Return-Path: 
 <commits-return-10705-apmail-allura-commits-archive=allura.apache.org@allura.apache.org>
X-Original-To: apmail-allura-commits-archive@www.apache.org
Delivered-To: apmail-allura-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 87D52CFC4
	for <apmail-allura-commits-archive@www.apache.org>;
 Thu, 20 Nov 2014 14:40:56 +0000 (UTC)
Received: (qmail 10533 invoked by uid 500); 20 Nov 2014 14:40:56 -0000
Delivered-To: apmail-allura-commits-archive@allura.apache.org
Received: (qmail 10514 invoked by uid 500); 20 Nov 2014 14:40:56 -0000
Mailing-List: contact commits-help@allura.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@allura.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@allura.apache.org>
List-Post: <mailto:commits@allura.apache.org>
List-Id: <commits.allura.apache.org>
Reply-To: dev@allura.apache.org
Delivered-To: mailing list commits@allura.apache.org
Received: (qmail 10446 invoked by uid 99); 20 Nov 2014 14:40:56 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
 (140.211.11.114)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 20 Nov 2014 14:40:56 +0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
	id 1364E9256DC; Thu, 20 Nov 2014 14:40:56 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: jetmind@apache.org
To: commits@allura.apache.org
Date: Thu, 20 Nov 2014 14:40:57 -0000
Message-Id: <72b92023655c49cb8272963f4cdeaa46@git.apache.org>
In-Reply-To: <7c8ee4d4a7a142d6b6653e9ddf3fb8f6@git.apache.org>
References: <7c8ee4d4a7a142d6b6653e9ddf3fb8f6@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [2/3] allura git commit: [#7787] get rid of weird problems where
 error handling and ssl redirects collide

[#7787] get rid of weird problems where error handling and ssl redirects collide


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/25b87336
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/25b87336
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/25b87336

Branch: refs/heads/ib/7787
Commit: 25b8733647944e1d3c475dff62fefbb6762183e2
Parents: f66f754
Author: Dave Brondsema <dbrondsema@slashdotmedia.com>
Authored: Tue Nov 18 02:27:38 2014 +0000
Committer: Igor Bondarenko <jetmind2@gmail.com>
Committed: Thu Nov 20 07:42:34 2014 +0000

----------------------------------------------------------------------
 Allura/allura/lib/custom_middleware.py      |  9 +++++++--
 Allura/allura/tests/functional/test_root.py | 14 ++++++++++++++
 2 files changed, 21 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/25b87336/Allura/allura/lib/custom_middleware.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/custom_middleware.py b/Allura/allura/lib/custom_middleware.py
index 1116b45..8212cd2 100644
--- a/Allura/allura/lib/custom_middleware.py
+++ b/Allura/allura/lib/custom_middleware.py
@@ -168,21 +168,26 @@ class SSLMiddleware(object):
         if self._no_redirect_re.match(environ['PATH_INFO']):
             return req.get_response(self.app)(environ, start_response)
         resp = None
+
         try:
             request_uri = req.url
             request_uri.decode('ascii')
         except UnicodeError:
             resp = exc.HTTPNotFound()
+
         secure = req.url.startswith('https://')
         srv_path = req.url.split('://', 1)[-1]
         # allura-loggedin is a non-secure cookie as a flag to know that the user has a session over on https
         force_ssl = (self._force_ssl_logged_in and req.cookies.get('allura-loggedin')) \
                     or self._force_ssl_re.match(environ['PATH_INFO'])
-        if not secure and force_ssl:
+        if req.environ.get('pylons.original_request'):
+            # if an error occurs, then /error/document is fetched (denoted by pylons.original_request)
+            # and we don't want to do any redirects within that sub-request
+            pass
+        elif not secure and force_ssl:
             resp = exc.HTTPFound(location='https://' + srv_path)
         elif secure and not force_ssl:
             resp = exc.HTTPFound(location='http://' + srv_path)
-
         if not resp:
             resp = self.app
         return resp(environ, start_response)

http://git-wip-us.apache.org/repos/asf/allura/blob/25b87336/Allura/allura/tests/functional/test_root.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_root.py b/Allura/allura/tests/functional/test_root.py
index 179f19a..8f29b31 100644
--- a/Allura/allura/tests/functional/test_root.py
+++ b/Allura/allura/tests/functional/test_root.py
@@ -166,3 +166,17 @@ class TestRootController(TestController):
             assert_equal(arg.undecorated,
                          NeighborhoodController.index.undecorated)
             set_transaction_name.assert_called_with('foo')
+
+
+class TestRootWithSSLPattern(TestController):
+    def setUp(self):
+        with td.patch_middleware_config({'force_ssl.pattern': '^/auth'}):
+            super(TestRootWithSSLPattern, self).setUp()
+
+    def test_no_weird_ssl_redirect_for_error_document(self):
+        # test a 404, same functionality as a 500 from an error
+        r = self.app.get('/auth/asdfasdf',
+                         extra_environ={'wsgi.url_scheme': 'https'},
+                         status=404)
+        assert '302 Found' not in r.body, r.body
+        assert '/error/document' not in r.body, r.body