diff sat/plugins/plugin_xep_0363.py @ 2866:8ce5748bfe97

plugin XEP-0363: updated to namespace "urn:xmpp:http:upload:0", handle headers
author Goffi <goffi@goffi.org>
date Fri, 22 Mar 2019 19:26:08 +0100
parents 003b8b4b56a7
children ab2696e34d29
line wrap: on
line diff
--- a/sat/plugins/plugin_xep_0363.py	Thu Mar 21 08:54:59 2019 +0100
+++ b/sat/plugins/plugin_xep_0363.py	Fri Mar 22 19:26:08 2019 +0100
@@ -50,13 +50,14 @@
     C.PI_DEPENDENCIES: ["FILE", "UPLOAD"],
     C.PI_MAIN: "XEP_0363",
     C.PI_HANDLER: "yes",
-    C.PI_DESCRIPTION: _("""Implementation of HTTP File Upload"""),
+    C.PI_DESCRIPTION: _(u"""Implementation of HTTP File Upload"""),
 }
 
-NS_HTTP_UPLOAD = "urn:xmpp:http:upload"
+NS_HTTP_UPLOAD = "urn:xmpp:http:upload:0"
+ALLOWED_HEADERS = ('authorization', 'cookie', 'expires')
 
 
-Slot = namedtuple("Slot", ["put", "get"])
+Slot = namedtuple("Slot", ["put", "get", "headers"])
 
 
 @implementer(IOpenSSLClientConnectionCreator)
@@ -76,7 +77,7 @@
     """Context factory which doesn't do TLS certificate check
 
     /!\\ it's obvisously a security flaw to use this class,
-    and it should be used only wiht explicite agreement from the end used
+    and it should be used only with explicite agreement from the end used
     """
 
     def creatorForNetloc(self, hostname, port):
@@ -139,14 +140,8 @@
 
         defer.returnValue(entity)
 
-    def _fileHTTPUpload(
-        self,
-        filepath,
-        filename="",
-        upload_jid="",
-        ignore_tls_errors=False,
-        profile=C.PROF_KEY_NONE,
-    ):
+    def _fileHTTPUpload(self, filepath, filename="", upload_jid="",
+                        ignore_tls_errors=False, profile=C.PROF_KEY_NONE):
         assert os.path.isabs(filepath) and os.path.isfile(filepath)
         progress_id_d, __ = self.fileHTTPUpload(
             filepath,
@@ -157,15 +152,9 @@
         )
         return progress_id_d
 
-    def fileHTTPUpload(
-        self,
-        filepath,
-        filename=None,
-        upload_jid=None,
-        options=None,
-        profile=C.PROF_KEY_NONE,
-    ):
-        """upload a file through HTTP
+    def fileHTTPUpload(self, filepath, filename=None, upload_jid=None, options=None,
+                       profile=C.PROF_KEY_NONE):
+        """Upload a file through HTTP
 
         @param filepath(str): absolute path of the file
         @param filename(None, unicode): name to use for the upload
@@ -175,7 +164,8 @@
         @param options(dict): options where key can be:
             - ignore_tls_errors(bool): if True, SSL certificate will not be checked
         @param profile: %(doc_profile)s
-        @return (D(tuple[D(unicode), D(unicode)])): progress id and Deferred which fire download URL
+        @return (D(tuple[D(unicode), D(unicode)])): progress id and Deferred which fire
+            download URL
         """
         if options is None:
             options = {}
@@ -201,14 +191,14 @@
         progress_id_d.errback(fail)
         download_d.errback(fail)
 
-    def _getSlotCb(
-        self, slot, client, progress_id_d, download_d, path, size, ignore_tls_errors=False
-    ):
+    def _getSlotCb(self, slot, client, progress_id_d, download_d, path, size,
+                   ignore_tls_errors=False):
         """Called when slot is received, try to do the upload
 
