Python httplib.FORBIDDEN Examples

The following are 30 code examples of httplib.FORBIDDEN(). You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may also want to check out all available functions/classes of the module httplib , or try the search function .
Example #1
Source File: zip_urlfetch_tree.py    From cloud-playground with Apache License 2.0 6 votes vote down vote up
def __init__(self, namespace, access_key):
    if not namespace:
      Abort(httplib.FORBIDDEN, 'Missing namespace')
    if not access_key:
      Abort(httplib.FORBIDDEN, 'Missing access key')
    super(ZipUrlFetchTree, self).__init__(namespace, access_key)
    self.namespace = namespace
    self.access_key = access_key

    path_info = '{}/zip'.format(common.CONTROL_PREFIX)
    query_params = '{}={}&use_basepath=false'.format(
      common.config.PROJECT_ID_QUERY_PARAM, namespace)
    playground_hostname = (settings.PLAYGROUND_USER_CONTENT_HOST or
                           settings.PLAYGROUND_HOSTS[0])
    url = 'https://{}{}?{}'.format(playground_hostname, path_info, query_params)

    result = shared.Fetch(access_key, url, method='GET', deadline=30, retries=3)
    buf = cStringIO.StringIO(result.content)
    self._zipfile = zipfile.ZipFile(buf) 
Example #2
Source File: dev_appserver_multiprocess.py    From browserscope with Apache License 2.0 6 votes vote down vote up
def HandleRequest(self, request):
    """Hook that allows the DevProcess a chance to respond to requests.

    This hook is invoked just before normal request dispatch occurs in
    dev_appserver.py.

    Args:
      request: The request to be handled.

    Returns:
      bool: Indicates whether the request was handled here.  If False, normal
        request handling should proceed.
    """
    if self.IsBackendInstance() and not self.started:
      if request.path != '/_ah/start':
        request.send_response(httplib.FORBIDDEN,
                              'Waiting for start request to finish.')
        return True


    return False 
Example #3
Source File: api.py    From cascade-server with Apache License 2.0 6 votes vote down vote up
def create_user():
    if not settings.load()['config'].get('allow_account_creation', False):
        return JSONResponse(status=httplib.FORBIDDEN)

    """ This API route is used by the create new account template to add a new user into Mongo """
    if isinstance(request.json, dict):
        args = request.json
        if args.get('username') and args.get('password'):
            try:
                user = users.create_user(args['username'], args['password'], args.get('email'), args.get('full_name'))
            except users.PasswordPolicyError as error:
                regex, rules = error.args
                return JSONResponse({'violation': {'regex': regex, 'rules': rules}}, httplib.BAD_REQUEST)

            if user is not None:
                response = Response(status=httplib.CREATED)
                response.set_cookie('user-token', user.generate_token(), max_age=datetime.timedelta(days=7))
                return response
            else:
                return JSONResponse({'message': 'Username already exists!'}, status=httplib.BAD_REQUEST)

    return JSONResponse({'message': 'Username, email and password are required'}, status=httplib.BAD_REQUEST) 
Example #4
Source File: exemptions.py    From upvote with Apache License 2.0 6 votes vote down vote up
def get(self, host_id):

    logging.info('Retrieving Exemption for host %s', host_id)

    # This request should only be available to admins or users who have (at
    # least at one time) had control of the host.
    if not (self.user.is_admin or
            model_utils.IsHostAssociatedWithUser(self.host, self.user)):
      logging.warning(
          'User %s is not authorized to access Exemption for host %s',
          self.user.nickname, host_id)
      self.abort(
          httplib.FORBIDDEN,
          explanation='Host not associated with user %s' % self.user.nickname)

    if self.exm is None:
      self.abort(httplib.NOT_FOUND, explanation='Exemption not found')

