durusmail: qp: How to unsecure qp pages?
How to unsecure qp pages?
2008-03-26
How to unsecure qp pages?
Tristan Short
2008-03-26
I have been testing a few things out regarding securing pages (and
unsecuring them).

Problem
My qp based app has a mix of pages that need to be secured and those
that don't. Secured in this case simply means https and not necessarily
logged in - i.e. user can be anonymous. Usually if the pages that do not
require securing get secured as a result of the scheme change to https
it does not matter. However, I have some pages that have large content
levels and they do not need to be secured and nor should they for
performance reasons. In fact I always want them to be unsecured.

Solution
Create the following new / updated methods on the site's Publisher class:

## code start

+    def unsecure(self):
+        ''' If the scheme is not http,
+        then redirect so that it will be.
+        '''
+
+        if get_request().get_scheme() == 'https':
+            self.redirect( self.complete_url('', unsecure=True) )



    def complete_url(self, path, secure=False, unsecure=False):
        """(path:str, secure:bool=False) -> str
        Turn path into a complete url to this publisher, changing the
        scheme to https if secure is True.

+        And likewise changing the scheme to http if unsecure is True.
+       If both secure and unsecure are true then the page will be
secured - fail safe.
        """
        s = str(path)
        if not secure and s.startswith('http://'):
            return s
        if not unsecure and s.startswith('https://'):
            return s
        if secure:
            host, port = self.get_site().get_https_address()
            if not host:
                host = get_request().get_server().split(':')[0]
            if port == 443:
                address = str(host)
            else:
                address = "%s:%s" % (host, port)
            base = 'https://%s%s' % (address,
                                     get_request().get_path_query())
+        elif unsecure:
+            host, port = self.get_site().get_http_address()
+            if not host:
+                host = get_request().get_server().split(':')[0]
+            if port == 80:
+                address = str(host)
+            else:
+                address = "%s:%s" % (host, port)
+            base = 'http://%s%s' % (address,
+                                     get_request().get_path_query())

        else:
            base = get_request().get_url()
        return urljoin(base, self.complete_path(s))

## code end

Is this the right way to solve this problem?

Tristan

reply