From da3e135879cdb2dfaa2746c414c3d36e5d3c4a36 Mon Sep 17 00:00:00 2001 From: mauritsvanrees Date: Mon, 15 Jan 2018 18:35:37 +0100 Subject: [PATCH] [fc] Repository: plone.protect Branch: refs/heads/master Date: 2018-01-12T00:28:44+01:00 Author: Harald Friessnegger (frisi) Commit: https://github.com/plone/plone.protect/commit/bd393995c78e5d74e69c7c1fa794a9cd30a66b2e do not log a warning for empty responses if a text/html response does not contain any data (eg empty page for an ajax request) we do not log a warning that no csrf token could be added this fixes #15 Files changed: M CHANGES.rst M plone/protect/auto.py M plone/protect/tests/testAuto.py Repository: plone.protect Branch: refs/heads/master Date: 2018-01-15T14:56:38+01:00 Author: Harald Friessnegger (frisi) Commit: https://github.com/plone/plone.protect/commit/6c314bd15e75c2b02c069c252f9b2e3ec916544f simplify condition Files changed: M plone/protect/auto.py Repository: plone.protect Branch: refs/heads/master Date: 2018-01-15T18:35:37+01:00 Author: Maurits van Rees (mauritsvanrees) Commit: https://github.com/plone/plone.protect/commit/ad4456d6f9c41ee70efef8e252bd8f8508ded20d Merge pull request #69 from plone/no-warning-when-empty do not log a warning for empty responses Files changed: M CHANGES.rst M plone/protect/auto.py M plone/protect/tests/testAuto.py --- last_commit.txt | 769 ++++++++++++------------------------------------ 1 file changed, 194 insertions(+), 575 deletions(-) diff --git a/last_commit.txt b/last_commit.txt index d413cedbe3..5fab505563 100644 --- a/last_commit.txt +++ b/last_commit.txt @@ -1,613 +1,232 @@ -Repository: plone.uuid +Repository: plone.protect Branch: refs/heads/master -Date: 2018-01-09T10:09:46+01:00 -Author: Johannes Raggam (thet) -Commit: https://github.com/plone/plone.uuid/commit/829e8ebc5444f7ae260a771d01860b69857ca4cb +Date: 2018-01-12T00:28:44+01:00 +Author: Harald Friessnegger (frisi) +Commit: https://github.com/plone/plone.protect/commit/bd393995c78e5d74e69c7c1fa794a9cd30a66b2e -Fix documentation and uuid generator class name to reflect the fact that we use the uuid4 implementation instead of uuid1. +do not log a warning for empty responses + +if a text/html response does not contain any data (eg empty page for an ajax request) +we do not log a warning that no csrf token could be added + +this fixes #15 Files changed: M CHANGES.rst -M README.rst -M plone/uuid/configure.zcml -M plone/uuid/generator.py +M plone/protect/auto.py +M plone/protect/tests/testAuto.py diff --git a/CHANGES.rst b/CHANGES.rst -index 4393c65..535d4f6 100644 +index 07a6237..cffa53c 100644 --- a/CHANGES.rst +++ b/CHANGES.rst -@@ -17,6 +17,10 @@ Bug fixes: - - Fix package dependencies. - [gforcada] - -+- Fix documentation and uuid generator class name to reflect the fact that we use the ``uuid4`` implementation instead of ``uuid1``. -+ [thet] -+ -+ - 1.0.4 (2016-06-02) - ------------------ - -@@ -28,6 +32,7 @@ Bug fixes: - - Fixed issues preventing tests passing on Python 3 - [datakurre] - -+ - 1.0.3 (2012-05-31) - ------------------ - -@@ -39,12 +44,14 @@ Bug fixes: - copy event, where original and destination should have distinct UUID. - [seanupton] - -+ - 1.0.2 - 2011-10-18 - ------------------ - - - Generate UUID without dashes. - [elro] - -+ - 1.0.1 - 2011-05-20 - ------------------ - -@@ -52,6 +59,7 @@ Bug fixes: - See http://plone.org/foundation/materials/foundation-resolutions/plone-framework-components-relicensing-policy - [davisagli] - -+ - 1.0 - 2011-05-13 - ---------------- - -diff --git a/README.rst b/README.rst -index dc4b598..f6c26c7 100644 ---- a/README.rst -+++ b/README.rst -@@ -5,7 +5,7 @@ This is a minimal package that can be used to obtain a universally unique - identifier (UUID) for an object. - - The default implementation uses the Python standard library ``uuid`` module --to generate an RFC 4122-compliant UUID, using the ``uuid1()`` function. It -+to generate an RFC 4122-compliant UUID, using the ``uuid4()`` function. It - will assign a UUID upon object creation (by subscribing to - ``IObjectCreatedEvent`` from ``zope.lifecycleevent``) and store it in an - attribute on the object. -@@ -70,8 +70,9 @@ There are two primary customisation points for this package: - - * You can change the default UUID generating algorithm by overriding the - unnamed utility providing the ``IUUIDGenerator`` interface. The default -- implementation simply calls ``uuid.uuid1()`` and casts the result to a -+ implementation simply calls ``uuid.uuid4()`` and casts the result to a - ``str``. -+ - * You can change the UUID storage by providing a custom ``IUUID`` adapter - implementation. If you do this, you must also provide a mechanism for - assigning UUIDs upon object creation, usually via an event handler. To -diff --git a/plone/uuid/configure.zcml b/plone/uuid/configure.zcml -index 82bfb9a..ab4a706 100644 ---- a/plone/uuid/configure.zcml -+++ b/plone/uuid/configure.zcml -@@ -14,7 +14,7 @@ - - - -- -+ - - - \n
' ++ '
\n')], 'utf-8') ++ self.failUnless('_authenticator' in result.serialize()) + + +Repository: plone.protect Branch: refs/heads/master -Date: 2018-01-09T10:09:46+01:00 -Author: Johannes Raggam (thet) -Commit: https://github.com/plone/plone.uuid/commit/282c1e340eef46c6a4498de22428b5434abbb54a +Date: 2018-01-15T14:56:38+01:00 +Author: Harald Friessnegger (frisi) +Commit: https://github.com/plone/plone.protect/commit/6c314bd15e75c2b02c069c252f9b2e3ec916544f -utf 8 headers, import sorting +simplify condition Files changed: -M plone/__init__.py -M plone/uuid/__init__.py -M plone/uuid/adapter.py -M plone/uuid/browser.py -M plone/uuid/configure.zcml -M plone/uuid/generator.py -M plone/uuid/handlers.py -M plone/uuid/interfaces.py -M plone/uuid/tests.py -M setup.py - -diff --git a/plone/__init__.py b/plone/__init__.py -index f48ad10..68c04af 100644 ---- a/plone/__init__.py -+++ b/plone/__init__.py -@@ -1,6 +1,2 @@ --# See http://peak.telecommunity.com/DevCenter/setuptools#namespace-packages --try: -- __import__('pkg_resources').declare_namespace(__name__) --except ImportError: -- from pkgutil import extend_path -- __path__ = extend_path(__path__, __name__) -+# -*- coding: utf-8 -*- -+__import__('pkg_resources').declare_namespace(__name__) -diff --git a/plone/uuid/__init__.py b/plone/uuid/__init__.py -index b191f1b..40a96af 100644 ---- a/plone/uuid/__init__.py -+++ b/plone/uuid/__init__.py -@@ -1 +1 @@ --# -*- extra stuff goes here -*- -+# -*- coding: utf-8 -*- -diff --git a/plone/uuid/adapter.py b/plone/uuid/adapter.py -index bd3cebf..dcc2946 100644 ---- a/plone/uuid/adapter.py -+++ b/plone/uuid/adapter.py -@@ -1,7 +1,7 @@ --from zope import interface --from zope import component -- -+# -*- coding: utf-8 -*- - from plone.uuid import interfaces -+from zope import component -+from zope import interface - - - @interface.implementer(interfaces.IUUID) -diff --git a/plone/uuid/browser.py