Skip to content

Commit

Permalink
Merge pull request #2195 from freedomofpress/2194-mutable-range
Browse files Browse the repository at this point in the history 
Don't let Range header persist into other requests
  • Loading branch information
@zenmonkeykstop
zenmonkeykstop authored Sep 3, 2024
2 parents 7d0abf1 + ba01651 commit 1ea850e
Showing 1 changed file with 35 additions and 32 deletions.
67 changes: 35 additions & 32 deletions client/securedrop_client/sdk/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,6 @@ def __init__(
self.token_journalist_uuid: str | None = None
self.first_name: str | None = None
self.last_name: str | None = None
self.req_headers: dict[str, str] = dict()
self.development_mode: bool = not proxy
self.default_request_timeout = default_request_timeout or DEFAULT_REQUEST_TIMEOUT
self.default_download_timeout = default_download_timeout or DEFAULT_DOWNLOAD_TIMEOUT
Expand Down Expand Up @@ -214,6 +213,7 @@ def _streaming_download(

# Check for an error response
if contents[0:1] == b"{":
logger.debug(f"Retry {retry}, received JSON error response")
return self._handle_json_response(contents)

# Get the headers
Expand Down Expand Up @@ -278,7 +278,7 @@ def _handle_json_response(self, stdout_bytes: bytes) -> JSONResponse:
# item is missing. In that case we return to the caller to
# handle that with an appropriate message. However, if the error
# is not a 404, then we raise.
raise BaseError("Unknown error")
raise BaseError(f"Unknown error, status: {result['status']}")

data = json.loads(result["body"])
return JSONResponse(data=data, status=result["status"], headers=result["headers"])
Expand Down Expand Up @@ -377,17 +377,20 @@ def authenticate(self, totp: str | None = None) -> bool:
self.first_name = response.data["journalist_first_name"]
self.last_name = response.data["journalist_last_name"]

self.update_auth_header()

return True

def update_auth_header(self) -> None:
def build_headers(self) -> dict[str, str]:
# Build headers dynamically each time to make sure
# the dict is safe to mutate.
headers = {
"Content-Type": "application/json",
"Accept": "application/json",
}

if self.token is not None:
self.req_headers = {
"Authorization": "Token " + self.token,
"Content-Type": "application/json",
"Accept": "application/json",
}
headers["Authorization"] = "Token " + self.token

return headers

def get_sources(self) -> list[Source]:
"""
Expand All @@ -401,7 +404,7 @@ def get_sources(self) -> list[Source]:
response = self._send_json_request(
method,
path_query,
headers=self.req_headers,
headers=self.build_headers(),
timeout=self.default_request_timeout,
)
assert isinstance(response, JSONResponse)
Expand All @@ -428,7 +431,7 @@ def get_source(self, source: Source) -> Source:
response = self._send_json_request(
method,
path_query,
headers=self.req_headers,
headers=self.build_headers(),
timeout=self.default_request_timeout,
)
assert isinstance(response, JSONResponse)
Expand All @@ -452,7 +455,7 @@ def delete_source(self, source: Source) -> bool:
response = self._send_json_request(
method,
path_query,
headers=self.req_headers,
headers=self.build_headers(),
timeout=self.default_request_timeout,
)
assert isinstance(response, JSONResponse)
Expand Down Expand Up @@ -482,7 +485,7 @@ def delete_conversation(self, uuid: str) -> bool:
response = self._send_json_request(
method,
path_query,
headers=self.req_headers,
headers=self.build_headers(),
timeout=self.default_request_timeout,
)
assert isinstance(response, JSONResponse)
Expand All @@ -508,7 +511,7 @@ def add_star(self, source: Source) -> bool:
response = self._send_json_request(
method,
path_query,
headers=self.req_headers,
headers=self.build_headers(),
timeout=self.default_request_timeout,
)
assert isinstance(response, JSONResponse)
Expand All @@ -533,7 +536,7 @@ def remove_star(self, source: Source) -> bool:
response = self._send_json_request(
method,
path_query,
headers=self.req_headers,
headers=self.build_headers(),
timeout=self.default_request_timeout,
)
assert isinstance(response, JSONResponse)
Expand All @@ -559,7 +562,7 @@ def get_submissions(self, source: Source) -> list[Submission]:
response = self._send_json_request(
method,
path_query,
headers=self.req_headers,
headers=self.build_headers(),
timeout=self.default_request_timeout,
)
assert isinstance(response, JSONResponse)
Expand Down Expand Up @@ -590,7 +593,7 @@ def get_submission(self, submission: Submission) -> Submission:
response = self._send_json_request(
method,
path_query,
headers=self.req_headers,
headers=self.build_headers(),
timeout=self.default_request_timeout,
)
assert isinstance(response, JSONResponse)
Expand All @@ -615,7 +618,7 @@ def get_all_submissions(self) -> list[Submission]:
response = self._send_json_request(
method,
path_query,
headers=self.req_headers,
headers=self.build_headers(),
timeout=self.default_request_timeout,
)
assert isinstance(response, JSONResponse)
Expand Down Expand Up @@ -644,7 +647,7 @@ def delete_submission(self, submission: Submission) -> bool:
response = self._send_json_request(
method,
path_query,
headers=self.req_headers,
headers=self.build_headers(),
timeout=self.default_request_timeout,
)
assert isinstance(response, JSONResponse)
Expand Down Expand Up @@ -685,7 +688,7 @@ def download_submission(
method,
path_query,
stream=True,
headers=self.req_headers,
headers=self.build_headers(),
timeout=timeout or self.default_download_timeout,
)

