diff --git a/seahub/api2/endpoints/admin/library_dirents.py b/seahub/api2/endpoints/admin/library_dirents.py
index 26e5949874..19612cff9e 100644
--- a/seahub/api2/endpoints/admin/library_dirents.py
+++ b/seahub/api2/endpoints/admin/library_dirents.py
@@ -195,7 +195,12 @@ class AdminLibraryDirent(APIView):
if is_file and request.GET.get('dl', '0') == '1':
token = seafile_api.get_fileserver_access_token(repo_id,
- dirent.obj_id, 'download', username, use_onetime=True)
+ dirent.obj_id, 'download', username, use_onetime=True)
+
+ if not token:
+ error_msg = 'Internal Server Error'
+ return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
+
dl_url = gen_file_get_url(token, dirent.obj_name)
send_file_access_msg(request, repo, path, 'web')
return Response({'download_url': dl_url})
diff --git a/seahub/api2/endpoints/file.py b/seahub/api2/endpoints/file.py
index 1ff1151930..0003b3f544 100644
--- a/seahub/api2/endpoints/file.py
+++ b/seahub/api2/endpoints/file.py
@@ -180,6 +180,11 @@ class FileView(APIView):
# get file server update url
update_token = seafile_api.get_fileserver_access_token(
repo_id, 'dummy', 'update', username)
+
+ if not update_token:
+ error_msg = 'Internal Server Error'
+ return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
+
update_url = gen_file_upload_url(update_token, 'update-api')
# update file
diff --git a/seahub/api2/endpoints/share_link_zip_task.py b/seahub/api2/endpoints/share_link_zip_task.py
index fd03543f79..5e09ab3017 100644
--- a/seahub/api2/endpoints/share_link_zip_task.py
+++ b/seahub/api2/endpoints/share_link_zip_task.py
@@ -119,6 +119,10 @@ class ShareLinkZipTaskView(APIView):
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
+ if not zip_token:
+ error_msg = 'Internal Server Error'
+ return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
+
if request.session.get('anonymous_email'):
request.user.username = request.session.get('anonymous_email')
diff --git a/seahub/api2/endpoints/zip_task.py b/seahub/api2/endpoints/zip_task.py
index b36d7c1387..662ab22e9c 100644
--- a/seahub/api2/endpoints/zip_task.py
+++ b/seahub/api2/endpoints/zip_task.py
@@ -135,6 +135,10 @@ class ZipTaskView(APIView):
error_msg = 'Internal Server Error'
return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
+ if not zip_token:
+ error_msg = 'Internal Server Error'
+ return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
+
if len(dirent_name_list) > 10:
send_file_access_msg(request, repo, parent_dir, 'web')
else:
diff --git a/seahub/api2/utils.py b/seahub/api2/utils.py
index 7788e032be..85f8212bd2 100644
--- a/seahub/api2/utils.py
+++ b/seahub/api2/utils.py
@@ -183,9 +183,14 @@ def get_group_msgs(groupid, page, username):
if not att.obj_id:
att.err = 'File does not exist'
else:
- att.token = seafile_api.get_fileserver_access_token(
- att.repo_id, att.obj_id, 'view', username)
- att.img_url = gen_file_get_url(att.token, att.name)
+ token = seafile_api.get_fileserver_access_token(att.repo_id,
+ att.obj_id, 'view', username)
+
+ if not token:
+ att.err = 'File does not exist'
+ else:
+ att.token = token
+ att.img_url = gen_file_get_url(att.token, att.name)
msg.attachment = att
diff --git a/seahub/api2/views.py b/seahub/api2/views.py
index 1928505e27..382f22285c 100644
--- a/seahub/api2/views.py
+++ b/seahub/api2/views.py
@@ -1211,6 +1211,11 @@ class FileBlockDownloadLinkView(APIView):
token = seafile_api.get_fileserver_access_token(
repo_id, file_id, 'downloadblks', request.user.username)
+
+ if not token:
+ error_msg = 'Internal Server Error'
+ return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
+
url = gen_block_get_url(token, block_id)
return Response(url)
@@ -1240,8 +1245,12 @@ class UploadLinkView(APIView):
if check_quota(repo_id) < 0:
return api_error(HTTP_520_OPERATION_FAILED, 'Above quota')
- token = seafile_api.get_fileserver_access_token(
- repo_id, 'dummy', 'upload', request.user.username, use_onetime = False)
+ token = seafile_api.get_fileserver_access_token(repo_id,
