Skip to content

Commit 5ee767a

Browse files
committed
Pass urlencoded URL to the oauth handler
1 parent 65b2909 commit 5ee767a

File tree

1 file changed

+46
-16
lines changed

1 file changed

+46
-16
lines changed

tests/src/python/qgis_wrapped_server.py

Lines changed: 46 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -113,16 +113,27 @@
113113
(at your option) any later version.
114114
"""
115115

116+
import copy
117+
import os
118+
import signal
119+
import ssl
120+
import sys
121+
import urllib.parse
122+
123+
from http.server import BaseHTTPRequestHandler, HTTPServer
124+
from qgis.core import QgsApplication
125+
from qgis.server import (QgsBufferServerRequest, QgsBufferServerResponse,
126+
QgsServer, QgsServerRequest)
127+
116128
__author__ = 'Alessandro Pasotti'
117129
__date__ = '05/15/2016'
118130
__copyright__ = 'Copyright 2016, The QGIS Project'
119131
# This will get replaced with a git SHA1 when you do a git archive
120132
__revision__ = '$Format:%H$'
121133

122134

123-
import os
124-
125-
# Needed on Qt 5 so that the serialization of XML is consistent among all executions
135+
# Needed on Qt 5 so that the serialization of XML is consistent among all
136+
# executions
126137
os.environ['QT_HASH_SEED'] = '1'
127138

128139
import sys
@@ -142,7 +153,8 @@
142153
QGIS_SERVER_HOST = os.environ.get('QGIS_SERVER_HOST', '127.0.0.1')
143154

144155
# HTTP Basic
145-
QGIS_SERVER_HTTP_BASIC_AUTH = os.environ.get('QGIS_SERVER_HTTP_BASIC_AUTH', False)
156+
QGIS_SERVER_HTTP_BASIC_AUTH = os.environ.get(
157+
'QGIS_SERVER_HTTP_BASIC_AUTH', False)
146158
QGIS_SERVER_USERNAME = os.environ.get('QGIS_SERVER_USERNAME', 'username')
147159
QGIS_SERVER_PASSWORD = os.environ.get('QGIS_SERVER_PASSWORD', 'password')
148160

@@ -153,12 +165,16 @@
153165
QGIS_SERVER_PKI_USERNAME = os.environ.get('QGIS_SERVER_PKI_USERNAME')
154166

155167
# OAuth2 authentication
156-
QGIS_SERVER_OAUTH2_CERTIFICATE = os.environ.get('QGIS_SERVER_OAUTH2_CERTIFICATE')
168+
QGIS_SERVER_OAUTH2_CERTIFICATE = os.environ.get(
169+
'QGIS_SERVER_OAUTH2_CERTIFICATE')
157170
QGIS_SERVER_OAUTH2_KEY = os.environ.get('QGIS_SERVER_OAUTH2_KEY')
158171
QGIS_SERVER_OAUTH2_AUTHORITY = os.environ.get('QGIS_SERVER_OAUTH2_AUTHORITY')
159-
QGIS_SERVER_OAUTH2_USERNAME = os.environ.get('QGIS_SERVER_OAUTH2_USERNAME', 'username')
160-
QGIS_SERVER_OAUTH2_PASSWORD = os.environ.get('QGIS_SERVER_OAUTH2_PASSWORD', 'password')
161-
QGIS_SERVER_OAUTH2_TOKEN_EXPIRES_IN = os.environ.get('QGIS_SERVER_OAUTH2_TOKEN_EXPIRES_IN', 3600)
172+
QGIS_SERVER_OAUTH2_USERNAME = os.environ.get(
173+
'QGIS_SERVER_OAUTH2_USERNAME', 'username')
174+
QGIS_SERVER_OAUTH2_PASSWORD = os.environ.get(
175+
'QGIS_SERVER_OAUTH2_PASSWORD', 'password')
176+
QGIS_SERVER_OAUTH2_TOKEN_EXPIRES_IN = os.environ.get(
177+
'QGIS_SERVER_OAUTH2_TOKEN_EXPIRES_IN', 3600)
162178

163179
# Check if PKI is enabled
164180
QGIS_SERVER_PKI_AUTH = (
@@ -218,7 +234,8 @@ def responseComplete(self):
218234
# No auth ...
219235
handler.clear()
220236
handler.setResponseHeader('Status', '401 Authorization required')
221-
handler.setResponseHeader('WWW-Authenticate', 'Basic realm="QGIS Server"')
237+
handler.setResponseHeader(
238+
'WWW-Authenticate', 'Basic realm="QGIS Server"')
222239
handler.appendBody(b'<h1>Authorization required</h1>')
223240

