Source code for uw.web.wsgi.demo

"""Support for application demonstration versions.

This module allows creating a version of an application in which the user
can pretend to be any user by specifying the userid as an arc of the URL.
This is meant to support the creation of demonstration versions of
applications.
"""
from ll.xist.ns import html

from . import delegate, function, parameter

from .status import HTTPSeeOther

@parameter.use_form_param
@delegate.delegate_get_post
@function.return_html
def demo_form_handler (form, **params):
    """Implement the top-level demo URL, with a form for choosing the userid.

    When requested with no form information, displays a form for entering a
    userid.  With form results containing a userid, redirects to the URL for
    pretending to be that user.
    """
    userid = form.getvalue ('userid')
    if userid is not None:
        # Redirect
        raise HTTPSeeOther (userid + '/')
    else:
        # Display form
        return 'Choose User to Impersonate', html.form (
            html.p (
                'Userid: ',
                html.input (maxlength=8, type="text", name="userid", size=9)
            ),
            action="", method="get"
        )


[docs]class File404 (delegate.DelegateHandler):
    """Wrap a handler; return a 404 for file accesses, otherwise chain.

    If the incoming request has (non-empty) PATH_INFO, chain to the provided
    handler, otherwise chain to no handler (resulting in 404).
    """
    def __init__ (self, handler):
        self.__handler = handler


[docs]    def get_handler (self, environ):
        return None if environ['PATH_INFO'] == '' else self.__handler



[docs]def arc_handler (handler):
    """Selectively replace the usual file_dir_redirect behaviour with 404.

    Some web browsers automatically request /favicon.ico and possibly other
    URLs, which in a demo context results in a redirect to /favicon.ico/,
    leading to error messages when favicon.ico is not the userid of any
    identity.  This replaces the initial response with a 404 instead.
    """
    bad_arcs = [
        "favicon.ico",
    ]
    file404_handler = File404 (handler)
    return (lambda arc_object, **params:
        file404_handler if arc_object in bad_arcs else handler)



[docs]def delegate_demo (handler):
    """Obtain a userid-impersonation handler for demonstration purposes.

    Parameters:

    handler -- the inner WSGI handler.

    The resulting handler dispatches arc requests to the provided handler.
    The arc value is saved in the environment as the $REMOTE_USER variable
    used to determine the identity of the remote user.  This is useful only
    when creating demos in order to allow any user to see and do what other
    users are able to do.  Use of this handler completely defeats any
    authorization checking the contained handler may do.
    """
    def save_arc (arc_object, environ):
        environ['REMOTE_USER'] = arc_object
    return delegate.DelegatePathArc (demo_form_handler,
     delegate.file_dir_redirect,
     get_arc_handler=arc_handler (handler), save_arc=save_arc)