libervia-web: libervia/web/pages/photos/page

annotate libervia/web/pages/photos/page_meta.py @ 1598:86c7a3a625d5

server: always start a new session on connection: The session was kept when a user was connecting from service profile (but not from other profiles), this was leading to session fixation vulnerability (an attacker on the same machine could get service profile session cookie, and use it when a victim would log-in). This patch fixes it by always starting a new session on connection. fix 443

author	Goffi <goffi@goffi.org>
date	Fri, 23 Feb 2024 13:35:24 +0100
parents	eb00d593801d
children

rev	line source
1216 b2d067339de3 python 3 port: Goffi <goffi@goffi.org> parents: 1176 diff changeset	1 #!/usr/bin/env python3
1239 f511f8fbbf8a fixed shebangs Goffi <goffi@goffi.org> parents: 1216 diff changeset	2
1074 2e1f7e78b147 pages (photos): default page now handle free jid (but don't display anything else yet) Goffi <goffi@goffi.org> parents: 1070 diff changeset	3
1518 eb00d593801d refactoring: rename `libervia` to `libervia.web` + update imports following backend changes Goffi <goffi@goffi.org> parents: 1509 diff changeset	4 from libervia.web.server.constants import Const as C
1074 2e1f7e78b147 pages (photos): default page now handle free jid (but don't display anything else yet) Goffi <goffi@goffi.org> parents: 1070 diff changeset	5 from twisted.internet import defer
1518 eb00d593801d refactoring: rename `libervia` to `libervia.web` + update imports following backend changes Goffi <goffi@goffi.org> parents: 1509 diff changeset	6 from libervia.backend.core.i18n import _
eb00d593801d refactoring: rename `libervia` to `libervia.web` + update imports following backend changes Goffi <goffi@goffi.org> parents: 1509 diff changeset	7 from libervia.backend.core.log import getLogger
1172 7b8e123ba043 pages (photos): retrieve photo albums from list of interests, and fill "interests" template data. Goffi <goffi@goffi.org> parents: 1124 diff changeset	8
7b8e123ba043 pages (photos): retrieve photo albums from list of interests, and fill "interests" template data. Goffi <goffi@goffi.org> parents: 1124 diff changeset	9 log = getLogger(__name__)
1074 2e1f7e78b147 pages (photos): default page now handle free jid (but don't display anything else yet) Goffi <goffi@goffi.org> parents: 1070 diff changeset	10
1216 b2d067339de3 python 3 port: Goffi <goffi@goffi.org> parents: 1176 diff changeset	11 name = "photos"
1074 2e1f7e78b147 pages (photos): default page now handle free jid (but don't display anything else yet) Goffi <goffi@goffi.org> parents: 1070 diff changeset	12 access = C.PAGES_ACCESS_PROFILE
1216 b2d067339de3 python 3 port: Goffi <goffi@goffi.org> parents: 1176 diff changeset	13 template = "photo/discover.html"
1074 2e1f7e78b147 pages (photos): default page now handle free jid (but don't display anything else yet) Goffi <goffi@goffi.org> parents: 1070 diff changeset	14
2e1f7e78b147 pages (photos): default page now handle free jid (but don't display anything else yet) Goffi <goffi@goffi.org> parents: 1070 diff changeset	15
2e1f7e78b147 pages (photos): default page now handle free jid (but don't display anything else yet) Goffi <goffi@goffi.org> parents: 1070 diff changeset	16 @defer.inlineCallbacks
1176 ddc1e704bc41 pages (photos): moved code getting interests in prepare_render Goffi <goffi@goffi.org> parents: 1172 diff changeset	17 def prepare_render(self, request):
1509 106bae41f5c8 massive refactoring from camelCase -> snake_case. See backend commit log for more details Goffi <goffi@goffi.org> parents: 1278 diff changeset	18 profile = self.get_profile(request)
1172 7b8e123ba043 pages (photos): retrieve photo albums from list of interests, and fill "interests" template data. Goffi <goffi@goffi.org> parents: 1124 diff changeset	19 template_data = request.template_data
7b8e123ba043 pages (photos): retrieve photo albums from list of interests, and fill "interests" template data. Goffi <goffi@goffi.org> parents: 1124 diff changeset	20 namespace = self.host.ns_map["fis"]
7b8e123ba043 pages (photos): retrieve photo albums from list of interests, and fill "interests" template data. Goffi <goffi@goffi.org> parents: 1124 diff changeset	21 if profile is not None:
7b8e123ba043 pages (photos): retrieve photo albums from list of interests, and fill "interests" template data. Goffi <goffi@goffi.org> parents: 1124 diff changeset	22 try:
1509 106bae41f5c8 massive refactoring from camelCase -> snake_case. See backend commit log for more details Goffi <goffi@goffi.org> parents: 1278 diff changeset	23 interests = yield self.host.bridge_call(
106bae41f5c8 massive refactoring from camelCase -> snake_case. See backend commit log for more details Goffi <goffi@goffi.org> parents: 1278 diff changeset	24 "interests_list", "", "", namespace, profile)
1172 7b8e123ba043 pages (photos): retrieve photo albums from list of interests, and fill "interests" template data. Goffi <goffi@goffi.org> parents: 1124 diff changeset	25 except Exception:
1216 b2d067339de3 python 3 port: Goffi <goffi@goffi.org> parents: 1176 diff changeset	26 log.warning(_("Can't get interests list for {profile}").format(
1172 7b8e123ba043 pages (photos): retrieve photo albums from list of interests, and fill "interests" template data. Goffi <goffi@goffi.org> parents: 1124 diff changeset	27 profile=profile))
7b8e123ba043 pages (photos): retrieve photo albums from list of interests, and fill "interests" template data. Goffi <goffi@goffi.org> parents: 1124 diff changeset	28 else:
7b8e123ba043 pages (photos): retrieve photo albums from list of interests, and fill "interests" template data. Goffi <goffi@goffi.org> parents: 1124 diff changeset	29 # we only want photo albums
7b8e123ba043 pages (photos): retrieve photo albums from list of interests, and fill "interests" template data. Goffi <goffi@goffi.org> parents: 1124 diff changeset	30 filtered_interests = []
7b8e123ba043 pages (photos): retrieve photo albums from list of interests, and fill "interests" template data. Goffi <goffi@goffi.org> parents: 1124 diff changeset	31 for interest in interests:
1216 b2d067339de3 python 3 port: Goffi <goffi@goffi.org> parents: 1176 diff changeset	32 if interest.get('subtype') != 'photos':
1172 7b8e123ba043 pages (photos): retrieve photo albums from list of interests, and fill "interests" template data. Goffi <goffi@goffi.org> parents: 1124 diff changeset	33 continue
1216 b2d067339de3 python 3 port: Goffi <goffi@goffi.org> parents: 1176 diff changeset	34 path = interest.get('path', '')
b2d067339de3 python 3 port: Goffi <goffi@goffi.org> parents: 1176 diff changeset	35 path_args = [p for p in path.split('/') if p]
1509 106bae41f5c8 massive refactoring from camelCase -> snake_case. See backend commit log for more details Goffi <goffi@goffi.org> parents: 1278 diff changeset	36 interest["url"] = self.get_sub_page_url(
1172 7b8e123ba043 pages (photos): retrieve photo albums from list of interests, and fill "interests" template data. Goffi <goffi@goffi.org> parents: 1124 diff changeset	37 request,
1216 b2d067339de3 python 3 port: Goffi <goffi@goffi.org> parents: 1176 diff changeset	38 "photos_album",
b2d067339de3 python 3 port: Goffi <goffi@goffi.org> parents: 1176 diff changeset	39 interest['service'],
1172 7b8e123ba043 pages (photos): retrieve photo albums from list of interests, and fill "interests" template data. Goffi <goffi@goffi.org> parents: 1124 diff changeset	40 *path_args
7b8e123ba043 pages (photos): retrieve photo albums from list of interests, and fill "interests" template data. Goffi <goffi@goffi.org> parents: 1124 diff changeset	41 )
7b8e123ba043 pages (photos): retrieve photo albums from list of interests, and fill "interests" template data. Goffi <goffi@goffi.org> parents: 1124 diff changeset	42 filtered_interests.append(interest)
7b8e123ba043 pages (photos): retrieve photo albums from list of interests, and fill "interests" template data. Goffi <goffi@goffi.org> parents: 1124 diff changeset	43
1216 b2d067339de3 python 3 port: Goffi <goffi@goffi.org> parents: 1176 diff changeset	44 template_data['interests'] = filtered_interests
1172 7b8e123ba043 pages (photos): retrieve photo albums from list of interests, and fill "interests" template data. Goffi <goffi@goffi.org> parents: 1124 diff changeset	45
1509 106bae41f5c8 massive refactoring from camelCase -> snake_case. See backend commit log for more details Goffi <goffi@goffi.org> parents: 1278 diff changeset	46 template_data["url_photos_new"] = self.get_sub_page_url(request, "photos_new")
1278 4385a75e3962 pages (photos/new): photo album creation Goffi <goffi@goffi.org> parents: 1239 diff changeset	47
1172 7b8e123ba043 pages (photos): retrieve photo albums from list of interests, and fill "interests" template data. Goffi <goffi@goffi.org> parents: 1124 diff changeset	48
7b8e123ba043 pages (photos): retrieve photo albums from list of interests, and fill "interests" template data. Goffi <goffi@goffi.org> parents: 1124 diff changeset	49 @defer.inlineCallbacks
1074 2e1f7e78b147 pages (photos): default page now handle free jid (but don't display anything else yet) Goffi <goffi@goffi.org> parents: 1070 diff changeset	50 def on_data_post(self, request):
1509 106bae41f5c8 massive refactoring from camelCase -> snake_case. See backend commit log for more details Goffi <goffi@goffi.org> parents: 1278 diff changeset	51 jid_ = self.get_posted_data(request, "jid")
106bae41f5c8 massive refactoring from camelCase -> snake_case. See backend commit log for more details Goffi <goffi@goffi.org> parents: 1278 diff changeset	52 url = self.get_page_by_name("photos_album").get_url(jid_)
106bae41f5c8 massive refactoring from camelCase -> snake_case. See backend commit log for more details Goffi <goffi@goffi.org> parents: 1278 diff changeset	53 self.http_redirect(request, url)

Mercurial > libervia-web

annotate libervia/web/pages/photos/page_meta.py @ 1598:86c7a3a625d5