##// END OF EJS Templates
upstream » ipython
RSS

Clone from https://github.com/ipython/ipython.git

Name change to same_origin
Kyle Kelley -
Show More
Show file before | Show file after | Hide comments
@@ -1,141 +1,142 b''
1 """Tornado handlers for WebSocket <-> ZMQ sockets.
1 """Tornado handlers for WebSocket <-> ZMQ sockets.
2
2
3 Authors:
3 Authors:
4
4
5 * Brian Granger
5 * Brian Granger
6 """
6 """
7
7
8 #-----------------------------------------------------------------------------
8 #-----------------------------------------------------------------------------
9 # Copyright (C) 2008-2011 The IPython Development Team
9 # Copyright (C) 2008-2011 The IPython Development Team
10 #
10 #
11 # Distributed under the terms of the BSD License. The full license is in
11 # Distributed under the terms of the BSD License. The full license is in
12 # the file COPYING, distributed as part of this software.
12 # the file COPYING, distributed as part of this software.
13 #-----------------------------------------------------------------------------
13 #-----------------------------------------------------------------------------
14
14
15 #-----------------------------------------------------------------------------
15 #-----------------------------------------------------------------------------
16 # Imports
16 # Imports
17 #-----------------------------------------------------------------------------
17 #-----------------------------------------------------------------------------
18
18
19 try:
19 try:
20 from urllib.parse import urlparse # Py 3
20 from urllib.parse import urlparse # Py 3
21 except ImportError:
21 except ImportError:
22 from urlparse import urlparse # Py 2
22 from urlparse import urlparse # Py 2
23
23
24 try:
24 try:
25 from http.cookies import SimpleCookie # Py 3
25 from http.cookies import SimpleCookie # Py 3
26 except ImportError:
26 except ImportError:
27 from Cookie import SimpleCookie # Py 2
27 from Cookie import SimpleCookie # Py 2
28 import logging
28 import logging
29 from tornado import web
29 from tornado import web
30 from tornado import websocket
30 from tornado import websocket
31
31
32 from zmq.utils import jsonapi
32 from zmq.utils import jsonapi
33
33
34 from IPython.kernel.zmq.session import Session
34 from IPython.kernel.zmq.session import Session
35 from IPython.utils.jsonutil import date_default
35 from IPython.utils.jsonutil import date_default
36 from IPython.utils.py3compat import PY3, cast_unicode
36 from IPython.utils.py3compat import PY3, cast_unicode
37
37
38 from .handlers import IPythonHandler
38 from .handlers import IPythonHandler
39
39
40 #-----------------------------------------------------------------------------
40 #-----------------------------------------------------------------------------
41 # ZMQ handlers
41 # ZMQ handlers
42 #-----------------------------------------------------------------------------
42 #-----------------------------------------------------------------------------
43
43
44 class ZMQStreamHandler(websocket.WebSocketHandler):
44 class ZMQStreamHandler(websocket.WebSocketHandler):
45
45
46 def is_cross_origin(self):
46 def same_origin(self):
47 """Check to see that origin and host match in the headers."""
47 """Check to see that origin and host match in the headers."""
48 origin_header = self.request.headers.get("Origin")
48 origin_header = self.request.headers.get("Origin")
49 host = self.request.headers.get("Host")
49 host = self.request.headers.get("Host")
50
50
51 # If no header is provided, assume we can't verify origin
51 if(origin_header == None or host == None):
52 if(origin_header == None or host == None):
52 return True
53 return False
53
54
54 parsed_origin = urlparse(origin_header)
55 parsed_origin = urlparse(origin_header)
55 origin = parsed_origin.netloc
56 origin = parsed_origin.netloc
56
57
57 # Check to see that origin matches host directly, including ports
58 # Check to see that origin matches host directly, including ports
58 return origin != host
59 return origin == host
59
60
60 def clear_cookie(self, *args, **kwargs):
61 def clear_cookie(self, *args, **kwargs):
61 """meaningless for websockets"""
62 """meaningless for websockets"""
62 pass
63 pass
63
64
64 def _reserialize_reply(self, msg_list):
65 def _reserialize_reply(self, msg_list):
65 """Reserialize a reply message using JSON.
66 """Reserialize a reply message using JSON.
66
67
67 This takes the msg list from the ZMQ socket, unserializes it using
68 This takes the msg list from the ZMQ socket, unserializes it using
68 self.session and then serializes the result using JSON. This method
69 self.session and then serializes the result using JSON. This method
69 should be used by self._on_zmq_reply to build messages that can
70 should be used by self._on_zmq_reply to build messages that can
70 be sent back to the browser.
71 be sent back to the browser.