         @param slot(Slot): slot instance with the get and put urls
         @param progress_id_d(defer.Deferred): Deferred to call when progress_id is known
-        @param progress_id_d(defer.Deferred): Deferred to call with URL when upload is done
+        @param progress_id_d(defer.Deferred): Deferred to call with URL when upload is
+            done
         @param path(str): path to the file to upload
         @param size(int): size of the file to upload
         @param ignore_tls_errors(bool): ignore TLS certificate is True
@@ -224,10 +214,17 @@
             agent = http_client.Agent(reactor, NoCheckContextFactory())
         else:
             agent = http_client.Agent(reactor)
+
+        headers = {"User-Agent": [C.APP_NAME.encode("utf-8")]}
+        for name, value in slot.headers:
+            name = name.encode('utf-8')
+            value = value.encode('utf-8')
+            headers[name] = value
+
         d = agent.request(
             "PUT",
             slot.put.encode("utf-8"),
-            http_headers.Headers({"User-Agent": [C.APP_NAME.encode("utf-8")]}),
+            http_headers.Headers(headers),
             file_producer,
         )
         d.addCallbacks(
@@ -259,14 +256,17 @@
         download_d.errback(fail)
         try:
             wrapped_fail = fail.value.reasons[0]
-        except (AttributeError, IndexError):
+        except (AttributeError, IndexError) as e:
+            log.warning(_(u"upload failed: {reason}").format(reason=e))
             sat_file.progressError(unicode(fail))
             raise fail
         else:
             if wrapped_fail.check(SSL.Error):
                 msg = u"TLS validation error, can't connect to HTTPS server"
-                log.warning(msg + ": " + unicode(wrapped_fail.value))
-                sat_file.progressError(msg)
+            else:
+                msg = u"can't upload file"
+            log.warning(msg + ": " + unicode(wrapped_fail.value))
+            sat_file.progressError(msg)
 
     def _gotSlot(self, iq_elt, client):
         """Slot have been received
@@ -276,17 +276,35 @@
         """
         try:
             slot_elt = iq_elt.elements(NS_HTTP_UPLOAD, "slot").next()
-            put_url = unicode(slot_elt.elements(NS_HTTP_UPLOAD, "put").next())
-            get_url = unicode(slot_elt.elements(NS_HTTP_UPLOAD, "get").next())
-        except StopIteration:
+            put_elt = slot_elt.elements(NS_HTTP_UPLOAD, "put").next()
+            put_url = put_elt['url']
+            get_elt = slot_elt.elements(NS_HTTP_UPLOAD, "get").next()
+            get_url = get_elt['url']
+        except (StopIteration, KeyError):
             raise exceptions.DataError(u"Incorrect stanza received from server")
-        slot = Slot(put=put_url, get=get_url)
+        headers = []
+        for header_elt in put_elt.elements(NS_HTTP_UPLOAD, "header"):
+            try:
+                name = header_elt["name"]
+                value = unicode(header_elt)
+            except KeyError:
+                log.warning(_(u"Invalid header element: {xml}").format(
+                    iq_elt.toXml()))
+                continue
+            name = name.replace('\n', '')
+            value = value.replace('\n', '')
+            if name.lower() not in ALLOWED_HEADERS:
+                log.warning(_(u'Ignoring unauthorised header "{name}": {xml}')
+                    .format(name=name, xml = iq_elt.toXml()))
+                continue
+            headers.append((name, value))
+
+        slot = Slot(put=put_url, get=get_url, headers=tuple(headers))
         return slot
 
-    def _getSlot(
-        self, filename, size, content_type, upload_jid, profile_key=C.PROF_KEY_NONE
-    ):
-        """Get a upload slot
+    def _getSlot(self, filename, size, content_type, upload_jid,
+                 profile_key=C.PROF_KEY_NONE):
+        """Get an upload slot
 
         This method can be used when uploading is done by the frontend
         @param filename(unicode): name of the file to upload
@@ -339,10 +357,10 @@
         iq_elt = client.IQ("get")
         iq_elt["to"] = upload_jid.full()
         request_elt = iq_elt.addElement((NS_HTTP_UPLOAD, "request"))
-        request_elt.addElement("filename", content=filename)
-        request_elt.addElement("size", content=unicode(size))
+        request_elt["filename"] = filename
+        request_elt["size"] = unicode(size)
         if content_type is not None:
-            request_elt.addElement("content-type", content=content_type)
+            request_elt["content-type"] = content_type
 
         d = iq_elt.send()
         d.addCallback(self._gotSlot, client)