# (c) 2005 Ian Bicking and contributors; written for Paste (http://pythonpaste.org)
# Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
# (c) 2005 Ian Bicking, Clark C. Evans and contributors
# This module is part of the Python Paste Project and is released under
# the MIT License: http://www.opensource.org/licenses/mit-license.php
# Some of this code was funded by http://prometheusresearch.com
"""
HTTP Exception Middleware

This module processes Python exceptions that relate to HTTP exceptions
by defining a set of exceptions, all subclasses of HTTPException, and a
request handler (`middleware`) that catches these exceptions and turns
them into proper responses.

This module defines exceptions according to RFC 2068 [1]_ : codes with
100-300 are not really errors; 400's are client errors, and 500's are
server errors.  According to the WSGI specification [2]_ , the application
can call ``start_response`` more then once only under two conditions:
(a) the response has not yet been sent, or (b) if the second and
subsequent invocations of ``start_response`` have a valid ``exc_info``
argument obtained from ``sys.exc_info()``.  The WSGI specification then
requires the server or gateway to handle the case where content has been
sent and then an exception was encountered.

Exceptions in the 5xx range and those raised after ``start_response``
has been called are treated as serious errors and the ``exc_info`` is
filled-in with information needed for a lower level module to generate a
stack trace and log information.

Exception
  HTTPException
    HTTPRedirection
      * 300 - HTTPMultipleChoices
      * 301 - HTTPMovedPermanently
      * 302 - HTTPFound
      * 303 - HTTPSeeOther
      * 304 - HTTPNotModified
      * 305 - HTTPUseProxy
      * 306 - Unused (not implemented, obviously)
      * 307 - HTTPTemporaryRedirect
    HTTPError
      HTTPClientError
        * 400 - HTTPBadRequest
        * 401 - HTTPUnauthorized
        * 402 - HTTPPaymentRequired
        * 403 - HTTPForbidden
        * 404 - HTTPNotFound
        * 405 - HTTPMethodNotAllowed
        * 406 - HTTPNotAcceptable
        * 407 - HTTPProxyAuthenticationRequired
        * 408 - HTTPRequestTimeout
        * 409 - HTTPConfict
        * 410 - HTTPGone
        * 411 - HTTPLengthRequired
        * 412 - HTTPPreconditionFailed
        * 413 - HTTPRequestEntityTooLarge
        * 414 - HTTPRequestURITooLong
        * 415 - HTTPUnsupportedMediaType
        * 416 - HTTPRequestRangeNotSatisfiable
        * 417 - HTTPExpectationFailed
        * 429 - HTTPTooManyRequests
      HTTPServerError
        * 500 - HTTPInternalServerError
        * 501 - HTTPNotImplemented
        * 502 - HTTPBadGateway
        * 503 - HTTPServiceUnavailable
        * 504 - HTTPGatewayTimeout
        * 505 - HTTPVersionNotSupported

References:

.. [1] http://www.python.org/peps/pep-0333.html#error-handling
.. [2] http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.5

"""

import six
from paste.wsgilib import catch_errors_app
from paste.response import has_header, header_value, replace_header
from paste.request import resolve_relative_url
from paste.util.quoting import strip_html, html_quote, no_quote, comment_quote

SERVER_NAME = 'WSGI Server'
TEMPLATE = """\
<html>\r
  <head><title>%(title)s</title></head>\r
  <body>\r
    <h1>%(title)s</h1>\r
    <p>%(body)s</p>\r
    <hr noshade>\r
    <div align="right">%(server)s</div>\r
  </body>\r
</html>\r
"""

class HTTPException(Exception):
    """
    the HTTP exception base class

    This encapsulates an HTTP response that interrupts normal application
    flow; but one which is not necessarly an error condition. For
    example, codes in the 300's are exceptions in that they interrupt
    normal processing; however, they are not considered errors.

    This class is complicated by 4 factors:

      1. The content given to the exception may either be plain-text or
         as html-text.

      2. The template may want to have string-substitutions taken from
         the current ``environ`` or values from incoming headers. This
         is especially troublesome due to case sensitivity.

      3. The final output may either be text/plain or text/html
         mime-type as requested by the client application.

      4. Each exception has a default explanation, but those who
         raise exceptions may want to provide additional detail.