+ 'dummy', 'upload', request.user.username, use_onetime=False)
+
+ if not token:
+ error_msg = 'Internal Server Error'
+ return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
req_from = request.GET.get('from', 'api')
if req_from == 'api':
@@ -1280,8 +1289,12 @@ class UpdateLinkView(APIView):
if check_quota(repo_id) < 0:
return api_error(HTTP_520_OPERATION_FAILED, 'Above quota')
- token = seafile_api.get_fileserver_access_token(
- repo_id, 'dummy', 'update', request.user.username)
+ token = seafile_api.get_fileserver_access_token(repo_id,
+ 'dummy', 'update', request.user.username)
+
+ if not token:
+ error_msg = 'Internal Server Error'
+ return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
req_from = request.GET.get('from', 'api')
if req_from == 'api':
@@ -1320,9 +1333,13 @@ class UploadBlksLinkView(APIView):
if check_quota(repo_id) < 0:
return api_error(HTTP_520_OPERATION_FAILED, 'Above quota')
- token = seafile_api.get_fileserver_access_token(
- repo_id, 'dummy', 'upload-blks-api', request.user.username,
- use_onetime = False)
+ token = seafile_api.get_fileserver_access_token(repo_id,
+ 'dummy', 'upload-blks-api', request.user.username, use_onetime=False)
+
+ if not token:
+ error_msg = 'Internal Server Error'
+ return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
+
url = gen_file_upload_url(token, 'upload-blks-api')
return Response(url)
@@ -1361,9 +1378,13 @@ class UploadBlksLinkView(APIView):
if check_quota(repo_id) < 0:
return api_error(HTTP_520_OPERATION_FAILED, 'Above quota')
- token = seafile_api.get_fileserver_access_token(
- repo_id, 'dummy', 'upload', request.user.username,
- use_onetime = False)
+ token = seafile_api.get_fileserver_access_token(repo_id,
+ 'dummy', 'upload', request.user.username, use_onetime=False)
+
+ if not token:
+ error_msg = 'Internal Server Error'
+ return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
+
blksurl = gen_file_upload_url(token, 'upload-raw-blks-api')
commiturl = '%s?commitonly=true&ret-json=true' % gen_file_upload_url(
token, 'upload-blks-api')
@@ -1405,9 +1426,13 @@ class UpdateBlksLinkView(APIView):
if check_quota(repo_id) < 0:
return api_error(HTTP_520_OPERATION_FAILED, 'Above quota')
- token = seafile_api.get_fileserver_access_token(
- repo_id, 'dummy', 'update-blks-api', request.user.username,
- use_onetime = False)
+ token = seafile_api.get_fileserver_access_token(repo_id,
+ 'dummy', 'update-blks-api', request.user.username, use_onetime=False)
+
+ if not token:
+ error_msg = 'Internal Server Error'
+ return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
+
url = gen_file_upload_url(token, 'update-blks-api')
return Response(url)
@@ -1529,9 +1554,12 @@ def get_shared_link(request, repo_id, path):
def get_repo_file(request, repo_id, file_id, file_name, op, use_onetime=True):
if op == 'download':
- token = seafile_api.get_fileserver_access_token(repo_id, file_id, op,
- request.user.username,
- use_onetime)
+ token = seafile_api.get_fileserver_access_token(repo_id,
+ file_id, op, request.user.username, use_onetime)
+
+ if not token:
+ error_msg = 'Internal Server Error'
+ return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
redirect_url = gen_file_get_url(token, file_name)
response = HttpResponse(json.dumps(redirect_url), status=200,
diff --git a/seahub/onlyoffice/views.py b/seahub/onlyoffice/views.py
index 78ef076074..1b1aae52aa 100644
--- a/seahub/onlyoffice/views.py
+++ b/seahub/onlyoffice/views.py
@@ -53,8 +53,12 @@ def onlyoffice_editor_callback(request):
file_path = doc_info['file_path']
username = doc_info['username']
- update_token = seafile_api.get_fileserver_access_token(
- repo_id, 'dummy', 'update', username)
+ update_token = seafile_api.get_fileserver_access_token(repo_id,
+ 'dummy', 'update', username)
+
+ if not update_token:
+ return HttpResponse('{"error": 0}')
+
update_url = gen_file_upload_url(update_token, 'update-api')
files = {
diff --git a/seahub/thumbnail/utils.py b/seahub/thumbnail/utils.py
