Automatically reauthenticate to Rietveld

rietveld.py

 # coding: utf-8
 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 """Defines class Rietveld to easily access a rietveld instance.
 
 Security implications:
 
 The following hypothesis are made:
 - Rietveld enforces:
@@ skipping 463 matching lines @@
 
     self.host = self.host.rstrip('/')
 
     self.extra_headers = extra_headers or {}
 
     if not oa2client.HAS_OPENSSL:
       logging.error("No support for OpenSSL has been found, "
                     "OAuth2 support requires it.")
       logging.error("Installing pyopenssl will probably solve this issue.")
       raise RuntimeError('No OpenSSL support')
-    creds = oa2client.SignedJwtAssertionCredentials(
+    self.creds = oa2client.SignedJwtAssertionCredentials(
       client_email,
       client_private_key,
       'https://www.googleapis.com/auth/userinfo.email',
       private_key_password=private_key_password,
       user_agent=user_agent)
 
-    self._http = creds.authorize(httplib2.Http(timeout=timeout))
+    self._http = self.creds.authorize(httplib2.Http(timeout=timeout))
 
   def Send(self,
            request_path,
            payload=None,
            content_type='application/octet-stream',
            timeout=None,
            extra_headers=None,
            **kwargs):
     """Send a POST or GET request to the server.
 
@@ skipping 16 matching lines @@
 
     prev_timeout = self._http.timeout
     try:
       if timeout:
         self._http.timeout = timeout
       # TODO(pgervais) implement some kind of retry mechanism (see upload.py).
       url = self.host + request_path
       if kwargs:
         url += "?" + urllib.urlencode(kwargs)
 
-      ret = self._http.request(url,
-                               method=method,
-                               body=payload,
-                               headers=headers)
+      # This weird loop is there to detect when the OAuth2 token has expired.
+      # This is specific to appengine *and* rietveld. It relies on the
+      # assumption that a 302 is triggered only by an expired OAuth2 token. This
+      # prevents any usage of redirections in pages accessed this way.
 
-      if (method == 'GET'
-          and not ret[0]['content-location'].startswith(self.host)):
-        upload.logging.warning('Redirection to host %s detected: '
-                               'login may have failed/expired.'
-                               % urlparse.urlparse(
-                                     ret[0]['content-location']).netloc)
+      # This variable is used to make sure the following loop runs only twice.
+      redirect_caught = False
+      while True:
+        try:
+          ret = self._http.request(url,
+                                   method=method,
+                                   body=payload,
+                                   headers=headers,
+                                   redirections=0)
+        except httplib2.RedirectLimit:
+          if redirect_caught or method != 'GET':
+            logging.error('Redirection detected after logging in. Giving up.')
+            raise
+          redirect_caught = True
+          logging.debug('Redirection detected. Trying to log in again...')
+          self.creds.access_token = None
+          continue
+        break
+
       return ret[1]
 
     finally:
       self._http.timeout = prev_timeout
 
 
 class JwtOAuth2Rietveld(Rietveld):
   """Access to Rietveld using OAuth authentication.
 
   This class is supposed to be used only by bots, since this kind of
@@ skipping 155 matching lines @@
   def trigger_try_jobs(  # pylint:disable=R0201
       self, issue, patchset, reason, clobber, revision, builders_and_tests,
       master=None):
     logging.info('ReadOnlyRietveld: triggering try jobs %r for issue %d' %
         (builders_and_tests, issue))
 
   def trigger_distributed_try_jobs(  # pylint:disable=R0201
       self, issue, patchset, reason, clobber, revision, masters):
     logging.info('ReadOnlyRietveld: triggering try jobs %r for issue %d' %
         (masters, issue))