Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
F
flaskdav
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
iv
flaskdav
Commits
7df9163c
Commit
7df9163c
authored
Nov 30, 2015
by
iv
4
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Change self.authorization checked for every method by a verification in before_request.
parent
7feb2668
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
144 additions
and
129 deletions
+144
-129
flaskdav.py
flaskdav.py
+144
-129
No files found.
flaskdav.py
View file @
7df9163c
from
flask
import
Flask
,
request
,
redirect
,
url_for
,
render_template
,
make_response
from
flask
import
Flask
,
request
,
redirect
,
url_for
,
render_template
,
make_response
,
g
from
flask.views
import
MethodView
from
flask.views
import
MethodView
from
string
import
atoi
from
string
import
atoi
import
shutil
import
shutil
...
@@ -32,17 +32,43 @@ def is_authorized(cookies_list):
...
@@ -32,17 +32,43 @@ def is_authorized(cookies_list):
FS_HANDLER
=
utils
.
FilesystemHandler
(
FS_PATH
,
URI_BEGINNING_PATH
[
'webdav'
])
FS_HANDLER
=
utils
.
FilesystemHandler
(
FS_PATH
,
URI_BEGINNING_PATH
[
'webdav'
])
@
app
.
before_request
def
before_request
():
"""
allow cross origin for webdav uri that are authorized
and filter unauthorized requests!
"""
if
request
.
path
.
startswith
(
URI_BEGINNING_PATH
[
'webdav'
]):
response
=
None
headers
=
{}
headers
[
'Access-Control-Max-Age'
]
=
'3600'
headers
[
'Access-Control-Allow-Credentials'
]
=
'true'
content
=
''
if
is_authorized
(
request
.
cookies
):
headers
[
'Access-Control-Allow-Origin'
]
=
request
.
headers
.
get
(
'Origin'
,
'*'
)
headers
[
'Access-Control-Allow-Headers'
]
=
'Origin, Accept, Accept-Encoding, Content-Length, Content-Type, Authorization, Depth, If-Modified-Since, If-None-Match'
headers
[
'Access-Control-Expose-Headers'
]
=
'Content-Type, Last-Modified, WWW-Authenticate'
response
=
make_response
(
content
,
200
)
response
.
headers
=
headers
else
:
headers
[
'WWW-Authenticate'
]
=
'Nayookie login_url='
+
request
.
url_root
+
URI_BEGINNING_PATH
[
'authorization'
]
+
'{?back_url}'
response
=
make_response
(
content
,
401
)
response
.
headers
=
headers
# do not handle the request if not authorized
return
response
g
.
response
=
response
class
WebDAV
(
MethodView
):
class
WebDAV
(
MethodView
):
methods
=
[
'GET'
,
'HEAD'
,
'PUT'
,
'PROPFIND'
,
'PROPPATCH'
,
'MKCOL'
,
'DELETE'
,
'COPY'
,
'MOVE'
]
methods
=
[
'GET'
,
'HEAD'
,
'PUT'
,
'PROPFIND'
,
'PROPPATCH'
,
'MKCOL'
,
'DELETE'
,
'COPY'
,
'MOVE'
]
def
__init__
(
self
):
def
__init__
(
self
):
self
.
authorization
=
is_authorized
(
request
.
cookies
)
self
.
baseuri
=
URI_BEGINNING_PATH
[
'webdav'
]
self
.
baseuri
=
URI_BEGINNING_PATH
[
'webdav'
]
def
before_request
(
self
,
pathname
):
pass
def
get_body
(
self
):
def
get_body
(
self
):
""" get the request's body """
request_data
=
request
.
data
request_data
=
request
.
data
if
not
request_data
and
atoi
(
request
.
headers
[
'Content-length'
]):
if
not
request_data
and
atoi
(
request
.
headers
[
'Content-length'
]):
try
:
try
:
...
@@ -53,37 +79,23 @@ class WebDAV(MethodView):
...