b/plone/uuid/browser.py -index 5a24bd0..2052ada 100644 ---- a/plone/uuid/browser.py -+++ b/plone/uuid/browser.py -@@ -1,7 +1,10 @@ --from zope.publisher.browser import BrowserView -+# -*- coding: utf-8 -*- - from plone.uuid.interfaces import IUUID -+from zope.publisher.browser import BrowserView - - import sys -+ -+ - if sys.version_info >= (3,): - text_type = str - else: -diff --git a/plone/uuid/configure.zcml b/plone/uuid/configure.zcml -index ab4a706..e399af5 100644 ---- a/plone/uuid/configure.zcml -+++ b/plone/uuid/configure.zcml -@@ -5,23 +5,23 @@ - xmlns:i18n="http://namespaces.zope.org/i18n" - i18n_domain="plone.uuid"> - -- -- -+ -+ - -- -- -- -+ -+ -+ - -- -- -- -- -+ -+ -+ -+ - -- -+ - - -diff --git a/plone/uuid/generator.py b/plone/uuid/generator.py -index a5fbb62..8387122 100644 ---- a/plone/uuid/generator.py -+++ b/plone/uuid/generator.py -@@ -1,3 +1,4 @@ -+# -*- coding: utf-8 -*- - from plone.uuid.interfaces import IUUIDGenerator - from zope.deprecation import deprecate - from zope.interface import implementer -diff --git a/plone/uuid/handlers.py b/plone/uuid/handlers.py -index a3d0b68..f9999fe 100644 ---- a/plone/uuid/handlers.py -+++ b/plone/uuid/handlers.py -@@ -1,13 +1,12 @@ -+# -*- coding: utf-8 -*- -+from plone.uuid.interfaces import ATTRIBUTE_NAME -+from plone.uuid.interfaces import IAttributeUUID -+from plone.uuid.interfaces import IUUIDGenerator - from zope.component import adapter - from zope.component import queryUtility +M plone/protect/auto.py + +diff --git a/plone/protect/auto.py b/plone/protect/auto.py +index 3324372..f1bd0f9 100644 +--- a/plone/protect/auto.py ++++ b/plone/protect/auto.py +@@ -107,12 +107,10 @@ def parseTree(self, result, encoding): + 'compress',): + return None + +- if isinstance(result, list): ++ if isinstance(result, list) and len(result) == 1: + # do not parse empty strings to omit warning log message +- if len(result) == 1: +- if result[0].strip() == u'': +- return None - --from zope.lifecycleevent.interfaces import IObjectCreatedEvent - from zope.lifecycleevent.interfaces import IObjectCopiedEvent -+from zope.lifecycleevent.interfaces import IObjectCreatedEvent - --from plone.uuid.interfaces import IUUIDGenerator --from plone.uuid.interfaces import IAttributeUUID ++ if not result[0].strip(): ++ return None + try: + result = getHTMLSerializer( + result, pretty_print=False, encoding=encoding) +@@ -139,7 +137,6 @@ def transformUnicode(self, result, encoding): + def transformIterable(self, result, encoding): + """Apply the transform if required + """ - --from plone.uuid.interfaces import ATTRIBUTE_NAME + # before anything, do the clickjacking protection + if ( + X_FRAME_OPTIONS and +@@ -320,6 +317,7 @@ def isActionInSite(self, action, current_url): + return True - try: - from Acquisition import aq_base -diff --git a/plone/uuid/interfaces.py b/plone/uuid/interfaces.py -index 66d29bb..4bd4823 100644 ---- a/plone/uuid/interfaces.py -+++ b/plone/uuid/interfaces.py -@@ -1,5 +1,7 @@ -+# -*- coding: utf-8 -*- - from zope.interface import Interface - -+ - ATTRIBUTE_NAME = '_plone.uuid' - - -diff --git a/plone/uuid/tests.py b/plone/uuid/tests.py -index 0f603a4..b433e4b 100644 ---- a/plone/uuid/tests.py -+++ b/plone/uuid/tests.py -@@ -1,6 +1,8 @@ -+# -*- coding: utf-8 -*- -+import sys - import unittest - --import sys -+ - if sys.version_info >= (3,): - text_type = str - else: -diff --git a/setup.py b/setup.py -index 1623b71..2aa3e86 100644 ---- a/setup.py -+++ b/setup.py -@@ -1,4 +1,7 @@ --from setuptools import setup, find_packages -+# -*- coding: utf-8 -*- -+from setuptools import find_packages -+from setuptools import setup + def transform(self, result, encoding): + - - version = '1.0.5.dev0' - + result = self.parseTree(result, encoding) + if result is None: + return None -Repository: plone.uuid +Repository: plone.protect Branch: refs/heads/master -Date: 2018-01-10T00:46:39+01:00 -Author: Johannes Raggam (thet) -Commit: https://github.com/plone/plone.uuid/commit/67b59b8e9d4c62d81b56331c071fa18513bf296f +Date: 2018-01-15T18:35:37+01:00 +Author: Maurits van Rees (mauritsvanrees) +Commit: https://github.com/plone/plone.protect/commit/ad4456d6f9c41ee70efef8e252bd8f8508ded20d -Merge pull request #6 from plone/thet-fixdoc +Merge pull request #69 from plone/no-warning-when-empty -doc fix: uuid4 instead uuid1 +do not log a warning for empty responses Files changed: M CHANGES.rst -M README.rst -M plone/__init__.py -M plone/uuid/__init__.py -M plone/uuid/adapter.py -M plone/uuid/browser.py -M plone/uuid/configure.zcml -M plone/uuid/generator.py -M plone/uuid/handlers.py -M plone/uuid/interfaces.py -M plone/uuid/tests.py -M setup.py +M plone/protect/auto.py +M plone/protect/tests/testAuto.py diff --git a/CHANGES.rst b/CHANGES.rst -index 4393c65..535d4f6 100644 +index 07a6237..cffa53c 100644 --- a/CHANGES.rst +++ b/CHANGES.rst -@@ -17,6 +17,10 @@ Bug fixes: - - Fix package dependencies. - [gforcada] - -+- Fix documentation and uuid generator class name to reflect the fact that we use the ``uuid4`` implementation instead of ``uuid1``. -+ [thet] -+ -+ - 1.0.4 (2016-06-02) - ------------------ - -@@ -28,6 +32,7 @@ Bug fixes: - - Fixed issues preventing tests passing on Python 3 - [datakurre] - -+ - 1.0.3 (2012-05-31) - ------------------ - -@@ -39,12 +44,14 @@ Bug fixes: - copy event, where original and destination should have distinct UUID. - [seanupton] - -+ - 1.0.2 - 2011-10-18 - ------------------ - - - Generate UUID without dashes. - [elro] - -+ - 1.0.1 - 2011-05-20 - ------------------ - -@@ -52,6 +59,7 @@ Bug fixes: - See http://plone.org/foundation/materials/foundation-resolutions/plone-framework-components-relicensing-policy - [davisagli] - -+ - 1.0 - 2011-05-13 - ---------------- - -diff --git a/README.rst b/README.rst -index dc4b598..f6c26c7 100644 ---- a/README.rst -+++ b/README.rst -@@ -5,7 +5,7 @@ This is a minimal package that can be used to obtain a universally unique - identifier (UUID) for an object. - - The default implementation uses the Python standard library ``uuid`` module --to generate an RFC 4122-compliant UUID, using the ``uuid1()`` function. It -+to generate an RFC 4122-compliant UUID, using the ``uuid4()`` function. It - will assign a UUID upon object creation (by subscribing to - ``IObjectCreatedEvent`` from ``zope.lifecycleevent``) and store it in an - attribute on the object. -@@ -70,8 +70,9 @@ There are two primary customisation points for this package: - - * You can change the default UUID generating algorithm by overriding the - unnamed utility providing the ``IUUIDGenerator`` interface. The default -- implementation simply calls ``uuid.uuid1()`` and casts the result to a -+ implementation simply calls ``uuid.uuid4()`` and casts the result to a - ``str``. -+ - * You can change the UUID storage by providing a custom ``IUUID`` adapter - implementation. If you do this, you must also provide