paulb@108 | 1 | #!/usr/bin/env python |
paulb@108 | 2 | |
paulb@108 | 3 | """ |
paulb@108 | 4 | CGI classes. |
paulb@108 | 5 | """ |
paulb@108 | 6 | |
paulb@108 | 7 | import Generic |
paulb@108 | 8 | import os, sys |
paulb@258 | 9 | from Helpers.Request import MessageBodyStream, get_body_fields, get_storage_items, Cookie |
paulb@167 | 10 | from Helpers.Response import ConvertingStream |
paulb@108 | 11 | from Helpers.Auth import UserInfo |
paulb@239 | 12 | from Helpers.Session import SessionStore |
paulb@108 | 13 | from Helpers import Environment |
paulb@108 | 14 | from cgi import parse_qs, FieldStorage |
paulb@258 | 15 | from Cookie import SimpleCookie |
paulb@108 | 16 | from StringIO import StringIO |
paulb@108 | 17 | |
paulb@108 | 18 | class Transaction(Generic.Transaction): |
paulb@108 | 19 | |
paulb@108 | 20 | """ |
paulb@108 | 21 | CGI transaction interface. |
paulb@108 | 22 | """ |
paulb@108 | 23 | |
paulb@108 | 24 | def __init__(self, input=None, output=None, env=None): |
paulb@108 | 25 | |
paulb@108 | 26 | """ |
paulb@108 | 27 | Initialise the transaction using the CGI 'input' and 'output' streams. |
paulb@108 | 28 | These streams are optional and default to standard input and standard |
paulb@108 | 29 | output respectively. |
paulb@108 | 30 | """ |
paulb@108 | 31 | |
paulb@108 | 32 | self.input = input or sys.stdin |
paulb@108 | 33 | self.output = output or sys.stdout |
paulb@108 | 34 | self.env = env or os.environ |
paulb@108 | 35 | |
paulb@108 | 36 | # Other attributes of interest in instances of this class. |
paulb@108 | 37 | |
paulb@108 | 38 | self.content_type = None |
paulb@108 | 39 | self.response_code = 200 |
paulb@108 | 40 | self.content = StringIO() |
paulb@108 | 41 | self.headers_out = {} |
paulb@258 | 42 | self.cookies_out = SimpleCookie() |
paulb@128 | 43 | self.user = None |
paulb@108 | 44 | |
paulb@108 | 45 | # Define the incoming cookies. |
paulb@108 | 46 | |
paulb@258 | 47 | self.cookies_in = SimpleCookie(self.env.get("HTTP_COOKIE")) |
paulb@108 | 48 | |
paulb@133 | 49 | # Cached information. |
paulb@133 | 50 | |
paulb@133 | 51 | self.storage_body = None |
paulb@133 | 52 | |
paulb@239 | 53 | # Special objects retained throughout the transaction. |
paulb@239 | 54 | |
paulb@239 | 55 | self.session_store = None |
paulb@239 | 56 | |
paulb@108 | 57 | def commit(self): |
paulb@108 | 58 | |
paulb@108 | 59 | """ |
paulb@108 | 60 | A special method, synchronising the transaction with framework-specific |
paulb@108 | 61 | objects. |
paulb@108 | 62 | |
paulb@108 | 63 | See draft-coar-cgi-v11-03, section 7. |
paulb@108 | 64 | """ |
paulb@108 | 65 | |
paulb@239 | 66 | # Close the session store. |
paulb@239 | 67 | |
paulb@239 | 68 | if self.session_store is not None: |
paulb@239 | 69 | self.session_store.close() |
paulb@239 | 70 | |
paulb@108 | 71 | # NOTE: Provide sensible messages. |
paulb@108 | 72 | |
paulb@108 | 73 | self.output.write("Status: %s %s\n" % (self.response_code, "WebStack status")) |
paulb@108 | 74 | if self.content_type is not None: |
paulb@224 | 75 | self.output.write("Content-type: %s\n" % str(self.content_type)) |
paulb@108 | 76 | for header, value in self.headers_out.items(): |
paulb@108 | 77 | self.output.write("%s: %s\n" % |
paulb@108 | 78 | (self.format_header_value(header), self.format_header_value(value)) |
paulb@108 | 79 | ) |
paulb@108 | 80 | self.output.write(str(self.cookies_out)) |
paulb@108 | 81 | self.output.write("\n") |
paulb@133 | 82 | self.output.write("\n") |
