diff --git a/daemon_get.py b/daemon_get.py index dceb74f7a..f81726822 100644 --- a/daemon_get.py +++ b/daemon_get.py @@ -1549,7 +1549,7 @@ def daemon_http_get(self) -> None: nickname, self.server.domain): redirect_headers(self, '/users/' + nickname + '/welcome', - cookie, calling_domain) + cookie, calling_domain, 303) return if not html_getreq and \ @@ -1833,7 +1833,7 @@ def daemon_http_get(self) -> None: self.server.i2p_domain): actor = 'http://' + self.server.i2p_domain + users_path redirect_headers(self, actor + '/tlshares', - cookie, calling_domain) + cookie, calling_domain, 303) return msg = msg.encode('utf-8') msglen = len(msg) @@ -1875,7 +1875,7 @@ def daemon_http_get(self) -> None: self.server.i2p_domain): actor = 'http://' + self.server.i2p_domain + users_path redirect_headers(self, actor + '/tlwanted', - cookie, calling_domain) + cookie, calling_domain, 303) return msg = msg.encode('utf-8') msglen = len(msg) @@ -1907,7 +1907,7 @@ def daemon_http_get(self) -> None: self.server.i2p_domain): actor = 'http://' + self.server.i2p_domain + users_path redirect_headers(self, actor + '/tlshares', - cookie, calling_domain) + cookie, calling_domain, 303) return msg = msg.encode('utf-8') msglen = len(msg) @@ -1939,7 +1939,7 @@ def daemon_http_get(self) -> None: self.server.i2p_domain): actor = 'http://' + self.server.i2p_domain + users_path redirect_headers(self, actor + '/tlwanted', - cookie, calling_domain) + cookie, calling_domain, 303) return msg = msg.encode('utf-8') msglen = len(msg) @@ -2893,11 +2893,11 @@ def daemon_http_get(self) -> None: self.server.onion_domain, self.server.i2p_domain) + \ '/users/' + nickname + '/tags/' + hashtag - redirect_headers(self, ht_url, cookie, calling_domain) + redirect_headers(self, ht_url, cookie, calling_domain, 303) else: # redirect to the upstream hashtag url self.server.getreq_busy = False - redirect_headers(self, hashtag_url, None, calling_domain) + redirect_headers(self, hashtag_url, None, calling_domain, 303) return # hashtag search @@ -5347,7 +5347,7 @@ def _confirm_delete_event(self, calling_domain: str, path: str, 'http://' + i2p_domain + \ path.split('/eventdelete')[0] redirect_headers(self, actor + '/calendar', - cookie, calling_domain) + cookie, calling_domain, 303) fitness_performance(getreq_start_time, self.server.fitness, '_GET', '_confirm_delete_event', diff --git a/daemon_get_buttons.py b/daemon_get_buttons.py index 58afc5585..cfe435853 100644 --- a/daemon_get_buttons.py +++ b/daemon_get_buttons.py @@ -132,7 +132,7 @@ def announce_button(self, calling_domain: str, path: str, actor_absolute + '/' + timeline_str + \ '?page=' + str(page_number) redirect_headers(self, actor_path_str, cookie, - calling_domain) + calling_domain, 303) return if onion_domain: @@ -284,7 +284,7 @@ def announce_button(self, calling_domain: str, path: str, fitness_performance(getreq_start_time, fitness, '_GET', '_announce_button', debug) - redirect_headers(self, actor_path_str, cookie, calling_domain) + redirect_headers(self, actor_path_str, cookie, calling_domain, 303) def announce_button_undo(self, calling_domain: str, path: str, @@ -351,7 +351,7 @@ def announce_button_undo(self, calling_domain: str, path: str, actor_absolute + '/' + timeline_str + '?page=' + \ str(page_number) redirect_headers(self, actor_path_str, cookie, - calling_domain) + calling_domain, 303) return if onion_domain: @@ -427,7 +427,7 @@ def announce_button_undo(self, calling_domain: str, path: str, fitness_performance(getreq_start_time, fitness, '_GET', '_undo_announce_button', debug) - redirect_headers(self, actor_path_str, cookie, calling_domain) + redirect_headers(self, actor_path_str, cookie, calling_domain, 303) def follow_approve_button(self, calling_domain: str, path: str, @@ -520,7 +520,7 @@ def follow_approve_button(self, calling_domain: str, path: str, '_GET', '_follow_approve_button', debug) redirect_headers(self, origin_path_str_absolute, - cookie, calling_domain) + cookie, calling_domain, 303) def follow_deny_button(self, calling_domain: str, path: str, @@ -584,7 +584,7 @@ def follow_deny_button(self, calling_domain: str, path: str, origin_path_str_absolute = \ 'http://' + i2p_domain + origin_path_str redirect_headers(self, origin_path_str_absolute, - cookie, calling_domain) + cookie, calling_domain, 303) fitness_performance(getreq_start_time, fitness, '_GET', '_follow_deny_button', debug) @@ -673,7 +673,7 @@ def like_button(self, calling_domain: str, path: str, actor_absolute + '/' + timeline_str + \ '?page=' + str(page_number) + timeline_bookmark redirect_headers(self, actor_path_str, cookie, - calling_domain) + calling_domain, 303) return if onion_domain: @@ -839,7 +839,7 @@ def like_button(self, calling_domain: str, path: str, '_GET', '_like_button', debug) redirect_headers(self, actor_path_str, cookie, - calling_domain) + calling_domain, 303) def like_button_undo(self, calling_domain: str, path: str, @@ -924,7 +924,7 @@ def like_button_undo(self, calling_domain: str, path: str, actor_absolute + '/' + timeline_str + \ '?page=' + str(page_number) redirect_headers(self, actor_path_str, cookie, - calling_domain) + calling_domain, 303) return if onion_domain: @@ -1077,7 +1077,7 @@ def like_button_undo(self, calling_domain: str, path: str, fitness_performance(getreq_start_time, fitness, '_GET', '_undo_like_button', debug) redirect_headers(self, actor_path_str, cookie, - calling_domain) + calling_domain, 