@@ -53,37 +79,23 @@ class WebDAV(MethodView):
return
request_data
return
request_data
def
head
(
self
,
pathname
):
def
head
(
self
,
pathname
):
""" HEAD: returns headers only """
"""
origin
=
request
.
headers
.
get
(
'Origin'
,
'*'
)
HEAD:
returns headers only
response
=
None
"""
headers
=
{}
headers
[
'Access-Control-Max-Age'
]
=
'3600'
headers
[
'Access-Control-Allow-Credentials'
]
=
'true'
content
=
''
if
self
.
authorization
:
headers
[
'Access-Control-Allow-Origin'
]
=
origin
headers
[
'Access-Control-Allow-Headers'
]
=
'Origin, Accept, Accept-Encoding, Content-Length, Content-Type, Authorization, Depth, If-Modified-Since, If-None-Match'
headers
[
'Access-Control-Expose-Headers'
]
=
'Content-Type, Last-Modified, WWW-Authenticate'
response
=
make_response
(
content
,
200
)
else
:
headers
[
'WWW-Authenticate'
]
=
'Nayookie login_url='
+
request
.
url_root
+
URI_BEGINNING_PATH
[
'authorization'
]
+
'{?back_url}'
response
=
make_response
(
content
,
401
)
response
.
headers
=
headers
return
g
.
response
return
response
def
get
(
self
,
pathname
):
def
get
(
self
,
pathname
):
""" GET: return headers + body (resource content or list of resources) """
"""
GET:
return headers + body (resource content or list of resources)
"""
response
=
g
.
response
localpath
=
FS_HANDLER
.
uri2local
(
pathname
)
localpath
=
FS_HANDLER
.
uri2local
(
pathname
)
response
=
self
.
head
(
pathname
)
# TODO if into a collection => list of the ressources
# TODO if into a collection => list of the ressources
print
(
'localpath: '
+
localpath
)
data
=
''
data
=
''
if
self
.
authorization
:
if
os
.
path
.
isdir
(
localpath
):
if
os
.
path
.
isdir
(
localpath
):
data
=
"
\
n
"
.
join
(
FS_HANDLER
.
get_children
(
pathname
))
data
=
"
\
n
"
.
join
(
FS_HANDLER
.
get_children
(
pathname
))
elif
os
.
path
.
isfile
(
localpath
):
elif
os
.
path
.
isfile
(
localpath
):
...
@@ -108,9 +120,9 @@ class WebDAV(MethodView):
...
@@ -108,9 +120,9 @@ class WebDAV(MethodView):
on collection: 405 Method Not Allowed,
on collection: 405 Method Not Allowed,
on ressource: create if not existschange content
on ressource: create if not existschange content
"""
"""
response
=
self
.
head
(
pathname
)
if
self
.
authorization
:
response
=
g
.
response
localpath
=
FS_HANDLER
.
uri2local
(
pathname
)
localpath
=
FS_HANDLER
.
uri2local
(
pathname
)
request_body
=
self
.
get_body
()
request_body
=
self
.
get_body
()
if
request_body
is
None
:
if
request_body
is
None
:
...
@@ -123,15 +135,17 @@ class WebDAV(MethodView):
...
@@ -123,15 +135,17 @@ class WebDAV(MethodView):
return
response
return
response
def
propfind
(
self
,
pathname
):
def
propfind
(
self
,
pathname
):
response
=
self
.
head
(
pathname
)
if
self
.
authorization
:
response
=
g
.
response
# currently unsupported
# currently unsupported
response
.
status
=
'423'
response
.
status
=
'423'
return
response
return
response
def
proppatch
(
self
,
pathname
):
def
proppatch
(
self
,
pathname
):
response
=
self
.
head
(
pathname
)
if
self
.
authorization
:
response
=
g
.
response
# currently unsupported
# currently unsupported
response
.
status
=
'423'
response
.
status
=
'423'
return
response
return
response
...
@@ -142,8 +156,8 @@ class WebDAV(MethodView):
...
@@ -142,8 +156,8 @@ class WebDAV(MethodView):
creates a collection (that corresponds to a directory on the file system)
creates a collection (that corresponds to a directory on the file system)
"""
"""
response
=
self
.
head
(
pathname
)
response
=
g
.
response
if
self
.
authorization
:
response
.
status
=
str
(
FS_HANDLER
.
mkcol
(
pathname
))
response
.
status
=
str
(
FS_HANDLER
.
mkcol
(
pathname
))
return
response
return
response
...
@@ -153,8 +167,8 @@ class WebDAV(MethodView):
...
@@ -153,8 +167,8 @@ class WebDAV(MethodView):
delete a resource or collection
delete a resource or collection
"""
"""
response
=
self
.
head
(
pathname
)
response
=
g
.
response
if
self
.
authorization
:
localpath
=
FS_HANDLER
.
uri2local
(
pathname
)
localpath
=
FS_HANDLER
.
uri2local
(
pathname
)
if
not
os
.
path
.
exists
(
localpath
):
if
not
os
.
path
.
exists
(
localpath
):
response
.
status
=
'404'
response
.
status
=
'404'
...
