Search in sources :

Example 1 with Formatter

use of com.zimbra.cs.service.formatter.Formatter in project zm-mailbox by Zimbra.

the class UserServlet method doPost.

/**
 * Adds an item to a folder specified in the URI.  The item content is provided in the POST request's body.
 */
@Override
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    UserServletContext context = null;
    ZimbraLog.clearContext();
    addRemoteIpToLoggingContext(req);
    try {
        context = new UserServletContext(req, resp, this);
        if (!checkAuthentication(context)) {
            sendError(context, req, resp, L10nUtil.getMessage(MsgKey.errMustAuthenticate, req));
            return;
        }
        checkTargetAccountStatus(context);
        if (proxyIfRemoteTargetAccount(req, resp, context))
            return;
        if (context.getAuthAccount() != null) {
            ZimbraLog.addAccountNameToContext(context.getAuthAccount().getName());
        }
        boolean doCsrfCheck = false;
        if (req.getAttribute(CsrfFilter.CSRF_TOKEN_CHECK) != null) {
            doCsrfCheck = (Boolean) req.getAttribute(CsrfFilter.CSRF_TOKEN_CHECK);
        }
        if (doCsrfCheck) {
            String csrfToken = req.getHeader(Constants.CSRF_TOKEN);
            if (log.isDebugEnabled()) {
                String paramValue = req.getParameter(QP_AUTH);
                log.debug("CSRF check is: %s, CSRF token is: %s, Authentication recd with request is: %s", doCsrfCheck, csrfToken, paramValue);
            }
            if (!StringUtil.isNullOrEmpty(csrfToken)) {
                if (!CsrfUtil.isValidCsrfToken(csrfToken, context.authToken)) {
                    context.setCsrfAuthSucceeded(Boolean.FALSE);
                    log.debug("CSRF token validation failed for account: %s" + ", Auth token is CSRF enabled:  %s" + "CSRF token is: %s", context.authToken, context.authToken.isCsrfTokenEnabled(), csrfToken);
                    sendError(context, req, resp, L10nUtil.getMessage(MsgKey.errMustAuthenticate, req));
                    return;
                } else {
                    context.setCsrfAuthSucceeded(Boolean.TRUE);
                }
            }
        }
        Folder folder = null;
        String filename = null;
        Mailbox mbox = UserServletUtil.getTargetMailbox(context);
        if (mbox != null) {
            ZimbraLog.addMboxToContext(mbox.getId());
            log.info("POST: " + context.req.getRequestURL().toString());
            context.opContext = new OperationContext(context.getAuthAccount(), isAdminRequest(req));
            try {
                context.target = UserServletUtil.resolveItem(context, false);
            } catch (NoSuchItemException nsie) {
                // perhaps it's a POST to "Notebook/new-file-name" -- find the parent folder and proceed from there
                if (context.itemPath == null)
                    throw nsie;
                int separator = context.itemPath.lastIndexOf('/');
                if (separator <= 0)
                    throw nsie;
                filename = context.itemPath.substring(separator + 1);
                context.itemPath = context.itemPath.substring(0, separator);
                context.target = UserServletUtil.resolveItem(context, false);
                context.extraPath = filename;
            }
            folder = (context.target instanceof Folder ? (Folder) context.target : mbox.getFolderById(context.opContext, context.target.getFolderId()));
            if (context.target != folder) {
                if (filename == null)
                    filename = context.target.getName();
                else
                    // need to fail on POST to "Notebook/existing-file/random-cruft"
                    throw MailServiceException.NO_SUCH_FOLDER(context.itemPath);
            }
            if (proxyIfMountpoint(req, resp, context, folder)) {
                // if the target is a mountpoint, the request was already proxied to the resolved target
                return;
            }
        }
        // if they specified a filename, default to the native formatter
        if (context.format == null && filename != null)
            context.format = FormatType.HTML_CONVERTED;
        String ctype = context.req.getContentType();
        // if no format explicitly specified, try to guess it from the Content-Type header
