upstream/ipython Commit - r17898:f1b046e7

1

"""Tornado handlers for WebSocket <-> ZMQ sockets."""

1

"""Tornado handlers for WebSocket <-> ZMQ sockets."""

2

3

# Copyright (c) IPython Development Team.

3

# Copyright (c) IPython Development Team.

4

# Distributed under the terms of the Modified BSD License.

4

# Distributed under the terms of the Modified BSD License.

5

6

import json

6

import json

7

8

try:

8

try:

9

from urllib.parse import urlparse # Py 3

9

from urllib.parse import urlparse # Py 3

10

except ImportError:

10

except ImportError:

11

from urlparse import urlparse # Py 2

11

from urlparse import urlparse # Py 2

12

13

try:

13

try:

14

from http.cookies import SimpleCookie # Py 3

14

from http.cookies import SimpleCookie # Py 3

15

except ImportError:

15

except ImportError:

16

from Cookie import SimpleCookie # Py 2

16

from Cookie import SimpleCookie # Py 2

17

import logging

17

import logging

18

19

import tornado

19

import tornado

20

from tornado import ioloop

20

from tornado import ioloop

21

from tornado import web

21

from tornado import web

22

from tornado import websocket

22

from tornado import websocket

23

24

from IPython.kernel.zmq.session import Session

24

from IPython.kernel.zmq.session import Session

25

from IPython.utils.jsonutil import date_default

25

from IPython.utils.jsonutil import date_default

26

from IPython.utils.py3compat import PY3, cast_unicode

26

from IPython.utils.py3compat import PY3, cast_unicode

27

28

from .handlers import IPythonHandler

28

from .handlers import IPythonHandler

29

30

31

class ZMQStreamHandler(websocket.WebSocketHandler):

31

class ZMQStreamHandler(websocket.WebSocketHandler):

32

33

def check_origin(self, origin):

33

def check_origin(self, origin):

34

"""Check Origin == Host or Access-Control-Allow-Origin.

34

"""Check Origin == Host or Access-Control-Allow-Origin.

35

36

Tornado >= 4 calls this method automatically, raising 403 if it returns False.

36

Tornado >= 4 calls this method automatically, raising 403 if it returns False.

37

We call it explicitly in `open` on Tornado < 4.

37

We call it explicitly in `open` on Tornado < 4.

38

"""

38

"""

39

if self.allow_origin == '*':

39

if self.allow_origin == '*':

40

return True

40

return True

41

42

host = self.request.headers.get("Host")

42

host = self.request.headers.get("Host")

43

44

# If no header is provided, assume we can't verify origin

44

# If no header is provided, assume we can't verify origin

45

if(origin is None or ~~host~~ is ~~None~~):

45

if origin is None:

46

self.log.warn("Missing Origin header, rejecting WebSocket connection.")

47

return False

48

if host is None:

49

self.log.warn("Missing Host header, rejecting WebSocket connection.")

46

return False

50

return False

47

51

48

host_origin = "{0}://{1}".format(self.request.protocol, host)

52

origin = origin.lower()

53

origin_host = urlparse(origin).netloc

49

54

50

# OK if origin matches host

55

# OK if origin matches host

51

if origin == host~~_origin~~:

56

if origin_host == host:

52

return True

57

return True

53

58

54

# Check CORS headers

59

# Check CORS headers

55

if self.allow_origin:

60

if self.allow_origin:

56

~~return~~ self.allow_origin == origin

61

allow = self.allow_origin == origin

57

elif self.allow_origin_pat:

62

elif self.allow_origin_pat:

58

~~return~~ bool(self.allow_origin_pat.match(origin))

63

allow = bool(self.allow_origin_pat.match(origin))

59

else:

64

else:

60

# No CORS headers deny the request

65

# No CORS headers deny the request

61

~~return~~ False

66

allow = False

67

if not allow:

68

self.log.warn("Blocking Cross Origin WebSocket Attempt. Origin: %s, Host: %s",

69

origin, host,

70

)

71

return allow

62

72

63

def clear_cookie(self, *args, **kwargs):

73

def clear_cookie(self, *args, **kwargs):

64

"""meaningless for websockets"""

74

"""meaningless for websockets"""

65

pass

75

pass

66

76

67

def _reserialize_reply(self, msg_list):

77

def _reserialize_reply(self, msg_list):

68

"""Reserialize a reply message using JSON.

78

"""Reserialize a reply message using JSON.

