add an "inline" query parameter to tempurl
Giving the inline query parameter will cause the tempurl response to be given a "Content-Disposition: inline" header, regardless of other query parameters or metadata. This allows easy in-line viewing, eg in browsers. DocImpact Change-Id: Icd5c544d6a749d4f58e8a921968f4e432a2185db
This commit is contained in:
parent
98e5371013
commit
b9efe1cd46
@ -255,7 +255,8 @@ class TempURL(object):
|
|||||||
"""
|
"""
|
||||||
if env['REQUEST_METHOD'] == 'OPTIONS':
|
if env['REQUEST_METHOD'] == 'OPTIONS':
|
||||||
return self.app(env, start_response)
|
return self.app(env, start_response)
|
||||||
temp_url_sig, temp_url_expires, filename = self._get_temp_url_info(env)
|
info = self._get_temp_url_info(env)
|
||||||
|
temp_url_sig, temp_url_expires, filename, inline_disposition = info
|
||||||
if temp_url_sig is None and temp_url_expires is None:
|
if temp_url_sig is None and temp_url_expires is None:
|
||||||
return self.app(env, start_response)
|
return self.app(env, start_response)
|
||||||
if not temp_url_sig or not temp_url_expires:
|
if not temp_url_sig or not temp_url_expires:
|
||||||
@ -291,21 +292,30 @@ class TempURL(object):
|
|||||||
def _start_response(status, headers, exc_info=None):
|
def _start_response(status, headers, exc_info=None):
|
||||||
headers = self._clean_outgoing_headers(headers)
|
headers = self._clean_outgoing_headers(headers)
|
||||||
if env['REQUEST_METHOD'] == 'GET' and status[0] == '2':
|
if env['REQUEST_METHOD'] == 'GET' and status[0] == '2':
|
||||||
already = False
|
# figure out the right value for content-disposition
|
||||||
|
# 1) use the value from the query string
|
||||||
|
# 2) use the value from the object metadata
|
||||||
|
# 3) use the object name (default)
|
||||||
|
out_headers = []
|
||||||
|
existing_disposition = None
|
||||||
for h, v in headers:
|
for h, v in headers:
|
||||||
if h.lower() == 'content-disposition':
|
if h.lower() != 'content-disposition':
|
||||||
already = True
|
out_headers.append((h, v))
|
||||||
break
|
else:
|
||||||
if already and filename:
|
existing_disposition = v
|
||||||
headers = list((h, v) for h, v in headers
|
if inline_disposition:
|
||||||
if h.lower() != 'content-disposition')
|
disposition_value = 'inline'
|
||||||
already = False
|
elif filename:
|
||||||
if not already:
|
disposition_value = 'attachment; filename="%s"' % (
|
||||||
name = filename or basename(env['PATH_INFO'].rstrip('/'))
|
filename.replace('"', '\\"'))
|
||||||
headers.append((
|
elif existing_disposition:
|
||||||
'Content-Disposition',
|
disposition_value = existing_disposition
|
||||||
'attachment; filename="%s"' % (
|
else:
|
||||||
name.replace('"', '\\"'))))
|
name = basename(env['PATH_INFO'].rstrip('/'))
|
||||||
|
disposition_value = 'attachment; filename="%s"' % (
|
||||||
|
name.replace('"', '\\"'))
|
||||||
|
out_headers.append(('Content-Disposition', disposition_value))
|
||||||
|
headers = out_headers
|
||||||
return start_response(status, headers, exc_info)
|
return start_response(status, headers, exc_info)
|
||||||
|
|
||||||
return self.app(env, _start_response)
|
return self.app(env, _start_response)
|
||||||
@ -336,10 +346,10 @@ class TempURL(object):
|
|||||||
expiration (returns 0 if expired).
|
expiration (returns 0 if expired).
|
||||||
|
|
||||||
:param env: The WSGI environment for the request.
|
:param env: The WSGI environment for the request.
|
||||||
:returns: (sig, expires) as described above.
