linaro-license-protection

Merge lp:~gesha/linaro-license-protection/add-exception-hosts into lp:~linaro-automation/linaro-license-protection/trunk

  1. add-exception-hosts
  2. Merge into trunk
Proposed by Georgy Redkozubov
Status: Merged
Approved by: James Tunnicliffe
Approved revision: 91
Merged at revision: 94
Proposed branch: lp:~gesha/linaro-license-protection/add-exception-hosts
Merge into: lp:~linaro-automation/linaro-license-protection/trunk
Diff against target: 173 lines (+113/-1) (has conflicts)
4 files modified
license_protected_downloads/config.py (+7/-0)
license_protected_downloads/tests/test_views.py (+48/-0)
license_protected_downloads/views.py (+17/-1)
license_protected_downloads/wsgi.py (+41/-0)
Text conflict in license_protected_downloads/tests/test_views.py
Text conflict in license_protected_downloads/views.py
To merge this branch: bzr merge lp:~gesha/linaro-license-protection/add-exception-hosts
Reviewer Review Type Date Requested Status
James Tunnicliffe (community) Approve
Review via email: mp+116455@code.launchpad.net

Description of the change

This branch add hosts that are always allowed to get through the click-through license protection and lost wsgi.py

To post a comment you must log in.
Revision history for this message
James Tunnicliffe (dooferlad) wrote :

Please add a unit test for get_client_ip. I assume you can just push some fake headers through it to make sure that the machines in INTERNAL_HOSTS get through and others don't.

review: Needs Fixing
lp:~gesha/linaro-license-protection/add-exception-hosts updated
91. By Georgy Redkozubov

Added tests for hosts exception.

Revision history for this message
Georgy Redkozubov (gesha) wrote :

I've added tests for hosts exception.

lp:~gesha/linaro-license-protection/add-exception-hosts updated
92. By Georgy Redkozubov

Use internal_host from config file to pass tests even if IP address of the internal host changes.

Revision history for this message
James Tunnicliffe (dooferlad) wrote :

