Use JsonDecorator scope in the Toolbox and CloudSync

Improves security by disallowing other content than json for requests CURA-7150
2025-04-21 05:09:37 +08:00 · 2020-02-25 14:41:02 +01:00 · 2020-02-25 14:41:02 +01:00 · 27902fe38f
commit 27902fe38f
parent 510d9822dd
5 changed files with 16 additions and 8 deletions
--- a/plugins/Toolbox/src/CloudSync/CloudApiClient.py
+++ b/plugins/Toolbox/src/CloudSync/CloudApiClient.py
@ -1,5 +1,6 @@
 from UM.Logger import Logger
 from UM.TaskManagement.HttpRequestManager import HttpRequestManager
+from UM.TaskManagement.HttpRequestScope import JsonDecoratorScope
 from cura.CuraApplication import CuraApplication
 from ..CloudApiModel import CloudApiModel
 from ..UltimakerCloudScope import UltimakerCloudScope
@ -26,7 +27,7 @@ class CloudApiClient:
        if self.__instance is not None:
            raise RuntimeError("This is a Singleton. use getInstance()")

-        self._scope = UltimakerCloudScope(app)  # type: UltimakerCloudScope
+        self._scope = JsonDecoratorScope(UltimakerCloudScope(app))  # type: JsonDecoratorScope

        app.getPackageManager().packageInstalled.connect(self._onPackageInstalled)

--- a/plugins/Toolbox/src/CloudSync/CloudPackageChecker.py
+++ b/plugins/Toolbox/src/CloudSync/CloudPackageChecker.py
@ -11,6 +11,7 @@ from UM import i18nCatalog
 from UM.Logger import Logger
 from UM.Message import Message
 from UM.Signal import Signal
+from UM.TaskManagement.HttpRequestScope import JsonDecoratorScope
 from cura.CuraApplication import CuraApplication, ApplicationMetadata
 from ..CloudApiModel import CloudApiModel
 from .SubscribedPackagesModel import SubscribedPackagesModel
@ -18,13 +19,14 @@ from ..UltimakerCloudScope import UltimakerCloudScope

 from typing import List, Dict, Any

+
 class CloudPackageChecker(QObject):
    def __init__(self, application: CuraApplication) -> None:
        super().__init__()

        self.discrepancies = Signal()  # Emits SubscribedPackagesModel
        self._application = application  # type: CuraApplication
-        self._scope = UltimakerCloudScope(application)
+        self._scope = JsonDecoratorScope(UltimakerCloudScope(application))
        self._model = SubscribedPackagesModel()

        self._application.initializationFinished.connect(self._onAppInitialized)
--- a/plugins/Toolbox/src/CloudSync/DownloadPresenter.py
+++ b/plugins/Toolbox/src/CloudSync/DownloadPresenter.py
@ -11,6 +11,7 @@ from UM.Logger import Logger
 from UM.Message import Message
 from UM.Signal import Signal
 from UM.TaskManagement.HttpRequestManager import HttpRequestManager
+from UM.TaskManagement.HttpRequestScope import JsonDecoratorScope
 from cura.CuraApplication import CuraApplication
 from .SubscribedPackagesModel import SubscribedPackagesModel
 from ..UltimakerCloudScope import UltimakerCloudScope
@ -29,7 +30,7 @@ class DownloadPresenter:
        self.done = Signal()

        self._app = app
-        self._scope = UltimakerCloudScope(app)
+        self._scope = JsonDecoratorScope(UltimakerCloudScope(app))

        self._started = False
        self._progress_message = self._createProgressMessage()
--- a/plugins/Toolbox/src/Toolbox.py
+++ b/plugins/Toolbox/src/Toolbox.py
@ -12,6 +12,7 @@ from PyQt5.QtNetwork import QNetworkAccessManager, QNetworkRequest, QNetworkRepl
 from UM.Logger import Logger
 from UM.PluginRegistry import PluginRegistry
 from UM.Extension import Extension
+from UM.TaskManagement.HttpRequestScope import JsonDecoratorScope
 from UM.i18n import i18nCatalog
 from UM.Version import Version

@ -54,7 +55,7 @@ class Toolbox(QObject, Extension):
        self._download_request_data = None  # type: Optional[HttpRequestData]
        self._download_progress = 0  # type: float
        self._is_downloading = False  # type: bool
-        self._scope = UltimakerCloudScope(application)  # type: UltimakerCloudScope
+        self._scope = JsonDecoratorScope(UltimakerCloudScope(application))  # type: JsonDecoratorScope

        self._request_urls = {}  # type: Dict[str, str]
        self._to_update = []  # type: List[str] # Package_ids that are waiting to be updated
--- a/plugins/Toolbox/src/UltimakerCloudScope.py
+++ b/plugins/Toolbox/src/UltimakerCloudScope.py
@ -6,10 +6,13 @@ from cura.API import Account
 from cura.CuraApplication import CuraApplication


-## Add a Authorization header to the request for Ultimaker Cloud Api requests.
-# When the user is not logged in or a token is not available, a warning will be logged
-# Also add the user agent headers (see DefaultUserAgentScope)
 class UltimakerCloudScope(DefaultUserAgentScope):
+    """Add an Authorization header to the request for Ultimaker Cloud Api requests.
+
+    When the user is not logged in or a token is not available, a warning will be logged
+    Also add the user agent headers (see DefaultUserAgentScope)
+    """
+
    def __init__(self, application: CuraApplication):
        super().__init__(application)
        api = application.getCuraAPI()