|
:returns: (sig, expires, filename, inline) as described above.
|
||||||
"""
|
"""
|
||||||
temp_url_sig = temp_url_expires = filename = None
|
temp_url_sig = temp_url_expires = filename = inline = None
|
||||||
qs = parse_qs(env.get('QUERY_STRING', ''))
|
qs = parse_qs(env.get('QUERY_STRING', ''), keep_blank_values=True)
|
||||||
if 'temp_url_sig' in qs:
|
if 'temp_url_sig' in qs:
|
||||||
temp_url_sig = qs['temp_url_sig'][0]
|
temp_url_sig = qs['temp_url_sig'][0]
|
||||||
if 'temp_url_expires' in qs:
|
if 'temp_url_expires' in qs:
|
||||||
@ -351,7 +361,9 @@ class TempURL(object):
|
|||||||
temp_url_expires = 0
|
temp_url_expires = 0
|
||||||
if 'filename' in qs:
|
if 'filename' in qs:
|
||||||
filename = qs['filename'][0]
|
filename = qs['filename'][0]
|
||||||
return temp_url_sig, temp_url_expires, filename
|
if 'inline' in qs:
|
||||||
|
inline = True
|
||||||
|
return temp_url_sig, temp_url_expires, filename, inline
|
||||||
|
|
||||||
def _get_keys(self, env, account):
|
def _get_keys(self, env, account):
|
||||||
"""
|
"""
|
||||||
|
@ -146,6 +146,40 @@ class TestTempURL(unittest.TestCase):
|
|||||||
self.assertEquals(req.environ['swift.authorize_override'], True)
|
self.assertEquals(req.environ['swift.authorize_override'], True)
|
||||||
self.assertEquals(req.environ['REMOTE_USER'], '.wsgi.tempurl')
|
self.assertEquals(req.environ['REMOTE_USER'], '.wsgi.tempurl')
|
||||||
|
|
||||||
|
def test_get_valid_with_filename_and_inline(self):
|
||||||
|
method = 'GET'
|
||||||
|
expires = int(time() + 86400)
|
||||||
|
path = '/v1/a/c/o'
|
||||||
|
key = 'abc'
|
||||||
|
hmac_body = '%s\n%s\n%s' % (method, expires, path)
|
||||||
|
sig = hmac.new(key, hmac_body, sha1).hexdigest()
|
||||||
|
req = self._make_request(path, keys=[key], environ={
|
||||||
|
'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s&'
|
||||||
|
'filename=bob%%20%%22killer%%22.txt&inline=' % (sig, expires)})
|
||||||
|
self.tempurl.app = FakeApp(iter([('200 Ok', (), '123')]))
|
||||||
|
resp = req.get_response(self.tempurl)
|
||||||
|
self.assertEquals(resp.status_int, 200)
|
||||||
|
self.assertEquals(resp.headers['content-disposition'], 'inline')
|
||||||
|
self.assertEquals(req.environ['swift.authorize_override'], True)
|
||||||
|
self.assertEquals(req.environ['REMOTE_USER'], '.wsgi.tempurl')
|
||||||
|
|
||||||
|
def test_get_valid_with_inline(self):
|
||||||
|
method = 'GET'
|
||||||
|
expires = int(time() + 86400)
|
||||||
|
path = '/v1/a/c/o'
|
||||||
|
key = 'abc'
|
||||||
|
hmac_body = '%s\n%s\n%s' % (method, expires, path)
|
||||||
|
sig = hmac.new(key, hmac_body, sha1).hexdigest()
|
||||||
|
req = self._make_request(path, keys=[key], environ={
|
||||||
|
'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s&'
|
||||||
|
'inline=' % (sig, expires)})
|
||||||
|
self.tempurl.app = FakeApp(iter([('200 Ok', (), '123')]))
|
||||||
|
resp = req.get_response(self.tempurl)
|
||||||
|
self.assertEquals(resp.status_int, 200)
|
||||||
|
self.assertEquals(resp.headers['content-disposition'], 'inline')
|
||||||
|
self.assertEquals(req.environ['swift.authorize_override'], True)
|
||||||
|
