You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@allura.apache.org by je...@apache.org on 2014/11/20 15:40:56 UTC

[1/3] allura git commit: [#7787] move "outer" middleware to be fully outside everything

Repository: allura
Updated Branches:
  refs/heads/ib/7787 [created] 88b9926e7


[#7787] move "outer" middleware to be fully outside everything


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/4d7b4d4d
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/4d7b4d4d
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/4d7b4d4d

Branch: refs/heads/ib/7787
Commit: 4d7b4d4d27eb92dcc9c4f586f6aa0b2463b6d123
Parents: 25b8733
Author: Dave Brondsema <db...@slashdotmedia.com>
Authored: Tue Nov 18 02:28:42 2014 +0000
Committer: Igor Bondarenko <je...@gmail.com>
Committed: Thu Nov 20 07:42:34 2014 +0000

----------------------------------------------------------------------
 Allura/allura/config/middleware.py | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/4d7b4d4d/Allura/allura/config/middleware.py
----------------------------------------------------------------------
diff --git a/Allura/allura/config/middleware.py b/Allura/allura/config/middleware.py
index 1a7beb8..840a39c 100644
--- a/Allura/allura/config/middleware.py
+++ b/Allura/allura/config/middleware.py
@@ -169,11 +169,6 @@ def _make_core_app(root, global_conf, full_stack=True, **app_conf):
     #    the WSGI application's iterator is exhausted
     app = RegistryManager(app, streaming=True)
 
-    for mw_ep in h.iter_entry_points('allura.middleware'):
-        Middleware = mw_ep.load()
-        if getattr(Middleware, 'when', 'inner') == 'outer':
-            app = Middleware(app, config)
-
     # "task" wsgi would get a 2nd request to /error/document if we used this middleware
     if config.get('override_root') != 'task':
         # Converts exceptions to HTTP errors, shows traceback in debug mode
@@ -188,6 +183,12 @@ def _make_core_app(root, global_conf, full_stack=True, **app_conf):
         else:
             app = StatusCodeRedirect(
                 app, base_config.handle_status_codes + [500])
+
+    for mw_ep in h.iter_entry_points('allura.middleware'):
+        Middleware = mw_ep.load()
+        if getattr(Middleware, 'when', 'inner') == 'outer':
+            app = Middleware(app, config)
+
     return app

[3/3] allura git commit: [#7787] ticket:689 Handle unicode in ldap usernames and passwords

Posted by je...@apache.org.

[#7787] ticket:689 Handle unicode in ldap usernames and passwords


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/88b9926e
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/88b9926e
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/88b9926e

Branch: refs/heads/ib/7787
Commit: 88b9926e7b46ee1fde8022d280984b5a1c2d43ce
Parents: 4d7b4d4
Author: Igor Bondarenko <je...@gmail.com>
Authored: Thu Nov 20 08:16:46 2014 +0000
Committer: Igor Bondarenko <je...@gmail.com>
Committed: Thu Nov 20 08:16:46 2014 +0000

----------------------------------------------------------------------
 Allura/allura/lib/plugin.py               | 6 +++++-
 Allura/allura/lib/widgets/auth_widgets.py | 6 ++++++
 2 files changed, 11 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/88b9926e/Allura/allura/lib/plugin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index ea66b60..006a8e0 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -562,7 +562,10 @@ class LdapAuthenticationProvider(AuthenticationProvider):
         if ldap is None:
             raise Exception('The python-ldap package needs to be installed.  Run `pip install python-ldap` in your allura environment.')
         from allura import model as M
-        username = self.request.params['username']
+        try:
+            username = str(self.request.params['username'])
+        except UnicodeEncodeError:
+            raise exc.HTTPBadRequest('Unicode is not allowed in usernames')
         if not self._validate_password(username, self.request.params['password']):
             raise exc.HTTPUnauthorized()
         user = M.User.query.get(username=username)
@@ -586,6 +589,7 @@ class LdapAuthenticationProvider(AuthenticationProvider):
 
     def _validate_password(self, username, password):
         '''by username'''
+        password = h.really_unicode(password).encode('utf-8')
         try:
             ldap_user = ldap_user_dn(username)
         except ValueError:

