This file is indexed.

/usr/share/pyshared/nevow/guard.py is in python-nevow 0.10.0-4build1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
# -*- test-case-name: nevow.test.test_guard -*-
# Copyright (c) 2004-2008 Divmod.
# See LICENSE for details.

"""
Resource protection for Nevow. If you wish to use twisted.cred to protect your
Nevow application, you are probably most interested in
L{SessionWrapper}.
"""

__metaclass__ = type

import random
import time
import md5
import StringIO

from zope.interface import implements

# Twisted Imports

from twisted.python import log, components
from twisted.internet import defer
from twisted.cred.error import UnauthorizedLogin
from twisted.cred.credentials import UsernamePassword, Anonymous

try:
    from twisted.web import http
except ImportError:
    from twisted.protocols import http

# Nevow imports
from nevow import inevow, url, stan


def _sessionCookie():
    return md5.new("%s_%s" % (str(random.random()) , str(time.time()))).hexdigest()


class GuardSession(components.Componentized):
    """A user's session with a system.

    This utility class contains no functionality, but is used to
    represent a session.
    """
    implements(inevow.ISession, inevow.IGuardSession)

    def __init__(self, guard, uid):
        """Initialize a session with a unique ID for that session.
        """
        components.Componentized.__init__(self)
        self.guard = guard
        self.uid = uid
        self.expireCallbacks = []
        self.checkExpiredID = None
        self.setLifetime(60)
        self.portals = {}
        self.touch()

    # New Guard Interfaces

    def getLoggedInRoot(self):
        """Get the most-recently-logged-in avatar.
        """
        # XXX TODO: need to actually sort avatars by login order!
        if len(self.portals) != 1:
            raise RuntimeError("Ambiguous request for current avatar.")
        return self.portals.values()[0][0]

    def resourceForPortal(self, port):
        return self.portals.get(port)

    def setDefaultResource(self, rsrc, logout):
        """

        Change the root-resource available to the user who has already
        authenticated anonymously.  This only works in applications that DO NOT
        use the multiple-simultaneous-portals feature.  If you do not know what
        this means, you may safely ignore it.

        """
        if len(self.portals) != 1:
            raise RuntimeError("Ambiguous request for current avatar.")
        self.setResourceForPortal(
            rsrc,
            self.portals.keys()[0],
            logout)

    def setResourceForPortal(self, rsrc, port, logout):
        """Change the root-resource available to a user authenticating against a given
        portal.

        If a user was already logged in to this session from that portal, first
        log them out.

        @param rsrc: an L{IResource} implementor.
        @param port: a cred Portal instance.
        @param logout: a 0-arg callable to be invoked upon logout.
        """
        self.portalLogout(port)
        self.portals[port] = rsrc, logout
        return rsrc

    def portalLogout(self, port):
        """
        If we have previously acccepted a login for this portal, call its
        logout method and de-associate that portal from this session, catching
        any errors from the logout method.

        Otherwise: do nothing.

        @param port: a cred Portal.
        """
        p = self.portals.get(port)
        if p:
            log.msg('Logout of portal %r' % port)
            r, l = p
            try:
                l()
            except:
                log.err()
            del self.portals[port]

    # timeouts and expiration

    def setLifetime(self, lifetime):
        """Set the approximate lifetime of this session, in seconds.

        This is highly imprecise, but it allows you to set some general
        parameters about when this session will expire.  A callback will be
        scheduled each 'lifetime' seconds, and if I have not been 'touch()'ed
        in half a lifetime, I will be immediately expired.
        """
        self.lifetime = lifetime

    def notifyOnExpire(self, callback):
        """Call this callback when the session expires or logs out.
        """
        self.expireCallbacks.append(callback)

    def expire(self):
        """Expire/logout of the session.
        """
        log.msg("expired session %s" % str(self.uid))
        del self.guard.sessions[self.uid]