    self.respond_json(self.exm) 
Example #5
Source File: events_test.py    From upvote with Apache License 2.0 5 votes vote down vote up
def testUser_GetOthersEvent(self):
    with self.LoggedInUser(user=self.user_1):
      self.testapp.get(
          self.ROUTE % self.santa_blockable1.key.id(),
          params={'asUser': self.user_2.nickname},
          status=httplib.FORBIDDEN) 
Example #6
Source File: blockables_test.py    From upvote with Apache License 2.0 5 votes vote down vote up
def testUserGetFlaggedBlockables(self):
    """Normal user getting a list of flagged blockables."""
    params = {'filter': 'flagged'}
    with self.LoggedInUser():
      self.testapp.get('/blockables/all/all', params, status=httplib.FORBIDDEN) 
Example #7
Source File: rules_test.py    From upvote with Apache License 2.0 5 votes vote down vote up
def testUserGetListNoPermissions(self):
    """Normal user attempts to retrieve all rules."""
    with self.LoggedInUser():
      self.testapp.get(self.QUERY_ROUTE, status=httplib.FORBIDDEN) 
Example #8
Source File: rules_test.py    From upvote with Apache License 2.0 5 votes vote down vote up
def testUserGetQueryNoPermissions(self):
    """Normal user queries a rule."""
    params = {
        'search': self.blockable1.key.id(),
        'searchBase': 'targetId'}

    with self.LoggedInUser():
      self.testapp.get(self.QUERY_ROUTE, params, status=httplib.FORBIDDEN) 
Example #9
Source File: blockables_test.py    From upvote with Apache License 2.0 5 votes vote down vote up
def testUserGetBlockableList(self):
    """Normal user getting a list of all blockables."""

    with self.LoggedInUser():
      self.testapp.get('/blockables/all/all', status=httplib.FORBIDDEN) 
Example #10
Source File: hosts_test.py    From upvote with Apache License 2.0 5 votes vote down vote up
def testGetByUserId_NotAuthorized(self):
    other_user_id = test_utils.CreateUser().key.id()
    with self.LoggedInUser():
      self.testapp.get(
          self.USER_ID_ROUTE % other_user_id, status=httplib.FORBIDDEN) 
Example #11
Source File: events_test.py    From upvote with Apache License 2.0 5 votes vote down vote up
def testUserGetListAllEvents(self):
    """Normal user attempting to get all events."""
    params = {'asAdmin': 'true'}

    with self.LoggedInUser(user=self.user_1):
      self.testapp.get(self.ROUTE, params, status=httplib.FORBIDDEN) 
Example #12
Source File: events_test.py    From upvote with Apache License 2.0 5 votes vote down vote up
def testUserGetOthersEvent(self):
    """Getting another user's event by id without permission."""
    with self.LoggedInUser(user=self.user_1):
      self.testapp.get(
          self.ROUTE % self.santa_event1_from_user2.key.urlsafe(),
          status=httplib.FORBIDDEN) 
Example #13
Source File: votes_test.py    From upvote with Apache License 2.0 5 votes vote down vote up
def testPost_User_AsRole_NotAuthorized(self):
    params = {'wasYesVote': 'true', 'asRole': constants.USER_ROLE.TRUSTED_USER}

    with self.LoggedInUser(email_addr=self.user_2.email):
      self.testapp.post(
          self.ROUTE % self.santa_blockable.key.id(), params,
          status=httplib.FORBIDDEN) 
Example #14
Source File: exemptions.py    From upvote with Apache License 2.0 5 votes vote down vote up
def post(self, host_id):

    if not self.exm:
      self.abort(httplib.NOT_FOUND, explanation='Exemption not found')

    # Humans should never trigger the transition from PENDING to DENIED, only
    # api.Process() should.
    if self.exm.key.get().state == constants.EXEMPTION_STATE.PENDING:
      self.abort(httplib.FORBIDDEN, explanation='Cannot deny a pending request')

    justification = self.request.get('justification')
    if not justification:
      self.abort(
          httplib.BAD_REQUEST,
          explanation='No justification for denial provided')

    try:
      exemption_api.Deny(self.exm.key, details=[justification])
    except Exception:  # pylint: disable=broad-except
      logging.exception(
          'Error encountered while denying Exemption for host %s', host_id)
      self.abort(
          httplib.INTERNAL_SERVER_ERROR,
          explanation='Error while denying exemption')

    self.respond_json(self.exm.key.get()) 
Example #15
Source File: exemptions.py    From upvote with Apache License 2.0 5 votes vote down vote up
def post(self, host_id):

    if not self.exm:
      self.abort(httplib.NOT_FOUND, explanation='Exemption not found')