http://git-wip-us.apache.org/repos/asf/allura/blob/88b9926e/Allura/allura/lib/widgets/auth_widgets.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/widgets/auth_widgets.py b/Allura/allura/lib/widgets/auth_widgets.py
index 33444f9..22f4429 100644
--- a/Allura/allura/lib/widgets/auth_widgets.py
+++ b/Allura/allura/lib/widgets/auth_widgets.py
@@ -66,6 +66,12 @@ class LoginForm(ForgeForm):
                 dict(username=value['username'], rememberme=value.get('rememberme'),
                      return_to=value.get('return_to')),
                 None)
+        except exc.HTTPBadRequest as e:
+            raise Invalid(
+                e.message,
+                dict(username=value['username'], rememberme=value.get('rememberme'),
+                     return_to=value.get('return_to')),
+                None)
         return value

[2/3] allura git commit: [#7787] get rid of weird problems where error handling and ssl redirects collide

Posted by je...@apache.org.

[#7787] get rid of weird problems where error handling and ssl redirects collide


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/25b87336
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/25b87336
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/25b87336

Branch: refs/heads/ib/7787
Commit: 25b8733647944e1d3c475dff62fefbb6762183e2
Parents: f66f754
Author: Dave Brondsema <db...@slashdotmedia.com>
Authored: Tue Nov 18 02:27:38 2014 +0000
Committer: Igor Bondarenko <je...@gmail.com>
Committed: Thu Nov 20 07:42:34 2014 +0000

----------------------------------------------------------------------
 Allura/allura/lib/custom_middleware.py      |  9 +++++++--
 Allura/allura/tests/functional/test_root.py | 14 ++++++++++++++
 2 files changed, 21 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/25b87336/Allura/allura/lib/custom_middleware.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/custom_middleware.py b/Allura/allura/lib/custom_middleware.py
index 1116b45..8212cd2 100644
--- a/Allura/allura/lib/custom_middleware.py
+++ b/Allura/allura/lib/custom_middleware.py
@@ -168,21 +168,26 @@ class SSLMiddleware(object):
         if self._no_redirect_re.match(environ['PATH_INFO']):
             return req.get_response(self.app)(environ, start_response)
         resp = None
+
         try:
             request_uri = req.url
             request_uri.decode('ascii')
         except UnicodeError:
             resp = exc.HTTPNotFound()
+
         secure = req.url.startswith('https://')
         srv_path = req.url.split('://', 1)[-1]
         # allura-loggedin is a non-secure cookie as a flag to know that the user has a session over on https
         force_ssl = (self._force_ssl_logged_in and req.cookies.get('allura-loggedin')) \
                     or self._force_ssl_re.match(environ['PATH_INFO'])
-        if not secure and force_ssl:
+        if req.environ.get('pylons.original_request'):
+            # if an error occurs, then /error/document is fetched (denoted by pylons.original_request)
+            # and we don't want to do any redirects within that sub-request
+            pass
+        elif not secure and force_ssl:
             resp = exc.HTTPFound(location='https://' + srv_path)
         elif secure and not force_ssl:
             resp = exc.HTTPFound(location='http://' + srv_path)
-
         if not resp:
             resp = self.app
         return resp(environ, start_response)

http://git-wip-us.apache.org/repos/asf/allura/blob/25b87336/Allura/allura/tests/functional/test_root.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_root.py b/Allura/allura/tests/functional/test_root.py
index 179f19a..8f29b31 100644
--- a/Allura/allura/tests/functional/test_root.py
+++ b/Allura/allura/tests/functional/test_root.py
@@ -166,3 +166,17 @@ class TestRootController(TestController):
             assert_equal(arg.undecorated,
                          NeighborhoodController.index.undecorated)
             set_transaction_name.assert_called_with('foo')
+
+
+class TestRootWithSSLPattern(TestController):
+    def setUp(self):
+        with td.patch_middleware_config({'force_ssl.pattern': '^/auth'}):
+            super(TestRootWithSSLPattern, self).setUp()
+
+    def test_no_weird_ssl_redirect_for_error_document(self):
+        # test a 404, same functionality as a 500 from an error
+        r = self.app.get('/auth/asdfasdf',
+                         extra_environ={'wsgi.url_scheme': 'https'},
+                         status=404)
+        assert '302 Found' not in r.body, r.body
+        assert '/error/document' not in r.body, r.body