Expand Down Expand Up @@ -713,7 +716,7 @@ def flag_source(self, source: Source) -> bool:
response = self._send_json_request(
method,
path_query,
headers=self.req_headers,
headers=self.build_headers(),
timeout=self.default_request_timeout,
)
assert isinstance(response, JSONResponse)
Expand Down Expand Up @@ -741,7 +744,7 @@ def get_current_user(self) -> dict:
response = self._send_json_request(
method,
path_query,
headers=self.req_headers,
headers=self.build_headers(),
timeout=self.default_request_timeout,
)
assert isinstance(response, JSONResponse)
Expand All @@ -761,7 +764,7 @@ def get_users(self) -> list[User]:
response = self._send_json_request(
method,
path_query,
headers=self.req_headers,
headers=self.build_headers(),
timeout=self.default_request_timeout,
)
assert isinstance(response, JSONResponse)
Expand Down Expand Up @@ -795,7 +798,7 @@ def reply_source(self, source: Source, msg: str, reply_uuid: str | None = None)
method,
path_query,
body=json.dumps(reply),
headers=self.req_headers,
headers=self.build_headers(),
timeout=self.default_request_timeout,
)
assert isinstance(response, JSONResponse)
Expand All @@ -818,7 +821,7 @@ def get_replies_from_source(self, source: Source) -> list[Reply]:
response = self._send_json_request(
method,
path_query,
headers=self.req_headers,
headers=self.build_headers(),
timeout=self.default_request_timeout,
)
assert isinstance(response, JSONResponse)
Expand Down Expand Up @@ -848,7 +851,7 @@ def get_reply_from_source(self, source: Source, reply_uuid: str) -> Reply:
response = self._send_json_request(
method,
path_query,
headers=self.req_headers,
headers=self.build_headers(),
timeout=self.default_request_timeout,
)
assert isinstance(response, JSONResponse)
Expand All @@ -872,7 +875,7 @@ def get_all_replies(self) -> list[Reply]:
response = self._send_json_request(
method,
path_query,
headers=self.req_headers,
headers=self.build_headers(),
timeout=self.default_request_timeout,
)
assert isinstance(response, JSONResponse)
Expand Down Expand Up @@ -909,7 +912,7 @@ def download_reply(self, reply: Reply, path: str | None = None) -> tuple[str, st
method,
path_query,
stream=True,
headers=self.req_headers,
headers=self.build_headers(),
timeout=self.default_request_timeout,
)

Expand Down Expand Up @@ -941,7 +944,7 @@ def delete_reply(self, reply: Reply) -> bool:
response = self._send_json_request(
method,
path_query,
headers=self.req_headers,
headers=self.build_headers(),
timeout=self.default_request_timeout,
)
assert isinstance(response, JSONResponse)
Expand All @@ -964,7 +967,7 @@ def logout(self) -> bool:
response = self._send_json_request(
method,
path_query,
headers=self.req_headers,
headers=self.build_headers(),
timeout=self.default_request_timeout,
)
assert isinstance(response, JSONResponse)
Expand All @@ -989,7 +992,7 @@ def seen(self, files: list[str], messages: list[str], replies: list[str]) -> str
response = self._send_json_request(
method,
path_query,
headers=self.req_headers,
headers=self.build_headers(),
body=body,
timeout=self.default_request_timeout,
)
Expand Down

0 comments on commit 1ea850e

Please sign in to comment.