69

79

70

This takes the msg list from the ZMQ socket, unserializes it using

80

This takes the msg list from the ZMQ socket, unserializes it using

71

self.session and then serializes the result using JSON. This method

81

self.session and then serializes the result using JSON. This method

72

should be used by self._on_zmq_reply to build messages that can

82

should be used by self._on_zmq_reply to build messages that can

73

be sent back to the browser.

83

be sent back to the browser.

74

"""

84

"""

75

idents, msg_list = self.session.feed_identities(msg_list)

85

idents, msg_list = self.session.feed_identities(msg_list)

76

msg = self.session.unserialize(msg_list)

86

msg = self.session.unserialize(msg_list)

77

try:

87

try:

78

msg['header'].pop('date')

88

msg['header'].pop('date')

79

except KeyError:

89

except KeyError:

80

pass

90

pass

81

try:

91

try:

82

msg['parent_header'].pop('date')

92

msg['parent_header'].pop('date')

83

except KeyError:

93

except KeyError:

84

pass

94

pass

85

msg.pop('buffers')

95

msg.pop('buffers')

86

return json.dumps(msg, default=date_default)

96

return json.dumps(msg, default=date_default)

87

97

88

def _on_zmq_reply(self, msg_list):

98

def _on_zmq_reply(self, msg_list):

89

# Sometimes this gets triggered when the on_close method is scheduled in the

99

# Sometimes this gets triggered when the on_close method is scheduled in the

90

# eventloop but hasn't been called.

100

# eventloop but hasn't been called.

91

if self.stream.closed(): return

101

if self.stream.closed(): return

92

try:

102

try:

93

msg = self._reserialize_reply(msg_list)

103

msg = self._reserialize_reply(msg_list)

94

except Exception:

104

except Exception:

95

self.log.critical("Malformed message: %r" % msg_list, exc_info=True)

105

self.log.critical("Malformed message: %r" % msg_list, exc_info=True)

96

else:

106

else:

97

self.write_message(msg)

107

self.write_message(msg)

98

108

99

def allow_draft76(self):

109

def allow_draft76(self):

100

"""Allow draft 76, until browsers such as Safari update to RFC 6455.

110

"""Allow draft 76, until browsers such as Safari update to RFC 6455.

101

111

102

This has been disabled by default in tornado in release 2.2.0, and

112

This has been disabled by default in tornado in release 2.2.0, and

103

support will be removed in later versions.

113

support will be removed in later versions.

104

"""

114

"""

105

return True

115

return True

106

116

107

# ping interval for keeping websockets alive (30 seconds)

117

# ping interval for keeping websockets alive (30 seconds)

108

WS_PING_INTERVAL = 30000

118

WS_PING_INTERVAL = 30000

109

119

110

class AuthenticatedZMQStreamHandler(ZMQStreamHandler, IPythonHandler):

120

class AuthenticatedZMQStreamHandler(ZMQStreamHandler, IPythonHandler):

111

ping_callback = None

121

ping_callback = None

112

last_ping = 0

122

last_ping = 0

113

last_pong = 0

123

last_pong = 0

114

124

115

@property

125

@property

116

def ping_interval(self):

126

def ping_interval(self):

117

"""The interval for websocket keep-alive pings.

127

"""The interval for websocket keep-alive pings.

118

128

119

Set ws_ping_interval = 0 to disable pings.

129

Set ws_ping_interval = 0 to disable pings.

120

"""

130

"""

121

return self.settings.get('ws_ping_interval', WS_PING_INTERVAL)

131

return self.settings.get('ws_ping_interval', WS_PING_INTERVAL)

122

132

123

@property

133

@property

124

def ping_timeout(self):

134

def ping_timeout(self):

125

"""If no ping is received in this many milliseconds,

135

"""If no ping is received in this many milliseconds,

126

close the websocket connection (VPNs, etc. can fail to cleanly close ws connections).

136

close the websocket connection (VPNs, etc. can fail to cleanly close ws connections).

127

Default is max of 3 pings or 30 seconds.

137

Default is max of 3 pings or 30 seconds.