        if (context.format == null && ctype != null) {
            String normalizedType = new com.zimbra.common.mime.ContentType(ctype).getContentType();
            Formatter fmt = FormatterFactory.mDefaultFormatters.get(normalizedType);
            if (fmt != null)
                context.format = fmt.getType();
        }
        context.target = folder;
        resolveFormatter(context);
        if (!context.formatter.supportsSave())
            sendError(context, req, resp, L10nUtil.getMessage(MsgKey.errUnsupportedFormat, req));
        // authentication, call the formatter and let it deal with preventing harvest attacks.
        if (mbox == null && context.formatter.requiresAuth())
            throw ServiceException.PERM_DENIED(L10nUtil.getMessage(MsgKey.errPermissionDenied, req));
        context.formatter.save(context, ctype, folder, filename);
    } catch (ServiceException se) {
        if (se.getCode() == ServiceException.PERM_DENIED || se instanceof NoSuchItemException) {
            sendError(context, req, resp, L10nUtil.getMessage(MsgKey.errNoSuchItem, req));
        } else if (se.getCode() == AccountServiceException.MAINTENANCE_MODE || se.getCode() == AccountServiceException.ACCOUNT_INACTIVE) {
            sendError(context, req, resp, se.getMessage());
        } else if (se.getCode() == ServiceException.INVALID_REQUEST) {
            if (log.isDebugEnabled()) {
                log.debug("Invalid POST Request", se);
            } else {
                log.info("Invalid POST Request - %s", se.getMessage());
            }
            resp.sendError(HttpServletResponse.SC_BAD_REQUEST, se.getMessage());
        } else {
            if (log.isDebugEnabled()) {
                log.info("Service Exception caught whilst processing POST", se);
            } else {
                log.info("Service Exception caught whilst processing POST - %s", se.getMessage());
            }
            throw new ServletException(se);
        }
    } catch (UserServletException e) {
        // add check for ServiceException root cause?
        if (e.getHttpStatusCode() == HttpServletResponse.SC_UNAUTHORIZED) {
            sendError(context, req, resp, L10nUtil.getMessage(MsgKey.errMustAuthenticate, req));
        } else {
            resp.sendError(e.getHttpStatusCode(), e.getMessage());
        }
    } catch (HttpException e) {
        throw new ServletException(e);
    } finally {
        ZimbraLog.clearContext();
    }
}
Also used : OperationContext(com.zimbra.cs.mailbox.OperationContext) OctopusPatchFormatter(com.zimbra.cs.service.formatter.OctopusPatchFormatter) ZipFormatter(com.zimbra.cs.service.formatter.ZipFormatter) TarFormatter(com.zimbra.cs.service.formatter.TarFormatter) IfbFormatter(com.zimbra.cs.service.formatter.IfbFormatter) Formatter(com.zimbra.cs.service.formatter.Formatter) Folder(com.zimbra.cs.mailbox.Folder) ZFolder(com.zimbra.client.ZFolder) NoSuchItemException(com.zimbra.cs.mailbox.MailServiceException.NoSuchItemException) ServletException(javax.servlet.ServletException) Mailbox(com.zimbra.cs.mailbox.Mailbox) ZMailbox(com.zimbra.client.ZMailbox) AccountServiceException(com.zimbra.cs.account.AccountServiceException) ServiceException(com.zimbra.common.service.ServiceException) MailServiceException(com.zimbra.cs.mailbox.MailServiceException) HttpException(org.apache.http.HttpException)

Aggregations

ZFolder (com.zimbra.client.ZFolder)1 ZMailbox (com.zimbra.client.ZMailbox)1 ServiceException (com.zimbra.common.service.ServiceException)1 AccountServiceException (com.zimbra.cs.account.AccountServiceException)1 Folder (com.zimbra.cs.mailbox.Folder)1 MailServiceException (com.zimbra.cs.mailbox.MailServiceException)1 NoSuchItemException (com.zimbra.cs.mailbox.MailServiceException.NoSuchItemException)1 Mailbox (com.zimbra.cs.mailbox.Mailbox)1 OperationContext (com.zimbra.cs.mailbox.OperationContext)1 Formatter (com.zimbra.cs.service.formatter.Formatter)1 IfbFormatter (com.zimbra.cs.service.formatter.IfbFormatter)1 OctopusPatchFormatter (com.zimbra.cs.service.formatter.OctopusPatchFormatter)1 TarFormatter (com.zimbra.cs.service.formatter.TarFormatter)1 ZipFormatter (com.zimbra.cs.service.formatter.ZipFormatter)1 ServletException (javax.servlet.ServletException)1 HttpException (org.apache.http.HttpException)1