01-08 17:44:22 +01:00
|
|
|
# Converter functions for use with has_request_variables
|
2016-10-28 16:25:37 +02:00
|
|
|
def to_non_negative_int(s):
|
2016-12-27 07:09:35 +01:00
|
|
|
# type: (Text) -> int
|
2016-10-28 16:25:37 +02:00
|
|
|
x = int(s)
|
2013-01-08 17:44:22 +01:00
|
|
|
if x < 0:
|
|
|
|
raise ValueError("argument is negative")
|
|
|
|
return x
|
|
|
|
|
2016-11-30 10:42:58 +01:00
|
|
|
|
|
|
|
def to_not_negative_int_or_none(s):
|
|
|
|
# type: (Text) -> Optional[int]
|
|
|
|
if s:
|
|
|
|
return to_non_negative_int(s)
|
|
|
|
return None
|
|
|
|
|
|
|
|
|
2014-07-31 04:54:50 +02:00
|
|
|
def flexible_boolean(boolean):
|
2016-12-27 07:09:35 +01:00
|
|
|
# type: (Text) -> bool
|
2014-07-31 04:54:50 +02:00
|
|
|
"""Returns True for any of "1", "true", or "True". Returns False otherwise."""
|
|
|
|
if boolean in ("1", "true", "True"):
|
2014-01-09 20:59:05 +01:00
|
|
|
return True
|
|
|
|
else:
|
|
|
|
return False
|
|
|
|
|
2016-12-22 04:46:31 +01:00
|
|
|
def to_utc_datetime(timestamp):
|
2016-12-30 00:03:37 +01:00
|
|
|
# type: (Text) -> datetime.datetime
|
2016-12-22 04:46:31 +01:00
|
|
|
return timestamp_to_datetime(float(timestamp))
|
|
|
|
|
2013-04-16 22:52:32 +02:00
|
|
|
def statsd_increment(counter, val=1):
|
2016-12-27 07:09:35 +01:00
|
|
|
# type: (Text, int) -> Callable[[Callable[..., Any]], Callable[..., Any]]
|
2013-04-16 22:52:32 +02:00
|
|
|
"""Increments a statsd counter on completion of the
|
|
|
|
decorated function.
|
|
|
|
|
|
|
|
Pass the name of the counter to this decorator-returning function."""
|
|
|
|
def wrapper(func):
|
2016-06-06 01:54:58 +02:00
|
|
|
# type: (Callable[..., Any]) -> Callable[..., Any]
|
2013-04-16 22:52:32 +02:00
|
|
|
@wraps(func)
|
|
|
|
def wrapped_func(*args, **kwargs):
|
2016-06-06 01:54:58 +02:00
|
|
|
# type: (*Any, **Any) -> Any
|
2013-05-29 23:58:07 +02:00
|
|
|
ret = func(*args, **kwargs)
|
2013-04-16 22:52:32 +02:00
|
|
|
statsd.incr(counter, val)
|
2013-05-29 23:58:07 +02:00
|
|
|
return ret
|
|
|
|
return wrapped_func
|
|
|
|
return wrapper
|
|
|
|
|
2013-06-06 20:08:02 +02:00
|
|
|
def rate_limit_user(request, user, domain):
|
2016-12-27 07:09:35 +01:00
|
|
|
# type: (HttpRequest, UserProfile, Text) -> None
|
2013-06-06 20:08:02 +02:00
|
|
|
"""Returns whether or not a user was rate limited. Will raise a RateLimited exception
|
|
|
|
if the user has been rate limited, otherwise returns and modifies request to contain
|
|
|
|
the rate limit information"""
|
|
|
|
|
|
|
|
ratelimited, time = is_ratelimited(user, domain)
|
|
|
|
request._ratelimit_applied_limits = True
|
|
|
|
request._ratelimit_secs_to_freedom = time
|
|
|
|
request._ratelimit_over_limit = ratelimited
|
|
|
|
# Abort this request if the user is over her rate limits
|
|
|
|
if ratelimited:
|
2013-10-17 16:33:04 +02:00
|
|
|
statsd.incr("ratelimiter.limited.%s.%s" % (type(user), user.id))
|
2013-06-06 20:08:02 +02:00
|
|
|
raise RateLimited()
|
|
|
|
|
|
|
|
incr_ratelimit(user, domain)
|
|
|
|
calls_remaining, time_reset = api_calls_left(user, domain)
|
|
|
|
|
|
|
|
request._ratelimit_remaining = calls_remaining
|
|
|
|
request._ratelimit_secs_to_freedom = time_reset
|
|
|
|
|
2013-05-29 23:58:07 +02:00
|
|
|
def rate_limit(domain='all'):
|
2016-12-27 07:09:35 +01:00
|
|
|
# type: (Text) -> Callable[[Callable[..., HttpResponse]], Callable[..., HttpResponse]]
|
2017-01-08 16:40:03 +01:00
|
|
|
"""Rate-limits a view. Takes an optional 'domain' param if you wish to
|
|
|
|
rate limit different types of API calls independently.