        # Logout of all portals
        for portal in self.portals.keys():
            self.portalLogout(portal)

        for c in self.expireCallbacks:
            try:
                c()
            except:
                log.err()
        self.expireCallbacks = []
        if self.checkExpiredID:
            self.checkExpiredID.cancel()
            self.checkExpiredID = None

    def touch(self):
        self.lastModified = time.time()

    def checkExpired(self):
        # Import reactor here to avoid installing default at startup
        from twisted.internet import reactor
        self.checkExpiredID = None
        # If I haven't been touched in 15 minutes:
        if time.time() - self.lastModified > self.lifetime / 2:
            if self.guard.sessions.has_key(self.uid):
                self.expire()
            else:
                log.msg("no session to expire: %s" % str(self.uid))
        else:
            log.msg("session given the will to live for %s more seconds" % self.lifetime)
            self.checkExpiredID = reactor.callLater(self.lifetime,
                                                    self.checkExpired)
    def __getstate__(self):
        d = self.__dict__.copy()
        if d.has_key('checkExpiredID'):
            del d['checkExpiredID']
        return d

    def __setstate__(self, d):
        self.__dict__.update(d)
        self.touch()
        self.checkExpired()


def urlToChild(ctx, *ar, **kw):
    u = url.URL.fromContext(ctx)
    for segment in ar:
        u = u.child(stan.xml(segment))
    if inevow.IRequest(ctx).method == 'POST':
        u = u.clear()
    for k,v in kw.items():
        u = u.replace(k, v)

    return u


SESSION_KEY = '__session_key__'
LOGIN_AVATAR = '__login__'
LOGOUT_AVATAR = '__logout__'


def nomind(*args): return None

class Forbidden(object):
    implements(inevow.IResource)

    def locateChild(self, ctx, segments):
        return self

    def renderHTTP(self, ctx):
        request = inevow.IRequest(ctx)
        request.setResponseCode(http.FORBIDDEN)
        return ("<html><head><title>Forbidden</title></head>"
                "<body><h1>Forbidden</h1>Request was forbidden.</body></html>")

class SessionWrapper:
    """
    SessionWrapper

    The following class attributes can be modified on an instance
    of the class.

    @ivar secureCookies: Whether to use secure (TLS only) cookies or not. If
      C{True} (the default), make cookies secure when session is initiated
      in a secure (TLS) connection.  If C{False}, cookies will not be given
      the secure attribute.

    @ivar persistentCookies: Whether to use persistent (saved to disk)
        cookies or not.  If C{True}, make cookies persistent, so they are
        valid for the length of the C{sessionLifetime} even if the browser
        window is closed.  If C{False} (the default), cookies do not get
        saved to disk, and thus last only as long as the session does.  If
        the browser is closed before the session timeout, both the session
        and the cookie go away.
    """
    implements(inevow.IResource)

    sessionLifetime = 3600
    sessionFactory = GuardSession

    # The interface to cred for when logging into the portal
    credInterface = inevow.IResource

    useCookies = True
    secureCookies = True
    persistentCookies = False

    def __init__(self, portal, cookieKey=None, mindFactory=None, credInterface=None, useCookies=None):
        self.portal = portal
        if cookieKey is None:
            cookieKey = "woven_session_" + _sessionCookie()
        self.cookieKey = cookieKey
        self.sessions = {}
        if mindFactory is None:
            mindFactory = nomind
        self.mindFactory = mindFactory
        if credInterface is not None:
            self.credInterface = credInterface
        if useCookies is not None:
            self.useCookies = useCookies
        # Backwards compatibility; remove asap
        self.resource = self

    def renderHTTP(self, ctx):
        request = inevow.IRequest(ctx)
        d = defer.maybeDeferred(self._delegate, ctx, [])
        def _cb((resource, segments), ctx):
            assert not segments
            res = inevow.IResource(resource)
            return res.renderHTTP(ctx)
        d.addCallback(_cb, ctx)
        return d

    def locateChild(self, ctx, segments):
        request = inevow.IRequest(ctx)
        path = segments[0]
        if self.useCookies:
            cookie = request.getCookie(self.cookieKey)
        else:
            cookie = ''

        if path.startswith(SESSION_KEY):
            key = path[len(SESSION_KEY):]
            if key not in self.sessions:
                return urlToChild(ctx, *segments[1:], **{'__start_session__':1}), ()
            self.sessions[key].setLifetime(self.sessionLifetime)
            if cookie == key:
                # /sessionized-url/${SESSION_KEY}aef9c34aecc3d9148/foo
                #                  ^
                #                  we are this getChild
                # with a matching cookie
                self.sessions[key].sessionJustStarted = True
                return urlToChild(ctx, *segments[1:]), ()
            else:
                # We attempted to negotiate the session but failed (the user
                # probably has cookies disabled): now we're going to return the
                # resource we contain.  In general the getChild shouldn't stop
                # there.
                # /sessionized-url/${SESSION_KEY}aef9c34aecc3d9148/foo
                #                  ^ we are this getChild
                # without a cookie (or with a mismatched cookie)
                return self.checkLogin(ctx, self.sessions[key],
                                       segments[1:],
                                       sessionURL=segments[0])
        else:
            # /sessionized-url/foo
            #                 ^ we are this getChild
            # with or without a session
            return self._delegate(ctx, segments)

