zulip/zephyr/decorator.py

from django.views.decorators.csrf import csrf_exempt
from zephyr.models import UserProfile, UserActivity, get_client
from zephyr.lib.response import json_success, json_error
from django.utils.timezone import now

from functools import wraps

import types

class TornadoAsyncException(Exception): pass

class _DefGen_Return(BaseException):
    def __init__(self, value):
        self.value = value

def returnResponse(value):
    raise _DefGen_Return(value)

def asynchronous(method):
    @wraps(method)
    def wrapper(request, *args, **kwargs):
        try:
            v = method(request, handler=request._tornado_handler, *args, **kwargs)
            if v == None or type(v) == types.GeneratorType:
                raise TornadoAsyncException
        except _DefGen_Return, e:
            request._tornado_handler.finish(e.value.content)
        return v
    if getattr(method, 'csrf_exempt', False):
        wrapper.csrf_exempt = True
    return wrapper

def require_post(view_func):
    @wraps(view_func)
    def _wrapped_view_func(request, *args, **kwargs):
        if request.method != "POST":
            return json_error('This form can only be submitted by POST.')
        return view_func(request, *args, **kwargs)
    return _wrapped_view_func

def parse_client(request, default):
    client_name = default
    if 'client' in request.POST:
        client_name = request.POST['client']
    return get_client(client_name)

def update_user_activity(request, user_profile, client):
    current_time = now()
    (activity, created) = UserActivity.objects.get_or_create(
        user_profile = user_profile,
        client = client,
        query = request.META["PATH_INFO"],
        defaults={'last_visit': current_time, 'count': 0})
    activity.count += 1
    activity.last_visit = current_time
    activity.save()

# authenticated_api_view will add the authenticated user's user_profile to
# the view function's arguments list, since we have to look it up
# anyway.
def authenticated_api_view(view_func):
    @csrf_exempt
    @require_post
    @has_request_variables
    @wraps(view_func)
    def _wrapped_view_func(request, email=POST, api_key=POST('api-key'),
                           *args, **kwargs):
        try:
            user_profile = UserProfile.objects.get(user__email=email)
        except UserProfile.DoesNotExist:
            return json_error("Invalid user: %s" % (email,))
        if api_key != user_profile.api_key:
            return json_error("Invalid API key for user '%s'" % (email,))
        update_user_activity(request, user_profile,
                             parse_client(request, "API"))
        return view_func(request, user_profile, *args, **kwargs)
    return _wrapped_view_func

# Checks if the request is a POST request and that the user is logged
# in.  If not, return an error (the @login_required behavior of
# redirecting to a login page doesn't make sense for json views)
def authenticated_json_view(view_func):
    @require_post
    @wraps(view_func)
    def _wrapped_view_func(request, *args, **kwargs):
        if not request.user.is_authenticated():
            return json_error("Not logged in", status=401)
        update_user_activity(request, request.user.userprofile,
                             parse_client(request, "website"))
        return view_func(request, request.user.userprofile, *args, **kwargs)
    return _wrapped_view_func

# Used in conjunction with @has_request_variables, below
class POST(object):
    # NotSpecified is a sentinel value for determining whether a
    # default value was specified for a request variable.  We can't
    # use None because that could be a valid, user-specified default
    class _NotSpecified(object):
        pass
    NotSpecified = _NotSpecified()

    def __init__(self, whence=None, converter=None, default=NotSpecified):
        """
        whence: the name of the request variable that should be used
        for this parameter.  Defaults to a request variable of the
        same name as the parameter.

        converter: a function that takes a string and returns a new
        value.  If specified, this will be called on the request
        variable value before passing to the function

        default: a value to be used for the argument if the parameter
        is missing in the request
        """

        self.post_var_name = whence
        self.func_var_name = None
        self.converter = converter
        self.default = default

