Chromium Code Reviews Chromium Code Reviews
Issue 243323003:
Automatically reauthenticate to Rietveld (Closed)
Base URL: https://chromium.googlesource.com/chromium/tools/depot_tools.git@master| OLD | NEW |
|---|---|
| 1 # coding: utf-8 | 1 # coding: utf-8 |
| 2 # Copyright (c) 2012 The Chromium Authors. All rights reserved. | 2 # Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
| 4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
| 5 """Defines class Rietveld to easily access a rietveld instance. | 5 """Defines class Rietveld to easily access a rietveld instance. |
| 6 | 6 |
| 7 Security implications: | 7 Security implications: |
| 8 | 8 |
| 9 The following hypothesis are made: | 9 The following hypothesis are made: |
| 10 - Rietveld enforces: | 10 - Rietveld enforces: |
| (...skipping 463 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 474 | 474 |
| 475 self.host = self.host.rstrip('/') | 475 self.host = self.host.rstrip('/') |
| 476 | 476 |
| 477 self.extra_headers = extra_headers or {} | 477 self.extra_headers = extra_headers or {} |
| 478 | 478 |
| 479 if not oa2client.HAS_OPENSSL: | 479 if not oa2client.HAS_OPENSSL: |
| 480 logging.error("No support for OpenSSL has been found, " | 480 logging.error("No support for OpenSSL has been found, " |
| 481 "OAuth2 support requires it.") | 481 "OAuth2 support requires it.") |
| 482 logging.error("Installing pyopenssl will probably solve this issue.") | 482 logging.error("Installing pyopenssl will probably solve this issue.") |
| 483 raise RuntimeError('No OpenSSL support') | 483 raise RuntimeError('No OpenSSL support') |
| 484 creds = oa2client.SignedJwtAssertionCredentials( | 484 self.creds = oa2client.SignedJwtAssertionCredentials( |
| 485 client_email, | 485 client_email, |
| 486 client_private_key, | 486 client_private_key, |
| 487 'https://www.googleapis.com/auth/userinfo.email', | 487 'https://www.googleapis.com/auth/userinfo.email', |
| 488 private_key_password=private_key_password, | 488 private_key_password=private_key_password, |
| 489 user_agent=user_agent) | 489 user_agent=user_agent) |
| 490 | 490 |
| 491 self._http = creds.authorize(httplib2.Http(timeout=timeout)) | 491 self._http = self.creds.authorize(httplib2.Http(timeout=timeout)) |
| 492 | 492 |
| 493 def Send(self, | 493 def Send(self, |
| 494 request_path, | 494 request_path, |
| 495 payload=None, | 495 payload=None, |
| 496 content_type='application/octet-stream', | 496 content_type='application/octet-stream', |
| 497 timeout=None, | 497 timeout=None, |
| 498 extra_headers=None, | 498 extra_headers=None, |
| 499 **kwargs): | 499 **kwargs): |
| 500 """Send a POST or GET request to the server. | 500 """Send a POST or GET request to the server. |
| 501 | 501 |
| (...skipping 16 matching lines...) Expand all Loading... | |
| 518 | 518 |
| 519 prev_timeout = self._http.timeout | 519 prev_timeout = self._http.timeout |
| 520 try: | 520 try: |
| 521 if timeout: | 521 if timeout: |
| 522 self._http.timeout = timeout | 522 self._http.timeout = timeout |
| 523 # TODO(pgervais) implement some kind of retry mechanism (see upload.py). | 523 # TODO(pgervais) implement some kind of retry mechanism (see upload.py). |
| 524 url = self.host + request_path | 524 url = self.host + request_path |
| 525 if kwargs: | 525 if kwargs: |
| 526 url += "?" + urllib.urlencode(kwargs) | 526 url += "?" + urllib.urlencode(kwargs) |
| 527 | 527 |
| 528 ret = self._http.request(url, | 528 # This weird loop is there to detect when the OAuth2 token has expired. |
| 529 method=method, | 529 # This is specific to appengine *and* rietveld. It relies on the |
| 530 body=payload, | 530 # assumption That a 302 is triggered only by an expired OAuth2 token. This |
|
ghost stip (do not use)
2014/04/18 22:02:11
nit: that
| |
| 531 headers=headers) | 531 # prevents any usage of redirections in pages accessed this way. |
|
ghost stip (do not use)
2014/04/18 22:02:11
Add a comment that the redirect_caught check means
| |
| 532 redirect_caught = False | |
| 533 while True: | |
| 534 try: | |
| 535 ret = self._http.request(url, | |
| 536 method=method, | |
| 537 body=payload, | |
| 538 headers=headers, | |
| 539 redirections=0) | |
| 540 except httplib2.RedirectLimit: | |
| 541 if redirect_caught or method != 'GET': | |
| 542 logging.error('Redirection detected after logging in. Giving up.') | |
| 543 raise | |
| 544 redirect_caught = True | |
| 545 logging.debug('Redirection detected. Trying to log in again...') | |
| 546 self.creds.access_token = None | |
| 547 continue | |
| 548 break | |
| 532 | 549 |
| 533 if (method == 'GET' | |
| 534 and not ret[0]['content-location'].startswith(self.host)): | |
| 535 upload.logging.warning('Redirection to host %s detected: ' | |
| 536 'login may have failed/expired.' | |
| 537 % urlparse.urlparse( | |
| 538 ret[0]['content-location']).netloc) | |
| 539 return ret[1] | 550 return ret[1] |
| 540 | 551 |
| 541 finally: | 552 finally: |
| 542 self._http.timeout = prev_timeout | 553 self._http.timeout = prev_timeout |
| 543 | 554 |
| 544 | 555 |
| 545 class JwtOAuth2Rietveld(Rietveld): | 556 class JwtOAuth2Rietveld(Rietveld): |
| 546 """Access to Rietveld using OAuth authentication. | 557 """Access to Rietveld using OAuth authentication. |
| 547 | 558 |
| 548 This class is supposed to be used only by bots, since this kind of | 559 This class is supposed to be used only by bots, since this kind of |
| (...skipping 155 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 704 def trigger_try_jobs( # pylint:disable=R0201 | 715 def trigger_try_jobs( # pylint:disable=R0201 |
| 705 self, issue, patchset, reason, clobber, revision, builders_and_tests, | 716 self, issue, patchset, reason, clobber, revision, builders_and_tests, |
| 706 master=None): | 717 master=None): |
| 707 logging.info('ReadOnlyRietveld: triggering try jobs %r for issue %d' % | 718 logging.info('ReadOnlyRietveld: triggering try jobs %r for issue %d' % |
| 708 (builders_and_tests, issue)) | 719 (builders_and_tests, issue)) |
| 709 | 720 |
| 710 def trigger_distributed_try_jobs( # pylint:disable=R0201 | 721 def trigger_distributed_try_jobs( # pylint:disable=R0201 |
| 711 self, issue, patchset, reason, clobber, revision, masters): | 722 self, issue, patchset, reason, clobber, revision, masters): |
| 712 logging.info('ReadOnlyRietveld: triggering try jobs %r for issue %d' % | 723 logging.info('ReadOnlyRietveld: triggering try jobs %r for issue %d' % |
| 713 (masters, issue)) | 724 (masters, issue)) |
| OLD | NEW |