    def _delegate(self, ctx, segments):
        """Identify the session by looking at cookies and HTTP auth headers, use that
        session key to identify the wrapped resource, then return a deferred
        which fires a 2-tuple of (resource, segments) to the top-level
        redirection code code which will delegate IResource's renderHTTP or
        locateChild methods to it
        """
        request = inevow.IRequest(ctx)
        cookie = request.getCookie(self.cookieKey)
        # support HTTP auth, no redirections
        userpass = request.getUser(), request.getPassword()
        httpAuthSessionKey = 'HTTP AUTH: %s:%s' % userpass

        for sessionKey in cookie, httpAuthSessionKey:
            if sessionKey in self.sessions:
                session = self.sessions[sessionKey]
                return self.checkLogin(ctx, session, segments)
        # without a session

        if userpass != ('',''):
            # the user is trying to log in with HTTP auth, but they don't have
            # a session.  So, make them one.
            sz = self.sessions[httpAuthSessionKey] = self.sessionFactory(self, httpAuthSessionKey)
            # kick off the expiry timer.
            sz.checkExpired()
            return self.checkLogin(ctx, sz, segments, None, UsernamePassword(*userpass))

        # no, really, without a session
        ## Redirect to the URL with the session key in it, plus the segments of the url
        rd = self.createSession(ctx, segments)
        return rd, ()

    def createSession(self, ctx, segments):
        """
        Create a new session for this request, and redirect back to the path
        given by segments.
        """

        request = inevow.IRequest(ctx)

        newCookie = _sessionCookie()
        if self.useCookies:
            if self.secureCookies and request.isSecure():
                secure = True
            else:
                secure = False
            if self.persistentCookies and self.sessionLifetime:
                expires = http.datetimeToString(time.time() + self.sessionLifetime)
            else:
                expires = None
            request.addCookie(self.cookieKey, newCookie,
                              path="/%s" % '/'.join(request.prepath),
                              secure=secure, expires=expires,
                              domain=self.cookieDomainForRequest(request))
        sz = self.sessions[newCookie] = self.sessionFactory(self, newCookie)
        sz.args = request.args
        sz.fields = request.fields
        sz.method = request.method
        sz.received_headers = request.received_headers
        sz.checkExpired()
        return urlToChild(ctx, SESSION_KEY+newCookie, *segments)

    def checkLogin(self, ctx, session, segments, sessionURL=None, httpAuthCredentials=None):
        """
        Associate the given request with the given session and:

            - log the user in to our portal, if they are accessing a login URL

            - log the user out from our portal (calling their logout callback),
              if they are logged in and accessing a logout URL

            - Move the request parameters saved on the session, if there are
              any, onto the request if a session just started or a login
              just succeeded.

        @return:

            - if the user is already logged in: a 2-tuple of requestObject,
              C{segments} (i.e. the segments parameter)

            - if the user is not logged in and not logging in, call login() to
              initialize an anonymous session, and return a 2-tuple of
              (rootResource, segments-parameter) from that anonymous session.
              This counts as logging in for the purpose of future calls to
              checkLogin.

            - if the user is accessing a login URL: a 2-tuple of the logged in
              resource object root and the remainder of the segments (i.e. the
              URL minus __login__) to be passed to that resource.

        """
        request = inevow.IRequest(ctx)
        session.touch()
        request.session = session
        root = url.URL.fromContext(request)
        if sessionURL is not None:
            root = root.child(sessionURL)
        request.rememberRootURL(str(root))

        spoof = False
        if getattr(session, 'sessionJustStarted', False):
            del session.sessionJustStarted
            spoof = True
        if getattr(session, 'justLoggedIn', False):
            del session.justLoggedIn
            spoof = True
        if spoof and hasattr(session, 'args'):
            request.args = session.args
            request.fields = session.fields
            request.content = StringIO.StringIO()
            request.content.close()
            request.method = session.method
            request.received_headers = session.received_headers

            del session.args, session.fields, session.method, session.received_headers


        if segments and segments[0] in (LOGIN_AVATAR, LOGOUT_AVATAR):
            authCommand = segments[0]
        else:
            authCommand = None