# Extracts variables from the request object and passes them as
# named function arguments.  The request object must be the first
# argument to the function.
#
# To use, assign a function parameter a default value that is an
# instance of the POST class.  That paramter will then be
# automatically populated from the HTTP request.  The request object
# must be the first argument to the decorated function.
#
# Note that this can't be used in helper functions which are not
# expected to call json_error or json_success, as it uses json_error
# internally when it encounters an error
def has_request_variables(view_func):
    num_params = view_func.func_code.co_argcount
    if view_func.func_defaults is None:
        num_default_params = 0
    else:
        num_default_params = len(view_func.func_defaults)
    default_param_names = view_func.func_code.co_varnames[num_params - num_default_params:]
    default_param_values = view_func.func_defaults

    post_params = []

    for (name, value) in zip(default_param_names, default_param_values):
        if isinstance(value, POST):
            value.func_var_name = name
            if value.post_var_name is None:
                value.post_var_name = name
            post_params.append(value)
        elif value == POST:
            # If the function definition does not actually
            # instantiate a POST object but instead uses the POST
            # class itself as a value, we instantiate it as a
            # convenience
            post_var = POST(name)
            post_var.func_var_name = name
            post_params.append(post_var)

    @wraps(view_func)
    def _wrapped_view_func(request, *args, **kwargs):
        for param in post_params:
            default_assigned = False
            try:
                val = request.POST[param.post_var_name]
            except KeyError:
                if param.default is POST.NotSpecified:
                    return json_error("Missing '%s' argument" % (param.post_var_name,))
                val = param.default
                default_assigned = True

            if param.converter is not None and not default_assigned:
                try:
                    val = param.converter(val)
                except:
                    return json_error("Bad value for '%s': %s"
                                      % (param.post_var_name, val))
            kwargs[param.func_var_name] = val

        return view_func(request, *args, **kwargs)

    return _wrapped_view_func
Move view decorators into decorator.py (imported from commit 737cff552b395493f44864ac06e901b0ba17fa29) 2012-11-06 20:27:55 +01:00			`from django.views.decorators.csrf import csrf_exempt`
[schema] Store analytics on usage of our product. (imported from commit 4fbf8215225fc8f505b9c749ccf80c556af13e87) 2012-11-08 23:02:16 +01:00			`from zephyr.models import UserProfile, UserActivity, get_client`
Move view decorators into decorator.py (imported from commit 737cff552b395493f44864ac06e901b0ba17fa29) 2012-11-06 20:27:55 +01:00			`from zephyr.lib.response import json_success, json_error`
[schema] Store analytics on usage of our product. (imported from commit 4fbf8215225fc8f505b9c749ccf80c556af13e87) 2012-11-08 23:02:16 +01:00			`from django.utils.timezone import now`
Move view decorators into decorator.py (imported from commit 737cff552b395493f44864ac06e901b0ba17fa29) 2012-11-06 20:27:55 +01:00
Use functools.wraps on the functions returned by our decorators This lets Django report the correct view name in errors (imported from commit b21347e7af39cda439125355f99f4fc63fc3bd2f) 2012-11-02 00:23:26 +01:00			`from functools import wraps`

Implement long polling using Tornado. (imported from commit 4385304b27d7fe55a57a23133cd214fe8fc33482) 2012-08-28 22:56:21 +02:00			`import types`

			`class TornadoAsyncException(Exception): pass`

			`class _DefGen_Return(BaseException):`
			`def __init__(self, value):`
			`self.value = value`