128

"""

138

"""

129

return self.settings.get('ws_ping_timeout',

139

return self.settings.get('ws_ping_timeout',

130

max(3 * self.ping_interval, WS_PING_INTERVAL)

140

max(3 * self.ping_interval, WS_PING_INTERVAL)

131

)

141

)

132

142

133

def set_default_headers(self):

143

def set_default_headers(self):

134

"""Undo the set_default_headers in IPythonHandler

144

"""Undo the set_default_headers in IPythonHandler

135

145

136

which doesn't make sense for websockets

146

which doesn't make sense for websockets

137

"""

147

"""

138

pass

148

pass

139

149

140

def open(self, kernel_id):

150

def open(self, kernel_id):

141

self.kernel_id = cast_unicode(kernel_id, 'ascii')

151

self.kernel_id = cast_unicode(kernel_id, 'ascii')

142

# Check to see that origin matches host directly, including ports

152

# Check to see that origin matches host directly, including ports

143

# Tornado 4 already does CORS checking

153

# Tornado 4 already does CORS checking

144

if tornado.version_info[0] < 4:

154

if tornado.version_info[0] < 4:

145

if not self.check_origin(self.get_origin()):

155

if not self.check_origin(self.get_origin()):

146

self.log.warn("Cross Origin WebSocket Attempt from %s", self.get_origin())

147

raise web.HTTPError(403)

156

raise web.HTTPError(403)

148

157

149

self.session = Session(config=self.config)

158

self.session = Session(config=self.config)

150

self.save_on_message = self.on_message

159

self.save_on_message = self.on_message

151

self.on_message = self.on_first_message

160

self.on_message = self.on_first_message

152

161

153

# start the pinging

162

# start the pinging

154

if self.ping_interval > 0:

163

if self.ping_interval > 0:

155

self.last_ping = ioloop.IOLoop.instance().time() # Remember time of last ping

164

self.last_ping = ioloop.IOLoop.instance().time() # Remember time of last ping

156

self.last_pong = self.last_ping

165

self.last_pong = self.last_ping

157

self.ping_callback = ioloop.PeriodicCallback(self.send_ping, self.ping_interval)

166

self.ping_callback = ioloop.PeriodicCallback(self.send_ping, self.ping_interval)

158

self.ping_callback.start()

167

self.ping_callback.start()

159

168

160

def send_ping(self):

169

def send_ping(self):

161

"""send a ping to keep the websocket alive"""

170

"""send a ping to keep the websocket alive"""

162

if self.stream.closed() and self.ping_callback is not None:

171

if self.stream.closed() and self.ping_callback is not None:

163

self.ping_callback.stop()

172

self.ping_callback.stop()

164

return

173

return

165

174

166

# check for timeout on pong. Make sure that we really have sent a recent ping in

175

# check for timeout on pong. Make sure that we really have sent a recent ping in

167

# case the machine with both server and client has been suspended since the last ping.

176

# case the machine with both server and client has been suspended since the last ping.

168

now = ioloop.IOLoop.instance().time()

177

now = ioloop.IOLoop.instance().time()

169

since_last_pong = 1e3 * (now - self.last_pong)

178

since_last_pong = 1e3 * (now - self.last_pong)

170

since_last_ping = 1e3 * (now - self.last_ping)

179

since_last_ping = 1e3 * (now - self.last_ping)

171

if since_last_ping < 2*self.ping_interval and since_last_pong > self.ping_timeout:

180

if since_last_ping < 2*self.ping_interval and since_last_pong > self.ping_timeout:

172

self.log.warn("WebSocket ping timeout after %i ms.", since_last_pong)

181

self.log.warn("WebSocket ping timeout after %i ms.", since_last_pong)

173

self.close()

182

self.close()

174

return

183

return

175

184

176

self.ping(b'')

185

self.ping(b'')

177

self.last_ping = now

186

self.last_ping = now

178

187

179

def on_pong(self, data):

188

def on_pong(self, data):

180

self.last_pong = ioloop.IOLoop.instance().time()

189

self.last_pong = ioloop.IOLoop.instance().time()

181

190

182

def _inject_cookie_message(self, msg):

191

def _inject_cookie_message(self, msg):

183

"""Inject the first message, which is the document cookie,

192

"""Inject the first message, which is the document cookie,

184

for authentication."""

193

for authentication."""