|
2013-05-29 23:58:07 +02:00
|
|
|
|
|
|
|
Returns a decorator"""
|
|
|
|
def wrapper(func):
|
2016-06-06 01:54:58 +02:00
|
|
|
# type: (Callable[..., HttpResponse]) -> Callable[..., HttpResponse]
|
2013-05-29 23:58:07 +02:00
|
|
|
@wraps(func)
|
|
|
|
def wrapped_func(request, *args, **kwargs):
|
2016-06-06 01:54:58 +02:00
|
|
|
# type: (HttpRequest, *Any, **Any) -> HttpResponse
|
2016-07-09 08:08:42 +02:00
|
|
|
|
2016-07-09 20:25:31 +02:00
|
|
|
# It is really tempting to not even wrap our original function
|
|
|
|
# when settings.RATE_LIMITING is False, but it would make
|
|
|
|
# for awkward unit testing in some situations.
|
|
|
|
if not settings.RATE_LIMITING:
|
|
|
|
return func(request, *args, **kwargs)
|
|
|
|
|
2016-07-09 08:08:42 +02:00
|
|
|
if client_is_exempt_from_rate_limiting(request):
|
2013-05-29 23:58:07 +02:00
|
|
|
return func(request, *args, **kwargs)
|
|
|
|
|
|
|
|
try:
|
|
|
|
user = request.user
|
2017-01-08 16:40:03 +01:00
|
|
|
except Exception:
|
2016-07-09 08:08:42 +02:00
|
|
|
# TODO: This logic is not tested, and I'm not sure we are
|
|
|
|
# doing the right thing here.
|
2013-05-29 23:58:07 +02:00
|
|
|
user = None
|
|
|
|
|
2016-07-09 20:25:31 +02:00
|
|
|
if not user:
|
2016-12-03 18:07:49 +01:00
|
|
|
logging.error("Requested rate-limiting on %s but user is not authenticated!" %
|
2016-11-30 14:17:35 +01:00
|
|
|
func.__name__)
|
2013-05-29 23:58:07 +02:00
|
|
|
return func(request, *args, **kwargs)
|
|
|
|
|
2016-07-09 08:08:42 +02:00
|
|
|
# Rate-limiting data is stored in redis
|
|
|
|
# We also only support rate-limiting authenticated
|
|
|
|
# views right now.
|
|
|
|
# TODO(leo) - implement per-IP non-authed rate limiting
|
2013-06-06 20:08:02 +02:00
|
|
|
rate_limit_user(request, user, domain)
|
2013-05-29 23:58:07 +02:00
|
|
|
|
|
|
|
return func(request, *args, **kwargs)
|
2013-04-16 22:52:32 +02:00
|
|
|
return wrapped_func
|
|
|
|
return wrapper
|
2013-07-02 17:30:04 +02:00
|
|
|
|
|
|
|
def profiled(func):
|
2016-07-22 15:10:19 +02:00
|
|
|
# type: (FuncT) -> FuncT
|
2013-07-02 17:30:04 +02:00
|
|
|
"""
|
|
|
|
This decorator should obviously be used only in a dev environment.
|
|
|
|
It works best when surrounding a function that you expect to be
|
2016-04-12 07:16:09 +02:00
|
|
|
called once. One strategy is to write a backend test and wrap the
|
|
|
|
test case with the profiled decorator.
|
2013-07-02 17:30:04 +02:00
|
|
|
|
|
|
|
You can run a single test case like this:
|
|
|
|
|
2016-04-12 07:16:09 +02:00
|
|
|
# edit zerver/tests/test_external.py and place @profiled above the test case below
|
|
|
|
./tools/test-backend zerver.tests.test_external.RateLimitTests.test_ratelimit_decrease
|
2013-07-02 17:30:04 +02:00
|
|
|
|
|
|
|
Then view the results like this:
|
|
|
|
|
|
|
|
./tools/show-profile-results.py test_ratelimit_decrease.profile
|
|
|
|
|
|
|
|
"""
|
|
|
|
@wraps(func)
|
|
|
|
def wrapped_func(*args, **kwargs):
|
2016-06-06 01:54:58 +02:00
|
|
|
# type: (*Any, **Any) -> Any
|
2013-07-02 17:30:04 +02:00
|
|
|
fn = func.__name__ + ".profile"
|
|
|
|
prof = cProfile.Profile()
|
2017-02-11 03:18:39 +01:00
|
|
|
retval = prof.runcall(func, *args, **kwargs) # type: Any
|
2013-07-02 17:30:04 +02:00
|
|
|
prof.dump_stats(fn)
|
|
|
|
return retval
|
2016-07-22 20:20:30 +02:00
|
|
|
return wrapped_func # type: ignore # https://github.com/python/mypy/issues/1927
|
2013-10-07 17:35:22 +02:00
|
|
|
|
2016-11-15 17:20:22 +01:00
|
|
|
def return_success_on_head_request(view_func):
|
|
|
|
# type: (Callable) -> Callable
|
|
|
|
@wraps(view_func)
|
|
|
|
def _wrapped_view_func(request, *args, **kwargs):
|
|
|
|
# type: (HttpResponse, *Any, **Any) -> Callable
|
|
|
|
if request.method == 'HEAD':
|
|
|
|
return json_success()
|
|
|
|
return view_func(request, *args, **kwargs)
|
|
|
|
return _wrapped_view_func
|