			`def returnResponse(value):`
			`raise _DefGen_Return(value)`

			`def asynchronous(method):`
Use functools.wraps on the functions returned by our decorators This lets Django report the correct view name in errors (imported from commit b21347e7af39cda439125355f99f4fc63fc3bd2f) 2012-11-02 00:23:26 +01:00			`@wraps(method)`
Implement long polling using Tornado. (imported from commit 4385304b27d7fe55a57a23133cd214fe8fc33482) 2012-08-28 22:56:21 +02:00			`def wrapper(request, args, *kwargs):`
			`try:`
Make @asynchronous's added 'handler' argument be keyword instead of positional Adding a positional argument caused a problem when @authenticated_api_view started using @has_request_variables internally. The 'handler' argument used to be passed through positionally to the wrapped function, but when using @has_request_variables, the wrapper inside @authenticated_api_view had to take additional arguments. The handler argument was then assigned to one of those parameters instead of being passed through. (imported from commit 66240bd465c803ddcbf4a603509051fca7381468) 2012-11-15 18:52:46 +01:00			`v = method(request, handler=request._tornado_handler, args, *kwargs)`
Implement long polling using Tornado. (imported from commit 4385304b27d7fe55a57a23133cd214fe8fc33482) 2012-08-28 22:56:21 +02:00			`if v == None or type(v) == types.GeneratorType:`
Remove a bunch more trailing whitespace. (imported from commit 5d1cc8dcb0b26eaf95ddca26574b361b6948cdb8) 2012-09-05 17:23:58 +02:00			`raise TornadoAsyncException`
Implement long polling using Tornado. (imported from commit 4385304b27d7fe55a57a23133cd214fe8fc33482) 2012-08-28 22:56:21 +02:00			`except _DefGen_Return, e:`
			`request._tornado_handler.finish(e.value.content)`
			`return v`
Copy the csrf_exempt attribute in @asynchronous Needed for @csrf_exempt to work. (imported from commit 563ab11b0d26262511e9a6d9cc2735b0b835a391) 2012-10-27 23:56:01 +02:00			`if getattr(method, 'csrf_exempt', False):`
			`wrapper.csrf_exempt = True`
Implement long polling using Tornado. (imported from commit 4385304b27d7fe55a57a23133cd214fe8fc33482) 2012-08-28 22:56:21 +02:00			`return wrapper`
Move view decorators into decorator.py (imported from commit 737cff552b395493f44864ac06e901b0ba17fa29) 2012-11-06 20:27:55 +01:00
			`def require_post(view_func):`
			`@wraps(view_func)`
			`def _wrapped_view_func(request, args, *kwargs):`
			`if request.method != "POST":`
			`return json_error('This form can only be submitted by POST.')`
			`return view_func(request, args, *kwargs)`
			`return _wrapped_view_func`

[schema] Store analytics on usage of our product. (imported from commit 4fbf8215225fc8f505b9c749ccf80c556af13e87) 2012-11-08 23:02:16 +01:00			`def parse_client(request, default):`
			`client_name = default`
			`if 'client' in request.POST:`
			`client_name = request.POST['client']`
			`return get_client(client_name)`

			`def update_user_activity(request, user_profile, client):`
			`current_time = now()`
			`(activity, created) = UserActivity.objects.get_or_create(`
			`user_profile = user_profile,`
			`client = client,`
			`query = request.META["PATH_INFO"],`
			`defaults={'last_visit': current_time, 'count': 0})`
			`activity.count += 1`
			`activity.last_visit = current_time`
			`activity.save()`

Move view decorators into decorator.py (imported from commit 737cff552b395493f44864ac06e901b0ba17fa29) 2012-11-06 20:27:55 +01:00			`# authenticated_api_view will add the authenticated user's user_profile to`
			`# the view function's arguments list, since we have to look it up`
			`# anyway.`
			`def authenticated_api_view(view_func):`
			`@csrf_exempt`
			`@require_post`
Use request variable decorator in @authenticated_api_view (imported from commit ec46ec307cfb34275ebc33e429663172d3f2d169) 2012-11-14 19:45:13 +01:00			`@has_request_variables`
Move view decorators into decorator.py (imported from commit 737cff552b395493f44864ac06e901b0ba17fa29) 2012-11-06 20:27:55 +01:00			`@wraps(view_func)`
Use request variable decorator in @authenticated_api_view (imported from commit ec46ec307cfb34275ebc33e429663172d3f2d169) 2012-11-14 19:45:13 +01:00			`def _wrapped_view_func(request, email=POST, api_key=POST('api-key'),`
			`args, *kwargs):`
Move view decorators into decorator.py (imported from commit 737cff552b395493f44864ac06e901b0ba17fa29) 2012-11-06 20:27:55 +01:00			`try:`
Give more informative error messages for API authentication failures (imported from commit e86495853c615915ca39be48128bd8f9bc312e5b) 2012-11-14 19:43:32 +01:00			`user_profile = UserProfile.objects.get(user__email=email)`
Move view decorators into decorator.py (imported from commit 737cff552b395493f44864ac06e901b0ba17fa29) 2012-11-06 20:27:55 +01:00			`except UserProfile.DoesNotExist:`
Give more informative error messages for API authentication failures (imported from commit e86495853c615915ca39be48128bd8f9bc312e5b) 2012-11-14 19:43:32 +01:00			`return json_error("Invalid user: %s" % (email,))`
			`if api_key != user_profile.api_key:`
			`return json_error("Invalid API key for user '%s'" % (email,))`
[schema] Store analytics on usage of our product. (imported from commit 4fbf8215225fc8f505b9c749ccf80c556af13e87) 2012-11-08 23:02:16 +01:00			`update_user_activity(request, user_profile,`
			`parse_client(request, "API"))`
Move view decorators into decorator.py (imported from commit 737cff552b395493f44864ac06e901b0ba17fa29) 2012-11-06 20:27:55 +01:00			`return view_func(request, user_profile, args, *kwargs)`
			`return _wrapped_view_func`