185

if not PY3 and isinstance(msg, unicode):

194

if not PY3 and isinstance(msg, unicode):

186

# Cookie constructor doesn't accept unicode strings

195

# Cookie constructor doesn't accept unicode strings

187

# under Python 2.x for some reason

196

# under Python 2.x for some reason

188

msg = msg.encode('utf8', 'replace')

197

msg = msg.encode('utf8', 'replace')

189

try:

198

try:

190

identity, msg = msg.split(':', 1)

199

identity, msg = msg.split(':', 1)

191

self.session.session = cast_unicode(identity, 'ascii')

200

self.session.session = cast_unicode(identity, 'ascii')

192

except Exception:

201

except Exception:

193

logging.error("First ws message didn't have the form 'identity:[cookie]' - %r", msg)

202

logging.error("First ws message didn't have the form 'identity:[cookie]' - %r", msg)

194

203

195

try:

204

try:

196

self.request._cookies = SimpleCookie(msg)

205

self.request._cookies = SimpleCookie(msg)

197

except:

206

except:

198

self.log.warn("couldn't parse cookie string: %s",msg, exc_info=True)

207

self.log.warn("couldn't parse cookie string: %s",msg, exc_info=True)

199

208

200

def on_first_message(self, msg):

209

def on_first_message(self, msg):

201

self._inject_cookie_message(msg)

210

self._inject_cookie_message(msg)

202

if self.get_current_user() is None:

211

if self.get_current_user() is None:

203

self.log.warn("Couldn't authenticate WebSocket connection")

212

self.log.warn("Couldn't authenticate WebSocket connection")

204

raise web.HTTPError(403)

213

raise web.HTTPError(403)

