kinto 19.5.0__py3-none-any.whl → 19.6.0__py3-none-any.whl

kinto/core/__init__.py

@@ -4,11 +4,11 @@ import logging
 import tempfile
 
 import pkg_resources
-from cornice import Service as CorniceService
 from dockerflow import logging as dockerflow_logging
 from pyramid.settings import aslist
 
 from kinto.core import errors, events
+from kinto.core.cornice import Service as CorniceService
 from kinto.core.initialization import (  # NOQA
     initialize,
     install_middlewares,
@@ -186,10 +186,10 @@ def includeme(config):
     config.add_request_method(events.notify_resource_event, name="notify_resource_event")
 
     # Setup cornice.
-    config.include("cornice")
+    config.include("kinto.core.cornice")
 
     # Setup cornice api documentation
-    config.include("cornice_swagger")
+    config.include("kinto.core.cornice_swagger")
 
     # Per-request transaction.
     config.include("pyramid_tm")

kinto/core/cornice/__init__.py

@@ -0,0 +1,93 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this file,
+# You can obtain one at http://mozilla.org/MPL/2.0/.
+import logging
+from functools import partial
+
+from pyramid.events import NewRequest
+from pyramid.httpexceptions import HTTPForbidden, HTTPNotFound
+from pyramid.security import NO_PERMISSION_REQUIRED
+from pyramid.settings import asbool, aslist
+
+from kinto.core.cornice.errors import Errors  # NOQA
+from kinto.core.cornice.pyramidhook import (
+    handle_exceptions,
+    register_resource_views,
+    register_service_views,
+    wrap_request,
+)
+from kinto.core.cornice.renderer import CorniceRenderer
+from kinto.core.cornice.service import Service  # NOQA
+from kinto.core.cornice.util import ContentTypePredicate, current_service
+
+
+logger = logging.getLogger("cornice")
+
+
+def set_localizer_for_languages(event, available_languages, default_locale_name):
+    """
+    Sets the current locale based on the incoming Accept-Language header, if
+    present, and sets a localizer attribute on the request object based on
+    the current locale.
+
+    To be used as an event handler, this function needs to be partially applied
+    with the available_languages and default_locale_name arguments. The
+    resulting function will be an event handler which takes an event object as
+    its only argument.
+    """
+    request = event.request
+    if request.accept_language:
+        accepted = request.accept_language.lookup(available_languages, default=default_locale_name)
+        request._LOCALE_ = accepted
+
+
+def setup_localization(config):
+    """
+    Setup localization based on the available_languages and
+    pyramid.default_locale_name settings.
+
+    These settings are named after suggestions from the "Internationalization
+    and Localization" section of the Pyramid documentation.
+    """
+    try:
+        config.add_translation_dirs("colander:locale/")
+        settings = config.get_settings()
+        available_languages = aslist(settings["available_languages"])
+        default_locale_name = settings.get("pyramid.default_locale_name", "en")
+        set_localizer = partial(
+            set_localizer_for_languages,
+            available_languages=available_languages,
+            default_locale_name=default_locale_name,
+        )
+        config.add_subscriber(set_localizer, NewRequest)
+    except ImportError:  # pragma: no cover
+        # add_translation_dirs raises an ImportError if colander is not
+        # installed
+        pass
+
+
+def includeme(config):
+    """Include the Cornice definitions"""
+    # attributes required to maintain services
+    config.registry.cornice_services = {}
+
+    settings = config.get_settings()
+
+    # localization request subscriber must be set before first call
+    # for request.localizer (in wrap_request)
+    if settings.get("available_languages"):
+        setup_localization(config)
+
+    config.add_directive("add_cornice_service", register_service_views)
+    config.add_directive("add_cornice_resource", register_resource_views)
+    config.add_subscriber(wrap_request, NewRequest)
+    config.add_renderer("cornicejson", CorniceRenderer())
+    config.add_view_predicate("content_type", ContentTypePredicate)
+    config.add_request_method(current_service, reify=True)
+
+    if asbool(settings.get("handle_exceptions", True)):
+        config.add_view(handle_exceptions, context=Exception, permission=NO_PERMISSION_REQUIRED)
+        config.add_view(handle_exceptions, context=HTTPNotFound, permission=NO_PERMISSION_REQUIRED)
+        config.add_view(
+            handle_exceptions, context=HTTPForbidden, permission=NO_PERMISSION_REQUIRED
+        )

