- Hardening GeoNode and cleanup: http_client uses Bearer Auth whenev…

…er it's possible

geonode/api/api.py

@@ -88,11 +88,12 @@ def get_resources_counts(self, options):
             unpublished_not_visible=settings.RESOURCE_PUBLISHING,
             private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES)
 
-        if options['title_filter']:
-            resources = resources.filter(title__icontains=options['title_filter'])
+        if resources and resources.count() > 0:
+            if options['title_filter']:
+                resources = resources.filter(title__icontains=options['title_filter'])
 
-        if options['type_filter']:
-            resources = resources.instance_of(options['type_filter'])
+            if options['type_filter']:
+                resources = resources.instance_of(options['type_filter'])
 
         counts = list(resources.values(options['count_type']).annotate(count=Count(options['count_type'])))
 

geonode/api/authorization.py

@@ -36,9 +36,13 @@ class GeoNodeAuthorization(DjangoAuthorization):
     permission system"""
 
     def read_list(self, object_list, bundle):
-        permitted_ids = get_objects_for_user(
-            bundle.request.user,
-            'base.view_resourcebase').values('id')
+        permitted_ids = []
+        try:
+            permitted_ids = get_objects_for_user(
+                bundle.request.user,
+                'base.view_resourcebase').values('id')
+        except BaseException:
+            pass
 
         return object_list.filter(id__in=permitted_ids)
 

geonode/base/management/commands/backup.py

@@ -85,7 +85,7 @@ def add_arguments(self, parser):
 
     def create_geoserver_backup(self, settings, target_folder):
         # Create GeoServer Backup
-        url = settings.OGC_SERVER['default']['PUBLIC_LOCATION']
+        url = settings.OGC_SERVER['default']['LOCATION']
         user = settings.OGC_SERVER['default']['USER']
         passwd = settings.OGC_SERVER['default']['PASSWORD']
         geoserver_bk_file = os.path.join(target_folder, 'geoserver_catalog.zip')

geonode/base/management/commands/restore.py

@@ -92,7 +92,7 @@ def add_arguments(self, parser):
 
     def restore_geoserver_backup(self, settings, target_folder):
         """Restore GeoServer Catalog"""
-        url = settings.OGC_SERVER['default']['PUBLIC_LOCATION']
+        url = settings.OGC_SERVER['default']['LOCATION']
         user = settings.OGC_SERVER['default']['USER']
         passwd = settings.OGC_SERVER['default']['PASSWORD']
         geoserver_bk_file = os.path.join(target_folder, 'geoserver_catalog.zip')

geonode/base/models.py

@@ -310,38 +310,41 @@ def dump_bulk_tree(cls, parent=None, keep_ids=True):
         """Dumps a tree branch to a python data structure."""
         qset = cls._get_serializable_model().get_tree(parent)
         ret, lnk = [], {}
-        for pyobj in qset:
-            serobj = serializers.serialize('python', [pyobj])[0]
-            # django's serializer stores the attributes in 'fields'
-            fields = serobj['fields']
-            depth = fields['depth'] or 1
-            fields['text'] = fields['name']
-            fields['href'] = fields['slug']
-            del fields['name']
-            del fields['slug']
-            del fields['path']
-            del fields['numchild']
-            del fields['depth']
-            if 'id' in fields:
-                # this happens immediately after a load_bulk
-                del fields['id']
-
-            newobj = {}
-            for field in fields:
-                newobj[field] = fields[field]
-            if keep_ids:
-                newobj['id'] = serobj['pk']
-
-            if (not parent and depth == 1) or\
-               (parent and depth == parent.depth):
-                ret.append(newobj)
-            else:
-                parentobj = pyobj.get_parent()
-                parentser = lnk[parentobj.pk]
-                if 'nodes' not in parentser:
-                    parentser['nodes'] = []
-                parentser['nodes'].append(newobj)
-            lnk[pyobj.pk] = newobj
+        try:
+            for pyobj in qset:
+                serobj = serializers.serialize('python', [pyobj])[0]
+                # django's serializer stores the attributes in 'fields'
+                fields = serobj['fields']
+                depth = fields['depth'] or 1
+                fields['text'] = fields['name']
+                fields['href'] = fields['slug']
+                del fields['name']
+                del fields['slug']
+                del fields['path']
+                del fields['numchild']
+                del fields['depth']
+                if 'id' in fields:
+                    # this happens immediately after a load_bulk
+                    del fields['id']
+
+                newobj = {}
+                for field in fields:
+                    newobj[field] = fields[field]
+                if keep_ids:
+                    newobj['id'] = serobj['pk']
+
+                if (not parent and depth == 1) or\
+                   (parent and depth == parent.depth):
+                    ret.append(newobj)
+                else:
+                    parentobj = pyobj.get_parent()
+                    parentser = lnk[parentobj.pk]
+                    if 'nodes' not in parentser:
+                        parentser['nodes'] = []
+                    parentser['nodes'].append(newobj)
+                lnk[pyobj.pk] = newobj
+        except BaseException:
+            pass
         return ret
 
 

geonode/base/templatetags/base_tags.py

@@ -72,8 +72,12 @@ def facets(context):
     facet_type = context['facet_type'] if 'facet_type' in context else 'all'
 
     if not settings.SKIP_PERMS_FILTER:
-        authorized = get_objects_for_user(
-            request.user, 'base.view_resourcebase').values('id')
+        authorized = []
+        try:
+            authorized = get_objects_for_user(
+                request.user, 'base.view_resourcebase').values('id')
+        except BaseException:
+            pass
 
     if facet_type == 'documents':
 
@@ -176,7 +180,15 @@ def facets(context):
             layers = layers.filter(id__in=authorized)
 
         counts = layers.values('storeType').annotate(count=Count('storeType'))
-        count_dict = dict([(count['storeType'], count['count']) for count in counts])
+
+        counts_array = []
+        try:
+            for count in counts:
+                counts_array.append((count['storeType'], count['count']))
+        except BaseException:
+            pass
+
+        count_dict = dict(counts_array)
 
         vector_time_series = layers.exclude(has_time=False).filter(storeType='dataStore'). \
             values('storeType').annotate(count=Count('storeType'))
@@ -322,8 +334,13 @@ def get_menu(placeholder_name):
 
 @register.inclusion_tag(filename='base/menu.html')
 def render_nav_menu(placeholder_name):
-    menus = {
-        m: MenuItem.objects.filter(menu=m)
-        for m in Menu.objects.filter(placeholder__name=placeholder_name)
-    }
+    menus = {}
+    try:
+        menus = {
+            m: MenuItem.objects.filter(menu=m)
+            for m in Menu.objects.filter(placeholder__name=placeholder_name)
+        }
+    except BaseException:
+        pass
+
     return {'menus': OrderedDict(sorted(menus.items(), key=lambda(k, v): (v, k)))}

geonode/geoserver/helpers.py

@@ -37,7 +37,6 @@
 import urllib
 from urlparse import urlsplit, urlparse, urljoin
 
-from .utils import geoserver_requests_session
 from agon_ratings.models import OverallRating
 from bs4 import BeautifulSoup
 from dialogos.models import Comment
@@ -69,6 +68,8 @@
 import xml.etree.ElementTree as ET
 from django.utils.module_loading import import_string
 
+from .utils import geoserver_requests_session
+
 
 logger = logging.getLogger(__name__)
 
@@ -821,7 +822,9 @@ def set_attributes_from_geoserver(layer, overwrite=False):
             body = req.json()
             attribute_map = [[n["name"], _esri_types[n["type"]]]
                              for n in body["fields"] if n.get("name") and n.get("type")]
-        except Exception:
+        except BaseException:
+            tb = traceback.format_exc()
+            logger.debug(tb)
             attribute_map = []
     elif layer.storeType in ["dataStore", "remoteStore", "wmsStore"]:
         dft_url = re.sub("\/wms\/?$",
@@ -841,7 +844,9 @@ def set_attributes_from_geoserver(layer, overwrite=False):
                 xsd="{http://www.w3.org/2001/XMLSchema}")
             attribute_map = [[n.attrib["name"], n.attrib["type"]] for n in doc.findall(
                 path) if n.attrib.get("name") and n.attrib.get("type")]
-        except Exception:
+        except BaseException:
+            tb = traceback.format_exc()
+            logger.debug(tb)
             attribute_map = []
             # Try WMS instead
             dft_url = server_url + "?" + urllib.urlencode({
@@ -869,7 +874,9 @@ def set_attributes_from_geoserver(layer, overwrite=False):
                     else:
                         field_name = field.string
                     attribute_map.append([field_name, "xsd:string"])
-            except Exception:
+            except BaseException:
+                tb = traceback.format_exc()
+                logger.debug(tb)
                 attribute_map = []
 
     elif layer.storeType in ["coverageStore"]:
@@ -886,7 +893,9 @@ def set_attributes_from_geoserver(layer, overwrite=False):
             path = ".//{wcs}Axis/{wcs}AvailableKeys/{wcs}Key".format(
                 wcs="{http://www.opengis.net/wcs/1.1.1}")
             attribute_map = [[n.text, "raster"] for n in doc.findall(path)]
-        except Exception:
+        except BaseException:
+            tb = traceback.format_exc()
+            logger.debug(tb)
             attribute_map = []
 
     # Get attribute statistics & package for call to really_set_attributes()
@@ -925,6 +934,8 @@ def set_styles(layer, gs_catalog):
         try:
             default_style = gs_layer.default_style or None
         except BaseException:
+            tb = traceback.format_exc()
+            logger.debug(tb)
             pass
 
         if not default_style:
@@ -934,6 +945,8 @@ def set_styles(layer, gs_catalog):
                 gs_layer.default_style = default_style
                 gs_catalog.save(gs_layer)
             except BaseException:
+                tb = traceback.format_exc()
+                logger.debug(tb)
                 logger.exception("GeoServer Layer Default Style issues!")
 
         if default_style:
@@ -943,6 +956,8 @@ def set_styles(layer, gs_catalog):
                 try:
                     gs_catalog.create_style(layer.name, sld_body, raw=True, workspace=layer.workspace)
                 except BaseException:
+                    tb = traceback.format_exc()
+                    logger.debug(tb)
                     pass
                 style = gs_catalog.get_style(layer.name, workspace=layer.workspace)
             else:
@@ -958,6 +973,8 @@ def set_styles(layer, gs_catalog):
                     if alt_style:
                         style_set.append(save_style(alt_style))
         except BaseException:
+            tb = traceback.format_exc()
+            logger.debug(tb)
             pass
 
     layer.styles = style_set
@@ -976,6 +993,8 @@ def save_style(gs_style):
     try:
         style.sld_title = gs_style.sld_title
     except BaseException:
+        tb = traceback.format_exc()
+        logger.debug(tb)
         style.sld_title = gs_style.name
     finally:
         style.sld_body = gs_style.sld_body
@@ -1014,7 +1033,9 @@ def get_attribute_statistics(layer_name, field):
         return None
     try:
         return wps_execute_layer_attribute_statistics(layer_name, field)
-    except Exception:
+    except BaseException:
+        tb = traceback.format_exc()
+        logger.debug(tb)
         logger.exception('Error generating layer aggregate statistics')
 
 

geonode/geoserver/signals.py

@@ -654,9 +654,12 @@ def geoserver_pre_save_maplayer(instance, sender, **kwargs):
 
 def geoserver_post_save_map(instance, sender, **kwargs):
     instance.set_missing_info()
-    logger.info("... Creating Thumbnail for Map [%s]" % (instance.title))
-    thumbnail_task.delay(
-        instance.id,
-        instance.__class__.__name__,
-        overwrite=False,
-        check_bbox=True)
+    logger.info("... Creating Thumbnail for Map [%s]" % (instance))
+    try:
+        thumbnail_task.delay(
+            instance.id,
+            instance.__class__.__name__,
+            overwrite=False,
+            check_bbox=True)
+    except BaseException:
+        logger.warn("!WARNING! - Failure while Creating Thumbnail for Map [%s]" % (instance))

geonode/geoserver/utils.py

@@ -17,10 +17,15 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 #########################################################################
+import logging
 import requests
+import traceback
+
 from requests.adapters import HTTPAdapter
 from requests.packages.urllib3.util.retry import Retry
 
+logger = logging.getLogger(__name__)
+
 requests.packages.urllib3.disable_warnings()
 
 
@@ -48,6 +53,22 @@ def geoserver_requests_session():
     from .helpers import ogc_server_settings
     _user, _password = ogc_server_settings.credentials
     session = requests.Session()
-    session.auth = (_user, _password)
+    access_token = None
+    try:
+        from oauth2_provider.models import AccessToken, get_application_model
+        Application = get_application_model()
+        app = Application.objects.get(name='GeoServer')
+        access_token = AccessToken.objects.filter(
+            user__username=_user,
+            application=app).order_by('-expires').first()
+    except BaseException:
+        tb = traceback.format_exc()
+        logger.error(tb)
+
+    if access_token and not access_token.is_expired():
+        headers = {"Authorization": "Bearer %s" % access_token.token}
+        session.headers.update(headers)
+    else:
+        session.auth = (_user, _password)
     session = requests_retry(session=session)
     return session