##// END OF EJS Templates
Merge pull request #6480 from minrk/origin-check-no-proto...
Min RK -
r17898:f1b046e7 merge
parent child Browse files
Show More
@@ -1,205 +1,214
1 """Tornado handlers for WebSocket <-> ZMQ sockets."""
1 """Tornado handlers for WebSocket <-> ZMQ sockets."""
2
2
3 # Copyright (c) IPython Development Team.
3 # Copyright (c) IPython Development Team.
4 # Distributed under the terms of the Modified BSD License.
4 # Distributed under the terms of the Modified BSD License.
5
5
6 import json
6 import json
7
7
8 try:
8 try:
9 from urllib.parse import urlparse # Py 3
9 from urllib.parse import urlparse # Py 3
10 except ImportError:
10 except ImportError:
11 from urlparse import urlparse # Py 2
11 from urlparse import urlparse # Py 2
12
12
13 try:
13 try:
14 from http.cookies import SimpleCookie # Py 3
14 from http.cookies import SimpleCookie # Py 3
15 except ImportError:
15 except ImportError:
16 from Cookie import SimpleCookie # Py 2
16 from Cookie import SimpleCookie # Py 2
17 import logging
17 import logging
18
18
19 import tornado
19 import tornado
20 from tornado import ioloop
20 from tornado import ioloop
21 from tornado import web
21 from tornado import web
22 from tornado import websocket
22 from tornado import websocket
23
23
24 from IPython.kernel.zmq.session import Session
24 from IPython.kernel.zmq.session import Session
25 from IPython.utils.jsonutil import date_default
25 from IPython.utils.jsonutil import date_default
26 from IPython.utils.py3compat import PY3, cast_unicode
26 from IPython.utils.py3compat import PY3, cast_unicode
27
27
28 from .handlers import IPythonHandler
28 from .handlers import IPythonHandler
29
29
30
30
31 class ZMQStreamHandler(websocket.WebSocketHandler):
31 class ZMQStreamHandler(websocket.WebSocketHandler):
32
32
33 def check_origin(self, origin):
33 def check_origin(self, origin):
34 """Check Origin == Host or Access-Control-Allow-Origin.
34 """Check Origin == Host or Access-Control-Allow-Origin.
35
35
36 Tornado >= 4 calls this method automatically, raising 403 if it returns False.
36 Tornado >= 4 calls this method automatically, raising 403 if it returns False.
37 We call it explicitly in `open` on Tornado < 4.
37 We call it explicitly in `open` on Tornado < 4.
38 """
38 """
39 if self.allow_origin == '*':
39 if self.allow_origin == '*':
40 return True
40 return True
41
41
42 host = self.request.headers.get("Host")
42 host = self.request.headers.get("Host")
43
43
44 # If no header is provided, assume we can't verify origin
44 # If no header is provided, assume we can't verify origin
45 if(origin is None or host is None):
45 if origin is None:
46 self.log.warn("Missing Origin header, rejecting WebSocket connection.")
47 return False
48 if host is None:
49 self.log.warn("Missing Host header, rejecting WebSocket connection.")
46 return False
50 return False
47
51
48 host_origin = "{0}://{1}".format(self.request.protocol, host)
52 origin = origin.lower()
53 origin_host = urlparse(origin).netloc
49
54
50 # OK if origin matches host
55 # OK if origin matches host
51 if origin == host_origin:
56 if origin_host == host:
52 return True
57 return True
53
58
54 # Check CORS headers
59 # Check CORS headers
55 if self.allow_origin:
60 if self.allow_origin:
56 return self.allow_origin == origin
61 allow = self.allow_origin == origin
57 elif self.allow_origin_pat:
62 elif self.allow_origin_pat:
58 return bool(self.allow_origin_pat.match(origin))
63 allow = bool(self.allow_origin_pat.match(origin))
59 else:
64 else:
60 # No CORS headers deny the request
65 # No CORS headers deny the request
61 return False
66 allow = False
67 if not allow:
68 self.log.warn("Blocking Cross Origin WebSocket Attempt. Origin: %s, Host: %s",
69 origin, host,
70 )
71 return allow
62
72
63 def clear_cookie(self, *args, **kwargs):
73 def clear_cookie(self, *args, **kwargs):
64 """meaningless for websockets"""
74 """meaningless for websockets"""
65 pass
75 pass
66
76
67 def _reserialize_reply(self, msg_list):
77 def _reserialize_reply(self, msg_list):
68 """Reserialize a reply message using JSON.
78 """Reserialize a reply message using JSON.
69
79
70 This takes the msg list from the ZMQ socket, unserializes it using
80 This takes the msg list from the ZMQ socket, unserializes it using
71 self.session and then serializes the result using JSON. This method
81 self.session and then serializes the result using JSON. This method
72 should be used by self._on_zmq_reply to build messages that can
82 should be used by self._on_zmq_reply to build messages that can
73 be sent back to the browser.