kinto/core/cornice/cors.py

@@ -0,0 +1,144 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this file,
+# You can obtain one at http://mozilla.org/MPL/2.0/.
+import fnmatch
+import functools
+
+from pyramid.settings import asbool
+
+
+CORS_PARAMETERS = (
+    "cors_headers",
+    "cors_enabled",
+    "cors_origins",
+    "cors_credentials",
+    "cors_max_age",
+    "cors_expose_all_headers",
+)
+
+
+def get_cors_preflight_view(service):
+    """Return a view for the OPTION method.
+
+    Checks that the User-Agent is authorized to do a request to the server, and
+    to this particular service, and add the various checks that are specified
+    in http://www.w3.org/TR/cors/#resource-processing-model.
+    """
+
+    def _preflight_view(request):
+        response = request.response
+        origin = request.headers.get("Origin")
+        supported_headers = service.cors_supported_headers_for()
+
+        if not origin:
+            request.errors.add("header", "Origin", "this header is mandatory")
+
+        requested_method = request.headers.get("Access-Control-Request-Method")
+        if not requested_method:
+            request.errors.add(
+                "header", "Access-Control-Request-Method", "this header is mandatory"
+            )
+
+        if not (requested_method and origin):
+            return
+
+        requested_headers = request.headers.get("Access-Control-Request-Headers", ())
+
+        if requested_headers:
+            requested_headers = map(str.strip, requested_headers.split(","))
+
+        if requested_method not in service.cors_supported_methods:
+            request.errors.add("header", "Access-Control-Request-Method", "Method not allowed")
+
+        if not service.cors_expose_all_headers:
+            for h in requested_headers:
+                if h.lower() not in [s.lower() for s in supported_headers]:
+                    request.errors.add(
+                        "header", "Access-Control-Request-Headers", 'Header "%s" not allowed' % h
+                    )
+
+        supported_headers = set(supported_headers) | set(requested_headers)
+
+        response.headers["Access-Control-Allow-Headers"] = ",".join(supported_headers)
+
+        response.headers["Access-Control-Allow-Methods"] = ",".join(service.cors_supported_methods)
+
+        max_age = service.cors_max_age_for(requested_method)
+        if max_age is not None:
+            response.headers["Access-Control-Max-Age"] = str(max_age)
+
+        return None
+
+    return _preflight_view
+
+
+def _get_method(request):
+    """Return what's supposed to be the method for CORS operations.
+    (e.g if the verb is options, look at the A-C-Request-Method header,
+    otherwise return the HTTP verb).
+    """
+    if request.method == "OPTIONS":
+        method = request.headers.get("Access-Control-Request-Method", request.method)
+    else:
+        method = request.method
+    return method
+
+
+def ensure_origin(service, request, response=None, **kwargs):
+    """Ensure that the origin header is set and allowed."""
+    response = response or request.response
+
+    # Don't check this twice.
+    if not request.info.get("cors_checked", False):
+        method = _get_method(request)
+
+        origin = request.headers.get("Origin")
+
+        if not origin:
+            always_cors = asbool(request.registry.settings.get("cornice.always_cors"))
+            # With this setting, if the service origins has "*", then
+            # always return CORS headers.
+            origins = getattr(service, "cors_origins", [])
+            if always_cors and "*" in origins:
+                origin = "*"
+
+        if origin:
+            if not any([fnmatch.fnmatchcase(origin, o) for o in service.cors_origins_for(method)]):
+                request.errors.add("header", "Origin", "%s not allowed" % origin)
+            elif service.cors_support_credentials_for(method):
+                response.headers["Access-Control-Allow-Origin"] = origin
+            else:
+                if any([o == "*" for o in service.cors_origins_for(method)]):
+                    response.headers["Access-Control-Allow-Origin"] = "*"
+                else:
+                    response.headers["Access-Control-Allow-Origin"] = origin
+        request.info["cors_checked"] = True
+    return response
+
+
+def get_cors_validator(service):
+    return functools.partial(ensure_origin, service)
+
+
+def apply_cors_post_request(service, request, response):
+    """Handles CORS-related post-request things.
+
+    Add some response headers, such as the Expose-Headers and the
+    Allow-Credentials ones.
+    """
+    response = ensure_origin(service, request, response)
+    method = _get_method(request)
+
+    if (
+        service.cors_support_credentials_for(method)
+        and "Access-Control-Allow-Credentials" not in response.headers
+    ):
+        response.headers["Access-Control-Allow-Credentials"] = "true"
+
+    if request.method != "OPTIONS":
+        # Which headers are exposed?
+        supported_headers = service.cors_supported_headers_for(request.method)
+        if supported_headers:
+            response.headers["Access-Control-Expose-Headers"] = ", ".join(supported_headers)
+
+    return response

