Mercurial > libervia-web

annotate libervia/web/pages/calendar/page_meta.py @ 1598:86c7a3a625d5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
server: always start a new session on connection: The session was kept when a user was connecting from service profile (but not from other profiles), this was leading to session fixation vulnerability (an attacker on the same machine could get service profile session cookie, and use it when a victim would log-in). This patch fixes it by always starting a new session on connection. fix 443
author Goffi <goffi@goffi.org>
date Fri, 23 Feb 2024 13:35:24 +0100
parents 08342aca8c1e
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1508
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
1 #!/usr/bin/env python3
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
2
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
3
1518
eb00d593801d refactoring: rename `libervia` to `libervia.web` + update imports following backend changes
Goffi <goffi@goffi.org>
parents: 1509
diff changeset
4 from libervia.backend.core.i18n import _
eb00d593801d refactoring: rename `libervia` to `libervia.web` + update imports following backend changes
Goffi <goffi@goffi.org>
parents: 1509
diff changeset
5 from libervia.backend.core.log import getLogger
eb00d593801d refactoring: rename `libervia` to `libervia.web` + update imports following backend changes
Goffi <goffi@goffi.org>
parents: 1509
diff changeset
6 from libervia.backend.tools.common import data_format
1508
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
7 from twisted.internet import defer
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
8 import datetime
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
9 import time
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
10 from dateutil import tz
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
11
1518
eb00d593801d refactoring: rename `libervia` to `libervia.web` + update imports following backend changes
Goffi <goffi@goffi.org>
parents: 1509
diff changeset
12 from libervia.web.server.constants import Const as C
1508
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
13
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
14 log = getLogger(__name__)
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
15
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
16
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
17 name = "calendar"
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
18 access = C.PAGES_ACCESS_PROFILE
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
19 template = "calendar/daily.html"
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
20
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
21
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
22 async def prepare_render(self, request):
1509
106bae41f5c8 massive refactoring from camelCase -> snake_case. See backend commit log for more details
Goffi <goffi@goffi.org>
parents: 1508
diff changeset
23 profile = self.get_profile(request)
1508
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
24 template_data = request.template_data
1509
106bae41f5c8 massive refactoring from camelCase -> snake_case. See backend commit log for more details
Goffi <goffi@goffi.org>
parents: 1508
diff changeset
25 # template_data["url_event_new"] = self.get_sub_page_url(request, "event_new")
1508
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
26 if profile is not None:
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
27 try:
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
28 events = data_format.deserialise(
1509
106bae41f5c8 massive refactoring from camelCase -> snake_case. See backend commit log for more details
Goffi <goffi@goffi.org>
parents: 1508
diff changeset
29 await self.host.bridge_call("events_get", "", "", [], "", profile),
1508
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
30 type_check=list
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
31 )
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
32 except Exception as e:
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
33 log.warning(_("Can't get events list for {profile}: {reason}").format(
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
34 profile=profile, reason=e))
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
35 else:
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
36 template_data["events"] = events
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
37
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
38 local_tz = tz.tzlocal()
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
39 today_local = datetime.datetime.now(local_tz).date()
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
40 calendar_start = template_data["calendar_start"] = datetime.datetime.combine(
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
41 today_local, datetime.time.min, tzinfo=local_tz
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
42 ).timestamp()
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
43 calendar_end = template_data["calendar_end"] = datetime.datetime.combine(
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
44 today_local, datetime.time.max, tzinfo=local_tz
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
45 ).timestamp()
1509
106bae41f5c8 massive refactoring from camelCase -> snake_case. See backend commit log for more details
Goffi <goffi@goffi.org>
parents: 1508
diff changeset
46 self.expose_to_scripts(
1508
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
47 request,
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
48 calendar_start=calendar_start,
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
49 calendar_end=calendar_end,
ec3ad9abf9f9 pages (calendar): calendar page, first draft
Goffi <goffi@goffi.org>
parents:
diff changeset
50 )