libervia-web: src/server/server.py comparison

comparison src/server/server.py @ 961:22fe06569b1a

server: moved logging worflow in separated method, so it can be used by Libervia Pages

author	Goffi <goffi@goffi.org>
date	Fri, 27 Oct 2017 18:35:23 +0200
parents	968eda9e982a
children	c7fba7709d05

comparison

equal deleted inserted replaced

-:e59edcae4c18
+:22fe06569b1a
 def __init__(self, sat_host):
 JSONRPCMethodManager.__init__(self, sat_host)
 self.profiles_waiting = {}
 self.request = None
-self.waiting_profiles = WaitingRequests()
 def render(self, request):
 """
 Render method with some hacks:
 - if login is requested, try to login with form data
 submit_type = request.args['submit_type'][0]
 except KeyError:
 return C.BAD_REQUEST
 if submit_type == 'register':
-if not self.sat_host.options["allow_registration"]:
+self._registerNewAccount(request)
-log.warning(u"Registration received while it is not allowed, hack attempt?")
+return server.NOT_DONE_YET
-return exceptions.PermissionError(u"Registration is not allowed on this server")
-return self._registerNewAccount(request)
 elif submit_type == 'login':
-d = self.asyncBridgeCall("getNewAccountDomain")
+self._loginAccount(request)
-d.addCallback(lambda domain: self._loginAccount(request, domain))
 return server.NOT_DONE_YET
 return Exception('Unknown submit type')
-def _loginAccount(self, request, new_account_domain):
+@defer.inlineCallbacks
+def _registerNewAccount(self, request):
+try:
+login = request.args['register_login'][0]
+password = request.args['register_password'][0]
+email = request.args['email'][0]
+except KeyError:
+request.write(C.BAD_REQUEST)
+request.finish()
+return
+status = yield self.sat_host.registerNewAccount(request, login, password, email)
+request.write(status)
+request.finish()
+@defer.inlineCallbacks
+def _loginAccount(self, request):
 """Try to authenticate the user with the request information.
-@param request: request of the register form
+will write to request a constant indicating the state:
-@param new_account_domain (unicode): host corresponding to the local domain
+- C.PROFILE_LOGGED: profile is connected
-@return: a constant indicating the state:
+- C.PROFILE_LOGGED_EXT_JID: profile is connected and an external jid has been used
+- C.SESSION_ACTIVE: session was already active
 - C.BAD_REQUEST: something is wrong in the request (bad arguments)
 - C.PROFILE_AUTH_ERROR: either the profile (login) or the profile password is wrong
 - C.XMPP_AUTH_ERROR: the profile is authenticated but the XMPP password is wrong
-- C.ALREADY_WAITING: a request has already been submitted for this profile
+- C.ALREADY_WAITING: a request has already been submitted for this profil, C.PROFILE_LOGGED_EXT_JID)e
-- server.NOT_DONE_YET: the profile is being processed, the return
+- C.NOT_CONNECTED: connection has not been established
-value will be given by self._logged or auth_eb
+the request will then be finished
+@param request: request of the register form
 """
 try:
 login = request.args['login'][0]
 password = request.args['login_password'][0]
 except KeyError:
 request.finish()
 return
 assert login
-if login.startswith('@'):  # this is checked by javascript but also here for security reason
-# FIXME: return an error instead of an Exception?
-raise Exception('No profile_key allowed')
-if '@' in login:
-try:
-login_jid = jid.JID(login)
-except (RuntimeError, jid.InvalidFormat, AttributeError):
-request.write(C.PROFILE_AUTH_ERROR)
-request.finish()
-return
-if login_jid.host == new_account_domain:
-# redirect "user@libervia.org" to the "user" profile
-login = login_jid.user
-login_jid = None
-else:
-login_jid = None
 try:
-profile = self.sat_host.bridge.profileNameGet(login)
+status = yield self.sat_host.connect(request, login, password)
-except Exception:  # XXX: ProfileUnknownError wouldn't work, it's encapsulated
+except (exceptions.DataError,
-if login_jid is not None and login_jid.user:  # try to create a new sat profile using the XMPP credentials
+exceptions.ProfileUnknownError,
-if not self.sat_host.options["allow_registration"]:
+exceptions.PermissionError):
-log.warning(u"Trying to register JID account while registration is not allowed")
+request.write(C.PROFILE_AUTH_ERROR)
-request.write(C.PROFILE_AUTH_ERROR)
+request.finish()
-request.finish()
+return
-return
+except exceptions.NotReady:
-profile = login # FIXME: what if there is a resource?
