<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[13069] CalendarServer/branches/users/sagen/move2who-4/calendarserver/provision/root.py</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.calendarserver.org//changeset/13069">13069</a></dd>
<dt>Author</dt> <dd>wsanchez@apple.com</dd>
<dt>Date</dt> <dd>2014-03-31 15:43:14 -0700 (Mon, 31 Mar 2014)</dd>
</dl>
<h3>Log Message</h3>
<pre>lint</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#CalendarServerbranchesuserssagenmove2who4calendarserverprovisionrootpy">CalendarServer/branches/users/sagen/move2who-4/calendarserver/provision/root.py</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="CalendarServerbranchesuserssagenmove2who4calendarserverprovisionrootpy"></a>
<div class="modfile"><h4>Modified: CalendarServer/branches/users/sagen/move2who-4/calendarserver/provision/root.py (13068 => 13069)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/branches/users/sagen/move2who-4/calendarserver/provision/root.py 2014-03-31 22:18:29 UTC (rev 13068)
+++ CalendarServer/branches/users/sagen/move2who-4/calendarserver/provision/root.py 2014-03-31 22:43:14 UTC (rev 13069)
</span><span class="lines">@@ -19,7 +19,6 @@
</span><span class="cx"> "RootResource",
</span><span class="cx"> ]
</span><span class="cx">
</span><del>-from txdav.who.wiki import uidForAuthToken
</del><span class="cx"> from twext.python.log import Logger
</span><span class="cx"> from twisted.cred.error import LoginFailed, UnauthorizedLogin
</span><span class="cx"> from twisted.internet.defer import inlineCallbacks, returnValue, succeed
</span><span class="lines">@@ -35,6 +34,7 @@
</span><span class="cx"> from twistedcaldav.extensions import ReadOnlyResourceMixIn
</span><span class="cx"> from twistedcaldav.resource import CalDAVComplianceMixIn
</span><span class="cx"> from txdav.who.wiki import DirectoryService as WikiDirectoryService
</span><ins>+from txdav.who.wiki import uidForAuthToken
</ins><span class="cx"> from txdav.xml import element as davxml
</span><span class="cx"> from txweb2 import responsecode
</span><span class="cx"> from txweb2.auth.wrapper import UnauthorizedResponse
</span><span class="lines">@@ -44,7 +44,10 @@
</span><span class="cx"> log = Logger()
</span><span class="cx">
</span><span class="cx">
</span><del>-class RootResource (ReadOnlyResourceMixIn, DirectoryPrincipalPropertySearchMixIn, CalDAVComplianceMixIn, DAVFile):
</del><ins>+class RootResource(
+ ReadOnlyResourceMixIn, DirectoryPrincipalPropertySearchMixIn,
+ CalDAVComplianceMixIn, DAVFile
+):
</ins><span class="cx"> """
</span><span class="cx"> A special root resource that contains support checking SACLs
</span><span class="cx"> as well as adding responseFilters.
</span><span class="lines">@@ -56,17 +59,17 @@
</span><span class="cx"> # starts with any of these, then the list of SACLs are checked. If the
</span><span class="cx"> # request path does not start with any of these, then no SACLs are checked.