303) def reaction_button(self, calling_domain: str, path: str, @@ -1168,7 +1168,7 @@ def reaction_button(self, calling_domain: str, path: str, actor_absolute + '/' + timeline_str + \ '?page=' + str(page_number) + timeline_bookmark redirect_headers(self, actor_path_str, cookie, - calling_domain) + calling_domain, 303) return emoji_content = urllib.parse.unquote_plus(emoji_content_encoded) self.post_to_nickname = get_nickname_from_actor(actor) @@ -1185,7 +1185,7 @@ def reaction_button(self, calling_domain: str, path: str, actor_absolute + '/' + timeline_str + \ '?page=' + str(page_number) + timeline_bookmark redirect_headers(self, actor_path_str, cookie, - calling_domain) + calling_domain, 303) return if onion_domain: @@ -1357,7 +1357,7 @@ def reaction_button(self, calling_domain: str, path: str, '_GET', '_reaction_button', debug) redirect_headers(self, actor_path_str, cookie, - calling_domain) + calling_domain, 303) def reaction_button_undo(self, calling_domain: str, path: str, @@ -1442,7 +1442,7 @@ def reaction_button_undo(self, calling_domain: str, path: str, actor_absolute + '/' + timeline_str + \ '?page=' + str(page_number) redirect_headers(self, actor_path_str, cookie, - calling_domain) + calling_domain, 303) return emoji_content_encoded = None if '?emojreact=' in path: @@ -1462,7 +1462,7 @@ def reaction_button_undo(self, calling_domain: str, path: str, actor_absolute + '/' + timeline_str + \ '?page=' + str(page_number) + timeline_bookmark redirect_headers(self, actor_path_str, cookie, - calling_domain) + calling_domain, 303) return emoji_content = urllib.parse.unquote_plus(emoji_content_encoded) @@ -1619,7 +1619,7 @@ def reaction_button_undo(self, calling_domain: str, path: str, fitness_performance(getreq_start_time, fitness, '_GET', '_undo_reaction_button', debug) - redirect_headers(self, actor_path_str, cookie, calling_domain) + redirect_headers(self, actor_path_str, cookie, calling_domain, 303) def bookmark_button(self, calling_domain: str, path: str, @@ -1705,7 +1705,7 @@ def bookmark_button(self, calling_domain: str, path: str, actor_absolute + '/' + timeline_str + \ '?page=' + str(page_number) redirect_headers(self, actor_path_str, cookie, - calling_domain) + calling_domain, 303) return if onion_domain: @@ -1824,7 +1824,7 @@ def bookmark_button(self, calling_domain: str, path: str, '_GET', '_bookmark_button', debug) redirect_headers(self, actor_path_str, cookie, - calling_domain) + calling_domain, 303) def bookmark_button_undo(self, calling_domain: str, path: str, @@ -1908,7 +1908,7 @@ def bookmark_button_undo(self, calling_domain: str, path: str, actor_absolute + '/' + timeline_str + \ '?page=' + str(page_number) redirect_headers(self, actor_path_str, cookie, - calling_domain) + calling_domain, 303) return if onion_domain: @@ -2028,7 +2028,7 @@ def bookmark_button_undo(self, calling_domain: str, path: str, '_GET', '_undo_bookmark_button', debug) redirect_headers(self, actor_path_str, cookie, - calling_domain) + calling_domain, 303) def delete_button(self, calling_domain: str, path: str, @@ -2100,7 +2100,7 @@ def delete_button(self, calling_domain: str, path: str, elif calling_domain.endswith('.i2p') and i2p_domain: actor = 'http://' + i2p_domain + users_path redirect_headers(self, actor + '/' + timeline_str, - cookie, calling_domain) + cookie, calling_domain, 303) return self.post_to_nickname = get_nickname_from_actor(actor) if not self.post_to_nickname: @@ -2110,7 +2110,7 @@ def delete_button(self, calling_domain: str, path: str, elif calling_domain.endswith('.i2p') and i2p_domain: actor = 'http://' + i2p_domain + users_path redirect_headers(self, actor + '/' + timeline_str, - cookie, calling_domain) + cookie, calling_domain, 303) return if onion_domain: @@ -2170,7 +2170,7 @@ def delete_button(self, calling_domain: str, path: str, '_GET', '_delete_button', debug) redirect_headers(self, actor + '/' + timeline_str, - cookie, calling_domain) + cookie, calling_domain, 303) def mute_button(self, calling_domain: str, path: str, @@ -2339,7 +2339,7 @@ def mute_button(self, calling_domain: str, path: str, redirect_str = \ actor + '/' + timeline_str + '?page=' + page_number_str + \ first_post_id + timeline_bookmark - redirect_headers(self, redirect_str, cookie, calling_domain) + redirect_headers(self, redirect_str, cookie, calling_domain, 303) def mute_button_undo(self, calling_domain: str, path: str, @@ -2505,4 +2505,4 @@ def mute_button_undo(self, calling_domain: str, path: str, redirect_str = \ actor + '/' + timeline_str + '?page=' + page_number_str + \ first_post_id + timeline_bookmark - redirect_headers(self, redirect_str, cookie, calling_domain) + redirect_headers(self, redirect_str, cookie, calling_domain, 303) diff --git a/daemon_get_hashtag.py b/daemon_get_hashtag.py index edf66531d..7ab28a712 100644 --- a/daemon_get_hashtag.py +++ b/daemon_get_hashtag.py @@ -70,7 +70,7 @@ def hashtag_search_rss2(self, calling_domain: str, origin_path_str_absolute = \ 'http://' + i2p_domain + origin_path_str redirect_headers(self, origin_path_str_absolute + '/search', - cookie, calling_domain) + cookie, calling_domain, 303) fitness_performance(getreq_start_time, fitness, '_GET', '_hashtag_search_rss2', debug) @@ -130,7 +130,7 @@ def hashtag_search_json2(self, calling_domain: str, origin_path_str_absolute = \ 'http://' + i2p_domain + origin_path_str redirect_headers(self, origin_path_str_absolute, - cookie, calling_domain) + cookie, calling_domain, 303) fitness_performance(getreq_start_time, fitness, '_GET', '_hashtag_search_json', debug) @@ -253,7 +253,7 @@ def hashtag_search2(self, calling_domain: str, origin_path_str_absolute = \ 'http://' + i2p_domain + origin_path_str redirect_headers(self, origin_path_str_absolute + '/search', - cookie, calling_domain) + cookie, calling_domain, 303) fitness_performance(getreq_start_time, fitness, '_GET', '_hashtag_search', debug) diff --git a/daemon_get_login.py b/daemon_get_login.py index 63da190d5..2ac14f828 100644 --- a/daemon_get_login.py +++ b/daemon_get_login.py @@ -55,7 +55,7 @@ def redirect_to_login_screen(self, calling_domain: str, path: str, http_prefix, domain_full, onion_domain, i2p_domain) + \ divert_path - redirect_headers(self, redirect_url, None, calling_domain) + redirect_headers(self, redirect_url, None, calling_domain, 303) fitness_performance(getreq_start_time, fitness, '_GET', '_redirect_to_login_screen', debug) diff --git a/daemon_get_newswire.py b/daemon_get_newswire.py index e2f16088c..45f4af1c8 100644 --- a/daemon_get_newswire.py +++ b/daemon_get_newswire.py @@ -114,7 +114,7 @@ def newswire_vote(self, calling_domain: str, path: str, '_GET', '_newswire_vote', debug) redirect_headers(self, origin_path_str_absolute, - cookie, calling_domain) + cookie, calling_domain, 303) def newswire_unvote(self, calling_domain: str, path: str, @@ -166,7 +166,7 @@ def newswire_unvote(self, calling_domain: str, path: str, origin_path_str_absolute = \ 'http://' + i2p_domain + origin_path_str redirect_headers(self, origin_path_str_absolute, - cookie, calling_domain) + cookie, calling_domain, 303) fitness_performance(getreq_start_time, fitness, '_GET', '_newswire_unvote', debug) diff --git a/daemon_get_post.py b/daemon_get_post.py index e36521586..093210938 100644 --- a/daemon_get_post.py +++ b/daemon_get_post.py @@ -1345,8 +1345,8 @@ def show_conversation_thread(self, authorized: bool, return True # redirect to the original site if there are no results if '://' + domain_full + '/' in post_id: - redirect_headers(self, post_id, cookie, calling_domain) + redirect_headers(self, post_id, cookie, calling_domain, 303) else: - redirect_headers(self, post_id, None, calling_domain) + redirect_headers(self, post_id, None, calling_domain, 303) self.server.getreq_busy = False return True diff --git a/daemon_get_profile.py b/daemon_get_profile.py index 7c47266d9..4089f1d3b 100644 --- a/daemon_get_profile.py +++ b/daemon_get_profile.py @@ -502,7 +502,7 @@ def show_skills(self, calling_domain: str, referer_domain: str, get_instance_url(calling_domain, http_prefix, domain_full, onion_domain, i2p_domain) + \ actor - redirect_headers(self, actor_absolute, cookie, calling_domain) + redirect_headers(self, actor_absolute, cookie, calling_domain, 303) return True diff --git a/daemon_get_reactions.py b/daemon_get_reactions.py index e9b889e03..3f1dbd9f0 100644 --- a/daemon_get_reactions.py +++ b/daemon_get_reactions.py @@ -86,7 +86,7 @@ def reaction_picker2(self, calling_domain: str, path: str, actor_path_str = \ actor_absolute + '/' + timeline_str + \ '?page=' + str(page_number) + timeline_bookmark - redirect_headers(self, actor_path_str, cookie, calling_domain) + redirect_headers(self, actor_path_str, cookie, calling_domain, 303) return post_json_object = None @@ -107,7 +107,7 @@ def reaction_picker2(self, calling_domain: str, path: str, actor_path_str = \ actor_absolute + '/' + timeline_str + \ '?page=' + str(page_number) + timeline_bookmark - redirect_headers(self, actor_path_str, cookie, calling_domain) + redirect_headers(self, actor_path_str, cookie, calling_domain, 303) return timezone = None diff --git a/daemon_post.py b/daemon_post.py index 3f103f09f..52a2f4f84 100644 --- a/daemon_post.py +++ b/daemon_post.py @@ -854,7 +854,7 @@ def daemon_http_post(self) -> None: '/' + post_redirect + \ '?page=' + str(page_number) redirect_headers(self, actor_path_str, cookie, - calling_domain) + calling_domain, 303) elif (calling_domain.endswith('.i2p') and self.server.i2p_domain): actor_path_str = \ @@ -863,14 +863,14 @@ def daemon_http_post(self) -> None: '/' + post_redirect + \ '?page=' + str(page_number) redirect_headers(self, actor_path_str, cookie, - calling_domain) + calling_domain, 303) else: actor_path_str = \ local_actor_url(self.server.http_prefix, nickname, self.server.domain_full) + \ '/' + post_redirect + '?page=' + str(page_number) redirect_headers(self, actor_path_str, cookie, - calling_domain) + calling_domain, 303) self.server.postreq_busy = False return diff --git a/daemon_post_confirm.py b/daemon_post_confirm.py index 4a834629f..ce5f51384 100644 --- a/daemon_post_confirm.py +++ b/daemon_post_confirm.py @@ -130,7 +130,7 @@ def unfollow_confirm(self, calling_domain: str, cookie: str, origin_path_str = 'http://' + onion_domain + users_path elif (calling_domain.endswith('.i2p') and i2p_domain): origin_path_str = 'http://' + i2p_domain + users_path - redirect_headers(self, origin_path_str, cookie, calling_domain) + redirect_headers(self, origin_path_str, cookie, calling_domain, 303) self.server.postreq_busy = False @@ -190,7 +190,7 @@ def follow_confirm2(self, calling_domain: str, cookie: str, following_actor = following_actor.split('actor=')[1] if '&' in following_actor: following_actor = following_actor.split('&')[0] - redirect_headers(self, following_actor, cookie, calling_domain) + redirect_headers(self, following_actor, cookie, calling_domain, 303) self.server.postreq_busy = False return @@ -220,7 +220,7 @@ def follow_confirm2(self, calling_domain: str, cookie: str, write2(self, msg) self.server.postreq_busy = False return - redirect_headers(self, following_actor, cookie, calling_domain) + redirect_headers(self, following_actor, cookie, calling_domain, 303) self.server.postreq_busy = False return @@ -321,7 +321,7 @@ def follow_confirm2(self, calling_domain: str, cookie: str, print('WARN: unable to find blocked nickname or domain in ' + blocking_actor) redirect_headers(self, origin_path_str, - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False return blocking_domain_full = \ @@ -353,7 +353,7 @@ def follow_confirm2(self, calling_domain: str, cookie: str, origin_path_str = 'http://' + onion_domain + users_path elif (calling_domain.endswith('.i2p') and i2p_domain): origin_path_str = 'http://' + i2p_domain + users_path - redirect_headers(self, origin_path_str, cookie, calling_domain) + redirect_headers(self, origin_path_str, cookie, calling_domain, 303) self.server.postreq_busy = False @@ -374,7 +374,7 @@ def block_confirm2(self, calling_domain: str, cookie: str, origin_path_str = 'http://' + i2p_domain + users_path print('WARN: unable to find nickname in ' + origin_path_str) redirect_headers(self, origin_path_str, - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False return @@ -420,7 +420,7 @@ def block_confirm2(self, calling_domain: str, cookie: str, print('WARN: unable to find nickname or domain in ' + blocking_actor) redirect_headers(self, origin_path_str, - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False return blocking_domain_full = \ @@ -444,7 +444,7 @@ def block_confirm2(self, calling_domain: str, cookie: str, origin_path_str = 'http://' + onion_domain + users_path elif (calling_domain.endswith('.i2p') and i2p_domain): origin_path_str = 'http://' + i2p_domain + users_path - redirect_headers(self, origin_path_str, cookie, calling_domain) + redirect_headers(self, origin_path_str, cookie, calling_domain, 303) self.server.postreq_busy = False @@ -465,7 +465,7 @@ def unblock_confirm(self, calling_domain: str, cookie: str, origin_path_str = 'http://' + i2p_domain + users_path print('WARN: unable to find nickname in ' + origin_path_str) redirect_headers(self, origin_path_str, - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False return @@ -507,7 +507,7 @@ def unblock_confirm(self, calling_domain: str, cookie: str, origin_path_str = 'http://' + i2p_domain + users_path print('WARN: unable to find nickname in ' + blocking_actor) redirect_headers(self, origin_path_str, - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False return blocking_domain_full = \ @@ -539,5 +539,5 @@ def unblock_confirm(self, calling_domain: str, cookie: str, elif (calling_domain.endswith('.i2p') and i2p_domain): origin_path_str = 'http://' + i2p_domain + users_path redirect_headers(self, origin_path_str, - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False diff --git a/daemon_post_hashtags.py b/daemon_post_hashtags.py index 3eb2769b7..b099a3e0d 100644 --- a/daemon_post_hashtags.py +++ b/daemon_post_hashtags.py @@ -75,7 +75,7 @@ def set_hashtag_category2(self, calling_domain: str, cookie: str, print('WARN: nickname not found in ' + actor_str) else: print('WARN: nickname is not a moderator' + actor_str) - redirect_headers(self, tag_screen_str, cookie, calling_domain) + redirect_headers(self, tag_screen_str, cookie, calling_domain, 303) self.server.postreq_busy = False return @@ -85,7 +85,7 @@ def set_hashtag_category2(self, calling_domain: str, cookie: str, # check that the POST isn't too large if length > max_post_length: print('Maximum links data length exceeded ' + str(length)) - redirect_headers(self, tag_screen_str, cookie, calling_domain) + redirect_headers(self, tag_screen_str, cookie, calling_domain, 303) self.server.postreq_busy = False return @@ -137,5 +137,5 @@ def set_hashtag_category2(self, calling_domain: str, cookie: str, # redirect back to the default timeline redirect_headers(self, tag_screen_str, - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False diff --git a/daemon_post_keys.py b/daemon_post_keys.py index 9a21a7504..4c497a1ab 100644 --- a/daemon_post_keys.py +++ b/daemon_post_keys.py @@ -63,7 +63,7 @@ def keyboard_shortcuts(self, calling_domain: str, cookie: str, origin_path_str = \ 'http://' + i2p_domain + users_path + \ '/' + default_timeline - redirect_headers(self, origin_path_str, cookie, calling_domain) + redirect_headers(self, origin_path_str, cookie, calling_domain, 303) self.server.postreq_busy = False return @@ -100,6 +100,6 @@ def keyboard_shortcuts(self, calling_domain: str, cookie: str, elif calling_domain.endswith('.i2p') and i2p_domain: origin_path_str = \ 'http://' + i2p_domain + users_path + '/' + default_timeline - redirect_headers(self, origin_path_str, cookie, calling_domain) + redirect_headers(self, origin_path_str, cookie, calling_domain, 303) self.server.postreq_busy = False return diff --git a/daemon_post_links.py b/daemon_post_links.py index f5f6fc08c..020f9aea2 100644 --- a/daemon_post_links.py +++ b/daemon_post_links.py @@ -54,7 +54,7 @@ def links_update(self, calling_domain: str, cookie: str, print('WARN: nickname not found in ' + actor_str) else: print('WARN: nickname is not a moderator' + actor_str) - redirect_headers(self, actor_str, cookie, calling_domain) + redirect_headers(self, actor_str, cookie, calling_domain, 303) self.server.postreq_busy = False return @@ -64,7 +64,7 @@ def links_update(self, calling_domain: str, cookie: str, # check that the POST isn't too large if length > max_post_length: print('Maximum links data length exceeded ' + str(length)) - redirect_headers(self, actor_str, cookie, calling_domain) + redirect_headers(self, actor_str, cookie, calling_domain, 303) self.server.postreq_busy = False return @@ -195,5 +195,5 @@ def links_update(self, calling_domain: str, cookie: str, # redirect back to the default timeline redirect_headers(self, actor_str + '/' + default_timeline, - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False diff --git a/daemon_post_login.py b/daemon_post_login.py index 7c6df8b9c..cee3e88ce 100644 --- a/daemon_post_login.py +++ b/daemon_post_login.py @@ -95,7 +95,7 @@ def post_login_screen(self, calling_domain: str, cookie: str, return self.server.last_login_time = int(time.time()) if register: - if not valid_password(login_password): + if not valid_password(login_password, debug): self.server.postreq_busy = False login_url = \ get_instance_url(calling_domain, @@ -104,7 +104,7 @@ def post_login_screen(self, calling_domain: str, cookie: str, onion_domain, i2p_domain) + \ '/login' - redirect_headers(self, login_url, cookie, calling_domain) + redirect_headers(self, login_url, cookie, calling_domain, 303) return if not register_account(base_dir, http_prefix, domain, port, @@ -118,7 +118,7 @@ def post_login_screen(self, calling_domain: str, cookie: str, onion_domain, i2p_domain) + \ '/login' - redirect_headers(self, login_url, cookie, calling_domain) + redirect_headers(self, login_url, cookie, calling_domain, 303) return auth_header = \ create_basic_auth_header(login_nickname, login_password) @@ -216,7 +216,7 @@ def post_login_screen(self, calling_domain: str, cookie: str, i2p_domain) + \ '/users/' + login_nickname + '/' + \ default_timeline - redirect_headers(self, tl_url, cookie_str, calling_domain) + redirect_headers(self, tl_url, cookie_str, calling_domain, 303) self.server.postreq_busy = False return else: diff --git a/daemon_post_moderator.py b/daemon_post_moderator.py index cf07c8648..75d9d880a 100644 --- a/daemon_post_moderator.py +++ b/daemon_post_moderator.py @@ -59,7 +59,7 @@ def moderator_actions(self, path: str, calling_domain: str, cookie: str, users_path if not is_moderator(base_dir, nickname): redirect_headers(self, actor_str + '/moderation', - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False return @@ -328,6 +328,6 @@ def moderator_actions(self, path: str, calling_domain: str, cookie: str, True) redirect_headers(self, actor_str + '/moderation', - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False return diff --git a/daemon_post_newswire.py b/daemon_post_newswire.py index 59a2d5cd3..2b2ba716b 100644 --- a/daemon_post_newswire.py +++ b/daemon_post_newswire.py @@ -60,7 +60,7 @@ def newswire_update(self, calling_domain: str, cookie: str, print('WARN: nickname not found in ' + actor_str) else: print('WARN: nickname is not a moderator' + actor_str) - redirect_headers(self, actor_str, cookie, calling_domain) + redirect_headers(self, actor_str, cookie, calling_domain, 303) self.server.postreq_busy = False return @@ -70,7 +70,7 @@ def newswire_update(self, calling_domain: str, cookie: str, # check that the POST isn't too large if length > max_post_length: print('Maximum newswire data length exceeded ' + str(length)) - redirect_headers(self, actor_str, cookie, calling_domain) + redirect_headers(self, actor_str, cookie, calling_domain, 303) self.server.postreq_busy = False return @@ -218,7 +218,7 @@ def newswire_update(self, calling_domain: str, cookie: str, # redirect back to the default timeline redirect_headers(self, actor_str + '/' + default_timeline, - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False @@ -264,7 +264,7 @@ def citations_update(self, calling_domain: str, cookie: str, # check that the POST isn't too large if length > max_post_length: print('Maximum citations data length exceeded ' + str(length)) - redirect_headers(self, actor_str, cookie, calling_domain) + redirect_headers(self, actor_str, cookie, calling_domain, 303) self.server.postreq_busy = False return @@ -317,7 +317,7 @@ def citations_update(self, calling_domain: str, cookie: str, # redirect back to the default timeline redirect_headers(self, actor_str + '/newblog', - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False @@ -359,10 +359,10 @@ def news_post_edit(self, calling_domain: str, cookie: str, print('WARN: nickname is not an editor' + actor_str) if news_instance: redirect_headers(self, actor_str + '/tlfeatures', - cookie, calling_domain) + cookie, calling_domain, 303) else: redirect_headers(self, actor_str + '/tlnews', - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False return @@ -374,10 +374,10 @@ def news_post_edit(self, calling_domain: str, cookie: str, print('Maximum news data length exceeded ' + str(length)) if news_instance: redirect_headers(self, actor_str + '/tlfeatures', - cookie, calling_domain) + cookie, calling_domain, 303) else: redirect_headers(self, actor_str + '/tlnews', - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False return @@ -467,8 +467,8 @@ def news_post_edit(self, calling_domain: str, cookie: str, # redirect back to the default timeline if news_instance: redirect_headers(self, actor_str + '/tlfeatures', - cookie, calling_domain) + cookie, calling_domain, 303) else: redirect_headers(self, actor_str + '/tlnews', - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False diff --git a/daemon_post_person_options.py b/daemon_post_person_options.py index 21e4dfb28..b04c79da3 100644 --- a/daemon_post_person_options.py +++ b/daemon_post_person_options.py @@ -99,7 +99,7 @@ def person_options2(self, path: str, elif (calling_domain.endswith('.i2p') and i2p_domain): origin_path_str = 'http://' + i2p_domain + users_path print('WARN: unable to find nickname in ' + origin_path_str) - redirect_headers(self, origin_path_str, cookie, calling_domain) + redirect_headers(self, origin_path_str, cookie, calling_domain, 303) self.server.postreq_busy = False return @@ -192,7 +192,7 @@ def person_options2(self, path: str, elif (calling_domain.endswith('.i2p') and i2p_domain): origin_path_str = 'http://' + i2p_domain + users_path print('WARN: unable to find nickname in ' + options_actor) - redirect_headers(self, origin_path_str, cookie, calling_domain) + redirect_headers(self, origin_path_str, cookie, calling_domain, 303) self.server.postreq_busy = False return @@ -203,7 +203,7 @@ def person_options2(self, path: str, elif (calling_domain.endswith('.i2p') and i2p_domain): origin_path_str = 'http://' + i2p_domain + users_path print('WARN: unable to find domain in ' + options_actor) - redirect_headers(self, origin_path_str, cookie, calling_domain) + redirect_headers(self, origin_path_str, cookie, calling_domain, 303) self.server.postreq_busy = False return @@ -302,7 +302,7 @@ def person_options2(self, path: str, self.server.postreq_busy = False return redirect_headers(self, options_actor, - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False return @@ -320,7 +320,7 @@ def person_options2(self, path: str, users_path + '/' + default_timeline + \ '?page=' + str(page_number) redirect_headers(self, users_path_str, cookie, - calling_domain) + calling_domain, 303) self.server.postreq_busy = False return @@ -340,7 +340,7 @@ def person_options2(self, path: str, users_path + '/' + default_timeline + \ '?page=' + str(page_number) redirect_headers(self, users_path_str, cookie, - calling_domain) + calling_domain, 303) self.server.postreq_busy = False return @@ -368,7 +368,7 @@ def person_options2(self, path: str, users_path + '/' + default_timeline + \ '?page=' + str(page_number) redirect_headers(self, users_path_str, cookie, - calling_domain) + calling_domain, 303) self.server.postreq_busy = False return @@ -397,7 +397,7 @@ def person_options2(self, path: str, users_path + '/' + default_timeline + \ '?page=' + str(page_number) redirect_headers(self, users_path_str, cookie, - calling_domain) + calling_domain, 303) self.server.postreq_busy = False return @@ -426,7 +426,7 @@ def person_options2(self, path: str, users_path + '/' + default_timeline + \ '?page=' + str(page_number) redirect_headers(self, users_path_str, cookie, - calling_domain) + calling_domain, 303) self.server.postreq_busy = False return @@ -454,7 +454,7 @@ def person_options2(self, path: str, users_path + '/' + default_timeline + \ '?page=' + str(page_number) redirect_headers(self, users_path_str, cookie, - calling_domain) + calling_domain, 303) self.server.postreq_busy = False return @@ -501,7 +501,7 @@ def person_options2(self, path: str, users_path + '/' + default_timeline + \ '?page=' + str(page_number) redirect_headers(self, users_path_str, cookie, - calling_domain) + calling_domain, 303) self.server.postreq_busy = False return @@ -548,7 +548,7 @@ def person_options2(self, path: str, users_path + '/' + default_timeline + \ '?page=' + str(page_number) redirect_headers(self, users_path_str, cookie, - calling_domain) + calling_domain, 303) self.server.postreq_busy = False return @@ -589,7 +589,7 @@ def person_options2(self, path: str, users_path + '/' + default_timeline + \ '?page=' + str(page_number) redirect_headers(self, users_path_str, cookie, - calling_domain) + calling_domain, 303) self.server.postreq_busy = False return @@ -823,7 +823,7 @@ def person_options2(self, path: str, this_actor + '/' + default_timeline + \ '?page=' + str(page_number) redirect_headers(self, actor_path_str, cookie, - calling_domain) + calling_domain, 303) self.server.postreq_busy = False return @@ -846,7 +846,7 @@ def person_options2(self, path: str, this_actor + '/' + default_timeline + \ '?page=' + str(page_number) redirect_headers(self, actor_path_str, cookie, - calling_domain) + calling_domain, 303) self.server.postreq_busy = False return @@ -941,6 +941,6 @@ def person_options2(self, path: str, origin_path_str = 'http://' + onion_domain + users_path elif calling_domain.endswith('.i2p') and i2p_domain: origin_path_str = 'http://' + i2p_domain + users_path - redirect_headers(self, origin_path_str, cookie, calling_domain) + redirect_headers(self, origin_path_str, cookie, calling_domain, 303) self.server.postreq_busy = False return diff --git a/daemon_post_profile.py