			`# Checks if the request is a POST request and that the user is logged`
			`# in. If not, return an error (the @login_required behavior of`
			`# redirecting to a login page doesn't make sense for json views)`
			`def authenticated_json_view(view_func):`
			`@require_post`
			`@wraps(view_func)`
			`def _wrapped_view_func(request, args, *kwargs):`
			`if not request.user.is_authenticated():`
Return HTTP 401 Unauthorized from JSON views when not logged in (imported from commit c1f4989c8d1132e10b2e61e9ef08000823994b35) 2012-11-21 00:12:53 +01:00			`return json_error("Not logged in", status=401)`
[schema] Store analytics on usage of our product. (imported from commit 4fbf8215225fc8f505b9c749ccf80c556af13e87) 2012-11-08 23:02:16 +01:00			`update_user_activity(request, request.user.userprofile,`
			`parse_client(request, "website"))`
Pass the user's user_profile to authenticated view functions. This change substantially increases the number of view functions where the API and JSON versions are actually identical code. (imported from commit 2eee55a8943cf9a684bec2ba1f6d7afcb2b91948) 2012-11-08 22:43:00 +01:00			`return view_func(request, request.user.userprofile, args, *kwargs)`
Move view decorators into decorator.py (imported from commit 737cff552b395493f44864ac06e901b0ba17fa29) 2012-11-06 20:27:55 +01:00			`return _wrapped_view_func`
Add magic request variable extractor decorator Functions with the @has_request_variables decorator can have some of their arguments extracted from the HTTP request. For each such argument, its default value should be an instance of the POST class. The arguments to the POST constructor control the request variable name that the function parameter should be populated from (it defaults to the same as the parameter name), whether the value should be converted before being passed, and whether a default value should be supplied if the parameter is missing from the request. (imported from commit ba1c25d73ba3980e44abec1458e6496807fcdaa4) 2012-11-01 23:21:12 +01:00
			`# Used in conjunction with @has_request_variables, below`
			`class POST(object):`
			`# NotSpecified is a sentinel value for determining whether a`
			`# default value was specified for a request variable. We can't`
			`# use None because that could be a valid, user-specified default`
			`class _NotSpecified(object):`
			`pass`
			`NotSpecified = _NotSpecified()`

			`def __init__(self, whence=None, converter=None, default=NotSpecified):`
			`"""`
			`whence: the name of the request variable that should be used`
			`for this parameter. Defaults to a request variable of the`
			`same name as the parameter.`

			`converter: a function that takes a string and returns a new`
			`value. If specified, this will be called on the request`
			`variable value before passing to the function`

			`default: a value to be used for the argument if the parameter`
			`is missing in the request`
			`"""`

			`self.post_var_name = whence`
			`self.func_var_name = None`
			`self.converter = converter`
			`self.default = default`

			`# Extracts variables from the request object and passes them as`
			`# named function arguments. The request object must be the first`
			`# argument to the function.`
			`#`
			`# To use, assign a function parameter a default value that is an`
			`# instance of the POST class. That paramter will then be`
			`# automatically populated from the HTTP request. The request object`
			`# must be the first argument to the decorated function.`
Add note to @has_request_variables about when it is inappropriate to use (imported from commit 952341aad07e07d762ea3ec66a5b167bcb40ecea) 2012-11-08 22:30:39 +01:00			`#`
			`# Note that this can't be used in helper functions which are not`
			`# expected to call json_error or json_success, as it uses json_error`
			`# internally when it encounters an error`
Add magic request variable extractor decorator Functions with the @has_request_variables decorator can have some of their arguments extracted from the HTTP request. For each such argument, its default value should be an instance of the POST class. The arguments to the POST constructor control the request variable name that the function parameter should be populated from (it defaults to the same as the parameter name), whether the value should be converted before being passed, and whether a default value should be supplied if the parameter is missing from the request. (imported from commit ba1c25d73ba3980e44abec1458e6496807fcdaa4) 2012-11-01 23:21:12 +01:00			`def has_request_variables(view_func):`
			`num_params = view_func.func_code.co_argcount`
			`if view_func.func_defaults is None:`
			`num_default_params = 0`
			`else:`
			`num_default_params = len(view_func.func_defaults)`
			`default_param_names = view_func.func_code.co_varnames[num_params - num_default_params:]`
			`default_param_values = view_func.func_defaults`

