use of com.zimbra.cs.service.formatter.Formatter in project zm-mailbox by Zimbra.
the class UserServlet method doPost.
/**
* Adds an item to a folder specified in the URI. The item content is provided in the POST request's body.
*/
@Override
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
UserServletContext context = null;
ZimbraLog.clearContext();
addRemoteIpToLoggingContext(req);
try {
context = new UserServletContext(req, resp, this);
if (!checkAuthentication(context)) {
sendError(context, req, resp, L10nUtil.getMessage(MsgKey.errMustAuthenticate, req));
return;
}
checkTargetAccountStatus(context);
if (proxyIfRemoteTargetAccount(req, resp, context))
return;
if (context.getAuthAccount() != null) {
ZimbraLog.addAccountNameToContext(context.getAuthAccount().getName());
}
boolean doCsrfCheck = false;
if (req.getAttribute(CsrfFilter.CSRF_TOKEN_CHECK) != null) {
doCsrfCheck = (Boolean) req.getAttribute(CsrfFilter.CSRF_TOKEN_CHECK);
}
if (doCsrfCheck) {
String csrfToken = req.getHeader(Constants.CSRF_TOKEN);
if (log.isDebugEnabled()) {
String paramValue = req.getParameter(QP_AUTH);
log.debug("CSRF check is: %s, CSRF token is: %s, Authentication recd with request is: %s", doCsrfCheck, csrfToken, paramValue);
}
if (!StringUtil.isNullOrEmpty(csrfToken)) {
if (!CsrfUtil.isValidCsrfToken(csrfToken, context.authToken)) {
context.setCsrfAuthSucceeded(Boolean.FALSE);
log.debug("CSRF token validation failed for account: %s" + ", Auth token is CSRF enabled: %s" + "CSRF token is: %s", context.authToken, context.authToken.isCsrfTokenEnabled(), csrfToken);
sendError(context, req, resp, L10nUtil.getMessage(MsgKey.errMustAuthenticate, req));
return;
} else {
context.setCsrfAuthSucceeded(Boolean.TRUE);
}
}
}
Folder folder = null;
String filename = null;
Mailbox mbox = UserServletUtil.getTargetMailbox(context);
if (mbox != null) {
ZimbraLog.addMboxToContext(mbox.getId());
log.info("POST: " + context.req.getRequestURL().toString());
context.opContext = new OperationContext(context.getAuthAccount(), isAdminRequest(req));
try {
context.target = UserServletUtil.resolveItem(context, false);
} catch (NoSuchItemException nsie) {
// perhaps it's a POST to "Notebook/new-file-name" -- find the parent folder and proceed from there
if (context.itemPath == null)
throw nsie;
int separator = context.itemPath.lastIndexOf('/');
if (separator <= 0)
throw nsie;
filename = context.itemPath.substring(separator + 1);
context.itemPath = context.itemPath.substring(0, separator);
context.target = UserServletUtil.resolveItem(context, false);
context.extraPath = filename;
}
folder = (context.target instanceof Folder ? (Folder) context.target : mbox.getFolderById(context.opContext, context.target.getFolderId()));
if (context.target != folder) {
if (filename == null)
filename = context.target.getName();
else
// need to fail on POST to "Notebook/existing-file/random-cruft"
throw MailServiceException.NO_SUCH_FOLDER(context.itemPath);
}
if (proxyIfMountpoint(req, resp, context, folder)) {
// if the target is a mountpoint, the request was already proxied to the resolved target
return;
}
}
// if they specified a filename, default to the native formatter
if (context.format == null && filename != null)
context.format = FormatType.HTML_CONVERTED;
String ctype = context.req.getContentType();
// if no format explicitly specified, try to guess it from the Content-Type header
if (context.format == null && ctype != null) {
String normalizedType = new com.zimbra.common.mime.ContentType(ctype).getContentType();
Formatter fmt = FormatterFactory.mDefaultFormatters.get(normalizedType);
if (fmt != null)
context.format = fmt.getType();
}
context.target = folder;
resolveFormatter(context);
if (!context.formatter.supportsSave())
sendError(context, req, resp, L10nUtil.getMessage(MsgKey.errUnsupportedFormat, req));
// authentication, call the formatter and let it deal with preventing harvest attacks.
if (mbox == null && context.formatter.requiresAuth())
throw ServiceException.PERM_DENIED(L10nUtil.getMessage(MsgKey.errPermissionDenied, req));
context.formatter.save(context, ctype, folder, filename);
} catch (ServiceException se) {
if (se.getCode() == ServiceException.PERM_DENIED || se instanceof NoSuchItemException) {
sendError(context, req, resp, L10nUtil.getMessage(MsgKey.errNoSuchItem, req));
} else if (se.getCode() == AccountServiceException.MAINTENANCE_MODE || se.getCode() == AccountServiceException.ACCOUNT_INACTIVE) {
sendError(context, req, resp, se.getMessage());
} else if (se.getCode() == ServiceException.INVALID_REQUEST) {
if (log.isDebugEnabled()) {
log.debug("Invalid POST Request", se);
} else {
log.info("Invalid POST Request - %s", se.getMessage());
}
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, se.getMessage());
} else {
if (log.isDebugEnabled()) {
log.info("Service Exception caught whilst processing POST", se);
} else {
log.info("Service Exception caught whilst processing POST - %s", se.getMessage());
}
throw new ServletException(se);
}
} catch (UserServletException e) {
// add check for ServiceException root cause?
if (e.getHttpStatusCode() == HttpServletResponse.SC_UNAUTHORIZED) {
sendError(context, req, resp, L10nUtil.getMessage(MsgKey.errMustAuthenticate, req));
} else {
resp.sendError(e.getHttpStatusCode(), e.getMessage());
}
} catch (HttpException e) {
throw new ServletException(e);
} finally {
ZimbraLog.clearContext();
}
}
Aggregations