paulb@108 | 83 | |
paulb@108 | 84 | self.content.seek(0) |
paulb@108 | 85 | self.output.write(self.content.read()) |
paulb@108 | 86 | |
paulb@108 | 87 | # Request-related methods. |
paulb@108 | 88 | |
paulb@108 | 89 | def get_request_stream(self): |
paulb@108 | 90 | |
paulb@108 | 91 | """ |
paulb@186 | 92 | Returns the request stream for the transaction. |
paulb@108 | 93 | """ |
paulb@108 | 94 | |
paulb@108 | 95 | return self.input |
paulb@108 | 96 | |
paulb@108 | 97 | def get_request_method(self): |
paulb@108 | 98 | |
paulb@108 | 99 | """ |
paulb@186 | 100 | Returns the request method. |
paulb@108 | 101 | """ |
paulb@108 | 102 | |
paulb@108 | 103 | return self.env.get("REQUEST_METHOD") |
paulb@108 | 104 | |
paulb@108 | 105 | def get_headers(self): |
paulb@108 | 106 | |
paulb@108 | 107 | """ |
paulb@186 | 108 | Returns all request headers as a dictionary-like object mapping header |
paulb@186 | 109 | names to values. |
paulb@108 | 110 | """ |
paulb@108 | 111 | |
paulb@108 | 112 | return Environment.get_headers(self.env) |
paulb@108 | 113 | |
paulb@108 | 114 | def get_header_values(self, key): |
paulb@108 | 115 | |
paulb@108 | 116 | """ |
paulb@186 | 117 | Returns a list of all request header values associated with the given |
paulb@186 | 118 | 'key'. Note that according to RFC 2616, 'key' is treated as a |
paulb@186 | 119 | case-insensitive string. |
paulb@108 | 120 | """ |
paulb@108 | 121 | |
paulb@108 | 122 | return self.convert_to_list(self.get_headers().get(key)) |
paulb@108 | 123 | |
paulb@108 | 124 | def get_content_type(self): |
paulb@108 | 125 | |
paulb@108 | 126 | """ |
paulb@186 | 127 | Returns the content type specified on the request, along with the |
paulb@186 | 128 | charset employed. |
paulb@108 | 129 | """ |
paulb@108 | 130 | |
paulb@108 | 131 | return self.parse_content_type(self.env.get("CONTENT_TYPE")) |
paulb@108 | 132 | |
paulb@108 | 133 | def get_content_charsets(self): |
paulb@108 | 134 | |
paulb@108 | 135 | """ |
paulb@108 | 136 | Returns the character set preferences. |
paulb@108 | 137 | """ |
paulb@108 | 138 | |
paulb@108 | 139 | return self.parse_content_preferences(None) |
paulb@108 | 140 | |
paulb@108 | 141 | def get_content_languages(self): |
paulb@108 | 142 | |
paulb@108 | 143 | """ |
paulb@186 | 144 | Returns extracted language information from the transaction. |
paulb@108 | 145 | """ |
paulb@108 | 146 | |
paulb@108 | 147 | return self.parse_content_preferences(None) |
paulb@108 | 148 | |
paulb@108 | 149 | def get_path(self): |
paulb@108 | 150 | |
paulb@108 | 151 | """ |
paulb@186 | 152 | Returns the entire path from the request. |
paulb@108 | 153 | """ |
paulb@108 | 154 | |
paulb@162 | 155 | path = self.get_path_without_query() |
paulb@162 | 156 | qs = self.get_query_string() |
paulb@162 | 157 | if qs: |
paulb@162 | 158 | path += "?" |
paulb@162 | 159 | path += qs |
paulb@162 | 160 | return path |
paulb@162 | 161 | |
paulb@162 | 162 | def get_path_without_query(self): |
paulb@162 | 163 | |
paulb@162 | 164 | """ |
paulb@186 | 165 | Returns the entire path from the request minus the query string. |
paulb@162 | 166 | """ |
paulb@162 | 167 | |
paulb@108 | 168 | path = self.env.get("SCRIPT_NAME") or "" |
paulb@108 | 169 | if self.env.has_key("PATH_INFO"): |
paulb@108 | 170 | path += self.env["PATH_INFO"] |
paulb@108 | 171 | return path |
paulb@108 | 172 | |
paulb@108 | 173 | def get_path_info(self): |
paulb@108 | 174 | |
paulb@108 | 175 | """ |
paulb@186 | 176 | Returns the "path info" (the part of the URL after the resource name |