83 be sent back to the browser.
74 """
84 """
75 idents, msg_list = self.session.feed_identities(msg_list)
85 idents, msg_list = self.session.feed_identities(msg_list)
76 msg = self.session.unserialize(msg_list)
86 msg = self.session.unserialize(msg_list)
77 try:
87 try:
78 msg['header'].pop('date')
88 msg['header'].pop('date')
79 except KeyError:
89 except KeyError:
80 pass
90 pass
81 try:
91 try:
82 msg['parent_header'].pop('date')
92 msg['parent_header'].pop('date')
83 except KeyError:
93 except KeyError:
84 pass
94 pass
85 msg.pop('buffers')
95 msg.pop('buffers')
86 return json.dumps(msg, default=date_default)
96 return json.dumps(msg, default=date_default)
87
97
88 def _on_zmq_reply(self, msg_list):
98 def _on_zmq_reply(self, msg_list):
89 # Sometimes this gets triggered when the on_close method is scheduled in the
99 # Sometimes this gets triggered when the on_close method is scheduled in the
90 # eventloop but hasn't been called.
100 # eventloop but hasn't been called.
91 if self.stream.closed(): return
101 if self.stream.closed(): return
92 try:
102 try:
93 msg = self._reserialize_reply(msg_list)
103 msg = self._reserialize_reply(msg_list)
94 except Exception:
104 except Exception:
95 self.log.critical("Malformed message: %r" % msg_list, exc_info=True)
105 self.log.critical("Malformed message: %r" % msg_list, exc_info=True)
96 else:
106 else:
97 self.write_message(msg)
107 self.write_message(msg)
98
108
99 def allow_draft76(self):
109 def allow_draft76(self):
100 """Allow draft 76, until browsers such as Safari update to RFC 6455.
110 """Allow draft 76, until browsers such as Safari update to RFC 6455.
101
111
102 This has been disabled by default in tornado in release 2.2.0, and
112 This has been disabled by default in tornado in release 2.2.0, and
103 support will be removed in later versions.
113 support will be removed in later versions.
104 """
114 """
105 return True
115 return True
106
116
107 # ping interval for keeping websockets alive (30 seconds)
117 # ping interval for keeping websockets alive (30 seconds)
108 WS_PING_INTERVAL = 30000
118 WS_PING_INTERVAL = 30000
109
119
110 class AuthenticatedZMQStreamHandler(ZMQStreamHandler, IPythonHandler):
120 class AuthenticatedZMQStreamHandler(ZMQStreamHandler, IPythonHandler):
111 ping_callback = None
121 ping_callback = None
112 last_ping = 0
122 last_ping = 0
113 last_pong = 0
123 last_pong = 0
114
124
115 @property
125 @property
116 def ping_interval(self):
126 def ping_interval(self):
117 """The interval for websocket keep-alive pings.
127 """The interval for websocket keep-alive pings.
118
128
119 Set ws_ping_interval = 0 to disable pings.
129 Set ws_ping_interval = 0 to disable pings.
120 """
130 """
121 return self.settings.get('ws_ping_interval', WS_PING_INTERVAL)
131 return self.settings.get('ws_ping_interval', WS_PING_INTERVAL)
122
132
123 @property
133 @property
124 def ping_timeout(self):
134 def ping_timeout(self):
125 """If no ping is received in this many milliseconds,
135 """If no ping is received in this many milliseconds,
126 close the websocket connection (VPNs, etc. can fail to cleanly close ws connections).
136 close the websocket connection (VPNs, etc. can fail to cleanly close ws connections).
