##// END OF EJS Templates
security: fix XSS in repo strip view.
security: fix XSS in repo strip view.

File last commit:

r1959:b0de121b default
r2155:a81b6ebb default
Show More
base.py
112 lines | 3.2 KiB | text/x-python | PythonLexer
license: updated copyright year to 2017
r1271 # Copyright (C) 2016-2017 RhodeCode GmbH
dan
events: add serialization .to_dict() to events based on marshmallow
r379 #
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License, version 3
# (only), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# This program is dual-licensed. If you wish to learn more about the
# RhodeCode Enterprise Edition, including its added features, Support services,
# and proprietary license terms, please see https://rhodecode.com/licenses/
events: make the System URL extraction safer....
r1424 import logging
events: ported pylons part to pyramid....
r1959 import datetime
dan
events: add serialization .to_dict() to events based on marshmallow
r379
events: ported pylons part to pyramid....
r1959 from zope.cachedescriptors.property import Lazy as LazyProperty
dan
events: add serialization .to_dict() to events based on marshmallow
r379 from pyramid.threadlocal import get_current_request
events: ported pylons part to pyramid....
r1959
dan
events: add serialization .to_dict() to events based on marshmallow
r379 from rhodecode.lib.utils2 import AttributeDict
dan
events: add comment on SYSTEM_USER
r391 # this is a user object to be used for events caused by the system (eg. shell)
dan
events: add serialization .to_dict() to events based on marshmallow
r379 SYSTEM_USER = AttributeDict(dict(
integrations: expose actor user_id, and username in webhook integration templates args....
r1709 username='__SYSTEM__',
user_id='__SYSTEM_ID__'
dan
events: add serialization .to_dict() to events based on marshmallow
r379 ))
events: make the System URL extraction safer....
r1424 log = logging.getLogger(__name__)
dan
events: add serialization .to_dict() to events based on marshmallow
r379
class RhodecodeEvent(object):
"""
events: re-organizate events handling....
r1789 Base event class for all RhodeCode events
dan
events: add serialization .to_dict() to events based on marshmallow
r379 """
events: expose server_url for repo events.
r649 name = "RhodeCodeEvent"
events: ported pylons part to pyramid....
r1959 no_url_set = '<no server_url available>'
events: expose server_url for repo events.
r649
events: re-organizate events handling....
r1789 def __init__(self, request=None):
events: ported pylons part to pyramid....
r1959 self._request = request
self.utc_timestamp = datetime.datetime.utcnow()
def get_request(self):
if self._request:
return self._request
return get_current_request()
@LazyProperty
def request(self):
return self.get_request()
dan
events: add serialization .to_dict() to events based on marshmallow
r379
@property
api-events: fix a case events were called from API and we couldn't fetch registered user....
r1420 def auth_user(self):
if not self.request:
return
user = getattr(self.request, 'user', None)
if user:
return user
api_user = getattr(self.request, 'rpc_user', None)
if api_user:
return api_user
@property
dan
events: fix bugs with serialization of repo/pr events and add tests for those cases
r389 def actor(self):
api-events: fix a case events were called from API and we couldn't fetch registered user....
r1420 auth_user = self.auth_user
if auth_user:
auth: refactor code and simplified instructions....
r1454 instance = auth_user.get_instance()
if not instance:
return AttributeDict(dict(
integrations: expose actor user_id, and username in webhook integration templates args....
r1709 username=auth_user.username,
user_id=auth_user.user_id,
auth: refactor code and simplified instructions....
r1454 ))
events: fix wrongly returned author data.
r1466 return instance
auth: refactor code and simplified instructions....
r1454
dan
events: add serialization .to_dict() to events based on marshmallow
r379 return SYSTEM_USER
@property
dan
events: fix bugs with serialization of repo/pr events and add tests for those cases
r389 def actor_ip(self):
api-events: fix a case events were called from API and we couldn't fetch registered user....
r1420 auth_user = self.auth_user
if auth_user:
return auth_user.ip_addr
dan
events: add serialization .to_dict() to events based on marshmallow
r379 return '<no ip available>'
events: expose server_url for repo events.
r649 @property
def server_url(self):
if self.request:
events: make the System URL extraction safer....
r1424 try:
events: re-organizate events handling....
r1789 return self.request.route_url('home')
events: make the System URL extraction safer....
r1424 except Exception:
log.exception('Failed to fetch URL for server')
events: ported pylons part to pyramid....
r1959 return self.no_url_set
events: make the System URL extraction safer....
r1424
events: ported pylons part to pyramid....
r1959 return self.no_url_set
events: expose server_url for repo events.
r649
dan
events: add serialization .to_dict() to events based on marshmallow
r379 def as_dict(self):
dan
integrations: add integration support...
r411 data = {
'name': self.name,
'utc_timestamp': self.utc_timestamp,
'actor_ip': self.actor_ip,
'actor': {
integrations: expose actor user_id, and username in webhook integration templates args....
r1709 'username': self.actor.username,
'user_id': self.actor.user_id
events: expose server_url for repo events.
r649 },
'server_url': self.server_url
dan
integrations: add integration support...
r411 }
events: expose server_url for repo events.
r649 return data