a mechanism for - assigning UUIDs upon object creation, usually via an event handler. To -diff --git a/plone/__init__.py b/plone/__init__.py -index f48ad10..68c04af 100644 ---- a/plone/__init__.py -+++ b/plone/__init__.py -@@ -1,6 +1,2 @@ --# See http://peak.telecommunity.com/DevCenter/setuptools#namespace-packages --try: -- __import__('pkg_resources').declare_namespace(__name__) --except ImportError: -- from pkgutil import extend_path -- __path__ = extend_path(__path__, __name__) -+# -*- coding: utf-8 -*- -+__import__('pkg_resources').declare_namespace(__name__) -diff --git a/plone/uuid/__init__.py b/plone/uuid/__init__.py -index b191f1b..40a96af 100644 ---- a/plone/uuid/__init__.py -+++ b/plone/uuid/__init__.py -@@ -1 +1 @@ --# -*- extra stuff goes here -*- -+# -*- coding: utf-8 -*- -diff --git a/plone/uuid/adapter.py b/plone/uuid/adapter.py -index bd3cebf..dcc2946 100644 ---- a/plone/uuid/adapter.py -+++ b/plone/uuid/adapter.py -@@ -1,7 +1,7 @@ --from zope import interface --from zope import component -- -+# -*- coding: utf-8 -*- - from plone.uuid import interfaces -+from zope import component -+from zope import interface - - - @interface.implementer(interfaces.IUUID) -diff --git a/plone/uuid/browser.py b/plone/uuid/browser.py -index 5a24bd0..2052ada 100644 ---- a/plone/uuid/browser.py -+++ b/plone/uuid/browser.py -@@ -1,7 +1,10 @@ --from zope.publisher.browser import BrowserView -+# -*- coding: utf-8 -*- - from plone.uuid.interfaces import IUUID -+from zope.publisher.browser import BrowserView - - import sys -+ -+ - if sys.version_info >= (3,): - text_type = str - else: -diff --git a/plone/uuid/configure.zcml b/plone/uuid/configure.zcml -index 82bfb9a..e399af5 100644 ---- a/plone/uuid/configure.zcml -+++ b/plone/uuid/configure.zcml -@@ -5,23 +5,23 @@ - xmlns:i18n="http://namespaces.zope.org/i18n" - i18n_domain="plone.uuid"> - -- -- -+ -+ - -- -- -- -+ -+ -+ - -- -- -- -- -+ -+ -+ -+ - -- -+ - - -diff --git a/plone/uuid/generator.py b/plone/uuid/generator.py -index 371ee70..8387122 100644 ---- a/plone/uuid/generator.py -+++ b/plone/uuid/generator.py -@@ -1,11 +1,13 @@ --import uuid -- --from zope.interface import implementer -+# -*- coding: utf-8 -*- - from plone.uuid.interfaces import IUUIDGenerator -+from zope.deprecation import deprecate -+from zope.interface import implementer -+ -+import uuid - - - @implementer(IUUIDGenerator) --class UUID1Generator(object): -+class UUID4Generator(object): - """Default UUID implementation. - - Uses uuid.uuid4() -@@ -13,3 +15,12 @@ class UUID1Generator(object): - - def __call__(self): - return uuid.uuid4().hex -+ -+ -+@deprecate( -+ 'UUID1Generator was renamed to UUID4Generator, as we use uuid4 instead of ' -+ 'uuid1. Please use UUID4Generator instead.' -+) -+class UUID1Generator(UUID4Generator): -+ """BBB. Remove with next major version. -+ """ -diff --git a/plone/uuid/handlers.py b/plone/uuid/handlers.py -index a3d0b68..f9999fe 100644 ---- a/plone/uuid/handlers.py -+++ b/plone/uuid/handlers.py -@@ -1,13 +1,12 @@ -+# -*- coding: utf-8 -*- -+from plone.uuid.interfaces import ATTRIBUTE_NAME -+from plone.uuid.interfaces import IAttributeUUID -+from plone.uuid.interfaces import IUUIDGenerator - from zope.component import adapter - from zope.component import queryUtility -- --from zope.lifecycleevent.interfaces import IObjectCreatedEvent - from zope.lifecycleevent.interfaces import IObjectCopiedEvent -+from zope.lifecycleevent.interfaces