index 9a6ddb00d0..de8f42d75c 100644
--- a/seahub/thumbnail/utils.py
+++ b/seahub/thumbnail/utils.py
@@ -116,8 +116,11 @@ def generate_thumbnail(request, repo_id, size, path):
if file_size > THUMBNAIL_IMAGE_SIZE_LIMIT * 1024**2:
return (False, 403)
- token = seafile_api.get_fileserver_access_token(repo_id, file_id, 'view',
- '', use_onetime=True)
+ token = seafile_api.get_fileserver_access_token(repo_id,
+ file_id, 'view', '', use_onetime=True)
+
+ if not token:
+ return (False, 500)
inner_path = gen_inner_file_get_url(token, os.path.basename(path))
try:
@@ -131,8 +134,11 @@ def generate_thumbnail(request, repo_id, size, path):
def create_video_thumbnails(repo, file_id, path, size, thumbnail_file, file_size):
t1 = timeit.default_timer()
- token = seafile_api.get_fileserver_access_token(repo.id, file_id, 'view',
- '', use_onetime=False)
+ token = seafile_api.get_fileserver_access_token(repo.id,
+ file_id, 'view', '', use_onetime=False)
+
+ if not token:
+ return (False, 500)
inner_path = gen_inner_file_get_url(token, os.path.basename(path))
clip = VideoFileClip(inner_path)
diff --git a/seahub/views/__init__.py b/seahub/views/__init__.py
index 4acf10d579..bae51c9f7a 100644
--- a/seahub/views/__init__.py
+++ b/seahub/views/__init__.py
@@ -1001,6 +1001,9 @@ def repo_download_dir(request, repo_id):
token = seafile_api.get_fileserver_access_token(
repo_id, json.dumps(fake_obj_id), 'download-dir', request.user.username)
+ if not token:
+ return render_error(request, _(u'Internal Server Error'))
+
else:
return render_error(request, _(u'Unable to download "%s"') % dirname )
diff --git a/seahub/views/ajax.py b/seahub/views/ajax.py
index ceebd880eb..5ca7126431 100644
--- a/seahub/views/ajax.py
+++ b/seahub/views/ajax.py
@@ -805,8 +805,13 @@ def download_enc_file(request, repo_id, file_id):
blklist = blks.split('\n')
blklist = [i for i in blklist if len(i) == 40]
- token = seafile_api.get_fileserver_access_token(repo_id, file_id,
- op, request.user.username)
+ token = seafile_api.get_fileserver_access_token(repo_id,
+ file_id, op, request.user.username)
+
+ if not token:
+ result['error'] = _(u'FileServer access token invalid.')
+ return HttpResponse(json.dumps(result), content_type=content_type)
+
url = gen_block_get_url(token, None)
result = {
'blklist':blklist,
@@ -1067,6 +1072,10 @@ def get_file_upload_url_ul(request, token):
return HttpResponse(json.dumps({"error": _("Internal Server Error")}),
status=500, content_type=content_type)
+ if not acc_token:
+ return HttpResponse(json.dumps({"error": _("Internal Server Error")}),
+ status=500, content_type=content_type)
+
url = gen_file_upload_url(acc_token, 'upload-aj')
return HttpResponse(json.dumps({"url": url}), content_type=content_type)
diff --git a/seahub/views/file.py b/seahub/views/file.py
index 82d1c58f77..741e20da86 100644
--- a/seahub/views/file.py
+++ b/seahub/views/file.py
@@ -205,8 +205,12 @@ def get_file_view_path_and_perm(request, repo_id, obj_id, path, use_onetime=True
return ('', '', user_perm)
else:
# Get a token to visit file
- token = seafile_api.get_fileserver_access_token(repo_id, obj_id, 'view',
- username, use_onetime=use_onetime)
+ token = seafile_api.get_fileserver_access_token(repo_id,
+ obj_id, 'view', username, use_onetime=use_onetime)
+
+ if not token:
+ return ('', '', None)
+
outer_url = gen_file_get_url(token, filename)
inner_url = gen_inner_file_get_url(token, filename)
return (outer_url, inner_url, user_perm)
@@ -282,8 +286,12 @@ def convert_md_link(file_content, repo_id, username):
if not obj_id:
return '''%s
''' % link_name
- token = seafile_api.get_fileserver_access_token(repo_id, obj_id,
- 'view', username)
+ token = seafile_api.get_fileserver_access_token(repo_id,
+ obj_id, 'view', username)
+
+ if not token:
+ return '''%s
''' % link_name
+
return '
' % (gen_file_get_url(token, filename), filename)
else:
from seahub.base.templatetags.seahub_tags import file_icon_filter
@@ -410,18 +418,24 @@ def _file_view(request, repo_id, path):