			`post_params = []`

			`for (name, value) in zip(default_param_names, default_param_values):`
			`if isinstance(value, POST):`
			`value.func_var_name = name`
			`if value.post_var_name is None:`
			`value.post_var_name = name`
			`post_params.append(value)`
			`elif value == POST:`
			`# If the function definition does not actually`
			`# instantiate a POST object but instead uses the POST`
			`# class itself as a value, we instantiate it as a`
			`# convenience`
			`post_var = POST(name)`
			`post_var.func_var_name = name`
			`post_params.append(post_var)`

			`@wraps(view_func)`
			`def _wrapped_view_func(request, args, *kwargs):`
			`for param in post_params:`
@has_request_variables: don't apply the converter to default values (imported from commit 44fecac26268c4c1b7f69b4d5013cfbff2010744) 2012-11-09 17:52:44 +01:00			`default_assigned = False`
Add magic request variable extractor decorator Functions with the @has_request_variables decorator can have some of their arguments extracted from the HTTP request. For each such argument, its default value should be an instance of the POST class. The arguments to the POST constructor control the request variable name that the function parameter should be populated from (it defaults to the same as the parameter name), whether the value should be converted before being passed, and whether a default value should be supplied if the parameter is missing from the request. (imported from commit ba1c25d73ba3980e44abec1458e6496807fcdaa4) 2012-11-01 23:21:12 +01:00			`try:`
			`val = request.POST[param.post_var_name]`
			`except KeyError:`
			`if param.default is POST.NotSpecified:`
			`return json_error("Missing '%s' argument" % (param.post_var_name,))`
			`val = param.default`
@has_request_variables: don't apply the converter to default values (imported from commit 44fecac26268c4c1b7f69b4d5013cfbff2010744) 2012-11-09 17:52:44 +01:00			`default_assigned = True`
Add magic request variable extractor decorator Functions with the @has_request_variables decorator can have some of their arguments extracted from the HTTP request. For each such argument, its default value should be an instance of the POST class. The arguments to the POST constructor control the request variable name that the function parameter should be populated from (it defaults to the same as the parameter name), whether the value should be converted before being passed, and whether a default value should be supplied if the parameter is missing from the request. (imported from commit ba1c25d73ba3980e44abec1458e6496807fcdaa4) 2012-11-01 23:21:12 +01:00
@has_request_variables: don't apply the converter to default values (imported from commit 44fecac26268c4c1b7f69b4d5013cfbff2010744) 2012-11-09 17:52:44 +01:00			`if param.converter is not None and not default_assigned:`
Add magic request variable extractor decorator Functions with the @has_request_variables decorator can have some of their arguments extracted from the HTTP request. For each such argument, its default value should be an instance of the POST class. The arguments to the POST constructor control the request variable name that the function parameter should be populated from (it defaults to the same as the parameter name), whether the value should be converted before being passed, and whether a default value should be supplied if the parameter is missing from the request. (imported from commit ba1c25d73ba3980e44abec1458e6496807fcdaa4) 2012-11-01 23:21:12 +01:00			`try:`
			`val = param.converter(val)`
			`except:`
@has_request_variables: tell users what their bad value was in the error message (imported from commit 0e5e576da74c6492c2f9189bcf725c336cd9b2d7) 2012-11-09 17:56:07 +01:00			`return json_error("Bad value for '%s': %s"`
			`% (param.post_var_name, val))`
Add magic request variable extractor decorator Functions with the @has_request_variables decorator can have some of their arguments extracted from the HTTP request. For each such argument, its default value should be an instance of the POST class. The arguments to the POST constructor control the request variable name that the function parameter should be populated from (it defaults to the same as the parameter name), whether the value should be converted before being passed, and whether a default value should be supplied if the parameter is missing from the request. (imported from commit ba1c25d73ba3980e44abec1458e6496807fcdaa4) 2012-11-01 23:21:12 +01:00			`kwargs[param.func_var_name] = val`

			`return view_func(request, args, *kwargs)`

			`return _wrapped_view_func`