paulb@186 | 177 | handling the current request) from the request. |
paulb@108 | 178 | """ |
paulb@108 | 179 | |
paulb@108 | 180 | return self.env.get("PATH_INFO") or "" |
paulb@108 | 181 | |
paulb@108 | 182 | def get_query_string(self): |
paulb@108 | 183 | |
paulb@108 | 184 | """ |
paulb@186 | 185 | Returns the query string from the path in the request. |
paulb@108 | 186 | """ |
paulb@108 | 187 | |
paulb@108 | 188 | return self.env.get("QUERY_STRING") or "" |
paulb@108 | 189 | |
paulb@108 | 190 | # Higher level request-related methods. |
paulb@108 | 191 | |
paulb@108 | 192 | def get_fields_from_path(self): |
paulb@108 | 193 | |
paulb@108 | 194 | """ |
paulb@249 | 195 | Extracts fields (or request parameters) from the path specified in the |
paulb@249 | 196 | transaction. The underlying framework may refuse to supply fields from |
paulb@249 | 197 | the path if handling a POST transaction. |
paulb@108 | 198 | |
paulb@108 | 199 | Returns a dictionary mapping field names to lists of values (even if a |
paulb@108 | 200 | single value is associated with any given field name). |
paulb@108 | 201 | """ |
paulb@108 | 202 | |
paulb@249 | 203 | # NOTE: Support at best ISO-8859-1 values. |
paulb@249 | 204 | |
paulb@249 | 205 | fields = {} |
paulb@249 | 206 | for name, values in parse_qs(self.get_query_string(), keep_blank_values=1).items(): |
paulb@249 | 207 | fields[name] = [] |
paulb@249 | 208 | for value in values: |
paulb@249 | 209 | fields[name].append(unicode(value, "iso-8859-1")) |
paulb@249 | 210 | return fields |
paulb@108 | 211 | |
paulb@167 | 212 | def get_fields_from_body(self, encoding=None): |
paulb@108 | 213 | |
paulb@108 | 214 | """ |
paulb@249 | 215 | Extracts fields (or request parameters) from the message body in the |
paulb@249 | 216 | transaction. The optional 'encoding' parameter specifies the character |
paulb@249 | 217 | encoding of the message body for cases where no such information is |
paulb@249 | 218 | available, but where the default encoding is to be overridden. |
paulb@108 | 219 | |
paulb@108 | 220 | Returns a dictionary mapping field names to lists of values (even if a |
paulb@193 | 221 | single value is associated with any given field name). Each value is |
paulb@193 | 222 | either a Unicode object (representing a simple form field, for example) |
paulb@198 | 223 | or a plain string (representing a file upload form field, for example). |
paulb@108 | 224 | """ |
paulb@108 | 225 | |
paulb@224 | 226 | encoding = encoding or self.get_content_type().charset or self.default_charset |
paulb@167 | 227 | |
paulb@133 | 228 | if self.storage_body is None: |
paulb@249 | 229 | self.storage_body = FieldStorage(fp=self.get_request_stream(), |
paulb@249 | 230 | headers={"content-type" : str(self.get_content_type())}, |
paulb@249 | 231 | environ={"REQUEST_METHOD" : self.get_request_method()}, |
paulb@249 | 232 | keep_blank_values=1) |
paulb@108 | 233 | |
paulb@108 | 234 | # Avoid strange design issues with FieldStorage by checking the internal |
paulb@108 | 235 | # field list directly. |
paulb@108 | 236 | |
paulb@108 | 237 | fields = {} |
paulb@133 | 238 | if self.storage_body.list is not None: |
paulb@108 | 239 | |
paulb@108 | 240 | # Traverse the storage, finding each field value. |
paulb@108 | 241 | |
paulb@198 | 242 | fields = get_body_fields(get_storage_items(self.storage_body), encoding) |
paulb@198 | 243 | |
paulb@108 | 244 | return fields |
paulb@108 | 245 | |