b/daemon_post_profile.py index 86862bd91..243b37dc0 100644 --- a/daemon_post_profile.py +++ b/daemon_post_profile.py @@ -2302,14 +2302,14 @@ def _profile_post_set_reply_interval(base_dir: str, nickname: str, domain: str, def _profile_post_change_password(base_dir: str, nickname: str, - fields: {}) -> None: + fields: {}, debug: bool) -> None: """ HTTP POST change password """ if fields.get('password') and fields.get('passwordconfirm'): fields['password'] = remove_eol(fields['password']).strip() fields['passwordconfirm'] = \ remove_eol(fields['passwordconfirm']).strip() - if valid_password(fields['password']) and \ + if valid_password(fields['password'], debug) and \ fields['password'] == fields['passwordconfirm']: # set password store_basic_credentials(base_dir, nickname, @@ -2422,7 +2422,7 @@ def profile_edit(self, calling_domain: str, cookie: str, nickname = get_nickname_from_actor(actor_str) if not nickname: print('WARN: nickname not found in ' + actor_str) - redirect_headers(self, actor_str, cookie, calling_domain) + redirect_headers(self, actor_str, cookie, calling_domain, 303) self.server.postreq_busy = False return @@ -2433,7 +2433,7 @@ def profile_edit(self, calling_domain: str, cookie: str, if length > self.server.max_post_length: print('Maximum profile data length exceeded ' + str(length)) - redirect_headers(self, actor_str, cookie, calling_domain) + redirect_headers(self, actor_str, cookie, calling_domain, 303) self.server.postreq_busy = False return @@ -2614,7 +2614,7 @@ def profile_edit(self, calling_domain: str, cookie: str, theme_download_path += '/exports/' + theme_name + '.zip' print('submitExportTheme path=' + theme_download_path) redirect_headers(self, theme_download_path, - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False return elif 'name="submitExportBlocks"' in post_bytes_str: @@ -2622,7 +2622,7 @@ def profile_edit(self, calling_domain: str, cookie: str, blocks_download_path = actor_str + '/exports/blocks.csv' print('submitExportBlocks path=' + blocks_download_path) redirect_headers(self, blocks_download_path, - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False return @@ -2662,7 +2662,8 @@ def profile_edit(self, calling_domain: str, cookie: str, translate, actor_changed) - _profile_post_change_password(base_dir, nickname, fields) + _profile_post_change_password(base_dir, nickname, fields, + debug) _profile_post_set_reply_interval(base_dir, nickname, domain, fields) @@ -3051,5 +3052,5 @@ def profile_edit(self, calling_domain: str, cookie: str, # redirect back to the profile screen redirect_headers(self, actor_str + redirect_path, - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False diff --git a/daemon_post_question.py b/daemon_post_question.py index b8a1f6421..9a681c6b4 100644 --- a/daemon_post_question.py +++ b/daemon_post_question.py @@ -99,7 +99,7 @@ def receive_vote(self, calling_domain: str, cookie: str, actor + '/' + default_timeline + \ '?page=' + str(page_number) redirect_headers(self, actor_path_str, - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False return @@ -163,7 +163,7 @@ def receive_vote(self, calling_domain: str, cookie: str, actor + '/' + default_timeline + \ '?page=' + str(page_number) + first_post_id + last_post_id redirect_headers(self, actor_path_str, cookie, - calling_domain) + calling_domain, 303) self.server.postreq_busy = False return diff --git a/daemon_post_remove.py b/daemon_post_remove.py index 91c9daa99..0901c6d7a 100644 --- a/daemon_post_remove.py +++ b/daemon_post_remove.py @@ -103,7 +103,7 @@ def remove_reading_status(self, calling_domain: str, cookie: str, origin_path_str = 'http://' + onion_domain + users_path elif (calling_domain.endswith('.i2p') and i2p_domain): origin_path_str = 'http://' + i2p_domain + users_path - redirect_headers(self, origin_path_str, cookie, calling_domain) + redirect_headers(self, origin_path_str, cookie, calling_domain, 303) self.server.postreq_busy = False @@ -222,7 +222,7 @@ def remove_share(self, calling_domain: str, cookie: str, elif (calling_domain.endswith('.i2p') and i2p_domain): origin_path_str = 'http://' + i2p_domain + users_path redirect_headers(self, origin_path_str + '/tlshares', - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False @@ -295,7 +295,7 @@ def remove_wanted(self, calling_domain: str, cookie: str, elif (calling_domain.endswith('.i2p') and i2p_domain): origin_path_str = 'http://' + i2p_domain + users_path redirect_headers(self, origin_path_str + '/tlwanted', - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False @@ -410,11 +410,11 @@ def receive_remove_post(self, calling_domain: str, cookie: str, origin_path_str = 'http://' + i2p_domain + users_path if page_number == 1: redirect_headers(self, origin_path_str + '/outbox', cookie, - calling_domain) + calling_domain, 303) else: page_number_str = str(page_number) actor_path_str = \ origin_path_str + '/outbox?page=' + page_number_str redirect_headers(self, actor_path_str, - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False diff --git a/daemon_post_search.py b/daemon_post_search.py index 42d512efe..11489f2f9 100644 --- a/daemon_post_search.py +++ b/daemon_post_search.py @@ -115,7 +115,7 @@ def receive_search_query(self, calling_domain: str, cookie: str, if 'submitBack=' in search_params: # go back on search screen redirect_headers(self, actor_str + '/' + - default_timeline, cookie, calling_domain) + default_timeline, cookie, calling_domain, 303) self.server.postreq_busy = False return if 'searchtext=' in search_params: @@ -382,7 +382,7 @@ def receive_search_query(self, calling_domain: str, cookie: str, i2p_domain) + \ users_path redirect_headers(self, actor_str + '/search', - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False return # profile search @@ -538,7 +538,7 @@ def receive_search_query(self, calling_domain: str, cookie: str, onion_domain, i2p_domain) + \ users_path redirect_headers(self, actor_str + '/search', - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False return elif (search_str.startswith(':') or @@ -608,5 +608,5 @@ def receive_search_query(self, calling_domain: str, cookie: str, domain_full, onion_domain, i2p_domain) + \ users_path redirect_headers(self, actor_str + '/' + default_timeline, - cookie, calling_domain) + cookie, calling_domain, 303) self.server.postreq_busy = False diff --git a/daemon_post_theme.py b/daemon_post_theme.py index 13201c1b8..110b90bee 100644 --- a/daemon_post_theme.py +++ b/daemon_post_theme.py @@ -73,7 +73,7 @@ def theme_designer_edit(self, calling_domain: str, cookie: str, origin_path_str = \ 'http://' + i2p_domain + users_path + \ '/' + default_timeline - redirect_headers(self, origin_path_str, cookie, calling_domain) + redirect_headers(self, origin_path_str, cookie, calling_domain, 303) self.server.postreq_busy = False return @@ -154,6 +154,6 @@ def theme_designer_edit(self, calling_domain: str, cookie: str, elif calling_domain.endswith('.i2p') and i2p_domain: origin_path_str = \ 'http://' + i2p_domain + users_path + '/' + default_timeline - redirect_headers(self, origin_path_str, cookie, calling_domain) + redirect_headers(self, origin_path_str, cookie, calling_domain, 303) self.server.postreq_busy = False return diff --git a/daemon_utils.py b/daemon_utils.py index fbd38721e..bea5d4fd0 100644 --- a/daemon_utils.py +++ b/daemon_utils.py @@ -777,7 +777,7 @@ def show_person_options(self, calling_domain: str, path: str, if '/users/news/' in path: redirect_headers(self, origin_path_str + '/tlfeatures', - cookie, calling_domain) + cookie, calling_domain, 303) return origin_path_str_absolute = \ @@ -788,7 +788,7 @@ def show_person_options(self, calling_domain: str, path: str, self.server.i2p_domain) + \ origin_path_str redirect_headers(self, origin_path_str_absolute, cookie, - calling_domain) + calling_domain, 303) def get_user_agent(self) -> str: diff --git a/httpheaders.py b/httpheaders.py index 367932e9f..202a56412 100644 --- a/httpheaders.py +++ b/httpheaders.py @@ -71,7 +71,7 @@ def logout_redirect(self, redirect: str, calling_domain: str) -> None: def redirect_headers(self, redirect: str, cookie: str, calling_domain: str, - code: int = 303) -> None: + code: int) -> None: if '://' not in redirect: redirect = get_instance_url(calling_domain, self.server.http_prefix, @@ -115,7 +115,7 @@ def clear_login_details(self, nickname: str, calling_domain: str) -> None: redirect_headers(self, self.server.http_prefix + '://' + self.server.domain_full + '/login', 'epicyon=; SameSite=Strict', - calling_domain) + calling_domain, 303) def _set_headers_base(self, file_format: str, length: int, cookie: str, diff --git a/tests.py b/tests.py index ccdcab028..286fe0120 100644 --- a/tests.py +++ b/tests.py @@ -6950,13 +6950,16 @@ def _test_date_conversions() -> None: assert date_str == date_str2 -def _test_valid_password(): +def _test_valid_password2(): print('test_valid_password') - assert not valid_password('123') - assert not valid_password('') - assert valid_password('パスワード12345') - assert valid_password('测试密码12345') - assert valid_password('A!bc:defg1/234?56') + assert not valid_password('123', True) + assert not valid_password('', True) + assert valid_password('パスワード12345', True) + assert valid_password('测试密码12345', True) + assert not valid_password('测试密码12345\n', True) + assert valid_password('A!bc:defg1/234?56', True) + assert valid_password('dcegfceu\nhdu8uigt82', True) + assert valid_password('dhgu\rheio', True) def _test_get_price_from_string() -> None: @@ -8814,7 +8817,7 @@ def run_all_tests(): _test_can_replyto(base_dir) _test_date_conversions() _test_authorized_shared_items() - _test_valid_password() + _test_valid_password2() _test_get_links_from_content() _test_set_actor_language() _test_limit_repeted_words() diff --git a/utils.py b/utils.py index 132baf53c..90495ac85 100644 --- a/utils.py +++ b/utils.py @@ -310,7 +310,7 @@ def standardize_text(text: str) -> str: def remove_eol(line: str): """Removes line ending characters """ - return line.replace('\n', '').replace('\r', '') + return line.rstrip() def text_in_file(text: str, filename: str, @@ -3971,10 +3971,17 @@ def valid_url_prefix(url: str) -> bool: return False -def valid_password(password: str) -> bool: - """Returns true if the given password is valid +def valid_password(password: str, debug: bool) -> bool: + """Returns true if the given password contains valid characters and + is within a range of lengths """ - if len(password) < 8: + if len(password) < 8 or len(password) > 1024: + if debug: + print('WARN: password length out of range (8-255): ' + + str(len(password))) + return False + # check for trailing end of line or carriage returns + if remove_eol(password) != password: return False return True