linaro-license-protection

Merge lp:~gesha/linaro-license-protection/add-exception-hosts into lp:~linaro-automation/linaro-license-protection/trunk

  1. add-exception-hosts
  2. Merge into trunk
Proposed by Georgy Redkozubov
Status: Merged
Approved by: James Tunnicliffe
Approved revision: 91
Merged at revision: 94
Proposed branch: lp:~gesha/linaro-license-protection/add-exception-hosts
Merge into: lp:~linaro-automation/linaro-license-protection/trunk
Diff against target: 173 lines (+113/-1) (has conflicts)
4 files modified
license_protected_downloads/config.py (+7/-0)
license_protected_downloads/tests/test_views.py (+48/-0)
license_protected_downloads/views.py (+17/-1)
license_protected_downloads/wsgi.py (+41/-0)
Text conflict in license_protected_downloads/tests/test_views.py
Text conflict in license_protected_downloads/views.py
To merge this branch: bzr merge lp:~gesha/linaro-license-protection/add-exception-hosts
Reviewer Review Type Date Requested Status
James Tunnicliffe (community) Approve
Review via email: mp+116455@code.launchpad.net

Description of the change

This branch add hosts that are always allowed to get through the click-through license protection and lost wsgi.py

To post a comment you must log in.
Revision history for this message
James Tunnicliffe (dooferlad) wrote :

Please add a unit test for get_client_ip. I assume you can just push some fake headers through it to make sure that the machines in INTERNAL_HOSTS get through and others don't.

review: Needs Fixing
lp:~gesha/linaro-license-protection/add-exception-hosts updated
91. By Georgy Redkozubov

Added tests for hosts exception.

Revision history for this message
Georgy Redkozubov (gesha) wrote :

I've added tests for hosts exception.

lp:~gesha/linaro-license-protection/add-exception-hosts updated
92. By Georgy Redkozubov

Use internal_host from config file to pass tests even if IP address of the internal host changes.

Revision history for this message
James Tunnicliffe (dooferlad) wrote :