paulb@249 | 246 | def get_fields(self, encoding=None): |
paulb@249 | 247 | |
paulb@249 | 248 | """ |
paulb@249 | 249 | Extracts fields (or request parameters) from both the path specified in |
paulb@249 | 250 | the transaction as well as the message body. The optional 'encoding' |
paulb@249 | 251 | parameter specifies the character encoding of the message body for cases |
paulb@249 | 252 | where no such information is available, but where the default encoding |
paulb@249 | 253 | is to be overridden. |
paulb@249 | 254 | |
paulb@249 | 255 | Returns a dictionary mapping field names to lists of values (even if a |
paulb@249 | 256 | single value is associated with any given field name). Each value is |
paulb@249 | 257 | either a Unicode object (representing a simple form field, for example) |
paulb@249 | 258 | or a plain string (representing a file upload form field, for example). |
paulb@249 | 259 | |
paulb@249 | 260 | Where a given field name is used in both the path and message body to |
paulb@249 | 261 | specify values, the values from both sources will be combined into a |
paulb@249 | 262 | single list associated with that field name. |
paulb@249 | 263 | """ |
paulb@249 | 264 | |
paulb@249 | 265 | # Combine the two sources. |
paulb@249 | 266 | |
paulb@249 | 267 | fields = {} |
paulb@249 | 268 | fields.update(self.get_fields_from_path()) |
paulb@249 | 269 | for name, values in self.get_fields_from_body(encoding).items(): |
paulb@249 | 270 | if not fields.has_key(name): |
paulb@249 | 271 | fields[name] = values |
paulb@249 | 272 | else: |
paulb@249 | 273 | fields[name] += values |
paulb@249 | 274 | return fields |
paulb@249 | 275 | |
paulb@108 | 276 | def get_user(self): |
paulb@108 | 277 | |
paulb@108 | 278 | """ |
paulb@186 | 279 | Extracts user information from the transaction. |
paulb@108 | 280 | |
paulb@108 | 281 | Returns a username as a string or None if no user is defined. |
paulb@108 | 282 | """ |
paulb@108 | 283 | |
paulb@128 | 284 | if self.user is not None: |
paulb@128 | 285 | return self.user |
paulb@128 | 286 | else: |
paulb@128 | 287 | return self.env.get("REMOTE_USER") |
paulb@108 | 288 | |
paulb@108 | 289 | def get_cookies(self): |
paulb@108 | 290 | |
paulb@108 | 291 | """ |
paulb@186 | 292 | Obtains cookie information from the request. |
paulb@108 | 293 | |
paulb@108 | 294 | Returns a dictionary mapping cookie names to cookie objects. |
paulb@108 | 295 | """ |
paulb@108 | 296 | |
paulb@258 | 297 | return self.process_cookies(self.cookies_in) |
paulb@108 | 298 | |
paulb@108 | 299 | def get_cookie(self, cookie_name): |
paulb@108 | 300 | |
paulb@108 | 301 | """ |
paulb@186 | 302 | Obtains cookie information from the request. |
paulb@108 | 303 | |
paulb@108 | 304 | Returns a cookie object for the given 'cookie_name' or None if no such |
paulb@108 | 305 | cookie exists. |
paulb@108 | 306 | """ |
paulb@108 | 307 | |
paulb@258 | 308 | cookie = self.cookies_in.get(self.encode_cookie_value(cookie_name)) |
paulb@258 | 309 | if cookie is not None: |
paulb@258 | 310 | return Cookie(cookie_name, self.decode_cookie_value(cookie.value)) |
paulb@258 | 311 | else: |
paulb@258 | 312 | return None |
paulb@108 | 313 | |
paulb@108 | 314 | # Response-related methods. |
paulb@108 | 315 | |
paulb@108 | 316 | def get_response_stream(self): |
paulb@108 | 317 | |
paulb@108 | 318 | """ |
paulb@186 | 319 | Returns the response stream for the transaction. |
paulb@108 | 320 | """ |
paulb@108 | 321 | |