import IObjectCreatedEvent - --from plone.uuid.interfaces import IUUIDGenerator --from plone.uuid.interfaces import IAttributeUUID +@@ -14,7 +14,9 @@ New features: + + Bug fixes: + +-- *add item here* ++- Transform does not log a warning for empty responses ++ (Fixes https://github.com/plone/plone.protect/issues/15) ++ [fRiSi] + + + 3.1.1 (2017-08-27) +diff --git a/plone/protect/auto.py b/plone/protect/auto.py +index 2a37578..f1bd0f9 100644 +--- a/plone/protect/auto.py ++++ b/plone/protect/auto.py +@@ -107,6 +107,10 @@ def parseTree(self, result, encoding): + 'compress',): + return None + ++ if isinstance(result, list) and len(result) == 1: ++ # do not parse empty strings to omit warning log message ++ if not result[0].strip(): ++ return None + try: + result = getHTMLSerializer( + result, pretty_print=False, encoding=encoding) +@@ -133,7 +137,6 @@ def transformUnicode(self, result, encoding): + def transformIterable(self, result, encoding): + """Apply the transform if required + """ - --from plone.uuid.interfaces import ATTRIBUTE_NAME - - try: - from Acquisition import aq_base -diff --git a/plone/uuid/interfaces.py b/plone/uuid/interfaces.py -index 66d29bb..4bd4823 100644 ---- a/plone/uuid/interfaces.py -+++ b/plone/uuid/interfaces.py -@@ -1,5 +1,7 @@ -+# -*- coding: utf-8 -*- - from zope.interface import Interface - -+ - ATTRIBUTE_NAME = '_plone.uuid' - - -diff --git a/plone/uuid/tests.py b/plone/uuid/tests.py -index 0f603a4..b433e4b 100644 ---- a/plone/uuid/tests.py -+++ b/plone/uuid/tests.py -@@ -1,6 +1,8 @@ -+# -*- coding: utf-8 -*- -+import sys - import unittest - --import sys -+ - if sys.version_info >= (3,): - text_type = str - else: -diff --git a/setup.py b/setup.py -index 1623b71..2aa3e86 100644 ---- a/setup.py -+++ b/setup.py -@@ -1,4 +1,7 @@ --from setuptools import setup, find_packages -+# -*- coding: utf-8 -*- -+from setuptools import find_packages -+from setuptools import setup -+ - - version = '1.0.5.dev0' - + # before anything, do the clickjacking protection + if ( + X_FRAME_OPTIONS and +@@ -314,6 +317,7 @@ def isActionInSite(self, action, current_url): + return True + + def transform(self, result, encoding): ++ + result = self.parseTree(result, encoding) + if result is None: + return None +diff --git a/plone/protect/tests/testAuto.py b/plone/protect/tests/testAuto.py +index e3394a4..6ae1252 100644 +--- a/plone/protect/tests/testAuto.py ++++ b/plone/protect/tests/testAuto.py +@@ -182,3 +182,26 @@ def test_safe_write_empty_returns_true(self): + transform = ProtectTransform(self.portal, self.request) + transform._registered_objects = lambda: [self.portal] + self.assertTrue(transform._check()) ++ ++class TestAutoTransform(unittest.TestCase): ++ layer = PROTECT_FUNCTIONAL_TESTING ++ ++ def setUp(self): ++ self.portal = self.layer['portal'] ++ self.request = self.layer['request'] ++ self.request.response.setHeader('Content-Type', 'text/html') ++ self.request.REQUEST_METHOD = 'POST' ++ ++ def test_empty_no_error(self): ++ # empty pages (eg. tiles or ajax requests) should not lead to ++ # transform errors or warnings ++ transform = ProtectTransform(self.portal, self.request) ++ result = transform.transform(['\n'], 'utf-8') ++ self.assertEqual(result, None) ++ ++ def test_html(self): ++ transform = ProtectTransform(self.portal, self.request) ++ result = transform.transform([( ++ '\n
' ++ '
\n')], 'utf-8') ++ self.failUnless('_authenticator' in result.serialize())