    Attributes:

       ``code``
           the HTTP status code for the exception

       ``title``
           remainder of the status line (stuff after the code)

       ``explanation``
           a plain-text explanation of the error message that is
           not subject to environment or header substitutions;
           it is accessible in the template via %(explanation)s

       ``detail``
           a plain-text message customization that is not subject
           to environment or header substitutions; accessible in
           the template via %(detail)s

       ``template``
           a content fragment (in HTML) used for environment and
           header substitution; the default template includes both
           the explanation and further detail provided in the
           message

       ``required_headers``
           a sequence of headers which are required for proper
           construction of the exception

    Parameters:

       ``detail``
         a plain-text override of the default ``detail``

       ``headers``
         a list of (k,v) header pairs

       ``comment``
         a plain-text additional information which is
         usually stripped/hidden for end-users

    To override the template (which is HTML content) or the plain-text
    explanation, one must subclass the given exception; or customize it
    after it has been created.  This particular breakdown of a message
    into explanation, detail and template allows both the creation of
    plain-text and html messages for various clients as well as
    error-free substitution of environment variables and headers.
    """

    code = None
    title = None
    explanation = ''
    detail = ''
    comment = ''
    template = "%(explanation)s\r\n<br/>%(detail)s\r\n<!-- %(comment)s -->"
    required_headers = ()

    def __init__(self, detail=None, headers=None, comment=None):
        assert self.code, "Do not directly instantiate abstract exceptions."
        assert isinstance(headers, (type(None), list)), (
            "headers must be None or a list: %r"
            % headers)
        assert isinstance(detail, (type(None), six.binary_type, six.text_type)), (
            "detail must be None or a string: %r" % detail)
        assert isinstance(comment, (type(None), six.binary_type, six.text_type)), (
            "comment must be None or a string: %r" % comment)
        self.headers = headers or tuple()
        for req in self.required_headers:
            assert headers and has_header(headers, req), (
                "Exception %s must be passed the header %r "
                "(got headers: %r)"
                % (self.__class__.__name__, req, headers))
        if detail is not None:
            self.detail = detail
        if comment is not None:
            self.comment = comment
        Exception.__init__(self,"%s %s\n%s\n%s\n" % (
            self.code, self.title, self.explanation, self.detail))

    def make_body(self, environ, template, escfunc, comment_escfunc=None):
        comment_escfunc = comment_escfunc or escfunc
        args = {'explanation': escfunc(self.explanation),
                'detail': escfunc(self.detail),
                'comment': comment_escfunc(self.comment)}
        if HTTPException.template != self.template:
            for (k, v) in environ.items():
                args[k] = escfunc(v)
            if self.headers:
                for (k, v) in self.headers:
                    args[k.lower()] = escfunc(v)
        if six.PY2:
            for key, value in args.items():
                if isinstance(value, six.text_type):
                    args[key] = value.encode('utf8', 'xmlcharrefreplace')
        return template % args

    def plain(self, environ):
        """ text/plain representation of the exception """
        body = self.make_body(environ, strip_html(self.template), no_quote, comment_quote)
        return ('%s %s\r\n%s\r\n' % (self.code, self.title, body))

    def html(self, environ):
        """ text/html representation of the exception """
        body = self.make_body(environ, self.template, html_quote, comment_quote)
        return TEMPLATE % {
                   'title': self.title,
                   'code': self.code,
                   'server': SERVER_NAME,
                   'body': body }

    def prepare_content(self, environ):
        if self.headers:
            headers = list(self.headers)
        else:
            headers = []
        if 'html' in environ.get('HTTP_ACCEPT','') or \
            '*/*' in environ.get('HTTP_ACCEPT',''):
            replace_header(headers, 'content-type', 'text/html')
            content = self.html(environ)
        else:
            replace_header(headers, 'content-type', 'text/plain')
            content = self.plain(environ)
        if isinstance(content, six.text_type):
            content = content.encode('utf8')
            cur_content_type = (
                header_value(headers, 'content-type')
                or 'text/html')
            replace_header(
                headers, 'content-type',
                cur_content_type + '; charset=utf8')
        return headers, content

    def response(self, environ):
        from paste.wsgiwrappers import WSGIResponse
        headers, content = self.prepare_content(environ)
        resp = WSGIResponse(code=self.code, content=content)
        resp.headers = resp.headers.fromlist(headers)
        return resp

    def wsgi_application(self, environ, start_response, exc_info=None):
        """
        This exception as a WSGI application
        """
        headers, content = self.prepare_content(environ)
        start_response('%s %s' % (self.code, self.title),
                       headers,
                       exc_info)
        return [content]