paulb@108 | 322 | # Return a stream which is later emptied into the real stream. |
paulb@224 | 323 | # Unicode can upset this operation. Using either the specified charset |
paulb@224 | 324 | # or a default encoding. |
paulb@108 | 325 | |
paulb@252 | 326 | encoding = self.get_response_stream_encoding() |
paulb@252 | 327 | return ConvertingStream(self.content, encoding) |
paulb@252 | 328 | |
paulb@252 | 329 | def get_response_stream_encoding(self): |
paulb@252 | 330 | |
paulb@252 | 331 | """ |
paulb@252 | 332 | Returns the response stream encoding. |
paulb@252 | 333 | """ |
paulb@252 | 334 | |
paulb@167 | 335 | if self.content_type: |
paulb@224 | 336 | encoding = self.content_type.charset |
paulb@252 | 337 | else: |
paulb@252 | 338 | encoding = None |
paulb@252 | 339 | return encoding or self.default_charset |
paulb@108 | 340 | |
paulb@108 | 341 | def get_response_code(self): |
paulb@108 | 342 | |
paulb@108 | 343 | """ |
paulb@108 | 344 | Get the response code associated with the transaction. If no response |
paulb@108 | 345 | code is defined, None is returned. |
paulb@108 | 346 | """ |
paulb@108 | 347 | |
paulb@108 | 348 | return self.response_code |
paulb@108 | 349 | |
paulb@108 | 350 | def set_response_code(self, response_code): |
paulb@108 | 351 | |
paulb@108 | 352 | """ |
paulb@108 | 353 | Set the 'response_code' using a numeric constant defined in the HTTP |
paulb@108 | 354 | specification. |
paulb@108 | 355 | """ |
paulb@108 | 356 | |
paulb@108 | 357 | self.response_code = response_code |
paulb@108 | 358 | |
paulb@108 | 359 | def set_header_value(self, header, value): |
paulb@108 | 360 | |
paulb@108 | 361 | """ |
paulb@108 | 362 | Set the HTTP 'header' with the given 'value'. |
paulb@108 | 363 | """ |
paulb@108 | 364 | |
paulb@108 | 365 | # The header is not written out immediately due to the buffering in use. |
paulb@108 | 366 | |
paulb@108 | 367 | self.headers_out[header] = value |
paulb@108 | 368 | |
paulb@108 | 369 | def set_content_type(self, content_type): |
paulb@108 | 370 | |
paulb@108 | 371 | """ |
paulb@186 | 372 | Sets the 'content_type' for the response. |
paulb@108 | 373 | """ |
paulb@108 | 374 | |
paulb@108 | 375 | # The content type has to be written as a header, before actual content, |
paulb@108 | 376 | # but after the response line. This means that some kind of buffering is |
paulb@108 | 377 | # required. Hence, we don't write the header out immediately. |
paulb@108 | 378 | |
paulb@108 | 379 | self.content_type = content_type |
paulb@108 | 380 | |
paulb@108 | 381 | # Higher level response-related methods. |
paulb@108 | 382 | |
paulb@108 | 383 | def set_cookie(self, cookie): |
paulb@108 | 384 | |
paulb@108 | 385 | """ |
paulb@186 | 386 | Stores the given 'cookie' object in the response. |
paulb@108 | 387 | """ |
paulb@108 | 388 | |
paulb@108 | 389 | # NOTE: If multiple cookies of the same name could be specified, this |
paulb@108 | 390 | # NOTE: could need changing. |
paulb@108 | 391 | |
paulb@258 | 392 | self.set_cookie_value(cookie.name, cookie.value) |
paulb@108 | 393 | |
paulb@108 | 394 | def set_cookie_value(self, name, value, path=None, expires=None): |
paulb@108 | 395 | |
paulb@108 | 396 | """ |
paulb@186 | 397 | Stores a cookie with the given 'name' and 'value' in the response. |
paulb@108 | 398 | |
paulb@108 | 399 | The optional 'path' is a string which specifies the scope of the cookie, |
paulb@108 | 400 | and the optional 'expires' parameter is a value compatible with the |
paulb@108 | 401 | time.time function, and indicates the expiry date/time of the cookie. |
