##// END OF EJS Templates
Merge pull request #4845 from rgbkrk/origin_host...
Min RK -
r14963:e5b669ce merge
parent child Browse files
Show More
@@ -1,117 +1,150 b''
1 """Tornado handlers for WebSocket <-> ZMQ sockets.
1 """Tornado handlers for WebSocket <-> ZMQ sockets.
2
2
3 Authors:
3 Authors:
4
4
5 * Brian Granger
5 * Brian Granger
6 """
6 """
7
7
8 #-----------------------------------------------------------------------------
8 #-----------------------------------------------------------------------------
9 # Copyright (C) 2008-2011 The IPython Development Team
9 # Copyright (C) 2008-2011 The IPython Development Team
10 #
10 #
11 # Distributed under the terms of the BSD License. The full license is in
11 # Distributed under the terms of the BSD License. The full license is in
12 # the file COPYING, distributed as part of this software.
12 # the file COPYING, distributed as part of this software.
13 #-----------------------------------------------------------------------------
13 #-----------------------------------------------------------------------------
14
14
15 #-----------------------------------------------------------------------------
15 #-----------------------------------------------------------------------------
16 # Imports
16 # Imports
17 #-----------------------------------------------------------------------------
17 #-----------------------------------------------------------------------------
18
18
19 try:
19 try:
20 from urllib.parse import urlparse # Py 3
21 except ImportError:
22 from urlparse import urlparse # Py 2
23
24 try:
20 from http.cookies import SimpleCookie # Py 3
25 from http.cookies import SimpleCookie # Py 3
21 except ImportError:
26 except ImportError:
22 from Cookie import SimpleCookie # Py 2
27 from Cookie import SimpleCookie # Py 2
23 import logging
28 import logging
24 from tornado import web
29 from tornado import web
25 from tornado import websocket
30 from tornado import websocket
26
31
27 from zmq.utils import jsonapi
32 from zmq.utils import jsonapi
28
33
29 from IPython.kernel.zmq.session import Session
34 from IPython.kernel.zmq.session import Session
30 from IPython.utils.jsonutil import date_default
35 from IPython.utils.jsonutil import date_default
31 from IPython.utils.py3compat import PY3, cast_unicode
36 from IPython.utils.py3compat import PY3, cast_unicode
32
37
33 from .handlers import IPythonHandler
38 from .handlers import IPythonHandler
34
39
35 #-----------------------------------------------------------------------------
40 #-----------------------------------------------------------------------------
36 # ZMQ handlers
41 # ZMQ handlers
37 #-----------------------------------------------------------------------------
42 #-----------------------------------------------------------------------------
38
43
39 class ZMQStreamHandler(websocket.WebSocketHandler):
44 class ZMQStreamHandler(websocket.WebSocketHandler):
40
45
46 def same_origin(self):
47 """Check to see that origin and host match in the headers."""
48
49 # The difference between version 8 and 13 is that in 8 the
50 # client sends a "Sec-Websocket-Origin" header and in 13 it's
51 # simply "Origin".
52 if self.request.headers.get("Sec-WebSocket-Version") in ("7", "8"):
53 origin_header = self.request.headers.get("Sec-Websocket-Origin")
54 else:
55 origin_header = self.request.headers.get("Origin")
56
57 host = self.request.headers.get("Host")
58
59 # If no header is provided, assume we can't verify origin
60 if(origin_header is None or host is None):
61 return False
62
63 parsed_origin = urlparse(origin_header)
64 origin = parsed_origin.netloc
65
66 # Check to see that origin matches host directly, including ports
67 return origin == host
68
41 def clear_cookie(self, *args, **kwargs):
69 def clear_cookie(self, *args, **kwargs):
42 """meaningless for websockets"""
70 """meaningless for websockets"""
43 pass
71 pass
44
72
45 def _reserialize_reply(self, msg_list):
73 def _reserialize_reply(self, msg_list):
46 """Reserialize a reply message using JSON.
74 """Reserialize a reply message using JSON.
47
75
48 This takes the msg list from the ZMQ socket, unserializes it using
76 This takes the msg list from the ZMQ socket, unserializes it using
49 self.session and then serializes the result using JSON. This method
77 self.session and then serializes the result using JSON. This method
50 should be used by self._on_zmq_reply to build messages that can
78 should be used by self._on_zmq_reply to build messages that can
51 be sent back to the browser.
79 be sent back to the browser.