@@ -178,8 +192,8 @@ class WebDAV(MethodView):
...
@@ -178,8 +192,8 @@ class WebDAV(MethodView):
copy a resource or collection
copy a resource or collection
"""
"""
response
=
self
.
head
(
pathname
)
response
=
g
.
response
if
self
.
authorization
:
localpath
=
FS_HANDLER
.
uri2local
(
pathname
)
localpath
=
FS_HANDLER
.
uri2local
(
pathname
)
destination
=
request
.
headers
[
'Destination'
]
destination
=
request
.
headers
[
'Destination'
]
host
=
request
.
headers
[
'Host'
]
host
=
request
.
headers
[
'Host'
]
...
@@ -197,7 +211,6 @@ class WebDAV(MethodView):
...
@@ -197,7 +211,6 @@ class WebDAV(MethodView):
response
.
status
=
'201'
response
.
status
=
'201'
if
os
.
path
.
exists
(
destination_path
):
if
os
.
path
.
exists
(
destination_path
):
delete_response
=
self
.
delete
(
destination
)
delete_response
=
self
.
delete
(
destination
)
print
delete_response
.
status
response
.
status
=
'204'
response
.
status
=
'204'
if
os
.
path
.
isfile
(
localpath
):
if
os
.
path
.
isfile
(
localpath
):
...
@@ -218,8 +231,8 @@ class WebDAV(MethodView):
...
@@ -218,8 +231,8 @@ class WebDAV(MethodView):
move a resource or collection
move a resource or collection
"""
"""
response
=
self
.
head
(
pathname
)
response
=
g
.
response
if
self
.
authorization
:
copy_response
=
self
.
copy
(
pathname
)
copy_response
=
self
.
copy
(
pathname
)
response
.
status
=
copy_response
.
status
response
.
status
=
copy_response
.
status
if
copy_response
.
status
==
'201'
or
copy_response
.
status
==
'204'
:
if
copy_response
.
status
==
'201'
or
copy_response
.
status
==
'204'
:
...
@@ -231,15 +244,17 @@ class WebDAV(MethodView):
...
@@ -231,15 +244,17 @@ class WebDAV(MethodView):
app
.
add_url_rule
(
URI_BEGINNING_PATH
[
'webdav'
]
+
'<path:pathname>'
,
view_func
=
WebDAV
.
as_view
(
'dav'
))
app
.
add_url_rule
(
URI_BEGINNING_PATH
[
'webdav'
]
+
'<path:pathname>'
,
view_func
=
WebDAV
.
as_view
(
'dav'
))
@
app
.
route
(
URI_BEGINNING_PATH
[
'authorization'
])
@
app
.
route
(
URI_BEGINNING_PATH
[
'authorization'
]
,
methods
=
[
'GET'
,
'POST'
]
)
def
authorize
():
def
authorize
():
if
request
.
method
==
'POST'
:
response
=
make_response
(
render_template
(
'authorization_page_cookie_set.html'
,
headers
=
headers
,
origin
=
origin
,
back_url
=
back_url
))
response
.
set_cookie
(
'mycookie'
,
value
=
''
,
max_age
=
None
,
expires
=
None
,
path
=
'/'
,
domain
=
None
,
secure
=
None
,
httponly
=
False
)
else
:
origin
=
request
.
headers
.
get
(
'Origin'
)
origin
=
request
.
headers
.
get
(
'Origin'
)
print
origin
headers
=
request
.
headers
headers
=
request
.
headers
back_url
=
request
.
args
.
get
(
'back_url'
)
back_url
=
request
.
args
.
get
(
'back_url'
)
print
origin
response
=
make_response
(
render_template
(
'authorization_page.html'
,
headers
=
headers
,
origin
=
origin
,
back_url
=
back_url
))
response
=
make_response
(
render_template
(
'authorization_page.html'
,
headers
=
headers
,
origin
=
origin
,
back_url
=
back_url
))
response
.
set_cookie
(
'mycookie'
,
value
=
''
,
max_age
=
None
,
expires
=
None
,
path
=
'/'
,
domain
=
None
,
secure
=
None
,
httponly
=
False
)
return
response
return
response
@
app
.
route
(
URI_BEGINNING_PATH
[
'editor'
])
@
app
.
route
(
URI_BEGINNING_PATH
[
'editor'
])
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment