Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

The API can now accept auth-less write if PUBLIC_WRITES is True

  • Loading branch information...
commit b15ca76144b5ed208f84e2f00c9f869b9717ac06 1 parent 8c306a9
David Cramer authored gandalfar committed

Showing 2 changed files with 27 additions and 21 deletions. Show diff stats Hide diff stats

  1. +3 0  sentry/conf/__init__.py
  2. +24 21 sentry/web/api.py
3  sentry/conf/__init__.py
@@ -68,6 +68,9 @@ class SentryConfig(object):
68 68
69 69 # Allow access to Sentry without authentication.
70 70 PUBLIC = False
  71 +
  72 + # Allow writes without authentication (including the API)
  73 + PUBLIC_WRITES = False
71 74
72 75 # Maximum length of variables before they get truncated
73 76 MAX_LENGTH_LIST = 50
45 sentry/web/api.py
@@ -20,35 +20,38 @@
20 20
21 21 @app.route('/api/store/', methods=['POST'])
22 22 def store():
23   - if not request.environ.get('AUTHORIZATION', '').startswith('Sentry'):
  23 + has_header = request.environ.get('AUTHORIZATION', '').startswith('Sentry')
  24 + if not (app.config['PUBLIC_WRITES'] or has_header):
24 25 abort(401,'Unauthorized')
25   -
26   - auth_vars = parse_auth_header(request.META['AUTHORIZATION'])
27   -
28   - signature = auth_vars.get('signature')
29   - timestamp = auth_vars.get('timestamp')
30   - nonce = auth_vars.get('nonce')
31 26
32 27 data = request.data
33 28
34   - # TODO: check nonce
  29 +
  30 + if has_header:
  31 + auth_vars = parse_auth_header(request.META['AUTHORIZATION'])
  32 +
  33 + signature = auth_vars.get('signature')
  34 + timestamp = auth_vars.get('timestamp')
  35 + nonce = auth_vars.get('nonce')
35 36
36   - # Signed data packet
37   - if signature and timestamp:
38   - try:
39   - timestamp = float(timestamp)
40   - except ValueError:
41   - abort(400, 'Invalid Timestamp')
  37 + # TODO: check nonce
42 38
43   - if timestamp < time.time() - 3600: # 1 hour
44   - abort(410, 'Message has expired')
  39 + # Signed data packet
  40 + if signature and timestamp:
  41 + try:
  42 + timestamp = float(timestamp)
  43 + except ValueError:
  44 + abort(400, 'Invalid Timestamp')
45 45
46   - if signature != get_mac_signature(app.config['KEY'], data, timestamp, nonce):
47   - abort(403, 'Invalid signature')
48   - else:
49   - abort(401,'Unauthorized')
  46 + if timestamp < time.time() - 3600: # 1 hour
  47 + abort(410, 'Message has expired')
  48 +
  49 + if signature != get_mac_signature(app.config['KEY'], data, timestamp, nonce):
  50 + abort(403, 'Invalid signature')
  51 + else:
  52 + abort(401,'Unauthorized')
50 53
51   - logger = logging.getLogger('sentry.server')
  54 + logger = logging.getLogger('sentry.web.api.store')
52 55
53 56 try:
54 57 data = base64.b64decode(data).decode('zlib')

0 comments on commit b15ca76

Please sign in to comment.
Something went wrong with that request. Please try again.