    # Verify that the current user is associated with the Host.
    # NOTE: Admins don't get a pass here, they can (and should) use the
    # above 'revoke' handler instead.
    if not model_utils.IsHostAssociatedWithUser(self.host, self.user):
      logging.error(
          'Host %s not associated with user %s', host_id, self.user.nickname)
      self.abort(
          httplib.FORBIDDEN,
          explanation='Host not associated with requesting user')

    try:
      exemption_api.Cancel(self.exm.key)
    except Exception:  # pylint: disable=broad-except
      logging.exception(
          'Error encountered while cancelling Exemption for host %s', host_id)
      self.abort(
          httplib.INTERNAL_SERVER_ERROR,
          explanation='Failed to cancel exemption')

    self._RespondWithExemptionAndTransitiveState(self.exm.key)


# The Webapp2 routes defined for these handlers. 
Example #16
Source File: hosts_test.py    From upvote with Apache License 2.0 5 votes vote down vote up
def testGet_UnknownUser(self):

    user = test_utils.CreateUser()
    host = test_utils.CreateSantaHost(primary_user=user.nickname)

    with self.LoggedInUser() as other_user:
      self.assertFalse(model_utils.IsHostAssociatedWithUser(host, other_user))
      self.testapp.get(self.ROUTE % host.key.id(), status=httplib.FORBIDDEN) 
Example #17
Source File: exemptions.py    From upvote with Apache License 2.0 5 votes vote down vote up
def post(self, host_id):

    if not self.exm:
      self.abort(httplib.NOT_FOUND, explanation='Exemption not found')

    # Humans should never trigger the transition from PENDING to APPROVED, only
    # api.Process() should.
    if self.exm.key.get().state == constants.EXEMPTION_STATE.PENDING:
      self.abort(
          httplib.FORBIDDEN, explanation='Cannot approve a pending request')

    # Extract and validate POST data fields.
    justification = self.request.get('justification')
    if not justification:
      self.abort(
          httplib.BAD_REQUEST,
          explanation='No justification for approval provided')

    try:
      exemption_api.Approve(self.exm.key, details=[justification])
    except Exception:  # pylint: disable=broad-except
      logging.exception(
          'Error encountered while approving Exemption for host %s', host_id)
      self.abort(
          httplib.INTERNAL_SERVER_ERROR,
          explanation='Error while approving exemption')

    self._RespondWithExemptionAndTransitiveState(self.exm.key) 
Example #18
Source File: emergency_test.py    From upvote with Apache License 2.0 5 votes vote down vote up
def testForbidden(self):
    with self.LoggedInUser():
      self.testapp.get('/emergency', status=httplib.FORBIDDEN) 
Example #19
Source File: votes_test.py    From upvote with Apache License 2.0 5 votes vote down vote up
def testPost_OperationNotAllowedError(self, mock_vote):
    with self.LoggedInUser():
      self.testapp.post(
          self.ROUTE % test_utils.RandomSHA256(),
          params={'wasYesVote': 'true'},
          status=httplib.FORBIDDEN) 
Example #20
Source File: features_test.py    From upvote with Apache License 2.0 5 votes vote down vote up
def testGet_UnknownGroup(self):
    self.mock_group_manager.DoesGroupExist.return_value = False
    with self.LoggedInUser():
      self.testapp.get(self.ROUTE % 'valid', status=httplib.FORBIDDEN) 
Example #21
Source File: votes_test.py    From upvote with Apache License 2.0 5 votes vote down vote up
def testUserGetID(self):
    """Normal user attempts to get a vote by ID."""
    with self.LoggedInUser(email_addr=self.user_1.email):
      self.testapp.get(
          self.ROUTE % self.vote_1.key.urlsafe(), status=httplib.FORBIDDEN) 
Example #22
Source File: votes_test.py    From upvote with Apache License 2.0 5 votes vote down vote up
def testUserGetQueryNoPermissions(self):
    """Normal user queries a rule."""
    params = {
        'search': self.user_1.email,
        'searchBase': 'userEmail'}