    __call__ = wsgi_application

    def __repr__(self):
        return '<%s %s; code=%s>' % (self.__class__.__name__,
                                     self.title, self.code)

class HTTPError(HTTPException):
    """
    base class for status codes in the 400's and 500's

    This is an exception which indicates that an error has occurred,
    and that any work in progress should not be committed.  These are
    typically results in the 400's and 500's.
    """

#
# 3xx Redirection
#
#  This class of status code indicates that further action needs to be
#  taken by the user agent in order to fulfill the request. The action
#  required MAY be carried out by the user agent without interaction with
#  the user if and only if the method used in the second request is GET or
#  HEAD. A client SHOULD detect infinite redirection loops, since such
#  loops generate network traffic for each redirection.
#

class HTTPRedirection(HTTPException):
    """
    base class for 300's status code (redirections)

    This is an abstract base class for 3xx redirection.  It indicates
    that further action needs to be taken by the user agent in order
    to fulfill the request.  It does not necessarly signal an error
    condition.
    """

class _HTTPMove(HTTPRedirection):
    """
    redirections which require a Location field

    Since a 'Location' header is a required attribute of 301, 302, 303,
    305 and 307 (but not 304), this base class provides the mechanics to
    make this easy.  While this has the same parameters as HTTPException,
    if a location is not provided in the headers; it is assumed that the
    detail _is_ the location (this for backward compatibility, otherwise
    we'd add a new attribute).
    """
    required_headers = ('location',)
    explanation = 'The resource has been moved to'
    template = (
        '%(explanation)s <a href="%(location)s">%(location)s</a>;\r\n'
        'you should be redirected automatically.\r\n'
        '%(detail)s\r\n<!-- %(comment)s -->')

    def __init__(self, detail=None, headers=None, comment=None):
        assert isinstance(headers, (type(None), list))
        headers = headers or []
        location = header_value(headers,'location')
        if not location:
            location = detail
            detail = ''
            headers.append(('location', location))
        assert location, ("HTTPRedirection specified neither a "
                          "location in the headers nor did it "
                          "provide a detail argument.")
        HTTPRedirection.__init__(self, location, headers, comment)
        if detail is not None:
            self.detail = detail

    def relative_redirect(cls, dest_uri, environ, detail=None, headers=None, comment=None):
        """
        Create a redirect object with the dest_uri, which may be relative,
        considering it relative to the uri implied by the given environ.
        """
        location = resolve_relative_url(dest_uri, environ)
        headers = headers or []
        headers.append(('Location', location))
        return cls(detail=detail, headers=headers, comment=comment)

    relative_redirect = classmethod(relative_redirect)

    def location(self):
        for name, value in self.headers:
            if name.lower() == 'location':
                return value
        else:
            raise KeyError("No location set for %s" % self)

class HTTPMultipleChoices(_HTTPMove):
    code = 300
    title = 'Multiple Choices'

class HTTPMovedPermanently(_HTTPMove):
    code = 301
    title = 'Moved Permanently'

class HTTPFound(_HTTPMove):
    code = 302
    title = 'Found'
    explanation = 'The resource was found at'

# This one is safe after a POST (the redirected location will be
# retrieved with GET):
class HTTPSeeOther(_HTTPMove):
    code = 303
    title = 'See Other'

class HTTPNotModified(HTTPRedirection):
    # @@: but not always (HTTP section 14.18.1)...?
    # @@: Removed 'date' requirement, as its not required for an ETag
    # @@: FIXME: This should require either an ETag or a date header
    code = 304
    title = 'Not Modified'
    message = ''
    # @@: should include date header, optionally other headers
    # @@: should not return a content body
    def plain(self, environ):
        return ''
    def html(self, environ):
        """ text/html representation of the exception """
        return ''

class HTTPUseProxy(_HTTPMove):
    # @@: OK, not a move, but looks a little like one
    code = 305
    title = 'Use Proxy'
    explanation = (
        'The resource must be accessed through a proxy '
        'located at')

class HTTPTemporaryRedirect(_HTTPMove):
    code = 307
    title = 'Temporary Redirect'