</span><span class="cx"> saclMap = {
</span><del>- "addressbooks" : ("addressbook",),
- "calendars" : ("calendar",),
- "directory" : ("addressbook",),
- "principals" : ("addressbook", "calendar"),
- "webcal" : ("calendar",),
</del><ins>+ "addressbooks": ("addressbook",),
+ "calendars": ("calendar",),
+ "directory": ("addressbook",),
+ "principals": ("addressbook", "calendar"),
+ "webcal": ("calendar",),
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> # If a top-level resource path starts with any of these, an unauthenticated
</span><span class="cx"> # request is redirected to the auth url (config.WebCalendarAuthPath)
</span><span class="cx"> authServiceMap = {
</span><del>- "webcal" : True,
</del><ins>+ "webcal": True,
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> def __init__(self, path, *args, **kwargs):
</span><span class="lines">@@ -80,11 +83,17 @@
</span><span class="cx">
</span><span class="cx"> self.contentFilters = []
</span><span class="cx">
</span><del>- if config.EnableResponseCache and config.Memcached.Pools.Default.ClientEnabled:
</del><ins>+ if (
+ config.EnableResponseCache and
+ config.Memcached.Pools.Default.ClientEnabled
+ ):
</ins><span class="cx"> self.responseCache = MemcacheResponseCache(self.fp)
</span><span class="cx">
</span><del>- # These class attributes need to be setup with our memcache notifier
- DirectoryPrincipalResource.cacheNotifierFactory = MemcacheChangeNotifier
</del><ins>+ # These class attributes need to be setup with our memcache\
+ # notifier
+ DirectoryPrincipalResource.cacheNotifierFactory = (
+ MemcacheChangeNotifier
+ )
</ins><span class="cx"> else:
</span><span class="cx"> self.responseCache = DisabledCache()
</span><span class="cx">
</span><span class="lines">@@ -96,7 +105,9 @@
</span><span class="cx"> def deadProperties(self):
</span><span class="cx"> if not hasattr(self, "_dead_properties"):
</span><span class="cx"> # Get the property store from super
</span><del>- deadProperties = namedClass(config.RootResourcePropStoreClass)(self)
</del><ins>+ deadProperties = (
+ namedClass(config.RootResourcePropStoreClass)(self)
+ )
</ins><span class="cx">
</span><span class="cx"> # Wrap the property store in a memory store
</span><span class="cx"> if isinstance(deadProperties, xattrPropertyStore):
</span><span class="lines">@@ -158,7 +169,9 @@
</span><span class="cx"> request.checkingSACL = True
</span><span class="cx">
</span><span class="cx"> for collection in self.principalCollections():
</span><del>- principal = yield collection._principalForURI(authzUser.children[0].children[0].data)
</del><ins>+ principal = yield collection._principalForURI(
+ authzUser.children[0].children[0].data
+ )
</ins><span class="cx"> if principal is None:
</span><span class="cx"> response = (yield UnauthorizedResponse.makeResponse(
</span><span class="cx"> request.credentialFactories,
</span><span class="lines">@@ -183,7 +196,10 @@
</span><span class="cx"> if access:
</span><span class="cx"> returnValue(True)
</span><span class="cx">
</span><del>- log.warn("User %r is not enabled with the %r SACL(s)" % (username, saclServices,))
</del><ins>+ log.warn(
+ "User {user!r} is not enabled with the {sacl!r} SACL(s)",
+ user=username, sacl=saclServices
+ )
</ins><span class="cx"> raise HTTPError(responsecode.FORBIDDEN)
</span><span class="cx">
</span><span class="cx">
</span><span class="lines">@@ -227,45 +243,71 @@
</span><span class="cx"> token = None
</span><span class="cx">
</span><span class="cx"> if token is not None and token != "unauthenticated":
</span><del>- log.debug("Wiki sessionID cookie value: %s" % (token,))
</del><ins>+ log.debug(
+ "Wiki sessionID cookie value: {token}", token=token
+ )
</ins><span class="cx">
</span><span class="cx"> record = None
</span><span class="cx"> try:
</span><del>- uid = (yield uidForAuthToken(token))
</del><ins>+ uid = yield uidForAuthToken(token)
</ins><span class="cx"> if uid == "unauthenticated":
</span><span class="cx"> uid = None
</span><span class="cx">
</span><del>- except WebError, w:
</del><ins>+ except WebError as w:
</ins><span class="cx"> uid = None
</span><span class="cx"> # FORBIDDEN status means it's an unknown token
</span><span class="cx"> if int(w.status) == responsecode.NOT_FOUND:
</span><del>- log.debug("Unknown wiki token: %s" % (token,))
</del><ins>+ log.debug(
+ "Unknown wiki token: {token}", token=token
+ )
</ins><span class="cx"> else:
</span><del>- log.error("Failed to look up wiki token %s: %s" %
- (token, w.message,))
</del><ins>+ log.error(
+ "Failed to look up wiki token {token}: "
+ "{message}",
+ token=token, message=w.message
+ )
</ins><span class="cx">
</span><del>- except Exception, e:
- log.error("Failed to look up wiki token (%s)" % (e,))
</del><ins>+ except Exception as e:
+ log.error(
+ "Failed to look up wiki token: {error}",
+ error=e
+ )
</ins><span class="cx"> uid = None
</span><span class="cx">
</span><span class="cx"> if uid is not None:
</span><del>- log.debug("Wiki lookup returned uid: %s" % (uid,))
</del><ins>+ log.debug(
+ "Wiki lookup returned uid: {uid}", uid=uid
+ )
</ins><span class="cx"> principal = None
</span><span class="cx"> directory = request.site.resource.getDirectory()
</span><span class="cx"> record = yield directory.recordWithUID(uid)
</span><span class="cx"> if record is not None:
</span><span class="cx"> username = record.shortNames[0]
</span><del>- log.debug("Wiki user record for user %s : %s" % (username, record))
</del><ins>+ log.debug(
+ "Wiki user record for user {user}: {record}",
+ user=username, record=record
+ )
</ins><span class="cx"> for collection in self.principalCollections():
</span><del>- principal = yield collection.principalForRecord(record)
</del><ins>+ principal = (
+ yield collection.principalForRecord(record)
+ )
</ins><span class="cx"> if principal is not None:
</span><span class="cx"> break
</span><span class="cx">
</span><span class="cx"> if principal:
</span><del>- log.debug("Wiki-authenticated principal %s being assigned to authnUser and authzUser" % (record.uid,))
- request.authzUser = request.authnUser = davxml.Principal(
- davxml.HRef.fromString("/principals/__uids__/%s/" % (record.uid,))
</del><ins>+ log.debug(
+ "Wiki-authenticated principal {record.uid} "
+ "being assigned to authnUser and authzUser",
+ record=record
</ins><span class="cx"> )
</span><ins>+ request.authzUser = request.authnUser = (
+ davxml.Principal(
+ davxml.HRef.fromString(
+ "/principals/__uids__/{}/"
+ .format(record.uid)
+ )
+ )
+ )
</ins><span class="cx">
</span><span class="cx"> if not hasattr(request, "authzUser") and config.WebCalendarAuthPath:
</span><span class="cx"> topLevel = request.path.strip("/").split("/")[0]
</span><span class="lines">@@ -275,25 +317,27 @@
</span><span class="cx">
</span><span class="cx"> # Use config.ServerHostName if no x-forwarded-host header,
</span><span class="cx"> # otherwise use the final hostname in x-forwarded-host.
</span><del>- host = request.headers.getRawHeaders("x-forwarded-host",
- [config.ServerHostName])[-1].split(",")[-1].strip()
</del><ins>+ host = request.headers.getRawHeaders(
+ "x-forwarded-host",
+ [config.ServerHostName]
+ )[-1].split(",")[-1].strip()
</ins><span class="cx"> port = 443 if config.EnableSSL else 80
</span><span class="cx"> scheme = "https" if config.EnableSSL else "http"
</span><span class="cx">
</span><span class="cx"> response = RedirectResponse(
</span><del>- request.unparseURL(
- host=host,
- port=port,
- scheme=scheme,
- path=config.WebCalendarAuthPath,
- querystring="redirect=%s://%s%s" % (
- scheme,
- host,
- request.path
- )
- ),
- temporary=True
- )
</del><ins>+ request.unparseURL(
+ host=host,
+ port=port,
+ scheme=scheme,
+ path=config.WebCalendarAuthPath,
+ querystring="redirect={}://{}{}".format(
+ scheme,
+ host,
+ request.path
+ )
+ ),
+ temporary=True
+ )
</ins><span class="cx"> raise HTTPError(response)
</span><span class="cx">
</span><span class="cx"> # We don't want the /inbox resource to pay attention to SACLs because
</span><span class="lines">@@ -303,10 +347,17 @@
</span><span class="cx"> if segments[0] in ("inbox", "timezones"):
</span><span class="cx"> request.checkedSACL = True
</span><span class="cx">
</span><del>- elif (len(segments) > 2 and segments[0] in ("calendars", "principals") and
</del><ins>+ elif (
</ins><span class="cx"> (
</span><del>- segments[1] == "wikis" or
- (segments[1] == "__uids__" and segments[2].startswith(WikiDirectoryService.uidPrefix))
</del><ins>+ len(segments) > 2 and
+ segments[0] in ("calendars", "principals") and
+ (
+ segments[1] == "wikis" or
+ (
+ segments[1] == "__uids__" and
+ segments[2].startswith(WikiDirectoryService.uidPrefix)
+ )
+ )
</ins><span class="cx"> )
</span><span class="cx"> ):
</span><span class="cx"> # This is a wiki-related calendar resource. SACLs are not checked.
