diff options
| author | Georgy Redkozubov <georgy.redkozubov@linaro.org> | 2012-08-28 21:15:06 +0400 |
|---|---|---|
| committer | Georgy Redkozubov <georgy.redkozubov@linaro.org> | 2012-08-28 21:15:06 +0400 |
| commit | ee9c96bf3d0e290be5345162c246c3ede91b3258 (patch) | |
| tree | 66c89962d3cda1e3e3280686bc489ac21e56ecc3 /license_protected_downloads | |
| parent | cf7c012a5b08096d8365e3ebfecf12812abc0945 (diff) | |
Added whitelisting support to workaround issue with django app accessing apache-openid protected files.
Diffstat (limited to 'license_protected_downloads')
| -rw-r--r-- | license_protected_downloads/config.py | 11 | ||||
| -rw-r--r-- | license_protected_downloads/tests/test_views.py | 11 | ||||
| -rw-r--r-- | license_protected_downloads/views.py | 15 |
3 files changed, 35 insertions, 2 deletions
diff --git a/license_protected_downloads/config.py b/license_protected_downloads/config.py index 526a26f..79a09f1 100644 --- a/license_protected_downloads/config.py +++ b/license_protected_downloads/config.py @@ -5,3 +5,14 @@ INTERNAL_HOSTS = ( '50.17.250.69', # android-build.linaro.org '82.69.11.23', # validation.linaro.org ) + +WHITELIST = ( + '/hwpacks', + '/precise/restricted', + '/hwpacks/freescale', + '/hwpacks/samsung', + '/hwpacks/ste', + '/hwpacks/ti', + '/hwpacks/arm', + '/android/~linaro-android-restricted', +) diff --git a/license_protected_downloads/tests/test_views.py b/license_protected_downloads/tests/test_views.py index a705d3e..4178497 100644 --- a/license_protected_downloads/tests/test_views.py +++ b/license_protected_downloads/tests/test_views.py @@ -13,6 +13,7 @@ from license_protected_downloads.views import _insert_license_into_db from license_protected_downloads.views import _sizeof_fmt from license_protected_downloads.config import INTERNAL_HOSTS + THIS_DIRECTORY = os.path.dirname(os.path.abspath(__file__)) TESTSERVER_ROOT = os.path.join(THIS_DIRECTORY, "testserver_root") @@ -487,6 +488,16 @@ class ViewTests(TestCase): self.assertEqual(_sizeof_fmt(1234567899), '1.1G') self.assertEqual(_sizeof_fmt(1234567899999), '1.1T') + def test_whitelisted_dirs(self): + target_file = "precise/restricted/whitelisted.txt" + url = urlparse.urljoin("http://testserver/", target_file) + response = self.client.get(url, follow=True) + + # If we have access to the file, we will get an X-Sendfile response + self.assertEqual(response.status_code, 200) + file_path = os.path.join(TESTSERVER_ROOT, target_file) + self.assertEqual(response['X-Sendfile'], file_path) + if __name__ == '__main__': unittest.main() diff --git a/license_protected_downloads/views.py b/license_protected_downloads/views.py index d9c3646..e348c53 100644 --- a/license_protected_downloads/views.py +++ b/license_protected_downloads/views.py @@ -3,7 +3,6 @@ import hashlib import mimetypes import os import re -import time from mimetypes import guess_type from datetime import datetime @@ -296,6 +295,17 @@ def file_listed(path, url): return found +def is_whitelisted(url): + """ Check if requested file is under whitelisted path. + """ + found = False + for path in config.WHITELIST: + if re.search(r'^%s' % path, url): + found = True + + return found + + def file_server(request, path): """Serve up a file / directory listing or license page as required""" url = path @@ -351,7 +361,8 @@ def file_server(request, path): raise Http404 response = None - if get_client_ip(request) in config.INTERNAL_HOSTS: + if get_client_ip(request) in config.INTERNAL_HOSTS or\ + is_whitelisted(os.path.join('/', url)): digests = 'OPEN' else: digests = is_protected(path) |