-connect_method = "asyncConnectWithXMPPCredentials"
-register_with_ext_jid = True
-else: # non existing username
-request.write(C.PROFILE_AUTH_ERROR)
-request.finish()
-return
-else:
-if profile != login or (not password and profile not in self.sat_host.options['empty_password_allowed_warning_dangerous_list']):
-# profiles with empty passwords are restricted to local frontends
-request.write(C.PROFILE_AUTH_ERROR)
-request.finish()
-return
-register_with_ext_jid = False
-connect_method = "connect"
-if self.waiting_profiles.getRequest(profile):
 request.write(C.ALREADY_WAITING)
 request.finish()
 return
+except exceptions.TimeOutError:
-def auth_eb(failure):
+request.write(C.NO_REPLY)
-fault = failure.value.faultString
-self.waiting_profiles.purgeRequest(profile)
-if fault in ('PasswordError', 'ProfileUnknownError'):
-log.info(u"Profile %s doesn't exist or the submitted password is wrong" % profile)
-request.write(C.PROFILE_AUTH_ERROR)
-elif fault == 'SASLAuthError':
-log.info(u"The XMPP password of profile %s is wrong" % profile)
-request.write(C.XMPP_AUTH_ERROR)
-elif fault == 'NoReply':
-log.info(_("Did not receive a reply (the timeout expired or the connection is broken)"))
-request.write(C.NO_REPLY)
-else:
-log.error(u'Unmanaged fault string "%s" in errback for the connection of profile %s' % (fault, profile))
-request.write(fault)
 request.finish()
+return
-self.waiting_profiles.setRequest(request, profile, register_with_ext_jid)
+except exceptions.InternalError as e:
-d = self.asyncBridgeCall(connect_method, profile, password)
+request.write(e.message)
-d.addCallbacks(lambda connected: self._logged(profile, request) if connected else None, auth_eb)
-def _registerNewAccount(self, request):
-"""Create a new account, or return error
-@param request: request of the register form
-@return: a constant indicating the state:
-- C.BAD_REQUEST: something is wrong in the request (bad arguments)
-- C.REGISTRATION_SUCCEED: new account has been successfully registered
-- C.ALREADY_EXISTS: the given profile already exists
-- C.INTERNAL_ERROR or any unmanaged fault string
-- server.NOT_DONE_YET: the profile is being processed, the return
-value will be given later (one of those previously described)
-"""
-try:
-# XXX: for now libervia forces the creation to lower case
-profile = login = request.args['register_login'][0].lower()
-password = request.args['register_password'][0]
-email = request.args['email'][0]
-except KeyError:
-return C.BAD_REQUEST
-if not re.match(r'^[a-z0-9_-]+$', login, re.IGNORECASE) or \
-not re.match(r'^.+@.+\..+', email, re.IGNORECASE) or \
-len(password) < C.PASSWORD_MIN_LENGTH:
-return C.BAD_REQUEST
-def registered(result):
-request.write(C.REGISTRATION_SUCCEED)
 request.finish()
+return
-def registeringError(failure):
+except exceptions.ConflictError:
-reason = failure.value.faultString
-if reason == "ConflictError":
-request.write(C.ALREADY_EXISTS)
-elif reason == "InternalError":
-request.write(C.INTERNAL_ERROR)
-else:
-log.error(u'Unknown registering error: %s' % (reason,))
-request.write(reason)
-request.finish()
-d = self.asyncBridgeCall("registerSatAccount", email, password, profile)
-d.addCallback(registered)
-d.addErrback(registeringError)
-return server.NOT_DONE_YET
-def _logged(self, profile, request):
-"""Set everything when a user just logged in
-@param profile
-@param request
-@return: a constant indicating the state:
-- C.PROFILE_LOGGED
-- C.SESSION_ACTIVE
-"""
-register_with_ext_jid = self.waiting_profiles.getRegisterWithExtJid(profile)
-self.waiting_profiles.purgeRequest(profile)
-_session = request.getSession()
-sat_session = session_iface.ISATSession(_session)
-if sat_session.profile:
-log.error(_(u'/!\\ Session has already a profile, this should NEVER happen!'))