#
# 4xx Client Error
#
#  The 4xx class of status code is intended for cases in which the client
#  seems to have erred. Except when responding to a HEAD request, the
#  server SHOULD include an entity containing an explanation of the error
#  situation, and whether it is a temporary or permanent condition. These
#  status codes are applicable to any request method. User agents SHOULD
#  display any included entity to the user.
#

class HTTPClientError(HTTPError):
    """
    base class for the 400's, where the client is in-error

    This is an error condition in which the client is presumed to be
    in-error.  This is an expected problem, and thus is not considered
    a bug.  A server-side traceback is not warranted.  Unless specialized,
    this is a '400 Bad Request'
    """
    code = 400
    title = 'Bad Request'
    explanation = ('The server could not comply with the request since\r\n'
                   'it is either malformed or otherwise incorrect.\r\n')

class HTTPBadRequest(HTTPClientError):
    pass

class HTTPUnauthorized(HTTPClientError):
    code = 401
    title = 'Unauthorized'
    explanation = (
        'This server could not verify that you are authorized to\r\n'
        'access the document you requested.  Either you supplied the\r\n'
        'wrong credentials (e.g., bad password), or your browser\r\n'
        'does not understand how to supply the credentials required.\r\n')

class HTTPPaymentRequired(HTTPClientError):
    code = 402
    title = 'Payment Required'
    explanation = ('Access was denied for financial reasons.')

class HTTPForbidden(HTTPClientError):
    code = 403
    title = 'Forbidden'
    explanation = ('Access was denied to this resource.')

class HTTPNotFound(HTTPClientError):
    code = 404
    title = 'Not Found'
    explanation = ('The resource could not be found.')

class HTTPMethodNotAllowed(HTTPClientError):
    required_headers = ('allow',)
    code = 405
    title = 'Method Not Allowed'
    # override template since we need an environment variable
    template = ('The method %(REQUEST_METHOD)s is not allowed for '
                'this resource.\r\n%(detail)s')

class HTTPNotAcceptable(HTTPClientError):
    code = 406
    title = 'Not Acceptable'
    # override template since we need an environment variable
    template = ('The resource could not be generated that was '
                'acceptable to your browser (content\r\nof type '
                '%(HTTP_ACCEPT)s).\r\n%(detail)s')

class HTTPProxyAuthenticationRequired(HTTPClientError):
    code = 407
    title = 'Proxy Authentication Required'
    explanation = ('Authentication /w a local proxy is needed.')

class HTTPRequestTimeout(HTTPClientError):
    code = 408
    title = 'Request Timeout'
    explanation = ('The server has waited too long for the request to '
                   'be sent by the client.')

class HTTPConflict(HTTPClientError):
    code = 409
    title = 'Conflict'
    explanation = ('There was a conflict when trying to complete '
                   'your request.')

class HTTPGone(HTTPClientError):
    code = 410
    title = 'Gone'
    explanation = ('This resource is no longer available.  No forwarding '
                   'address is given.')

class HTTPLengthRequired(HTTPClientError):
    code = 411
    title = 'Length Required'
    explanation = ('Content-Length header required.')

class HTTPPreconditionFailed(HTTPClientError):
    code = 412
    title = 'Precondition Failed'
    explanation = ('Request precondition failed.')

class HTTPRequestEntityTooLarge(HTTPClientError):
    code = 413
    title = 'Request Entity Too Large'
    explanation = ('The body of your request was too large for this server.')

class HTTPRequestURITooLong(HTTPClientError):
    code = 414
    title = 'Request-URI Too Long'
    explanation = ('The request URI was too long for this server.')

class HTTPUnsupportedMediaType(HTTPClientError):
    code = 415
    title = 'Unsupported Media Type'
    # override template since we need an environment variable
    template = ('The request media type %(CONTENT_TYPE)s is not '
                'supported by this server.\r\n%(detail)s')

class HTTPRequestRangeNotSatisfiable(HTTPClientError):
    code = 416
    title = 'Request Range Not Satisfiable'
    explanation = ('The Range requested is not available.')

class HTTPExpectationFailed(HTTPClientError):
    code = 417
    title = 'Expectation Failed'
    explanation = ('Expectation failed.')

class HTTPTooManyRequests(HTTPClientError):
    code = 429
    title = 'Too Many Requests'
    explanation = ('The client has sent too many requests to the server.')