205

self.on_message = self.save_on_message

214

self.on_message = self.save_on_message

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             """Tornado handlers for WebSocket <-> ZMQ sockets."""
             # Copyright (c) IPython Development Team.
             # Distributed under the terms of the Modified BSD License.
             import json
             try:
                 from urllib.parse import urlparse # Py 3
             except ImportError:
                 from urlparse import urlparse # Py 2
             try:
                 from http.cookies import SimpleCookie  # Py 3
             except ImportError:
                 from Cookie import SimpleCookie  # Py 2
             import logging
             import tornado
             from tornado import ioloop
             from tornado import web
             from tornado import websocket
             from IPython.kernel.zmq.session import Session
             from IPython.utils.jsonutil import date_default
             from IPython.utils.py3compat import PY3, cast_unicode
             from .handlers import IPythonHandler
             class ZMQStreamHandler(websocket.WebSocketHandler):
                 def check_origin(self, origin):
                     """Check Origin == Host or Access-Control-Allow-Origin.
                     Tornado >= 4 calls this method automatically, raising 403 if it returns False.
                     We call it explicitly in `open` on Tornado < 4.
                     """
                     if self.allow_origin == '*':
                         return True
                     host = self.request.headers.get("Host")
                     # If no header is provided, assume we can't verify origin
-                    if(origin is None or host is None):
+                    if origin is None:
+                        self.log.warn("Missing Origin header, rejecting WebSocket connection.")
+                        return False
+                    if host is None:
+                        self.log.warn("Missing Host header, rejecting WebSocket connection.")
                         return False
-                    host_origin = "{0}://{1}".format(self.request.protocol, host)
+                    origin = origin.lower()
+                    origin_host = urlparse(origin).netloc
                     # OK if origin matches host
-                    if origin == host_origin:
+                    if origin_host == host:
                         return True
                     # Check CORS headers
                     if self.allow_origin:
-                        return self.allow_origin == origin
+                        allow = self.allow_origin == origin
                     elif self.allow_origin_pat:
-                        return bool(self.allow_origin_pat.match(origin))
+                        allow = bool(self.allow_origin_pat.match(origin))
                     else:
                         # No CORS headers deny the request
-                        return False
+                        allow = False
+                    if not allow:
+                        self.log.warn("Blocking Cross Origin WebSocket Attempt.  Origin: %s, Host: %s",
+                            origin, host,
+                        )
+                    return allow
                 def clear_cookie(self, *args, **kwargs):
                     """meaningless for websockets"""
                     pass
                 def _reserialize_reply(self, msg_list):
                     """Reserialize a reply message using JSON.
                     This takes the msg list from the ZMQ socket, unserializes it using
                     self.session and then serializes the result using JSON. This method
                     should be used by self._on_zmq_reply to build messages that can
                     be sent back to the browser.
                     """
                     idents, msg_list = self.session.feed_identities(msg_list)
                     msg = self.session.unserialize(msg_list)
                     try:
                         msg['header'].pop('date')
                     except KeyError:
                         pass
                     try:
                         msg['parent_header'].pop('date')
                     except KeyError:
                         pass
                     msg.pop('buffers')
                     return json.dumps(msg, default=date_default)
                 def _on_zmq_reply(self, msg_list):
                     # Sometimes this gets triggered when the on_close method is scheduled in the
                     # eventloop but hasn't been called.
                     if self.stream.closed(): return
                     try:
                         msg = self._reserialize_reply(msg_list)
                     except Exception:
                         self.log.critical("Malformed message: %r" % msg_list, exc_info=True)
                     else:
                         self.write_message(msg)
                 def allow_draft76(self):
                     """Allow draft 76, until browsers such as Safari update to RFC 6455.
                     This has been disabled by default in tornado in release 2.2.0, and
                     support will be removed in later versions.
                     """
                     return True
             # ping interval for keeping websockets alive (30 seconds)
             WS_PING_INTERVAL = 30000
             class AuthenticatedZMQStreamHandler(ZMQStreamHandler, IPythonHandler):
                 ping_callback = None
                 last_ping = 0
                 last_pong = 0
                 @property
                 def ping_interval(self):
                     """The interval for websocket keep-alive pings.
                     Set ws_ping_interval = 0 to disable pings.
                     """
                     return self.settings.get('ws_ping_interval', WS_PING_INTERVAL)
                 @property
                 def ping_timeout(self):
                     """If no ping is received in this many milliseconds,
                     close the websocket connection (VPNs, etc. can fail to cleanly close ws connections).
                     Default is max of 3 pings or 30 seconds.
                     """
                     return self.settings.get('ws_ping_timeout',
                         max(3 * self.ping_interval, WS_PING_INTERVAL)
                     )
                 def set_default_headers(self):
                     """Undo the set_default_headers in IPythonHandler
                     which doesn't make sense for websockets
                     """
                     pass
                 def open(self, kernel_id):
                     self.kernel_id = cast_unicode(kernel_id, 'ascii')
                     # Check to see that origin matches host directly, including ports
                     # Tornado 4 already does CORS checking
                     if tornado.version_info[0] < 4:
                         if not self.check_origin(self.get_origin()):
-                            self.log.warn("Cross Origin WebSocket Attempt from %s", self.get_origin())
                             raise web.HTTPError(403)
                     self.session = Session(config=self.config)
                     self.save_on_message = self.on_message
                     self.on_message = self.on_first_message
                     # start the pinging
                     if self.ping_interval > 0:
                         self.last_ping = ioloop.IOLoop.instance().time()  # Remember time of last ping
                         self.last_pong = self.last_ping
                         self.ping_callback = ioloop.PeriodicCallback(self.send_ping, self.ping_interval)
                         self.ping_callback.start()
                 def send_ping(self):
                     """send a ping to keep the websocket alive"""
                     if self.stream.closed() and self.ping_callback is not None:
                         self.ping_callback.stop()
                         return
                     # check for timeout on pong.  Make sure that we really have sent a recent ping in
                     # case the machine with both server and client has been suspended since the last ping.
                     now = ioloop.IOLoop.instance().time()
                     since_last_pong = 1e3 * (now - self.last_pong)
                     since_last_ping = 1e3 * (now - self.last_ping)
                     if since_last_ping < 2*self.ping_interval and since_last_pong > self.ping_timeout:
                         self.log.warn("WebSocket ping timeout after %i ms.", since_last_pong)
                         self.close()
                         return
                     self.ping(b'')
                     self.last_ping = now
                 def on_pong(self, data):
                     self.last_pong = ioloop.IOLoop.instance().time()
                 def _inject_cookie_message(self, msg):
                     """Inject the first message, which is the document cookie,
                     for authentication."""
                     if not PY3 and isinstance(msg, unicode):
                         # Cookie constructor doesn't accept unicode strings
                         # under Python 2.x for some reason
                         msg = msg.encode('utf8', 'replace')
                     try:
                         identity, msg = msg.split(':', 1)
                         self.session.session = cast_unicode(identity, 'ascii')
                     except Exception:
                         logging.error("First ws message didn't have the form 'identity:[cookie]' - %r", msg)
                     try:
                         self.request._cookies = SimpleCookie(msg)
                     except:
                         self.log.warn("couldn't parse cookie string: %s",msg, exc_info=True)
                 def on_first_message(self, msg):
                     self._inject_cookie_message(msg)
                     if self.get_current_user() is None:
                         self.log.warn("Couldn't authenticate WebSocket connection")
                         raise web.HTTPError(403)
                     self.on_message = self.save_on_message