</span><span class="lines">@@ -321,12 +372,21 @@
</span><span class="cx"> else:
</span><span class="cx"> wikiName = segments[2][5:]
</span><span class="cx"> if wikiName:
</span><del>- log.debug("Wiki principal %s being assigned to authzUser" % (wikiName,))
</del><ins>+ log.debug(
+ "Wiki principal {name} being assigned to authzUser",
+ name=wikiName
+ )
</ins><span class="cx"> request.authzUser = davxml.Principal(
</span><del>- davxml.HRef.fromString("/principals/wikis/%s/" % (wikiName,))
</del><ins>+ davxml.HRef.fromString(
+ "/principals/wikis/{}/".format(wikiName)
+ )
</ins><span class="cx"> )
</span><span class="cx">
</span><del>- elif self.useSacls and not hasattr(request, "checkedSACL") and not hasattr(request, "checkingSACL"):
</del><ins>+ elif (
+ self.useSacls and
+ not hasattr(request, "checkedSACL") and
+ not hasattr(request, "checkingSACL")
+ ):
</ins><span class="cx"> yield self.checkSacl(request)
</span><span class="cx">
</span><span class="cx"> if config.RejectClients:
</span><span class="lines">@@ -337,28 +397,37 @@
</span><span class="cx"> if agent is not None:
</span><span class="cx"> for reject in config.RejectClients:
</span><span class="cx"> if reject.search(agent) is not None:
</span><del>- log.info("Rejecting user-agent: %s" % (agent,))
</del><ins>+ log.info("Rejecting user-agent: {agent}", agent=agent)
</ins><span class="cx"> raise HTTPError(StatusResponse(
</span><span class="cx"> responsecode.FORBIDDEN,
</span><del>- "Your client software (%s) is not allowed to access this service." % (agent,)
</del><ins>+ "Your client software ({}) is not allowed to "
+ "access this service."
+ .format(agent)
</ins><span class="cx"> ))
</span><span class="cx">
</span><del>- if config.EnableResponseCache and request.method == "PROPFIND" and not getattr(request, "notInCache", False) and len(segments) > 1:
</del><ins>+ if (
+ config.EnableResponseCache and
+ request.method == "PROPFIND" and
+ not getattr(request, "notInCache", False) and
+ len(segments) > 1
+ ):
</ins><span class="cx"> try:
</span><del>- authnUser, authzUser = (yield self.authenticate(request))
</del><ins>+ authnUser, authzUser = yield self.authenticate(request)
</ins><span class="cx"> request.authnUser = authnUser
</span><span class="cx"> request.authzUser = authzUser
</span><span class="cx"> except (UnauthorizedLogin, LoginFailed):
</span><del>- response = (yield UnauthorizedResponse.makeResponse(
</del><ins>+ response = yield UnauthorizedResponse.makeResponse(
</ins><span class="cx"> request.credentialFactories,
</span><span class="cx"> request.remoteAddr
</span><del>- ))
</del><ins>+ )
</ins><span class="cx"> raise HTTPError(response)
</span><span class="cx">
</span><span class="cx"> try:
</span><span class="cx"> if not getattr(request, "checkingCache", False):
</span><span class="cx"> request.checkingCache = True
</span><del>- response = (yield self.responseCache.getResponseForRequest(request))
</del><ins>+ response = yield self.responseCache.getResponseForRequest(
+ request
+ )
</ins><span class="cx"> if response is None:
</span><span class="cx"> request.notInCache = True
</span><span class="cx"> raise KeyError("Not found in cache.")
</span><span class="lines">@@ -367,7 +436,9 @@
</span><span class="cx"> except KeyError:
</span><span class="cx"> pass
</span><span class="cx">
</span><del>- child = (yield super(RootResource, self).locateChild(request, segments))
</del><ins>+ child = yield super(RootResource, self).locateChild(
+ request, segments
+ )
</ins><span class="cx"> returnValue(child)
</span><span class="cx">
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>