lazr.restful

Merge lp:~cjwatson/lazr.restful/url-dereferencing-server-url into lp:lazr.restful

  1. url-dereferencing-server-url
  2. Merge into trunk
Proposed by Colin Watson
Status: Merged
Merged at revision: 255
Proposed branch: lp:~cjwatson/lazr.restful/url-dereferencing-server-url
Merge into: lp:lazr.restful
Diff against target: 91 lines (+33/-1)
4 files modified
NEWS.rst (+5/-0)
src/lazr/restful/docs/webservice-marshallers.rst (+9/-0)
src/lazr/restful/example/base/traversal.py (+16/-1)
src/lazr/restful/marshallers.py (+3/-0)
To merge this branch: bzr merge lp:~cjwatson/lazr.restful/url-dereferencing-server-url
Reviewer Review Type Date Requested Status
Tom Wardill (community) Approve
Review via email: mp+390089@code.launchpad.net

Commit message

Fix dereferencing of URLs that redirect within HTTPS requests.

Description of the change

URLDereferencingMixin.dereference_url didn't necessarily set SERVER_URL, so the request machinery defaulted to http:// URLs. This could cause dereferencing failures depending on the strictness of the IAbsoluteURL adapter being used.

To post a comment you must log in.
Revision history for this message
Tom Wardill (twom) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'NEWS.rst'
2--- NEWS.rst 2020-07-08 14:50:01 +0000
3+++ NEWS.rst 2020-09-01 13:34:53 +0000
4@@ -2,6 +2,11 @@
5 NEWS for lazr.restful
6 =====================
7
8+0.22.2
9+======
10+
11+Fix dereferencing of URLs that redirect within HTTPS requests.
12+
13 0.22.1 (2020-07-08)
14 ===================
15
16
17=== modified file 'src/lazr/restful/docs/webservice-marshallers.rst'
18--- src/lazr/restful/docs/webservice-marshallers.rst 2020-08-10 15:05:58 +0000
19+++ src/lazr/restful/docs/webservice-marshallers.rst 2020-09-01 13:34:53 +0000
20@@ -718,6 +718,15 @@
21 >>> print(cookbook.name)
22 Mastering the Art of French Cooking
23
24+ >>> from lazr.restful.interfaces import IWebServiceConfiguration
25+ >>> webservice_configuration = getUtility(IWebServiceConfiguration)
26+ >>> webservice_configuration.use_https = True
27+ >>> cookbook = reference_marshaller.marshall_from_json_data(
28+ ... '/cookbooks/featured')
29+ >>> print(cookbook.name)
30+ Mastering the Art of French Cooking
31+ >>> webservice_configuration.use_https = False
32+
33 Collections
34 -----------
35
36
37=== modified file 'src/lazr/restful/example/base/traversal.py'
38--- src/lazr/restful/example/base/traversal.py 2020-02-04 13:17:32 +0000
39+++ src/lazr/restful/example/base/traversal.py 2020-09-01 13:34:53 +0000
40@@ -13,7 +13,11 @@
41 ]
42
43
44-from six.moves.urllib.parse import unquote
45+from six.moves.urllib.parse import (
46+ unquote,
47+ urlparse,
48+ )
49+from zope.component import getUtility
50 from zope.publisher.interfaces import IPublishTraverse, NotFound
51 from zope.publisher.interfaces.browser import IDefaultBrowserLayer
52 from zope.traversing.browser import absoluteURL, AbsoluteURL
53@@ -21,6 +25,7 @@
54 import grokcore.component
55
56 from lazr.restful.example.base.interfaces import ICookbookSet, IHasGet
57+from lazr.restful.interfaces import IWebServiceConfiguration
58 from lazr.restful.simple import (
59 RootResourceAbsoluteURL,
60 SimulatedWebsiteRequest,
61@@ -73,6 +78,16 @@
62 grokcore.component.implements(IPublishTraverse)
63
64 def publishTraverse(self, request, name):
65+ # XXX cjwatson 2020-09-01:
66+ # lazr.restful.simple.RootResourceAbsoluteURL is a bit too
67+ # permissive, and is happy to generate URLs even if the request
68+ # protocol disagrees with the webservice configuration. We should
69+ # perhaps fix this, although it could be a compatibility break. For
70+ # now, check coherence here for testing purposes.
71+ config = getUtility(IWebServiceConfiguration)
72+ root_url = request.getApplicationURL()
73+ if config.use_https != (urlparse(root_url).scheme == 'https'):
74+ raise NotFound(self.context, name, request)
75 if name == 'featured':
76 url = absoluteURL(self.context.featured, request)
77 return RedirectResource(url, request)
78
79=== modified file 'src/lazr/restful/marshallers.py'
80--- src/lazr/restful/marshallers.py 2020-08-17 11:46:51 +0000
81+++ src/lazr/restful/marshallers.py 2020-09-01 13:34:53 +0000
82@@ -122,6 +122,9 @@
83 server_url = self.request.get('SERVER_URL')
84 if server_url is not None:
85 environ['SERVER_URL'] = server_url
86+ else:
87+ environ['SERVER_URL'] = '%s://%s' % (
88+ site_protocol, full_request_host)
89 request = config.createRequest(BytesIO(), environ)
90 request.setTraversalStack(path_parts)
91 root = request.publication.getApplication(self.request)

Subscribers

People subscribed via source and target branches