kinto/core/cornice/errors.py

@@ -0,0 +1,40 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this file,
+# You can obtain one at http://mozilla.org/MPL/2.0/.
+import json
+
+from pyramid.i18n import TranslationString
+
+
+class Errors(list):
+    """Holds Request errors"""
+
+    def __init__(self, status=400, localizer=None):
+        self.status = status
+        self.localizer = localizer
+        super(Errors, self).__init__()
+
+    def add(self, location, name=None, description=None, **kw):
+        """Registers a new error."""
+        allowed = ("body", "querystring", "url", "header", "path", "cookies", "method")
+        if location != "" and location not in allowed:
+            raise ValueError("%r not in %s" % (location, allowed))
+
+        if isinstance(description, TranslationString) and self.localizer:
+            description = self.localizer.translate(description)
+
+        self.append(dict(location=location, name=name, description=description, **kw))
+
+    @classmethod
+    def from_json(cls, string):
+        """Transforms a json string into an `Errors` instance"""
+        obj = json.loads(string.decode())
+        return Errors.from_list(obj.get("errors", []))
+
+    @classmethod
+    def from_list(cls, obj):
+        """Transforms a python list into an `Errors` instance"""
+        errors = Errors()
+        for error in obj:
+            errors.add(**error)
+        return errors