224241
filter = HTTPBasicFilter(qgs_server.serverInterface())
@@ -307,7 +324,8 @@ def save_bearer_token(self, token, request, *args, **kwargs):
307324
# access_token and the refresh_token and set expiration for the
308325
# access_token to now + expires_in seconds.
309326
_tokens[token['access_token']] = copy.copy(token)
310-
_tokens[token['access_token']]['expiration'] = datetime.now().timestamp() + int(token['expires_in'])
327+
_tokens[token['access_token']]['expiration'] = datetime.now(
328+
).timestamp() + int(token['expires_in'])
311329

312330
def validate_bearer_token(self, token, scopes, request):
313331
"""Check the token"""
@@ -325,7 +343,8 @@ def get_original_scopes(self, refresh_token, request, *args, **kwargs):
325343
return []
326344

327345
validator = SimpleValidator()
328-
oauth_server = LegacyApplicationServer(validator, token_expires_in=QGIS_SERVER_OAUTH2_TOKEN_EXPIRES_IN)
346+
oauth_server = LegacyApplicationServer(
347+
validator, token_expires_in=QGIS_SERVER_OAUTH2_TOKEN_EXPIRES_IN)
329348

330349
class OAuth2Filter(QgsServerFilter):
331350
"""This filter provides testing endpoint for OAuth2 Resource Owner Grant Flow
@@ -349,7 +368,8 @@ def _token(ttl):
349368
old_expires_in = oauth_server.default_token_type.expires_in
350369
# Hacky way to dynamically set token expiration time
351370
oauth_server.default_token_type.expires_in = ttl
352-
headers, payload, code = oauth_server.create_token_response('/token', 'post', body, {})
371+
headers, payload, code = oauth_server.create_token_response(
372+
'/token', 'post', body, {})
353373
oauth_server.default_token_type.expires_in = old_expires_in
354374
for k, v in headers.items():
355375
handler.setResponseHeader(k, v)
@@ -371,9 +391,11 @@ def _token(ttl):
371391
# Check for valid token
372392
auth = handler.requestHeader('HTTP_AUTHORIZATION')
373393
if auth:
374-
result, response = oauth_server.verify_request(handler.url(), 'post', '', {'Authorization': auth})
394+
result, response = oauth_server.verify_request(
395+
urllib.parse.quote_plus(handler.url(), safe='/:?=&'), 'post', '', {'Authorization': auth})
375396
if result:
376-
# This is a test endpoint for OAuth2, it requires a valid token
397+
# This is a test endpoint for OAuth2, it requires a valid
398+
# token
377399
if handler.url().find('/result') != -1:
378400
handler.clear()
379401
handler.appendBody(b'Valid Token: enjoy OAuth2')
@@ -387,7 +409,8 @@ def _token(ttl):
387409
handler.clear()
388410
handler.setStatusCode(401)
389411
handler.setResponseHeader('Status', '401 Unauthorized')
390-
handler.setResponseHeader('WWW-Authenticate', 'Bearer realm="QGIS Server"')
412+
handler.setResponseHeader(
413+
'WWW-Authenticate', 'Bearer realm="QGIS Server"')
391414
handler.appendBody(b'Invalid Token: Authorization required.')
392415

393416
filter = OAuth2Filter(qgs_server.serverInterface())
@@ -401,10 +424,17 @@ def do_GET(self, post_body=None):
401424
# CGI vars:
402425
headers = {}
403426
for k, v in self.headers.items():
427+
<<<<<<< a7fb4238893336c8d5b2b4802f63588175e70c83
404428
headers['HTTP_%s' % k.replace(' ', '-').replace('-', '_').replace(' ', '-').upper()] = v
405429
if not self.path.startswith('http'):
406430
self.path = "%s://%s:%s%s" % ('https' if https else 'http', QGIS_SERVER_HOST, self.server.server_port, self.path)
407431
request = QgsBufferServerRequest(self.path, (QgsServerRequest.PostMethod if post_body is not None else QgsServerRequest.GetMethod), headers, post_body)
432+
=======
433+
headers['HTTP_%s' % k.replace(
434+
' ', '-').replace('-', '_').replace(' ', '-').upper()] = v
435+
request = QgsBufferServerRequest(
436+
self.path, (QgsServerRequest.PostMethod if post_body is not None else QgsServerRequest.GetMethod), headers, post_body)
437+
>>>>>>> Pass urlencoded URL to the oauth handler
408438
response = QgsBufferServerResponse()
409439
qgs_server.handleRequest(request, response)
410440

@@ -455,7 +485,7 @@ class ThreadedHTTPServer(ThreadingMixIn, HTTPServer):
455485
ca_certs=QGIS_SERVER_OAUTH2_AUTHORITY,
456486
keyfile=QGIS_SERVER_OAUTH2_KEY,
457487
server_side=True,
458-
#cert_reqs=ssl.CERT_REQUIRED, # No certs for OAuth2
488+
# cert_reqs=ssl.CERT_REQUIRED, # No certs for OAuth2
459489
ssl_version=ssl.PROTOCOL_TLSv1)
460490
else:
461491
server.socket = ssl.wrap_socket(

0 commit comments

Comments
 (0)