        if httpAuthCredentials:
            # This is the FIRST TIME we have hit an HTTP auth session with our
            # credentials.  We are going to perform login.
            assert not authCommand, (
                "HTTP auth support isn't that robust.  "
                "Come up with something to do that makes sense here.")
            return self.login(request, session, httpAuthCredentials, segments).addErrback(
                self.authRequiredError, session
                )

        if authCommand == LOGIN_AVATAR:
            subSegments = segments[1:]
            def unmangleURL((res,segs)):
                # Tell the session that we just logged in so that it will
                # remember form values for us.
                session.justLoggedIn = True
                # Then, generate a redirect back to where we're supposed to be
                # by looking at the root of the site and calculating the path
                # down from there using the segments we were passed.
                u = url.URL.fromString(request.getRootURL())
                for seg in subSegments:
                    u = u.child(seg)
                return u, ()
            return self.login(request, session, self.getCredentials(request), subSegments).addCallback(
                unmangleURL).addErrback(
                self.incorrectLoginError, ctx, subSegments, "Incorrect login."
                )
        elif authCommand == LOGOUT_AVATAR:
            self.explicitLogout(session)
            return urlToChild(ctx, *segments[1:]), ()
        else:
            r = session.resourceForPortal(self.portal)
            if r:
                ## Delegate our getChild to the resource our portal says is the right one.
                return r[0], segments
            else:
                # XXX I don't think that the errback here will work at all,
                # because the redirect loop would be infinite.  Perhaps this
                # should be closer to the HTTP auth path?
                return self.login(request, session, Anonymous(), segments).addErrback(
                    self.incorrectLoginError, ctx, segments, 'Anonymous access not allowed.')

    def explicitLogout(self, session):
        """
        Hook to be overridden if you care about user-requested logout.

        Note: there is no return value from this method; it is purely a way to
        provide customized behavior that distinguishes between session-expiry
        logout, which is what 99% of code cares about, and explicit user
        logout, which you may need to be notified of if (for example) your
        application sets other HTTP cookies which refer to server-side state,
        and you want to expire that state in a manual logout but not with an
        automated logout.  (c.f. Quotient's persistent sessions.)

        If you want the user to see a customized logout page, just generate a
        logout link that looks like::

            http://your-site.example.com/__logout__/my/custom/logout/stuff

        and the user will see::

            http://your-site.example.com/my/custom/logout/stuff

        as their first URL after becoming anonymous again.
        """
        session.portalLogout(self.portal)

    def getCredentials(self, request):
        username = request.args.get('username', [''])[0]
        password = request.args.get('password', [''])[0]
        return UsernamePassword(username, password)

    def login(self, request, session, credentials, segments):
        """

        - Calls login() on our portal.

        - creates a mind from my mindFactory, with the request and credentials

        - Associates the mind with the given session.

        - Associates the resource returned from my portal's login() with my
          portal in the given session.

        @return: a Deferred which fires a 2-tuple of the resource returned from
        my portal's login() and the passed list of segments upon successful
        login.

        """
        mind = self.mindFactory(request, credentials)
        session.mind = mind
        return self.portal.login(credentials, mind, self.credInterface).addCallback(
            self._cbLoginSuccess, session, segments
        )

    def _cbLoginSuccess(self, (iface, res, logout), session, segments):
        session.setResourceForPortal(res, self.portal, logout)
        return res, segments

    def incorrectLoginError(self, error, ctx, segments, loginFailure):
        """ Used as an errback upon failed login, returns a 2-tuple of a failure URL
        with the query argument 'login-failure' set to the parameter
        loginFailure, and an empty list of segments, to redirect to that URL.
        The basis for this error URL, i.e. the part before the query string, is
        taken either from the 'referer' header from the given request if one
        exists, or a computed URL that points at the same page that the user is
        currently looking at to attempt login.  Any existing query string will
        be stripped.
        """
        request = inevow.IRequest(ctx)
        error.trap(UnauthorizedLogin)
        referer = request.getHeader("referer")
        if referer is not None:
            u = url.URL.fromString(referer)
        else:
            u = urlToChild(ctx, *segments)

        u = u.clear()
        u = u.add('login-failure', loginFailure)
        return u, ()

    def authRequiredError(self, error, session):
        session.expire()
        error.trap(UnauthorizedLogin)
        return Forbidden(), ()


    def cookieDomainForRequest(self, request):
        """
        Specify the domain restriction on the session cookie.

        @param request: The request object in response to which a cookie is
            being set.

        @return: C{None} or a C{str} giving the domain restriction to set on
            the cookie.
        """
        return None