kinto/core/cornice/pyramidhook.py

@@ -0,0 +1,373 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this file,
+# You can obtain one at http://mozilla.org/MPL/2.0/.
+import copy
+import functools
+import itertools
+
+from pyramid.exceptions import PredicateMismatch
+from pyramid.httpexceptions import (
+    HTTPException,
+    HTTPMethodNotAllowed,
+    HTTPNotAcceptable,
+    HTTPUnsupportedMediaType,
+)
+from pyramid.security import NO_PERMISSION_REQUIRED
+
+from kinto.core.cornice.cors import (
+    CORS_PARAMETERS,
+    apply_cors_post_request,
+    get_cors_preflight_view,
+    get_cors_validator,
+)
+from kinto.core.cornice.errors import Errors
+from kinto.core.cornice.service import decorate_view
+from kinto.core.cornice.util import (
+    content_type_matches,
+    current_service,
+    is_string,
+    match_accept_header,
+    match_content_type_header,
+    to_list,
+)
+
+
+def get_fallback_view(service):
+    """Fallback view for a given service, called when nothing else matches.
+
+    This method provides the view logic to be executed when the request
+    does not match any explicitly-defined view.  Its main responsibility
+    is to produce an accurate error response, such as HTTPMethodNotAllowed,
+    HTTPNotAcceptable or HTTPUnsupportedMediaType.
+    """
+
+    def _fallback_view(request):
+        # Maybe we failed to match any definitions for the request method?
+        if request.method not in service.defined_methods:
+            response = HTTPMethodNotAllowed()
+            response.allow = service.defined_methods
+            raise response
+        # Maybe we failed to match an acceptable content-type?
+        # First search all the definitions to find the acceptable types.
+        # XXX: precalculate this like the defined_methods list?
+        acceptable = []
+        supported_contenttypes = []
+        for method, _, args in service.definitions:
+            if method != request.method:
+                continue
+
+            if "accept" in args:
+                acceptable.extend(service.get_acceptable(method, filter_callables=True))
+                acceptable.extend(request.info.get("acceptable", []))
+                acceptable = list(set(acceptable))
+
+                # Now check if that was actually the source of the problem.
+                if not request.accept.acceptable_offers(offers=acceptable):
+                    request.errors.add(
+                        "header",
+                        "Accept",
+                        "Accept header should be one of {0}".format(acceptable).encode("ascii"),
+                    )
+                    request.errors.status = HTTPNotAcceptable.code
+                    error = service.error_handler(request)
+                    raise error
+
+            if "content_type" in args:
+                supported_contenttypes.extend(
+                    service.get_contenttypes(method, filter_callables=True)
+                )
+                supported_contenttypes.extend(request.info.get("supported_contenttypes", []))
+                supported_contenttypes = list(set(supported_contenttypes))
+
+                # Now check if that was actually the source of the problem.
+                if not content_type_matches(request, supported_contenttypes):
+                    request.errors.add(
+                        "header",
+                        "Content-Type",
+                        "Content-Type header should be one of {0}".format(
+                            supported_contenttypes
+                        ).encode("ascii"),
+                    )
+                    request.errors.status = HTTPUnsupportedMediaType.code
+                    error = service.error_handler(request)
+                    raise error
+
+        # In the absence of further information about what went wrong,
+        # let upstream deal with the mismatch.
+
+        # After "custom predicates" feature has been added there is no need in
+        # this line. Instead requests will be filtered by  "custom predicates"
+        # feature filter and exception "404 Not found" error will be raised. In
+        # order to avoid unpredictable cases, we left this line in place and
+        # excluded it from coverage.
+        raise PredicateMismatch(service.name)  # pragma: no cover
+
+    return _fallback_view
+
+
+def apply_filters(request, response):
+    if request.matched_route is not None:
+        # do some sanity checking on the response using filters
+        service = current_service(request)
+        if service is not None:
+            kwargs, ob = getattr(request, "cornice_args", ({}, None))
+            for _filter in kwargs.get("filters", []):
+                if is_string(_filter) and ob is not None:
+                    _filter = getattr(ob, _filter)
+                try:
+                    response = _filter(response, request)
+                except TypeError:
+                    response = _filter(response)
+            if service.cors_enabled:
+                apply_cors_post_request(service, request, response)
+
+    return response
+
+
+def handle_exceptions(exc, request):
+    # At this stage, the checks done by the validators had been removed because
+    # a new response started (the exception), so we need to do that again.
+    if not isinstance(exc, HTTPException):
+        raise
+    request.info["cors_checked"] = False
+    return apply_filters(request, exc)
+
+
+def add_nosniff_header(request, response):
+    """IE has some rather unfortunately content-type-sniffing behaviour
+    that can be used to trigger XSS attacks via a JSON API, as described here:
+
+    * http://blog.watchfire.com/wfblog/2011/10/json-based-xss-exploitation.html
+    * https://superevr.com/blog/2012/exploiting-xss-in-ajax-web-applications/
+
+    Make cornice safe-by-default against this attack by including the header.
+    """
+    response.headers.setdefault("X-Content-Type-Options", "nosniff")
+
+
+def wrap_request(event):
+    """Adds a "validated" dict, a custom "errors" object and an "info" dict to
+    the request object if they don't already exists
+    """
+    request = event.request
+    request.add_response_callback(apply_filters)
+    request.add_response_callback(add_nosniff_header)
+
+    if not hasattr(request, "validated"):
+        setattr(request, "validated", {})
+
+    if not hasattr(request, "errors"):
+        if request.registry.settings.get("available_languages"):
+            setattr(request, "errors", Errors(localizer=request.localizer))
+        else:
+            setattr(request, "errors", Errors())
+
+    if not hasattr(request, "info"):
+        setattr(request, "info", {})
+
+
+def register_service_views(config, service):
+    """Register the routes of the given service into the pyramid router.
+
+    :param config: the pyramid configuration object that will be populated.
+    :param service: the service object containing the definitions
+    """
+    route_name = service.name
+    existing_route = service.pyramid_route
+    prefix = config.route_prefix or ""
+    services = config.registry.cornice_services
