Explicitly match .json and .xml extension when used as last element of

the path component of a URI. This permits items like JWT that have multiple
'.' separated components to be passed in the path of the URI.

Author: rouilj

CHANGES.txt

@@ -31,6 +31,10 @@ Fixed:
   encoded/compressed. (John Rouillard)
 - In REST interface do not raise UsageError for invalid api version.
   Return json error with proper message. Fixes crash. (John Rouillard)
+- In REST interface, only allow .json or .xml (if supported) as
+  extensions. All other paths with a . in then will be passed through
+  without change. This allows items like a JWT to be passed as a path
+  element. (John Rouillard)
 
 Features:
 

roundup/rest.py

@@ -1961,6 +1961,15 @@ def dispatch(self, method, uri, input):
         #            default (application/json)
         ext_type = os.path.splitext(urlparse(uri).path)[1][1:]
 
+        # Use explicit list of extensions. Even if xml isn't supported
+        # recognize it as a valid directive.
+        if ext_type in ['json', 'xml']:
+            # strip extension so uri make sense
+            # .../issue.json -> .../issue
+            uri = uri[:-(len(ext_type) + 1)]
+        else:
+            ext_type = None
+
         # headers.get('Accept') is never empty if called here.
         # accept_type will be set to json if there is no Accept header
         # accept_type wil be empty only if there is an Accept header