Thanks. Looks good now.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== added file 'license_protected_downloads/config.py'
--- license_protected_downloads/config.py 1970-01-01 00:00:00 +0000
+++ license_protected_downloads/config.py 2012-07-31 10:21:20 +0000
@@ -0,0 +1,7 @@
1# Configuration file for linaro-license-protection
2
3# Let internal hosts through always.
4INTERNAL_HOSTS = (
5 '50.17.250.69', # android-build.linaro.org
6 '82.69.11.23', # validation.linaro.org
7)
08
=== modified file 'license_protected_downloads/tests/test_views.py'
--- license_protected_downloads/tests/test_views.py 2012-07-27 18:57:32 +0000
+++ license_protected_downloads/tests/test_views.py 2012-07-31 10:21:20 +0000
@@ -9,6 +9,7 @@
99
10from license_protected_downloads.buildinfo import BuildInfo10from license_protected_downloads.buildinfo import BuildInfo
11from license_protected_downloads.views import _insert_license_into_db11from license_protected_downloads.views import _insert_license_into_db
12from license_protected_downloads.config import INTERNAL_HOSTS
1213
13THIS_DIRECTORY = os.path.dirname(os.path.abspath(__file__))14THIS_DIRECTORY = os.path.dirname(os.path.abspath(__file__))
14TESTSERVER_ROOT = os.path.join(THIS_DIRECTORY, "testserver_root")15TESTSERVER_ROOT = os.path.join(THIS_DIRECTORY, "testserver_root")
@@ -332,6 +333,7 @@
332 file_path = os.path.join(TESTSERVER_ROOT, target_file)333 file_path = os.path.join(TESTSERVER_ROOT, target_file)
333 self.assertEqual(response['X-Sendfile'], file_path)334 self.assertEqual(response['X-Sendfile'], file_path)
334335
336<<<<<<< TREE
335 def test_header_html(self):337 def test_header_html(self):
336 target_file = "~linaro-android"338 target_file = "~linaro-android"
337 url = urlparse.urljoin("http://testserver/", target_file)339 url = urlparse.urljoin("http://testserver/", target_file)
@@ -340,5 +342,51 @@
340 self.assertContains(response,342 self.assertContains(response,
341 r"Welcome to the Linaro releases server")343 r"Welcome to the Linaro releases server")
342344
345=======
346 def test_exception_ip_x_forwarded_for(self):
347 internal_host = INTERNAL_HOSTS[0]
348 target_file = 'build-info/origen-blob.txt'
349 url = urlparse.urljoin("http://testserver/", target_file)
350 response = self.client.get(url, follow=True,
351 HTTP_X_FORWARDED_FOR=internal_host)
352
353 # If we have access to the file, we will get an X-Sendfile response
354 self.assertEqual(response.status_code, 200)
355 file_path = os.path.join(TESTSERVER_ROOT, target_file)
356 self.assertEqual(response['X-Sendfile'], file_path)
357
358 def test_exception_ip_remote_addr(self):
359 internal_host = INTERNAL_HOSTS[0]
360 target_file = 'build-info/origen-blob.txt'
361 url = urlparse.urljoin("http://testserver/", target_file)
362 response = self.client.get(url, follow=True,
363 REMOTE_ADDR=internal_host)
364
365 # If we have access to the file, we will get an X-Sendfile response
366 self.assertEqual(response.status_code, 200)
367 file_path = os.path.join(TESTSERVER_ROOT, target_file)
368 self.assertEqual(response['X-Sendfile'], file_path)
369
370 def test_no_exception_ip(self):
371 internal_host = '10.1.2.3'
372 target_file = 'build-info/origen-blob.txt'
373 file_path = os.path.join(TESTSERVER_ROOT, target_file)
374 build_info = BuildInfo(file_path)
375
376 # Try to fetch file from server - we should be redirected
377 url = urlparse.urljoin("http://testserver/", target_file)
378 response = self.client.get(url, follow=True,
379 REMOTE_ADDR=internal_host)
380 digest = hashlib.md5(build_info.get("license-text")).hexdigest()
381 self.assertRedirects(response, '/license?lic=%s&url=%s' %
382 (digest, target_file))
383
384 # Make sure that we get the license text in the license page
385 self.assertContains(response, build_info.get("license-text"))
386
387 # Test that we use the "samsung" theme. This contains exynos.png
388 self.assertContains(response, "exynos.png")
389
390>>>>>>> MERGE-SOURCE
343if __name__ == '__main__':391if __name__ == '__main__':
344 unittest.main()392 unittest.main()
345393
=== modified file 'license_protected_downloads/views.py'
--- license_protected_downloads/views.py 2012-07-27 18:57:32 +0000
+++ license_protected_downloads/views.py 2012-07-31 10:21:20 +0000
@@ -21,7 +21,11 @@
21from buildinfo import BuildInfo21from buildinfo import BuildInfo
22from models import License22from models import License
23from openid_auth import OpenIDAuth23from openid_auth import OpenIDAuth
24<<<<<<< TREE
24from BeautifulSoup import BeautifulSoup25from BeautifulSoup import BeautifulSoup
26=======
27import config
28>>>>>>> MERGE-SOURCE
2529
2630
27def _hidden_file(file_name):31def _hidden_file(file_name):
@@ -188,6 +192,15 @@
188 return digests192 return digests
189193
190194
195def get_client_ip(request):
196 x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
197 if x_forwarded_for:
198 ip = x_forwarded_for.split(',')[-1].strip()
199 else:
200 ip = request.META.get('REMOTE_ADDR')
201 return ip
202
203
191def license_accepted(request, digest):204def license_accepted(request, digest):
192 return 'license_accepted_' + digest in request.COOKIES205 return 'license_accepted_' + digest in request.COOKIES
193206
@@ -268,7 +281,10 @@
268 file_name = os.path.basename(path)281 file_name = os.path.basename(path)
269282
270 response = None283 response = None
271 digests = is_protected(path)284 if get_client_ip(request) in config.INTERNAL_HOSTS:
285 digests = 'OPEN'
286 else:
287 digests = is_protected(path)
272 if not digests:288 if not digests:
273 # File has no license text but is protected289 # File has no license text but is protected
274 response = HttpResponseForbidden(290 response = HttpResponseForbidden(
275291
=== added file 'license_protected_downloads/wsgi.py'
--- license_protected_downloads/wsgi.py 1970-01-01 00:00:00 +0000
+++ license_protected_downloads/wsgi.py 2012-07-31 10:21:20 +0000
@@ -0,0 +1,41 @@
1"""
2WSGI config for license_protected_downloads project.
3
4This module contains the WSGI application used by Django's development server
5and any production WSGI deployments. It should expose a module-level variable
6named ``application``. Django's ``runserver`` and ``runfcgi`` commands discover
7this application via the ``WSGI_APPLICATION`` setting.
8
9Usually you will have the standard Django WSGI application here, but it also
10might make sense to replace the whole Django WSGI application with a custom one
11that later delegates to the Django one. For example, you could introduce WSGI
12middleware here, or combine a Django application with an application of another
13framework.
14
15"""
16import os
17import sys
18sys.path.append("/usr/lib/python2.7/dist-packages")
19sys.path.append("/usr/lib/pymodules/python2.7")
20sys.path.append("/usr/lib/python2.7")
21
22# NOTE: Set actual path to directory containing linaro-license-protection app
23#sys.path.append("linaro-license-protection")
24
25os.environ.setdefault(
26 "DJANGO_SETTINGS_MODULE",
27 "linaro-license-protection.settings"
28)
29
30# This application object is used by any WSGI server configured to use this
31# file. This includes Django's development server, if the WSGI_APPLICATION
32# setting points here.
33#from django.core.wsgi import get_wsgi_application
34#application = get_wsgi_application()
35
36import django.core.handlers.wsgi
37application = django.core.handlers.wsgi.WSGIHandler()
38
39# Apply WSGI middleware here.
40# from helloworld.wsgi import HelloWorldApplication
41# application = HelloWorldApplication(application)

Subscribers

People subscribed via source and target branches