sitescripts/reports/web/resolveReport.py - Issue 29584613: #4431 - Introduce sitescripts.reports.web.resolveReport handler

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments.

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Side by Side Diff: sitescripts/reports/web/resolveReport.py

Issue 29584613: #4431 - Introduce sitescripts.reports.web.resolveReport handler (Closed)

Patch Set: Created Oct. 20, 2017, 1:46 p.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 # This file is part of the Adblock Plus web scripts,

	2 # Copyright (C) 2006-present eyeo GmbH

	3 #

	4 # Adblock Plus is free software: you can redistribute it and/or modify

	5 # it under the terms of the GNU General Public License version 3 as

	6 # published by the Free Software Foundation.

	7 #

	8 # Adblock Plus is distributed in the hope that it will be useful,

	9 # but WITHOUT ANY WARRANTY; without even the implied warranty of

	10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

	11 # GNU General Public License for more details.

	12 #

	13 # You should have received a copy of the GNU General Public License

	14 # along with Adblock Plus. If not, see <http://www.gnu.org/licenses/>.

	15

	16 import base64

	17

	18 from cryptography.hazmat.primitives.ciphers import aead

	19 from cryptography.exceptions import InvalidTag

	20

	21 from sitescripts.utils import get_config

	22 from sitescripts.web import url_handler

	23

	24 CONF_SECTION = 'reports_anonymization'

	25 CONF_KEY_KEY = 'encryption_key'

	26 CONF_URL_KEY = 'redirect_url'

	27

	28

	29 def _decrypt_report_id(guid):

	30 """Decrypt and verify the report id.

	31

	32 Returns

	33 -------

	34 str or None

	35 Decrypted id if successfully decrypted, None otherwise.

	36

	37 """

	38 config = get_config()

	39 key = base64.b64decode(config.get(CONF_SECTION, CONF_KEY_KEY))

	40

	41 # https://cryptography.io/en/latest/hazmat/primitives/aead/

	42 aes_gcm = aead.AESGCM(key)

	43

	44 try:

	45 encoded_nonce, encoded_data = guid.split(',', 1)

	46 nonce = base64.b64decode(encoded_nonce)

	47 encypted_data = base64.b64decode(encoded_data)

	48 return aes_gcm.decrypt(nonce, encypted_data, None)

	49 except (ValueError, TypeError, InvalidTag):
	mathias 2017/10/24 14:53:44 Exceptions should get logged (they'll appear in ou Exceptions should get logged (they'll appear in our Nginx error log if written to sys.stderr). Vasily Kuznetsov 2017/10/24 15:36:58 Done. Show quoted text On 2017/10/24 14:53:44, mathias wrote: > Exceptions should get logged (they'll appear in our Nginx error log if written > to sys.stderr). Done.
	50 return None

	51

	52

	53 @url_handler('/resolveReport')

	54 def resolve_report(environ, start_response):

	55 """Decrypt report guid and redirect to report URL."""

	56 config = get_config()

	57 redirect_url_template = config.get(CONF_SECTION, CONF_URL_KEY)

	58

	59 guid = environ.get('QUERY_STRING', '')

	60 report_id = _decrypt_report_id(guid)

	61

	62 if report_id is None:

	63 code, message, headers = 404, 'Not Found', []
	mathias 2017/10/24 14:53:45 Please use httplib.NOT_FOUND. even if (or, for edu Please use httplib.NOT_FOUND. even if (or, for educational purpose, especially because) every reader of the code should know that magic number. Vasily Kuznetsov 2017/10/24 15:36:57 Done. Show quoted text On 2017/10/24 14:53:45, mathias wrote: > Please use httplib.NOT_FOUND. even if (or, for educational purpose, especially > because) every reader of the code should know that magic number. Done.
	64 else:

	65 location = redirect_url_template.format(report_id=report_id)

	66 code, message, headers = 302, 'Found', [('Location', location)]
	mathias 2017/10/24 14:53:44 Same here, httplib.FOUND should do the trick. Same here, httplib.FOUND should do the trick. Vasily Kuznetsov 2017/10/24 15:36:58 Done. Show quoted text On 2017/10/24 14:53:44, mathias wrote: > Same here, httplib.FOUND should do the trick. Done.
	67

	68 start_response('{} {}'.format(code, message), headers)
	mathias 2017/10/24 14:53:44 Why don't you get the message via lookup based on Why don't you get the message via lookup based on the code? I.e. `message = httplib.responses[code]` or something similar. Why the hazzle? Vasily Kuznetsov 2017/10/24 15:36:57 Done. Show quoted text On 2017/10/24 14:53:44, mathias wrote: > Why don't you get the message via lookup based on the code? I.e. `message = > httplib.responses[code]` or something similar. Why the hazzle? Done.
	69 return [message]

OLD	NEW

« sitescripts/reports/tests/test_resolveReport.py ('K') | « sitescripts/reports/tests/test_resolveReport.py ('k') | tox.ini » ('j') | no next file with comments »