71 """
72 """
72 idents, msg_list = self.session.feed_identities(msg_list)
73 idents, msg_list = self.session.feed_identities(msg_list)
73 msg = self.session.unserialize(msg_list)
74 msg = self.session.unserialize(msg_list)
74 try:
75 try:
75 msg['header'].pop('date')
76 msg['header'].pop('date')
76 except KeyError:
77 except KeyError:
77 pass
78 pass
78 try:
79 try:
79 msg['parent_header'].pop('date')
80 msg['parent_header'].pop('date')
80 except KeyError:
81 except KeyError:
81 pass
82 pass
82 msg.pop('buffers')
83 msg.pop('buffers')
83 return jsonapi.dumps(msg, default=date_default)
84 return jsonapi.dumps(msg, default=date_default)
84
85
85 def _on_zmq_reply(self, msg_list):
86 def _on_zmq_reply(self, msg_list):
86 # Sometimes this gets triggered when the on_close method is scheduled in the
87 # Sometimes this gets triggered when the on_close method is scheduled in the
87 # eventloop but hasn't been called.
88 # eventloop but hasn't been called.
88 if self.stream.closed(): return
89 if self.stream.closed(): return
89 try:
90 try:
90 msg = self._reserialize_reply(msg_list)
91 msg = self._reserialize_reply(msg_list)
91 except Exception:
92 except Exception:
92 self.log.critical("Malformed message: %r" % msg_list, exc_info=True)
93 self.log.critical("Malformed message: %r" % msg_list, exc_info=True)
93 else:
94 else:
94 self.write_message(msg)
95 self.write_message(msg)
95
96
96 def allow_draft76(self):
97 def allow_draft76(self):
97 """Allow draft 76, until browsers such as Safari update to RFC 6455.
98 """Allow draft 76, until browsers such as Safari update to RFC 6455.
98
99
99 This has been disabled by default in tornado in release 2.2.0, and
100 This has been disabled by default in tornado in release 2.2.0, and
100 support will be removed in later versions.
101 support will be removed in later versions.
101 """
102 """
102 return True
103 return True
103
104
104
105
105 class AuthenticatedZMQStreamHandler(ZMQStreamHandler, IPythonHandler):
106 class AuthenticatedZMQStreamHandler(ZMQStreamHandler, IPythonHandler):
106
107
107 def open(self, kernel_id):
108 def open(self, kernel_id):
108 # Check to see that origin matches host directly, including ports
109 # Check to see that origin matches host directly, including ports
109 if self.is_cross_origin():
110 if not self.same_origin():
110 self.log.warn("Cross Origin WebSocket Attempt.")
111 self.log.warn("Cross Origin WebSocket Attempt.")
111 raise web.HTTPError(404)
112 raise web.HTTPError(404)
112
113
113 self.kernel_id = cast_unicode(kernel_id, 'ascii')
114 self.kernel_id = cast_unicode(kernel_id, 'ascii')
114 self.session = Session(config=self.config)
115 self.session = Session(config=self.config)
115 self.save_on_message = self.on_message
116 self.save_on_message = self.on_message
116 self.on_message = self.on_first_message
117 self.on_message = self.on_first_message
117
118
118 def _inject_cookie_message(self, msg):
119 def _inject_cookie_message(self, msg):
119 """Inject the first message, which is the document cookie,
120 """Inject the first message, which is the document cookie,
120 for authentication."""
121 for authentication."""
121 if not PY3 and isinstance(msg, unicode):
122 if not PY3 and isinstance(msg, unicode):
122 # Cookie constructor doesn't accept unicode strings
123 # Cookie constructor doesn't accept unicode strings
123 # under Python 2.x for some reason
124 # under Python 2.x for some reason
124 msg = msg.encode('utf8', 'replace')
125 msg = msg.encode('utf8', 'replace')
125 try:
126 try:
126 identity, msg = msg.split(':', 1)
127 identity, msg = msg.split(':', 1)
127 self.session.session = cast_unicode(identity, 'ascii')
128 self.session.session = cast_unicode(identity, 'ascii')
128 except Exception:
129 except Exception:
129 logging.error("First ws message didn't have the form 'identity:[cookie]' - %r", msg)
130 logging.error("First ws message didn't have the form 'identity:[cookie]' - %r", msg)
130
131
131 try:
132 try:
132 self.request._cookies = SimpleCookie(msg)
133 self.request._cookies = SimpleCookie(msg)
133 except:
134 except:
134 self.log.warn("couldn't parse cookie string: %s",msg, exc_info=True)
135 self.log.warn("couldn't parse cookie string: %s",msg, exc_info=True)
135
136
136 def on_first_message(self, msg):
137 def on_first_message(self, msg):
137 self._inject_cookie_message(msg)
138 self._inject_cookie_message(msg)
138 if self.get_current_user() is None:
139 if self.get_current_user() is None:
139 self.log.warn("Couldn't authenticate WebSocket connection")
140 self.log.warn("Couldn't authenticate WebSocket connection")
140 raise web.HTTPError(403)
141 raise web.HTTPError(403)
141 self.on_message = self.save_on_message
142 self.on_message = self.save_on_message
General Comments 0
You need to be logged in to leave comments. Login now