# Pass permission check, start download or render file.
if request.GET.get('dl', '0') == '1':
- token = seafile_api.get_fileserver_access_token(repo_id, obj_id,
- 'download', username,
- use_onetime=True)
+ token = seafile_api.get_fileserver_access_token(repo_id,
+ obj_id, 'download', username, use_onetime=True)
+
+ if not token:
+ return render_permission_error(request, _(u'Unable to view file'))
+
dl_url = gen_file_get_url(token, u_filename)
# send stats message
send_file_access_msg(request, repo, path, 'web')
return HttpResponseRedirect(dl_url)
if request.GET.get('raw', '0') == '1':
- token = seafile_api.get_fileserver_access_token(repo_id, obj_id,
- 'view', username,
- use_onetime=True)
+ token = seafile_api.get_fileserver_access_token(repo_id,
+ obj_id, 'view', username, use_onetime=True)
+
+ if not token:
+ return render_permission_error(request, _(u'Unable to view file'))
+
raw_url = gen_file_get_url(token, u_filename)
# send stats message
send_file_access_msg(request, repo, path, 'web')
@@ -466,8 +480,13 @@ def _file_view(request, repo_id, path):
else:
document_type = 'text'
doc_title = os.path.basename(path)
- dl_token = seafile_api.get_fileserver_access_token(
- repo.id, obj_id, 'download', username, use_onetime=True)
+
+ dl_token = seafile_api.get_fileserver_access_token(repo.id,
+ obj_id, 'download', username, use_onetime=True)
+
+ if not dl_token:
+ return render_permission_error(request, _(u'Unable to view file'))
+
doc_url = gen_file_get_url(dl_token, u_filename)
doc_info = json.dumps({'repo_id': repo_id, 'file_path': path,
'username': username})
@@ -790,9 +809,12 @@ def _download_file_from_share_link(request, fileshare):
except Exception as e:
logger.error('Error when sending file-download message: %s' % str(e))
- dl_token = seafile_api.get_fileserver_access_token(repo.id, obj_id,
- 'download', username,
- use_onetime=False)
+ dl_token = seafile_api.get_fileserver_access_token(repo.id,
+ obj_id, 'download', username, use_onetime=False)
+
+ if not dl_token:
+ messages.error(request, _(u'Unable to download file.'))
+
return HttpResponseRedirect(gen_file_get_url(dl_token, filename))
@share_link_audit
@@ -837,9 +859,13 @@ def view_shared_file(request, fileshare):
# download shared file
return _download_file_from_share_link(request, fileshare)
- access_token = seafile_api.get_fileserver_access_token(repo.id, obj_id,
- 'view', '',
- use_onetime=False)
+ access_token = seafile_api.get_fileserver_access_token(repo.id,
+ obj_id, 'view', '', use_onetime=False)
+
+ if not access_token:
+ return render_error(request, _(u'Unable to view file'))
+
+
raw_path = gen_file_get_url(access_token, filename)
if request.GET.get('raw', '') == '1':
if fileshare.get_permissions()['can_download'] is False:
@@ -957,8 +983,12 @@ def view_raw_shared_file(request, token, obj_id, file_name):
filename = os.path.basename(file_path)
username = request.user.username
- token = seafile_api.get_fileserver_access_token(repo_id, real_obj_id, 'view',
- username, use_onetime=False)
+ token = seafile_api.get_fileserver_access_token(repo_id,
+ real_obj_id, 'view', username, use_onetime=False)
+
+ if not token:
+ raise Http404
+
outer_url = gen_file_get_url(token, filename)
return HttpResponseRedirect(outer_url)
@@ -1013,7 +1043,10 @@ def view_file_via_shared_dir(request, fileshare):
username = request.user.username
token = seafile_api.get_fileserver_access_token(repo_id,
- obj_id, 'view', username, use_onetime=True)
+ obj_id, 'view', username, use_onetime=True)
+
+ if not token:
+ return render_error(request, _(u'Unable to view file'))
raw_url = gen_file_get_url(token, filename)
# send stats message
@@ -1022,8 +1055,12 @@ def view_file_via_shared_dir(request, fileshare):
file_size = seafile_api.get_file_size(repo.store_id, repo.version, obj_id)
filetype, fileext = get_file_type_and_ext(filename)
- access_token = seafile_api.get_fileserver_access_token(repo.id, obj_id,
- 'view', '', use_onetime=False)
+ access_token = seafile_api.get_fileserver_access_token(repo.id,
+ obj_id, 'view', '', use_onetime=False)
+
+ if not access_token:
+ return render_error(request, _(u'Unable to view file'))
+
raw_path = gen_file_get_url(access_token, filename)
inner_path = gen_inner_file_get_url(access_token, filename)
@@ -1220,8 +1257,11 @@ def file_edit(request, repo_id):
if not obj_id:
return render_error(request, _(u'The file does not exist.'))