self.assertEquals(req.environ['REMOTE_USER'], '.wsgi.tempurl')
|
||||||
|
|
||||||
def test_obj_trailing_slash(self):
|
def test_obj_trailing_slash(self):
|
||||||
method = 'GET'
|
method = 'GET'
|
||||||
expires = int(time() + 86400)
|
expires = int(time() + 86400)
|
||||||
@ -614,34 +648,44 @@ class TestTempURL(unittest.TestCase):
|
|||||||
self.tempurl._get_temp_url_info(
|
self.tempurl._get_temp_url_info(
|
||||||
{'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s' % (
|
{'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s' % (
|
||||||
s, e)}),
|
s, e)}),
|
||||||
(s, e, None))
|
(s, e, None, None))
|
||||||
self.assertEquals(
|
self.assertEquals(
|
||||||
self.tempurl._get_temp_url_info(
|
self.tempurl._get_temp_url_info(
|
||||||
{'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s&'
|
{'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s&'
|
||||||
'filename=bobisyouruncle' % (s, e)}),
|
'filename=bobisyouruncle' % (s, e)}),
|
||||||
(s, e, 'bobisyouruncle'))
|
(s, e, 'bobisyouruncle', None))
|
||||||
self.assertEquals(
|
self.assertEquals(
|
||||||
self.tempurl._get_temp_url_info({}),
|
self.tempurl._get_temp_url_info({}),
|
||||||
(None, None, None))
|
(None, None, None, None))
|
||||||
self.assertEquals(
|
self.assertEquals(
|
||||||
self.tempurl._get_temp_url_info(
|
self.tempurl._get_temp_url_info(
|
||||||
{'QUERY_STRING': 'temp_url_expires=%s' % e}),
|
{'QUERY_STRING': 'temp_url_expires=%s' % e}),
|
||||||
(None, e, None))
|
(None, e, None, None))
|
||||||
self.assertEquals(
|
self.assertEquals(
|
||||||
self.tempurl._get_temp_url_info(
|
self.tempurl._get_temp_url_info(
|
||||||
{'QUERY_STRING': 'temp_url_sig=%s' % s}),
|
{'QUERY_STRING': 'temp_url_sig=%s' % s}),
|
||||||
(s, None, None))
|
(s, None, None, None))
|
||||||
self.assertEquals(
|
self.assertEquals(
|
||||||
self.tempurl._get_temp_url_info(
|
self.tempurl._get_temp_url_info(
|
||||||
{'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=bad' % (
|
{'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=bad' % (
|
||||||
s)}),
|
s)}),
|
||||||
(s, 0, None))
|
(s, 0, None, None))
|
||||||
|
self.assertEquals(
|
||||||
|
self.tempurl._get_temp_url_info(
|
||||||
|
{'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s&'
|
||||||
|
'inline=' % (s, e)}),
|
||||||
|
(s, e, None, True))
|
||||||
|
self.assertEquals(
|
||||||
|
self.tempurl._get_temp_url_info(
|
||||||
|
{'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s&'
|
||||||
|
'filename=bobisyouruncle&inline=' % (s, e)}),
|
||||||
|
(s, e, 'bobisyouruncle', True))
|
||||||
e = int(time() - 1)
|
e = int(time() - 1)
|
||||||
self.assertEquals(
|
self.assertEquals(
|
||||||
self.tempurl._get_temp_url_info(
|
self.tempurl._get_temp_url_info(
|
||||||
{'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s' % (
|
{'QUERY_STRING': 'temp_url_sig=%s&temp_url_expires=%s' % (
|
||||||
s, e)}),
|
s, e)}),
|
||||||
(s, 0, None))
|
(s, 0, None, None))
|
||||||
|
|
||||||
def test_get_hmac(self):
|
def test_get_hmac(self):
|
||||||
self.assertEquals(
|
self.assertEquals(
|
||||||
|
Loading…
Reference in New Issue
Block a user