 request.write(C.SESSION_ACTIVE)
 request.finish()
 return
-# we manage profile server side to avoid profile spoofing
+except ValueError as e:
-sat_session.profile = profile
+if e.message in (C.PROFILE_AUTH_ERROR, C.XMPP_AUTH_ERROR):
-self.sat_host.prof_connected.add(profile)
+request.write(e.message)
-cache_dir = os.path.join(self.sat_host.cache_root_dir, regex.pathEscape(profile))
+request.finish()
-# FIXME: would be better to have a global /cache URL which redirect to profile's cache directory, without uuid
+return
-self.sat_host.cache_resource.putChild(sat_session.uuid, ProtectedFile(cache_dir))
+else:
-log.debug(_(u"profile cache resource added from {uuid} to {path}").format(uuid=sat_session.uuid, path=cache_dir))
+raise e
-def onExpire():
+assert status
-log.info(u"Session expired (profile=%s)" % (profile,))
+request.write(status)
-self.sat_host.cache_resource.delEntity(sat_session.uuid)
-log.debug(_(u"profile cache resource {uuid} deleted").format(uuid = sat_session.uuid))
-try:
-#We purge the queue
-del self.sat_host.signal_handler.queue[profile]
-except KeyError:
-pass
-#and now we disconnect the profile
-self.sat_host.bridge.disconnect(profile)
-_session.notifyOnExpire(onExpire)
-request.write(C.PROFILE_LOGGED_REGISTERED_WITH_EXT_JID if register_with_ext_jid else C.PROFILE_LOGGED)
 request.finish()
 def jsonrpc_isConnected(self):
 _session = self.request.getSession()
 profile = session_iface.ISATSession(_session).profile
 _session.unlock()
 try:
 source_defer = self.signalDeferred[profile]
 if source_defer.called and source_defer.result[0] == "disconnected":
 log.info(u"[%s] disconnected" % (profile,))
-_session.expire()
+try:
+_session.expire()
+except KeyError:
+# FIXME: happen if session is ended using login page
+#        when pyjamas page is also launched
+log.warning(u'session is already expired')
 except IndexError:
 log.error("Deferred result should be a tuple with fonction name first")
 self.signalDeferred[profile] = defer.Deferred()
 self.request.notifyFinish().addBoth(unlock, profile)
 """Connection is done.
 @param profile (unicode): %(doc_profile)s
 @param jid_s (unicode): the JID that we were assigned by the server, as the resource might differ from the JID we asked for.
 """
+#  FIXME: _logged should not be called from here, check this code
+#  FIXME: check if needed to connect with external jid
 # jid_s is handled in QuickApp.connectionHandler already
-assert(self.register)  # register must be plugged
+# assert self.register  # register must be plugged
-request = self.register.waiting_profiles.getRequest(profile)
+# request = self.sat_host.waiting_profiles.getRequest(profile)
-if request:
+# if request:
-self.register._logged(profile, request)
+#     self.sat_host._logged(profile, request)
 def disconnected(self, profile):
 if not profile in self.sat_host.prof_connected:
 log.error("'disconnected' signal received for a not connected profile")
 return
 class Libervia(service.Service):
 def __init__(self, options):
 self.options = options
 self.initialised = defer.Deferred()
+self.waiting_profiles = WaitingRequests()  # FIXME: should be removed
 if self.options['base_url_ext']:
 self.base_url_ext = self.options.pop('base_url_ext')
 if self.base_url_ext[-1] != '/':
 self.base_url_ext += '/'
 kwargs["callback"] = _callback
 kwargs["errback"] = _errback
 getattr(self.bridge, method_name)(*args, **kwargs)
 return d
+def _logged(self, profile, request):
+"""Set everything when a user just logged in
+@param profile
+@param request
+@return: a constant indicating the state:
+- C.PROFILE_LOGGED
+- C.PROFILE_LOGGED_EXT_JID
+@raise exceptions.ConflictError: session is already active
+"""
+register_with_ext_jid = self.waiting_profiles.getRegisterWithExtJid(profile)
+self.waiting_profiles.purgeRequest(profile)
+_session = request.getSession()
+sat_session = session_iface.ISATSession(_session)
+if sat_session.profile:
+log.error(_(u'/!\\ Session has already a profile, this should NEVER happen!'))