Thanks. Looks good now.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== added file 'license_protected_downloads/config.py'
2--- license_protected_downloads/config.py 1970-01-01 00:00:00 +0000
3+++ license_protected_downloads/config.py 2012-07-31 10:21:20 +0000
4@@ -0,0 +1,7 @@
5+# Configuration file for linaro-license-protection
6+
7+# Let internal hosts through always.
8+INTERNAL_HOSTS = (
9+ '50.17.250.69', # android-build.linaro.org
10+ '82.69.11.23', # validation.linaro.org
11+)
12
13=== modified file 'license_protected_downloads/tests/test_views.py'
14--- license_protected_downloads/tests/test_views.py 2012-07-27 18:57:32 +0000
15+++ license_protected_downloads/tests/test_views.py 2012-07-31 10:21:20 +0000
16@@ -9,6 +9,7 @@
17
18 from license_protected_downloads.buildinfo import BuildInfo
19 from license_protected_downloads.views import _insert_license_into_db
20+from license_protected_downloads.config import INTERNAL_HOSTS
21
22 THIS_DIRECTORY = os.path.dirname(os.path.abspath(__file__))
23 TESTSERVER_ROOT = os.path.join(THIS_DIRECTORY, "testserver_root")
24@@ -332,6 +333,7 @@
25 file_path = os.path.join(TESTSERVER_ROOT, target_file)
26 self.assertEqual(response['X-Sendfile'], file_path)
27
28+<<<<<<< TREE
29 def test_header_html(self):
30 target_file = "~linaro-android"
31 url = urlparse.urljoin("http://testserver/", target_file)
32@@ -340,5 +342,51 @@
33 self.assertContains(response,
34 r"Welcome to the Linaro releases server")
35
36+=======
37+ def test_exception_ip_x_forwarded_for(self):
38+ internal_host = INTERNAL_HOSTS[0]
39+ target_file = 'build-info/origen-blob.txt'
40+ url = urlparse.urljoin("http://testserver/", target_file)
41+ response = self.client.get(url, follow=True,
42+ HTTP_X_FORWARDED_FOR=internal_host)
43+
44+ # If we have access to the file, we will get an X-Sendfile response
45+ self.assertEqual(response.status_code, 200)
46+ file_path = os.path.join(TESTSERVER_ROOT, target_file)
47+ self.assertEqual(response['X-Sendfile'], file_path)
48+
49+ def test_exception_ip_remote_addr(self):
50+ internal_host = INTERNAL_HOSTS[0]
51+ target_file = 'build-info/origen-blob.txt'
52+ url = urlparse.urljoin("http://testserver/", target_file)
53+ response = self.client.get(url, follow=True,
54+ REMOTE_ADDR=internal_host)
55+
56+ # If we have access to the file, we will get an X-Sendfile response
57+ self.assertEqual(response.status_code, 200)
58+ file_path = os.path.join(TESTSERVER_ROOT, target_file)
59+ self.assertEqual(response['X-Sendfile'], file_path)
60+
61+ def test_no_exception_ip(self):
62+ internal_host = '10.1.2.3'
63+ target_file = 'build-info/origen-blob.txt'
64+ file_path = os.path.join(TESTSERVER_ROOT, target_file)
65+ build_info = BuildInfo(file_path)
66+
67+ # Try to fetch file from server - we should be redirected
68+ url = urlparse.urljoin("http://testserver/", target_file)
69+ response = self.client.get(url, follow=True,
70+ REMOTE_ADDR=internal_host)
71+ digest = hashlib.md5(build_info.get("license-text")).hexdigest()
72+ self.assertRedirects(response, '/license?lic=%s&url=%s' %
73+ (digest, target_file))
74+
75+ # Make sure that we get the license text in the license page
76+ self.assertContains(response, build_info.get("license-text"))
77+
78+ # Test that we use the "samsung" theme. This contains exynos.png
79+ self.assertContains(response, "exynos.png")
80+
81+>>>>>>> MERGE-SOURCE
82 if __name__ == '__main__':
83 unittest.main()
84
85=== modified file 'license_protected_downloads/views.py'
86--- license_protected_downloads/views.py 2012-07-27 18:57:32 +0000
87+++ license_protected_downloads/views.py 2012-07-31 10:21:20 +0000
88@@ -21,7 +21,11 @@
89 from buildinfo import BuildInfo
90 from models import License
91 from openid_auth import OpenIDAuth
92+<<<<<<< TREE
93 from BeautifulSoup import BeautifulSoup
94+=======
95+import config
96+>>>>>>> MERGE-SOURCE
97
98
99 def _hidden_file(file_name):
100@@ -188,6 +192,15 @@
101 return digests
102
103
104+def get_client_ip(request):
105+ x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
106+ if x_forwarded_for:
107+ ip = x_forwarded_for.split(',')[-1].strip()
108+ else:
109+ ip = request.META.get('REMOTE_ADDR')
110+ return ip
111+
112+
113 def license_accepted(request, digest):
114 return 'license_accepted_' + digest in request.COOKIES
115
116@@ -268,7 +281,10 @@
117 file_name = os.path.basename(path)
118
119 response = None
120- digests = is_protected(path)
121+ if get_client_ip(request) in config.INTERNAL_HOSTS:
122+ digests = 'OPEN'
123+ else:
124+ digests = is_protected(path)
125 if not digests:
126 # File has no license text but is protected
127 response = HttpResponseForbidden(
128
129=== added file 'license_protected_downloads/wsgi.py'
130--- license_protected_downloads/wsgi.py 1970-01-01 00:00:00 +0000
131+++ license_protected_downloads/wsgi.py 2012-07-31 10:21:20 +0000
132@@ -0,0 +1,41 @@
133+"""
134+WSGI config for license_protected_downloads project.
135+
136+This module contains the WSGI application used by Django's development server
137+and any production WSGI deployments. It should expose a module-level variable
138+named ``application``. Django's ``runserver`` and ``runfcgi`` commands discover
139+this application via the ``WSGI_APPLICATION`` setting.
140+
141+Usually you will have the standard Django WSGI application here, but it also
142+might make sense to replace the whole Django WSGI application with a custom one
143+that later delegates to the Django one. For example, you could introduce WSGI
144+middleware here, or combine a Django application with an application of another
145+framework.
146+
147+"""
148+import os
149+import sys
150+sys.path.append("/usr/lib/python2.7/dist-packages")
151+sys.path.append("/usr/lib/pymodules/python2.7")
152+sys.path.append("/usr/lib/python2.7")
153+
154+# NOTE: Set actual path to directory containing linaro-license-protection app
155+#sys.path.append("linaro-license-protection")
156+
157+os.environ.setdefault(
158+ "DJANGO_SETTINGS_MODULE",
159+ "linaro-license-protection.settings"
160+)
161+
162+# This application object is used by any WSGI server configured to use this
163+# file. This includes Django's development server, if the WSGI_APPLICATION
164+# setting points here.
165+#from django.core.wsgi import get_wsgi_application
166+#application = get_wsgi_application()
167+
168+import django.core.handlers.wsgi
169+application = django.core.handlers.wsgi.WSGIHandler()
170+
171+# Apply WSGI middleware here.
172+# from helloworld.wsgi import HelloWorldApplication
173+# application = HelloWorldApplication(application)

Subscribers

People subscribed via source and target branches