Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code

Unified Diff: sitescripts/reports/web/resolveReport.py

Issue 29584613: #4431 - Introduce sitescripts.reports.web.resolveReport handler (Closed)
Patch Set: Created Oct. 20, 2017, 1:46 p.m.
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: sitescripts/reports/web/resolveReport.py
===================================================================
new file mode 100644
--- /dev/null
+++ b/sitescripts/reports/web/resolveReport.py
@@ -0,0 +1,69 @@
+# This file is part of the Adblock Plus web scripts,
+# Copyright (C) 2006-present eyeo GmbH
+#
+# Adblock Plus is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3 as
+# published by the Free Software Foundation.
+#
+# Adblock Plus is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Adblock Plus. If not, see <http://www.gnu.org/licenses/>.
+
+import base64
+
+from cryptography.hazmat.primitives.ciphers import aead
+from cryptography.exceptions import InvalidTag
+
+from sitescripts.utils import get_config
+from sitescripts.web import url_handler
+
+CONF_SECTION = 'reports_anonymization'
+CONF_KEY_KEY = 'encryption_key'
+CONF_URL_KEY = 'redirect_url'
+
+
+def _decrypt_report_id(guid):
+ """Decrypt and verify the report id.
+
+ Returns
+ -------
+ str or None
+ Decrypted id if successfully decrypted, None otherwise.
+
+ """
+ config = get_config()
+ key = base64.b64decode(config.get(CONF_SECTION, CONF_KEY_KEY))
+
+ # https://cryptography.io/en/latest/hazmat/primitives/aead/
+ aes_gcm = aead.AESGCM(key)
+
+ try:
+ encoded_nonce, encoded_data = guid.split(',', 1)
+ nonce = base64.b64decode(encoded_nonce)
+ encypted_data = base64.b64decode(encoded_data)
+ return aes_gcm.decrypt(nonce, encypted_data, None)
+ except (ValueError, TypeError, InvalidTag):
mathias 2017/10/24 14:53:44 Exceptions should get logged (they'll appear in ou
Vasily Kuznetsov 2017/10/24 15:36:58 Done.
+ return None
+
+
+@url_handler('/resolveReport')
+def resolve_report(environ, start_response):
+ """Decrypt report guid and redirect to report URL."""
+ config = get_config()
+ redirect_url_template = config.get(CONF_SECTION, CONF_URL_KEY)
+
+ guid = environ.get('QUERY_STRING', '')
+ report_id = _decrypt_report_id(guid)
+
+ if report_id is None:
+ code, message, headers = 404, 'Not Found', []
mathias 2017/10/24 14:53:45 Please use httplib.NOT_FOUND. even if (or, for edu
Vasily Kuznetsov 2017/10/24 15:36:57 Done.
+ else:
+ location = redirect_url_template.format(report_id=report_id)
+ code, message, headers = 302, 'Found', [('Location', location)]
mathias 2017/10/24 14:53:44 Same here, httplib.FOUND should do the trick.
Vasily Kuznetsov 2017/10/24 15:36:58 Done.
+
+ start_response('{} {}'.format(code, message), headers)
mathias 2017/10/24 14:53:44 Why don't you get the message via lookup based on
Vasily Kuznetsov 2017/10/24 15:36:57 Done.
+ return [message]

Powered by Google App Engine
This is Rietveld