    with self.LoggedInUser(email_addr=self.user_1.email):
      self.testapp.get(self.ROUTE, params, status=httplib.FORBIDDEN) 
Example #23
Source File: votes_test.py    From upvote with Apache License 2.0 5 votes vote down vote up
def testUserGetList_NoPermissions(self):
    """Normal user attempts to retrieve all users."""
    with self.LoggedInUser(email_addr=self.user_1.email):
      self.testapp.get(self.ROUTE, status=httplib.FORBIDDEN) 
Example #24
Source File: exemptions_test.py    From upvote with Apache License 2.0 5 votes vote down vote up
def testPost_InvalidUser_Admin(self):

    with self.LoggedInUser(admin=True):
      self.testapp.post(self.ROUTE % self.host_id, status=httplib.FORBIDDEN)

    self.assertEqual(
        constants.EXEMPTION_STATE.APPROVED, self.exm_key.get().state)
    self.assertNoBigQueryInsertions() 
Example #25
Source File: exemptions_test.py    From upvote with Apache License 2.0 5 votes vote down vote up
def testPost_Forbidden(self):

    with self.LoggedInUser():
      params = {'justification': 'I want to'}
      self.testapp.post(
          self.ROUTE % self.host_id, params, status=httplib.FORBIDDEN)

    self.assertEqual(
        constants.EXEMPTION_STATE.APPROVED, self.exm_key.get().state) 
Example #26
Source File: exemptions_test.py    From upvote with Apache License 2.0 5 votes vote down vote up
def testPost_Forbidden_Pending(self):

    other_host_key = test_utils.CreateSantaHost().key
    other_host_id = other_host_key.id()
    test_utils.CreateExemption(other_host_id, initial_state=_STATE.PENDING)

    with self.LoggedInUser(admin=True):
      self.testapp.post(self.ROUTE % other_host_id, status=httplib.FORBIDDEN) 
Example #27
Source File: exemptions_test.py    From upvote with Apache License 2.0 5 votes vote down vote up
def testPost_Forbidden_NonAdmin(self):

    with self.LoggedInUser():
      params = {'justification': 'I want to'}
      self.testapp.post(
          self.ROUTE % self.host_id, params, status=httplib.FORBIDDEN)

    self.assertEqual(
        constants.EXEMPTION_STATE.ESCALATED, self.exm_key.get().state) 
Example #28
Source File: exemptions_test.py    From upvote with Apache License 2.0 5 votes vote down vote up
def testPost_Forbidden_Pending(self):

    other_host_key = test_utils.CreateSantaHost().key
    other_host_id = other_host_key.id()
    test_utils.CreateExemption(other_host_id, initial_state=_STATE.PENDING)

    with self.LoggedInUser(admin=True):
      self.testapp.post(self.ROUTE % other_host_id, status=httplib.FORBIDDEN) 
Example #29
Source File: exemptions_test.py    From upvote with Apache License 2.0 5 votes vote down vote up
def testPost_Forbidden_NonAdmin(self):

    with self.LoggedInUser():
      params = {'justification': 'I want to'}
      self.testapp.post(
          self.ROUTE % self.host_id, params, status=httplib.FORBIDDEN)

    self.assertEqual(
        constants.EXEMPTION_STATE.ESCALATED, self.exm_key.get().state) 
Example #30
Source File: exemptions_test.py    From upvote with Apache License 2.0 5 votes vote down vote up
def testPost_Forbidden(self):

    user = test_utils.CreateUser()
    host = test_utils.CreateSantaHost(primary_user=user.nickname)

    with self.LoggedInUser():  # Without arguments, will log in as a new user.
      self.testapp.post(self.ROUTE % host.key.id(), status=httplib.FORBIDDEN)
    self.mock_process.assert_not_called()