+raise failure.Failure(exceptions.ConflictError("Already active"))
+sat_session.profile = profile
+self.prof_connected.add(profile)
+cache_dir = os.path.join(self.cache_root_dir, regex.pathEscape(profile))
+# FIXME: would be better to have a global /cache URL which redirect to profile's cache directory, without uuid
+self.cache_resource.putChild(sat_session.uuid, ProtectedFile(cache_dir))
+log.debug(_(u"profile cache resource added from {uuid} to {path}").format(uuid=sat_session.uuid, path=cache_dir))
+def onExpire():
+log.info(u"Session expired (profile={profile})".format(profile=profile,))
+self.cache_resource.delEntity(sat_session.uuid)
+log.debug(_(u"profile cache resource {uuid} deleted").format(uuid = sat_session.uuid))
+try:
+#We purge the queue
+del self.signal_handler.queue[profile]
+except KeyError:
+pass
+#and now we disconnect the profile
+self.bridge.disconnect(profile)
+_session.notifyOnExpire(onExpire)
+return C.PROFILE_LOGGED_EXT_JID if register_with_ext_jid else C.PROFILE_LOGGED
+@defer.inlineCallbacks
+def connect(self, request, login, password):
+"""log user in
+If an other user was already logged, it will be unlogged first
+@param request(server.Request): request linked to the session
+@param login(unicode): user login
+can be profile name
+can be profile@[libervia_domain.ext]
+can be a jid (a new profile will be created with this jid if needed)
+@param password(unicode): user password
+@return (unicode, None): C.SESSION_ACTIVE: if session was aleady active else self._logged value
+@raise exceptions.DataError: invalid login
+@raise exceptions.ProfileUnknownError: this login doesn't exist
+@raise exceptions.PermissionError: a login is not accepted (e.g. empty password not allowed)
+@raise exceptions.NotReady: a profile connection is already waiting
+@raise exceptions.TimeoutError: didn't received and answer from Bridge
+@raise exceptions.InternalError: unknown error
+@raise ValueError(C.PROFILE_AUTH_ERROR): invalid login and/or password
+@raise ValueError(C.XMPP_AUTH_ERROR): invalid XMPP account password
+"""
+# XXX: all security checks must be done here, even if present in javascript
+if login.startswith('@'):
+raise failure.Failure(exceptions.DataError('No profile_key allowed'))
+if '@' in login:
+try:
+login_jid = jid.JID(login)
+except (RuntimeError, jid.InvalidFormat, AttributeError):
+raise failure.Failure(exceptions.DataError('No profile_key allowed'))
+# FIXME: should it be cached?
+new_account_domain = yield self.bridgeCall("getNewAccountDomain")
+if login_jid.host == new_account_domain:
+# redirect "user@libervia.org" to the "user" profile
+login = login_jid.user
+login_jid = None
+else:
+login_jid = None
+try:
+profile = yield self.bridgeCall("profileNameGet", login)
+except Exception:  # XXX: ProfileUnknownError wouldn't work, it's encapsulated
+# FIXME: find a better way to handle bridge errors
+if login_jid is not None and login_jid.user:  # try to create a new sat profile using the XMPP credentials
+if not self.options["allow_registration"]:
+log.warning(u"Trying to register JID account while registration is not allowed")
+raise failure.Failure(exceptions.DataError(u"JID login while registration is not allowed"))
+profile = login # FIXME: what if there is a resource?