#
# 5xx Server Error
#
#  Response status codes beginning with the digit "5" indicate cases in
#  which the server is aware that it has erred or is incapable of
#  performing the request. Except when responding to a HEAD request, the
#  server SHOULD include an entity containing an explanation of the error
#  situation, and whether it is a temporary or permanent condition. User
#  agents SHOULD display any included entity to the user. These response
#  codes are applicable to any request method.
#

class HTTPServerError(HTTPError):
    """
    base class for the 500's, where the server is in-error

    This is an error condition in which the server is presumed to be
    in-error.  This is usually unexpected, and thus requires a traceback;
    ideally, opening a support ticket for the customer. Unless specialized,
    this is a '500 Internal Server Error'
    """
    code = 500
    title = 'Internal Server Error'
    explanation = (
      'The server has either erred or is incapable of performing\r\n'
      'the requested operation.\r\n')

class HTTPInternalServerError(HTTPServerError):
    pass

class HTTPNotImplemented(HTTPServerError):
    code = 501
    title = 'Not Implemented'
    # override template since we need an environment variable
    template = ('The request method %(REQUEST_METHOD)s is not implemented '
                'for this server.\r\n%(detail)s')

class HTTPBadGateway(HTTPServerError):
    code = 502
    title = 'Bad Gateway'
    explanation = ('Bad gateway.')

class HTTPServiceUnavailable(HTTPServerError):
    code = 503
    title = 'Service Unavailable'
    explanation = ('The server is currently unavailable. '
                   'Please try again at a later time.')

class HTTPGatewayTimeout(HTTPServerError):
    code = 504
    title = 'Gateway Timeout'
    explanation = ('The gateway has timed out.')

class HTTPVersionNotSupported(HTTPServerError):
    code = 505
    title = 'HTTP Version Not Supported'
    explanation = ('The HTTP version is not supported.')

# abstract HTTP related exceptions
__all__ = ['HTTPException', 'HTTPRedirection', 'HTTPError' ]

_exceptions = {}
for name, value in six.iteritems(dict(globals())):
    if (isinstance(value, (type, six.class_types)) and
        issubclass(value, HTTPException) and
        value.code):
        _exceptions[value.code] = value
        __all__.append(name)

def get_exception(code):
    return _exceptions[code]

############################################################
## Middleware implementation:
############################################################

class HTTPExceptionHandler(object):
    """
    catches exceptions and turns them into proper HTTP responses

    This middleware catches any exceptions (which are subclasses of
    ``HTTPException``) and turns them into proper HTTP responses.
    Note if the headers have already been sent, the stack trace is
    always maintained as this indicates a programming error.

    Note that you must raise the exception before returning the
    app_iter, and you cannot use this with generator apps that don't
    raise an exception until after their app_iter is iterated over.
    """

    def __init__(self, application, warning_level=None):
        assert not warning_level or ( warning_level > 99 and
                                      warning_level < 600)
        if warning_level is not None:
            import warnings
            warnings.warn('The warning_level parameter is not used or supported',
                          DeprecationWarning, 2)
        self.warning_level = warning_level or 500
        self.application = application

    def __call__(self, environ, start_response):
        environ['paste.httpexceptions'] = self
        environ.setdefault('paste.expected_exceptions',
                           []).append(HTTPException)
        try:
            return self.application(environ, start_response)
        except HTTPException as exc:
            return exc(environ, start_response)

def middleware(*args, **kw):
    import warnings
    # deprecated 13 dec 2005
    warnings.warn('httpexceptions.middleware is deprecated; use '
                  'make_middleware or HTTPExceptionHandler instead',
                  DeprecationWarning, 2)
    return make_middleware(*args, **kw)

def make_middleware(app, global_conf=None, warning_level=None):
    """
    ``httpexceptions`` middleware; this catches any
    ``paste.httpexceptions.HTTPException`` exceptions (exceptions like
    ``HTTPNotFound``, ``HTTPMovedPermanently``, etc) and turns them
    into proper HTTP responses.

    ``warning_level`` can be an integer corresponding to an HTTP code.
    Any code over that value will be passed 'up' the chain, potentially
    reported on by another piece of middleware.
    """
    if warning_level:
        warning_level = int(warning_level)
    return HTTPExceptionHandler(app, warning_level=warning_level)

__all__.extend(['HTTPExceptionHandler', 'get_exception'])