52 """
80 """
53 idents, msg_list = self.session.feed_identities(msg_list)
81 idents, msg_list = self.session.feed_identities(msg_list)
54 msg = self.session.unserialize(msg_list)
82 msg = self.session.unserialize(msg_list)
55 try:
83 try:
56 msg['header'].pop('date')
84 msg['header'].pop('date')
57 except KeyError:
85 except KeyError:
58 pass
86 pass
59 try:
87 try:
60 msg['parent_header'].pop('date')
88 msg['parent_header'].pop('date')
61 except KeyError:
89 except KeyError:
62 pass
90 pass
63 msg.pop('buffers')
91 msg.pop('buffers')
64 return jsonapi.dumps(msg, default=date_default)
92 return jsonapi.dumps(msg, default=date_default)
65
93
66 def _on_zmq_reply(self, msg_list):
94 def _on_zmq_reply(self, msg_list):
67 # Sometimes this gets triggered when the on_close method is scheduled in the
95 # Sometimes this gets triggered when the on_close method is scheduled in the
68 # eventloop but hasn't been called.
96 # eventloop but hasn't been called.
69 if self.stream.closed(): return
97 if self.stream.closed(): return
70 try:
98 try:
71 msg = self._reserialize_reply(msg_list)
99 msg = self._reserialize_reply(msg_list)
72 except Exception:
100 except Exception:
73 self.log.critical("Malformed message: %r" % msg_list, exc_info=True)
101 self.log.critical("Malformed message: %r" % msg_list, exc_info=True)
74 else:
102 else:
75 self.write_message(msg)
103 self.write_message(msg)
76
104
77 def allow_draft76(self):
105 def allow_draft76(self):
78 """Allow draft 76, until browsers such as Safari update to RFC 6455.
106 """Allow draft 76, until browsers such as Safari update to RFC 6455.
79
107
80 This has been disabled by default in tornado in release 2.2.0, and
108 This has been disabled by default in tornado in release 2.2.0, and
81 support will be removed in later versions.
109 support will be removed in later versions.
82 """
110 """
83 return True
111 return True
84
112
85
113
86 class AuthenticatedZMQStreamHandler(ZMQStreamHandler, IPythonHandler):
114 class AuthenticatedZMQStreamHandler(ZMQStreamHandler, IPythonHandler):
87
115
88 def open(self, kernel_id):
116 def open(self, kernel_id):
117 # Check to see that origin matches host directly, including ports
118 if not self.same_origin():
119 self.log.warn("Cross Origin WebSocket Attempt.")
120 raise web.HTTPError(404)
121
89 self.kernel_id = cast_unicode(kernel_id, 'ascii')
122 self.kernel_id = cast_unicode(kernel_id, 'ascii')
90 self.session = Session(config=self.config)
123 self.session = Session(config=self.config)
91 self.save_on_message = self.on_message
124 self.save_on_message = self.on_message
92 self.on_message = self.on_first_message
125 self.on_message = self.on_first_message
93
126
94 def _inject_cookie_message(self, msg):
127 def _inject_cookie_message(self, msg):
95 """Inject the first message, which is the document cookie,
128 """Inject the first message, which is the document cookie,
96 for authentication."""
129 for authentication."""
97 if not PY3 and isinstance(msg, unicode):
130 if not PY3 and isinstance(msg, unicode):
98 # Cookie constructor doesn't accept unicode strings
131 # Cookie constructor doesn't accept unicode strings
99 # under Python 2.x for some reason
132 # under Python 2.x for some reason
100 msg = msg.encode('utf8', 'replace')
133 msg = msg.encode('utf8', 'replace')
101 try:
134 try:
102 identity, msg = msg.split(':', 1)
135 identity, msg = msg.split(':', 1)
103 self.session.session = cast_unicode(identity, 'ascii')
136 self.session.session = cast_unicode(identity, 'ascii')
104 except Exception:
137 except Exception:
105 logging.error("First ws message didn't have the form 'identity:[cookie]' - %r", msg)
138 logging.error("First ws message didn't have the form 'identity:[cookie]' - %r", msg)
106
139
107 try:
140 try:
108 self.request._cookies = SimpleCookie(msg)
141 self.request._cookies = SimpleCookie(msg)
109 except:
142 except:
110 self.log.warn("couldn't parse cookie string: %s",msg, exc_info=True)
143 self.log.warn("couldn't parse cookie string: %s",msg, exc_info=True)
111
144
112 def on_first_message(self, msg):
145 def on_first_message(self, msg):
113 self._inject_cookie_message(msg)
146 self._inject_cookie_message(msg)
114 if self.get_current_user() is None:
147 if self.get_current_user() is None:
115 self.log.warn("Couldn't authenticate WebSocket connection")
148 self.log.warn("Couldn't authenticate WebSocket connection")
116 raise web.HTTPError(403)
149 raise web.HTTPError(403)
117 self.on_message = self.save_on_message
150 self.on_message = self.save_on_message
General Comments 0
You need to be logged in to leave comments. Login now