- token = seafile_api.get_fileserver_access_token(repo_id, obj_id, 'view',
- request.user.username)
+ token = seafile_api.get_fileserver_access_token(repo_id,
+ obj_id, 'view', request.user.username)
+
+ if not token:
+ return render_error(request, _(u'Unable to view file'))
# generate path and link
zipped = gen_path_link(path, repo.name)
@@ -1354,8 +1394,14 @@ def download_file(request, repo_id, obj_id):
# if it has been renamed
if check_folder_permission(request, repo_id, '/'):
# Get a token to access file
- token = seafile_api.get_fileserver_access_token(repo_id, obj_id,
- 'download', username)
+ token = seafile_api.get_fileserver_access_token(repo_id,
+ obj_id, 'download', username)
+
+ if not token:
+ messages.error(request, _(u'Unable to download file'))
+ next = request.META.get('HTTP_REFERER', settings.SITE_ROOT)
+ return HttpResponseRedirect(next)
+
else:
messages.error(request, _(u'Unable to download file'))
next = request.META.get('HTTP_REFERER', settings.SITE_ROOT)
@@ -1382,9 +1428,12 @@ def get_file_content_by_commit_and_path(request, repo_id, commit_id, path, file_
permission = check_folder_permission(request, repo_id, '/')
if permission:
# Get a token to visit file
- token = seafile_api.get_fileserver_access_token(repo_id, obj_id,
- 'view',
- request.user.username)
+ token = seafile_api.get_fileserver_access_token(repo_id,
+ obj_id, 'view', request.user.username)
+
+ if not token:
+ return None, 'FileServer access token invalid'
+
else:
return None, 'permission denied'
diff --git a/seahub/views/repo.py b/seahub/views/repo.py
index ba5d532070..fcea269692 100644
--- a/seahub/views/repo.py
+++ b/seahub/views/repo.py
@@ -66,8 +66,12 @@ def is_no_quota(repo_id):
def get_upload_url(request, repo_id):
username = request.user.username
if check_folder_permission(request, repo_id, '/') == 'rw':
- token = seafile_api.get_fileserver_access_token(repo_id, 'dummy',
- 'upload', username)
+ token = seafile_api.get_fileserver_access_token(repo_id,
+ 'dummy', 'upload', username)
+
+ if not token:
+ return ''
+
return gen_file_upload_url(token, 'upload')
else:
return ''
diff --git a/seahub/wopi/views.py b/seahub/wopi/views.py
index f0401f8fcd..2cecba2d5c 100644
--- a/seahub/wopi/views.py
+++ b/seahub/wopi/views.py
@@ -291,11 +291,15 @@ class WOPIFilesContentsView(APIView):
file_name = os.path.basename(file_path)
try:
fileserver_token = seafile_api.get_fileserver_access_token(repo_id,
- obj_id, 'view', '', use_onetime = False)
+ obj_id, 'view', '', use_onetime = False)
except SearpcError as e:
logger.error(e)
return HttpResponse(json.dumps({}), status=500,
- content_type=json_content_type)
+ content_type=json_content_type)
+
+ if not fileserver_token:
+ return HttpResponse(json.dumps({}), status=500,
+ content_type=json_content_type)
inner_path = gen_inner_file_get_url(fileserver_token, file_name)
@@ -320,6 +324,11 @@ class WOPIFilesContentsView(APIView):
# get file update url
token = seafile_api.get_fileserver_access_token(repo_id,
'dummy', 'update', request_user)
+
+ if not token:
+ return HttpResponse(json.dumps({}), status=500,
+ content_type=json_content_type)
+
update_url = gen_file_upload_url(token, 'update-api')
# update file