issue2551243: Update schema-dump add anti-csrf headers

Also flake8 fixes and verified python2 support.

Author: rouilj

CHANGES.txt

@@ -76,6 +76,8 @@ Features:
   line processing of the mailgw script to ``argparse``. Note that the
   command line options of the mailgw have changed, see upgrading.txt for
   details. (Ralf Schlatterbeck)
+- issue2551243: schema-dump.py enhanced with anti-CSRF headers. Flake8
+  cleanup and python2 support. (John Rouillard)
 
 2022-07-13 2.2.0
 

scripts/schema-dump.py

@@ -4,26 +4,38 @@
 Use recently documented XML-RPC API to dump
 Roundup data schema in human readable form.
 
+Works with demo tracker using:
+
+   http://admin:admin@localhost:8917/demo/xmlrpc
+
 Future development may cover:
 [ ] unreadable dump formats
 [ ] access to local database
 [ ] lossless dump/restore cycle
-[ ] data dump and filtering with preserved 
+[ ] data dump and filtering with preserved
+
+Works in Python 2 as well.
 """
 from __future__ import print_function
 
 __license__ = "Public Domain"
-__version__ = "1.0"
+__version__ = "1.1"
 __authors__ = [
     "anatoly techtonik <[email protected]>"
+    "John Rouillard <[email protected]>"
 ]
 
 import os
-import sys
-from roundup.anypy import xmlrpc_
 import pprint
+import sys
 import textwrap
+try:
+    import urllib.parse as url_parser  # python 3
+except ImportError:
+    import urlparse as url_parser  # python 2
+
 from argparse import ArgumentParser
+from roundup.anypy import xmlrpc_
 
 sname = os.path.basename(sys.argv[0])
 usage = """\
@@ -43,16 +55,19 @@
   --version
 """ % sname
 
+
 def format_pprint(var):
     return pprint.pformat(var)
 
+
 def format_json(var):
     jout = pprint.pformat(var)
     jout = jout.replace('"', "\\'")  # " to \'
     jout = jout.replace("'", '"')    # ' to "
     jout = jout.replace('\\"', "'")  # \" to '
     return jout
 
+
 def format_yaml(var):
     out = pprint.pformat(var)
     out = out.replace('{', ' ')
@@ -80,7 +95,50 @@ def format_yaml(var):
         out2.append(line)
     out = '\n'.join(out2)
     return out
- 
+
+
+class SpecialTransport():
+    """Mixin for http/https transports to implement new send_content with
+       CSRF prevention headers to both of them.
+    """
+    def send_content(self, connection, request_body):
+        connection.putheader("Referer", "%s://%s%s%s/" % (
+            self.components.scheme,
+            self.components.hostname,
+            ':' + str(self.components.port) if self.components.port else '',
+            self.components.path))
+        connection.putheader("Origin", "%s://%s%s" % (
+            self.components.scheme, self.components.hostname,
+            ':' + str(self.components.port) if self.components.port else ''))
+        connection.putheader("X-Requested-With", "XMLHttpRequest")
+
+        connection.putheader("Content-Type", "text/xml")
+        connection.putheader("Content-Length", str(len(request_body)))
+        connection.endheaders()
+        if request_body:
+            connection.send(request_body)
+
+
+class SpecialHttpTransport(SpecialTransport, xmlrpc_.client.Transport,
+                           object):
+    """SpecialTransport must be first to use its send_content. Explicit
+       object inheritance required for python2 apparently."""
+    def __init__(self, url):
+        self.components = url_parser.urlparse(url)
+        # works both python2 (with object inheritance) and python3
+        super(SpecialHttpTransport, self).__init__(self)
+
+
+class SpecialHttpsTransport(SpecialTransport, xmlrpc_.client.SafeTransport,
+                            object):
+    """SpecialTransport must be first to use its send_content. Explicit
+       object inheritance required for python2 apparently."""
+    def __init__(self, url):
+        self.components = url_parser.urlparse(url)
+        # works both python2 (with object inheritance) and python3
+        super(SpecialHttpsTransport, self).__init__(self)
+
+
 if __name__ == "__main__":
     parser = ArgumentParser()
     parser.add_argument("url", nargs=1)
@@ -92,7 +150,17 @@ def format_yaml(var):
     if args.version:
         sys.exit(sname + " " + __version__)
 
-    roundup_server = xmlrpc_.client.ServerProxy(args.url[0], allow_none=True)
+    if args.url[0].lower().startswith('https:'):
+        transport = SpecialHttpsTransport
+    else:
+        transport = SpecialHttpTransport
+
+    roundup_server = xmlrpc_.client.ServerProxy(
+        args.url[0],
+        transport=transport(args.url[0]),
+        verbose=False,
+        allow_none=True)
+
     schema = roundup_server.schema()
     if args.raw:
         print(str(schema))