127 Default is max of 3 pings or 30 seconds.
137 Default is max of 3 pings or 30 seconds.
128 """
138 """
129 return self.settings.get('ws_ping_timeout',
139 return self.settings.get('ws_ping_timeout',
130 max(3 * self.ping_interval, WS_PING_INTERVAL)
140 max(3 * self.ping_interval, WS_PING_INTERVAL)
131 )
141 )
132
142
133 def set_default_headers(self):
143 def set_default_headers(self):
134 """Undo the set_default_headers in IPythonHandler
144 """Undo the set_default_headers in IPythonHandler
135
145
136 which doesn't make sense for websockets
146 which doesn't make sense for websockets
137 """
147 """
138 pass
148 pass
139
149
140 def open(self, kernel_id):
150 def open(self, kernel_id):
141 self.kernel_id = cast_unicode(kernel_id, 'ascii')
151 self.kernel_id = cast_unicode(kernel_id, 'ascii')
142 # Check to see that origin matches host directly, including ports
152 # Check to see that origin matches host directly, including ports
143 # Tornado 4 already does CORS checking
153 # Tornado 4 already does CORS checking
144 if tornado.version_info[0] < 4:
154 if tornado.version_info[0] < 4:
145 if not self.check_origin(self.get_origin()):
155 if not self.check_origin(self.get_origin()):
146 self.log.warn("Cross Origin WebSocket Attempt from %s", self.get_origin())
147 raise web.HTTPError(403)
156 raise web.HTTPError(403)
148
157
149 self.session = Session(config=self.config)
158 self.session = Session(config=self.config)
150 self.save_on_message = self.on_message
159 self.save_on_message = self.on_message
151 self.on_message = self.on_first_message
160 self.on_message = self.on_first_message
152
161
153 # start the pinging
162 # start the pinging
154 if self.ping_interval > 0:
163 if self.ping_interval > 0:
155 self.last_ping = ioloop.IOLoop.instance().time() # Remember time of last ping
164 self.last_ping = ioloop.IOLoop.instance().time() # Remember time of last ping
156 self.last_pong = self.last_ping
165 self.last_pong = self.last_ping
157 self.ping_callback = ioloop.PeriodicCallback(self.send_ping, self.ping_interval)
166 self.ping_callback = ioloop.PeriodicCallback(self.send_ping, self.ping_interval)
158 self.ping_callback.start()
167 self.ping_callback.start()
159
168
160 def send_ping(self):
169 def send_ping(self):
161 """send a ping to keep the websocket alive"""
170 """send a ping to keep the websocket alive"""
162 if self.stream.closed() and self.ping_callback is not None:
171 if self.stream.closed() and self.ping_callback is not None:
163 self.ping_callback.stop()
172 self.ping_callback.stop()
164 return
173 return
165
174
166 # check for timeout on pong. Make sure that we really have sent a recent ping in
175 # check for timeout on pong. Make sure that we really have sent a recent ping in
167 # case the machine with both server and client has been suspended since the last ping.
176 # case the machine with both server and client has been suspended since the last ping.
168 now = ioloop.IOLoop.instance().time()
177 now = ioloop.IOLoop.instance().time()
169 since_last_pong = 1e3 * (now - self.last_pong)
178 since_last_pong = 1e3 * (now - self.last_pong)
170 since_last_ping = 1e3 * (now - self.last_ping)
179 since_last_ping = 1e3 * (now - self.last_ping)
171 if since_last_ping < 2*self.ping_interval and since_last_pong > self.ping_timeout:
180 if since_last_ping < 2*self.ping_interval and since_last_pong > self.ping_timeout:
172 self.log.warn("WebSocket ping timeout after %i ms.", since_last_pong)
181 self.log.warn("WebSocket ping timeout after %i ms.", since_last_pong)
173 self.close()
182 self.close()
174 return
183 return
175
184
176 self.ping(b'')
185 self.ping(b'')
177 self.last_ping = now
186 self.last_ping = now
178
187
179 def on_pong(self, data):
188 def on_pong(self, data):
180 self.last_pong = ioloop.IOLoop.instance().time()
189 self.last_pong = ioloop.IOLoop.instance().time()
181
190
182 def _inject_cookie_message(self, msg):
191 def _inject_cookie_message(self, msg):
183 """Inject the first message, which is the document cookie,
192 """Inject the first message, which is the document cookie,
184 for authentication."""
193 for authentication."""
185 if not PY3 and isinstance(msg, unicode):
194 if not PY3 and isinstance(msg, unicode):
186 # Cookie constructor doesn't accept unicode strings
195 # Cookie constructor doesn't accept unicode strings
187 # under Python 2.x for some reason
196 # under Python 2.x for some reason
188 msg = msg.encode('utf8', 'replace')
197 msg = msg.encode('utf8', 'replace')
189 try:
198 try:
190 identity, msg = msg.split(':', 1)
199 identity, msg = msg.split(':', 1)
191 self.session.session = cast_unicode(identity, 'ascii')
200 self.session.session = cast_unicode(identity, 'ascii')
192 except Exception:
201 except Exception:
193 logging.error("First ws message didn't have the form 'identity:[cookie]' - %r", msg)
202 logging.error("First ws message didn't have the form 'identity:[cookie]' - %r", msg)
194
203
195 try:
204 try:
196 self.request._cookies = SimpleCookie(msg)
205 self.request._cookies = SimpleCookie(msg)
197 except:
206 except:
198 self.log.warn("couldn't parse cookie string: %s",msg, exc_info=True)
207 self.log.warn("couldn't parse cookie string: %s",msg, exc_info=True)
199
208
200 def on_first_message(self, msg):
209 def on_first_message(self, msg):
201 self._inject_cookie_message(msg)
210 self._inject_cookie_message(msg)
202 if self.get_current_user() is None:
211 if self.get_current_user() is None:
203 self.log.warn("Couldn't authenticate WebSocket connection")
212 self.log.warn("Couldn't authenticate WebSocket connection")
204 raise web.HTTPError(403)
213 raise web.HTTPError(403)
205 self.on_message = self.save_on_message
214 self.on_message = self.save_on_message
General Comments 0
You need to be logged in to leave comments. Login now