Changes between Version 1 and Version 2 of csabahenk


Ignore:
Timestamp:
Jun 24, 2006, 2:12:34 PM (8 years ago)
Author:
csabahenk
Comment:

pasted in secsession update

Legend:

Unmodified
Added
Removed
Modified
  • csabahenk

    v1 v2  
    11= csabahenk =
     2
     3Here is an update of SecSessionPlugin which works on Trac 0.10dev.
     4It also adds a config hook which lets you use it when your Trac
     5runs behind a proxy server.
     6
     7As pacopablo (its author) hasn't given a contact info and uploading
     8attachments is broken ATM, I just paste the updated `secsession.py` here. 
     9
     10{{{
     11#!python
     12
     13from trac.core import *
     14from trac.web import IRequestFilter
     15
     16class SecureSessionFilter(Component):
     17    implements(IRequestFilter)
     18
     19    def pre_process_request(self, req, handler):
     20        # self.log.info("setting up the match")  ### 'twas too much noize
     21
     22        # We provide a config hook for checking if the request is
     23        # secure. Simply checking the scheme is not the appropriate
     24        # choice in all case -- eg., if trac runs behind a proxy
     25        # server, then it will get simple http requests from the
     26        # proxy and we have to analyze headers to find out if
     27        # the original request was secure or not.
     28        #
     29        # Currently we can directly match a request attribute
     30        # as "@<attr> = <val>" or a http header line as "<hdlr> = <val>".
     31        # This could be generalized by, eg., taking a list of such
     32        # patterns, whatever.
     33        key, val = [ x.strip() for x in self.config.get('secsession',
     34                                                        'secpattern',
     35                                                        '@scheme=https'
     36                                                        ).split('=', 1) ]
     37        if key[0] == '@':
     38            myval = getattr(req, key[1:])
     39        else:
     40            myval = req.get_header(key)
     41
     42        if unicode(myval) != val:
     43            # Auth info is not available at the time of invoking filters,
     44            # so we can't yet make the decision about redirecting.
     45            #
     46            # Therefore we just wrap the handler into our redirection policy.
     47            # When the handler will be invoked, auth info will be there;
     48            # if auth is anon, our wrapper will call the original
     49            # handler, else it will perform the redirect.
     50            handler = SecureSessionWrapper(handler, self)
     51        return handler
     52
     53    def post_process_request(self, req, template, content_type):
     54        return template, content_type
     55
     56
     57class SecureSessionWrapper(object):
     58
     59    def __init__(self, in_handler, filter):
     60        self.in_handler = in_handler
     61        self.filter = filter
     62        self.config = filter.config
     63        self.log = in_handler.log
     64
     65    def process_request(self, req):
     66
     67        if not req.authname or req.authname == 'anonymous':
     68            return self.in_handler.process_request(req)
     69
     70        self.log.info("redirect to secure site:")
     71        secport = self.config.getint('secsession', 'secport', 443)
     72        port = ''
     73        if secport != 443:
     74            port = ':%d' % secport
     75
     76        req.redirect(''.join(['https://',
     77                              req.server_name,
     78                              port,
     79                              req.href(),
     80                              req.path_info
     81                              ]) )
     82}}}
     83
    284
    385[[ListTagged(csabahenk)]]