paulb@108 | 402 | """ |
paulb@108 | 403 | |
paulb@258 | 404 | name = self.encode_cookie_value(name) |
paulb@258 | 405 | self.cookies_out[name] = self.encode_cookie_value(value) |
paulb@108 | 406 | if path is not None: |
paulb@108 | 407 | self.cookies_out[name]["path"] = path |
paulb@108 | 408 | if expires is not None: |
paulb@108 | 409 | self.cookies_out[name]["expires"] = expires |
paulb@108 | 410 | |
paulb@108 | 411 | def delete_cookie(self, cookie_name): |
paulb@108 | 412 | |
paulb@108 | 413 | """ |
paulb@186 | 414 | Adds to the response a request that the cookie with the given |
paulb@186 | 415 | 'cookie_name' be deleted/discarded by the client. |
paulb@108 | 416 | """ |
paulb@108 | 417 | |
paulb@108 | 418 | # Create a special cookie, given that we do not know whether the browser |
paulb@108 | 419 | # has been sent the cookie or not. |
paulb@108 | 420 | # NOTE: Magic discovered in Webware. |
paulb@108 | 421 | |
paulb@258 | 422 | name = self.encode_cookie_value(cookie_name) |
paulb@258 | 423 | self.cookies_out[name] = "" |
paulb@258 | 424 | self.cookies_out[name]["path"] = "/" |
paulb@258 | 425 | self.cookies_out[name]["expires"] = 0 |
paulb@258 | 426 | self.cookies_out[name]["max-age"] = 0 |
paulb@108 | 427 | |
paulb@239 | 428 | # Session-related methods. |
paulb@239 | 429 | |
paulb@239 | 430 | def get_session(self, create=1): |
paulb@239 | 431 | |
paulb@239 | 432 | """ |
paulb@239 | 433 | Gets a session corresponding to an identifier supplied in the |
paulb@239 | 434 | transaction. |
paulb@239 | 435 | |
paulb@239 | 436 | If no session has yet been established according to information |
paulb@239 | 437 | provided in the transaction then the optional 'create' parameter |
paulb@239 | 438 | determines whether a new session will be established. |
paulb@239 | 439 | |
paulb@239 | 440 | Where no session has been established and where 'create' is set to 0 |
paulb@239 | 441 | then None is returned. In all other cases, a session object is created |
paulb@239 | 442 | (where appropriate) and returned. |
paulb@239 | 443 | """ |
paulb@239 | 444 | |
paulb@239 | 445 | # NOTE: Requires configuration. |
paulb@239 | 446 | |
paulb@239 | 447 | if self.session_store is None: |
paulb@239 | 448 | self.session_store = SessionStore(self, "WebStack-sessions") |
paulb@239 | 449 | return self.session_store.get_session(create) |
paulb@239 | 450 | |
paulb@239 | 451 | def expire_session(self): |
paulb@239 | 452 | |
paulb@239 | 453 | """ |
paulb@239 | 454 | Expires any session established according to information provided in the |
paulb@239 | 455 | transaction. |
paulb@239 | 456 | """ |
paulb@239 | 457 | |
paulb@239 | 458 | # NOTE: Requires configuration. |
paulb@239 | 459 | |
paulb@239 | 460 | if self.session_store is None: |
paulb@239 | 461 | self.session_store = SessionStore(self, "WebStack-sessions") |
paulb@239 | 462 | self.session_store.expire_session() |
paulb@239 | 463 | |
paulb@128 | 464 | # Application-specific methods. |
paulb@128 | 465 | |
paulb@128 | 466 | def set_user(self, username): |
paulb@128 | 467 | |
paulb@128 | 468 | """ |
paulb@128 | 469 | An application-specific method which sets the user information with |
paulb@128 | 470 | 'username' in the transaction. This affects subsequent calls to |
paulb@128 | 471 | 'get_user'. |
paulb@128 | 472 | """ |
paulb@128 | 473 | |
paulb@128 | 474 | self.user = username |
paulb@128 | 475 | |
paulb@108 | 476 | # vim: tabstop=4 expandtab shiftwidth=4 |