Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Return an error when trying to access the pas views from the web #95

Merged
merged 1 commit into from
Jan 20, 2025
Merged

Return an error when trying to access the pas views from the web #95

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions news/94.bugfix.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Return an error when trying to access the pas views from the web [ale-rt]
3 changes: 0 additions & 3 deletions src/Products/PlonePAS/browser/configure.zcml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,23 +14,20 @@
name="pas_info"
for="*"
class=".info.PASInfoView"
allowed_interface="Products.PlonePAS.interfaces.browser.IPASInfoView"
permission="zope2.View"
/>

<browser:page
name="pas_member"
for="*"
class=".member.PASMemberView"
allowed_interface="Products.PlonePAS.interfaces.browser.IPASMemberView"
permission="zope2.View"
/>

<browser:page
name="pas_search"
for="*"
class=".search.PASSearchView"
allowed_interface="Products.PlonePAS.interfaces.browser.IPASSearchView"
permission="zope2.View"
/>

Expand Down
4 changes: 4 additions & 0 deletions src/Products/PlonePAS/browser/info.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
from Products.PluggableAuthService.interfaces.plugins import ( # noqa: E501
ILoginPasswordExtractionPlugin,
)
from zExceptions import HTTPImATeapot
mauritsvanrees marked this conversation as resolved.
Show resolved Hide resolved
from zope.interface import implementer


Expand Down Expand Up @@ -38,3 +39,6 @@ def hasOpenIDExtractor(self):
def hasOpenIDdExtractor(self):
# BBB Keeping method name with typo for backwards compatibility.
return self.hasOpenIDExtractor()

def __call__(self):
raise HTTPImATeapot("View not callable")
Copy link
Member

@jensens jensens Jan 22, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, it is not a Teapot but a CMS, so no RFC conform usage here!

https://www.rfc-editor.org/rfc/rfc2324#section-2.3.2

The HTTP 418 I'm a teapot status response code indicates that the server refuses to brew coffee because it is, permanently, a teapot. A combined coffee/tea pot that is temporarily out of coffee should instead return 503.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/418

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you want another status code to be returned, tell me and I will change it.
The important thing is to stop these views to be accessible from the web.

4 changes: 4 additions & 0 deletions src/Products/PlonePAS/browser/member.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
from plone.memoize.instance import memoize
from Products.CMFCore.utils import getToolByName
from Products.PlonePAS.interfaces.browser import IPASMemberView
from zExceptions import HTTPImATeapot
from zope.interface import implementer
from zope.publisher.browser import BrowserView

Expand All @@ -26,3 +27,6 @@ def info(self, userid=None):
result.get("fullname") or result.get("username") or userid
)
return result

def __call__(self):
raise HTTPImATeapot("View not callable")
4 changes: 4 additions & 0 deletions src/Products/PlonePAS/browser/search.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
from Products.CMFCore.utils import getToolByName
from Products.Five import BrowserView
from Products.PlonePAS.interfaces.browser import IPASSearchView
from zExceptions import HTTPImATeapot
from zope.component import queryUtility
from zope.interface import implementer

Expand Down Expand Up @@ -73,3 +74,6 @@ def getPhysicalPath(self):
# persistent object. So we fake things and return the physical path
# for our context.
return self.context.getPhysicalPath()

def __call__(self):
raise HTTPImATeapot("View not callable")
Loading