X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/70b6a0214b7554af3465adedcde599362f5bdd4c..df4006d32d7e0af2cc6d03123bb083eb1fab704f:/code/view.py?ds=inline diff --git a/code/view.py b/code/view.py index 1765ddf..51f19a5 100644 --- a/code/view.py +++ b/code/view.py @@ -7,13 +7,15 @@ import simplejson import datetime, decimal from StringIO import StringIO from invirt.config import structs as config +import invirt.database from webcommon import State class MakoHandler(cherrypy.dispatch.LateParamPageHandler): """Callable which processes a dictionary, returning the rendered body.""" - def __init__(self, template, next_handler, content_type='text/html; charset=utf-8'): + def __init__(self, template, next_handler, + content_type='text/html; charset=utf-8'): self.template = template self.next_handler = next_handler self.content_type = content_type @@ -51,10 +53,11 @@ class MakoLoader(object): def __call__(self, filename, directories, module_directory=None, collection_size=-1, content_type='text/html; charset=utf-8', imports=[]): - cherrypy.request.lookup = lookup = self.get_lookup(directories, module_directory, - collection_size, imports) + cherrypy.request.lookup = lookup = self.get_lookup( + directories, module_directory, collection_size, imports) cherrypy.request.template = t = lookup.get_template(filename) - cherrypy.request.handler = MakoHandler(t, cherrypy.request.handler, content_type) + cherrypy.request.handler = MakoHandler( + t, cherrypy.request.handler, content_type) cherrypy.tools.mako = cherrypy.Tool('on_start_resource', MakoLoader()) @@ -101,7 +104,8 @@ def jsonify_tool_callback(*args, **kwargs): response.headers['Content-Type'] = 'text/javascript' response.body = JSONEncoder().iterencode(response.body) -cherrypy.tools.jsonify = cherrypy.Tool('before_finalize', jsonify_tool_callback, priority=30) +cherrypy.tools.jsonify = cherrypy.Tool('before_finalize', + jsonify_tool_callback, priority=30) def require_login(): @@ -110,7 +114,8 @@ def require_login(): raise cherrypy.HTTPError(403, "You are not authorized to access that resource") -cherrypy.tools.require_login = cherrypy.Tool('on_start_resource', require_login, priority=150) +cherrypy.tools.require_login = cherrypy.Tool('on_start_resource', + require_login, priority=150) def require_POST(): @@ -118,8 +123,11 @@ def require_POST(): if cherrypy.request.method != "POST": raise cherrypy.HTTPError(405, "You must submit this request with POST") + if not cherrypy.request.headers.get('Referer', '').startswith('https://' + config.web.hostname): + raise cherrypy.HTTPError(403, "This form is only usable when submitted from another page on this site. If you receive this message in error, check your browser's Referer settings.") -cherrypy.tools.require_POST = cherrypy.Tool('on_start_resource', require_POST, priority=150) +cherrypy.tools.require_POST = cherrypy.Tool('on_start_resource', + require_POST, priority=150) def remote_user_login(): @@ -145,7 +153,8 @@ failed login, and is left at None if the user attempted no authentication. else: cherrypy.request.login = user -cherrypy.tools.remote_user_login = cherrypy.Tool('on_start_resource', remote_user_login, priority=50) +cherrypy.tools.remote_user_login = cherrypy.Tool('on_start_resource', + remote_user_login, priority=50) def invirtwebstate_init(): @@ -153,8 +162,13 @@ def invirtwebstate_init(): if not hasattr(cherrypy.request, "state"): cherrypy.request.state = State(cherrypy.request.login) -cherrypy.tools.invirtwebstate = cherrypy.Tool('on_start_resource', invirtwebstate_init, priority=100) +cherrypy.tools.invirtwebstate = cherrypy.Tool('on_start_resource', + invirtwebstate_init, priority=100) + + +cherrypy.tools.clear_db_cache = cherrypy.Tool('on_start_resource', invirt.database.clear_cache) class View(object): - _cp_config = {'tools.mako.directories': [os.path.join(os.path.dirname(__file__),'templates')]} + _cp_config = {'tools.mako.directories': + [os.path.join(os.path.dirname(__file__),'templates')]}