+connect_method = "asyncConnectWithXMPPCredentials"
+register_with_ext_jid = True
+else: # non existing username
+raise failure.Failure(exceptions.ProfileUnknownError())
+else:
+if profile != login or (not password and profile not in self.options['empty_password_allowed_warning_dangerous_list']):
+# profiles with empty passwords are restricted to local frontends
+raise exceptions.PermissionError
+register_with_ext_jid = False
+connect_method = "connect"
+# we check if there is not already an active session
+sat_session = session_iface.ISATSession(request.getSession())
+if sat_session.profile:
+# yes, there is
+if sat_session.profile != profile:
+# it's a different profile, we need to disconnect it
+log.warning(_(u"{new_profile} requested login, but {old_profile} was already connected, disconnecting {old_profile}").format(
+old_profile = sat_session.profile,
+new_profile = profile))
+self.purgeSession(request)
+if self.waiting_profiles.getRequest(profile):
+# FIXME: check if and when this can happen
+raise failure.Failure(exceptions.NotReady("Already waiting"))
+self.waiting_profiles.setRequest(request, profile, register_with_ext_jid)
+try:
+connected = yield self.bridgeCall(connect_method, profile, password)
+except Exception as failure_:
+fault = failure_.faultString
+self.waiting_profiles.purgeRequest(profile)
+if fault in ('PasswordError', 'ProfileUnknownError'):
+log.info(u"Profile {profile} doesn't exist or the submitted password is wrong".format(profile=profile))
+raise failure.Failure(ValueError(C.PROFILE_AUTH_ERROR))
+elif fault == 'SASLAuthError':
+log.info(u"The XMPP password of profile {profile} is wrong".format(profile=profile))
+raise failure.Failure(ValueError(C.XMPP_AUTH_ERROR))
+elif fault == 'NoReply':
+log.info(_("Did not receive a reply (the timeout expired or the connection is broken)"))
+raise exceptions.TimeOutError
+else:
+log.error(u'Unmanaged fault string "{fault}" in errback for the connection of profile {profile}'.format(
+fault=fault, profile=profile))
+raise failure.Failure(exceptions.InternalError(fault))
+if connected:
+# profile is already connected in backend
+# do we have a corresponding session in Libervia?
+sat_session = session_iface.ISATSession(request.getSession())
+if sat_session.profile:
+# yes, session is active
+if sat_session.profile != profile:
+# existing session should have been ended above
+# so this line should never be reached
+log.error(_(u'session profile [{session_profile}] differs from login profile [{profile}], this should not happen!').format(
+session_profile = sat_session.profile,
+profile = profile
+))
+raise exceptions.InternalError("profile mismatch")
+defer.returnValue(C.SESSION_ACTIVE)
+log.info(_(u"profile {profile} was already connected in backend".format(profile=profile)))
+# no, we have to create it
+defer.returnValue(self._logged(profile, request))
+def registerNewAccount(self, request, login, password, email):
+"""Create a new account, or return error
+@param request(server.Request): request linked to the session
+@param login(unicode): new account requested login
+@param email(unicode): new account email
+@param password(unicode): new account password
+@return(unicode): a constant indicating the state:
+- C.BAD_REQUEST: something is wrong in the request (bad arguments)
+- C.INVALID_INPUT: one of the data is not valid
+- C.REGISTRATION_SUCCEED: new account has been successfully registered
+- C.ALREADY_EXISTS: the given profile already exists
+- C.INTERNAL_ERROR or any unmanaged fault string
+@raise PermissionError: registration is now allowed in server configuration
+"""
+if not self.options["allow_registration"]:
+log.warning(_(u"Registration received while it is not allowed, hack attempt?"))
+raise failure.Failure(exceptions.PermissionError(u"Registration is not allowed on this server"))
+if not re.match(C.REG_LOGIN_RE, login) or \
+not re.match(C.REG_EMAIL_RE, email, re.IGNORECASE) or \
+len(password) < C.PASSWORD_MIN_LENGTH:
+return C.INVALID_INPUT
+def registered(result):
+return C.REGISTRATION_SUCCEED
+def registeringError(failure):
+status = failure.value.faultString
+if status == "ConflictError":
+return C.ALREADY_EXISTS
+elif status == "InternalError":
+return C.INTERNAL_ERROR
+else:
+log.error(_(u'Unknown registering error status: {status }').format(
+status = status))
+return status
+d = self.bridgeCall("registerSatAccount", email, password, login)
+d.addCallback(registered)
+d.addErrback(registeringError)
+return d
 def addCleanup(self, callback, *args, **kwargs):
 """Add cleaning method to call when service is stopped
 cleaning method will be called in reverse order of they insertion
 @param callback: callable to call on service stop
 @param *args: list of arguments of the callback
 @param **kwargs: list of keyword arguments of the callback"""
 self._cleanup.insert(0, (callback, args, kwargs))

Mercurial > libervia-web

comparison src/server/server.py @ 961:22fe06569b1a