+    if existing_route:
+        route_name = existing_route
+        services["__cornice" + existing_route] = service
+    else:
+        services[prefix + service.path] = service
+
+    # before doing anything else, register a view for the OPTIONS method
+    # if we need to
+    if service.cors_enabled and "OPTIONS" not in service.defined_methods:
+        service.add_view(
+            "options", view=get_cors_preflight_view(service), permission=NO_PERMISSION_REQUIRED
+        )
+
+    # register the fallback view, which takes care of returning good error
+    # messages to the user-agent
+    cors_validator = get_cors_validator(service)
+
+    # Cornice-specific arguments that pyramid does not know about
+    cornice_parameters = (
+        "filters",
+        "validators",
+        "schema",
+        "klass",
+        "error_handler",
+        "deserializer",
+    ) + CORS_PARAMETERS
+
+    # 1. register route
+
+    route_args = {}
+
+    if hasattr(service, "factory"):
+        route_args["factory"] = service.factory
+
+    routes = config.get_predlist("route")
+    for predicate in routes.sorter.names:
+        # Do not let the custom predicates handle validation of Header Accept,
+        # which will pass it through to pyramid. It is handled by
+        # _fallback_view(), because it allows callable.
+        if predicate == "accept":
+            continue
+
+        if hasattr(service, predicate):
+            route_args[predicate] = getattr(service, predicate)
+
+    # register route when not using exiting pyramid routes
+    if not existing_route:
+        config.add_route(route_name, service.path, **route_args)
+
+    # 2. register view(s)
+
+    for method, view, args in service.definitions:
+        args = copy.copy(args)  # make a copy of the dict to not modify it
+        # Deepcopy only the params we're possibly passing on to pyramid
+        # (Some of those in cornice_parameters, e.g. ``schema``, may contain
+        # unpickleable values.)
+        for item in args:
+            if item not in cornice_parameters:
+                args[item] = copy.deepcopy(args[item])
+
+        args["request_method"] = method
+
+        if service.cors_enabled:
+            args["validators"].insert(0, cors_validator)
+
+        decorated_view = decorate_view(view, dict(args), method, route_args)
+
+        for item in cornice_parameters:
+            if item in args:
+                del args[item]
+
+        # filter predicates defined on Resource
+        route_predicates = config.get_predlist("route").sorter.names
+        view_predicates = config.get_predlist("view").sorter.names
+        for pred in set(route_predicates).difference(view_predicates):
+            if pred in args:
+                args.pop(pred)
+
+        # pop and compute predicates which get passed through to Pyramid 1:1
+
+        predicate_definitions = _pop_complex_predicates(args)
+
+        if predicate_definitions:
+            empty_contenttype = [({"kind": "content_type", "value": ""},)]
+            for predicate_list in predicate_definitions + empty_contenttype:
+                args = dict(args)  # make a copy of the dict to not modify it
+
+                # prepare view args by evaluating complex predicates
+                _mungle_view_args(args, predicate_list)
+
+                # We register the same view multiple times with different
+                # accept / content_type / custom_predicates arguments
+                config.add_view(view=decorated_view, route_name=route_name, **args)
+
+        else:
+            # it is a simple view, we don't need to loop on the definitions
+            # and just add it one time.
+            config.add_view(view=decorated_view, route_name=route_name, **args)
+
+    if service.definitions:
+        # Add the fallback view last
+        config.add_view(
+            view=get_fallback_view(service),
+            route_name=route_name,
+            permission=NO_PERMISSION_REQUIRED,
+            require_csrf=False,
+        )
+
+
+def _pop_complex_predicates(args):
+    """
+    Compute the cartesian product of "accept" and "content_type"
+    fields to establish all possible predicate combinations.
+
+    .. seealso::
+
+        https://github.com/mozilla-services/cornice/pull/91#discussion_r3441384
+    """
+
+    # pop and prepare individual predicate lists
+    accept_list = _pop_predicate_definition(args, "accept")
+    content_type_list = _pop_predicate_definition(args, "content_type")
+
+    # compute cartesian product of prepared lists, additionally
+    # remove empty elements of input and output lists
+    product_input = filter(None, [accept_list, content_type_list])
+
+    # In Python 3, the filter() function returns an iterator, not a list.
+    # http://getpython3.com/diveintopython3/ \
+    # porting-code-to-python-3-with-2to3.html#filter
+    predicate_product = list(filter(None, itertools.product(*product_input)))
+
+    return predicate_product
+
+
+def _pop_predicate_definition(args, kind):
+    """
+    Build a dictionary enriched by "kind" of predicate definition list.
+    This is required for evaluation in ``_mungle_view_args``.
+    """
+    values = to_list(args.pop(kind, ()))
+    # In much the same way as filter(), the map() function [in Python 3] now
+    # returns an iterator. (In Python 2, it returned a list.)
+    # http://getpython3.com/diveintopython3/ \
+    # porting-code-to-python-3-with-2to3.html#map
+    values = list(map(lambda value: {"kind": kind, "value": value}, values))
+    return values
+
+
+def _mungle_view_args(args, predicate_list):
+    """
+    Prepare view args by evaluating complex predicates
+    which get passed through to Pyramid 1:1.
+    Also resolve predicate definitions passed as callables.
+
+    .. seealso::
+
+        https://github.com/mozilla-services/cornice/pull/91#discussion_r3441384
+    """
+
+    # map kind of argument value to function for resolving callables
+    callable_map = {
+        "accept": match_accept_header,
+        "content_type": match_content_type_header,
+    }
+
+    # iterate and resolve all predicates
+    for predicate_entry in predicate_list:
+        kind = predicate_entry["kind"]
+        value = predicate_entry["value"]
+
+        # we need to build a custom predicate if argument value is a callable
+        predicates = args.get("custom_predicates", [])
+        if callable(value):
+            func = callable_map[kind]
+            predicate_checker = functools.partial(func, value)
+            predicates.append(predicate_checker)
+            args["custom_predicates"] = predicates
+        else:
+            # otherwise argument value is just a scalar
+            args[kind] = value
+
+
+def register_resource_views(config, resource):
+    """Register a resource and it's views.
+
+    :param config:
+        The pyramid configuration object that will be populated.
+    :param resource:
+        The resource class containing the definitions
+    """
+    services = resource._services
+
+    for service in services.values():
+        config.add_cornice_service(service)