annotate MoinMoin/auth/__init__.py @ 1998:34391ad2825c

fix cookie handling When anon sessions are disabled 1990:9051a3a23124 introduced a bug. This fixes it.
author Johannes Berg <johannes AT sipsolutions DOT net>
date Tue, 17 Apr 2007 11:09:06 +0200
parents 9051a3a23124
children 1b14cc05a54a
rev   line source
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1 # -*- coding: iso-8859-1 -*-
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
2 """
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
3 MoinMoin - modular authentication and session code
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
4
265
2cbc7dc436d7 auth changes: added u.auth_method, u.auth_attribs and some debug code. Support for switching off some form fields.
Thomas Waldmann <tw@waldmann-edv.de>
parents: 238
diff changeset
5 Here are some methods moin can use in cfg.auth authentication method list.
268
130bd0403e21 auth methods now return tuple (user_obj, continue_flag)
Thomas Waldmann <tw@waldmann-edv.de>
parents: 265
diff changeset
6 The methods from that list get called (from request.py) in that sequence.
295
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
7 They get request as first argument and also some more kw arguments:
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
8 name: the value we did get from a POST of the UserPreferences page
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
9 in the "name" form field (or None)
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
10 password: the value of the password form field (or None)
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
11 login: True if user has clicked on Login button
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
12 logout: True if user has clicked on Logout button
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
13 user_obj: the user_obj we have until now (user_obj returned from
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
14 previous auth method or None for first auth method)
1931
7f87f9d0159e move cookie parsing to request and pass the cookie object (or None) to the
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1930
diff changeset
15 cookie: a Cookie.SimpleCookie instance containing the cookies for
7f87f9d0159e move cookie parsing to request and pass the cookie object (or None) to the
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1930
diff changeset
16 this request, or None if no (valid) cookies were set
295
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
17 (we maybe add some more here)
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
18
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
19 Use code like this to get them:
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
20 name = kw.get('name') or ''
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
21 password = kw.get('password') or ''
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
22 login = kw.get('login')
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
23 logout = kw.get('logout')
1931
7f87f9d0159e move cookie parsing to request and pass the cookie object (or None) to the
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1930
diff changeset
24 cookie = kw.get('cookie')
295
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
25 request.log("got name=%s len(password)=%d login=%r logout=%r" % (name, len(password), login, logout))
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
26
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
27 The called auth method then must return a tuple (user_obj, continue_flag).
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
28 user_obj can be one of:
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
29 * a (newly created) User object
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
30 * None if we want to inhibit log in from previous auth methods
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
31 * what we got as kw argument user_obj (meaning: no change).
268
130bd0403e21 auth methods now return tuple (user_obj, continue_flag)
Thomas Waldmann <tw@waldmann-edv.de>
parents: 265
diff changeset
32 continue_flag is a boolean indication whether the auth loop shall continue
130bd0403e21 auth methods now return tuple (user_obj, continue_flag)
Thomas Waldmann <tw@waldmann-edv.de>
parents: 265
diff changeset
33 trying other auth methods (or not).
130bd0403e21 auth methods now return tuple (user_obj, continue_flag)
Thomas Waldmann <tw@waldmann-edv.de>
parents: 265
diff changeset
34
265
2cbc7dc436d7 auth changes: added u.auth_method, u.auth_attribs and some debug code. Support for switching off some form fields.
Thomas Waldmann <tw@waldmann-edv.de>
parents: 238
diff changeset
35 The methods give a kw arg "auth_attribs" to User.__init__ that tells
2cbc7dc436d7 auth changes: added u.auth_method, u.auth_attribs and some debug code. Support for switching off some form fields.
Thomas Waldmann <tw@waldmann-edv.de>
parents: 238
diff changeset
36 which user attribute names are DETERMINED and set by this auth method and
2cbc7dc436d7 auth changes: added u.auth_method, u.auth_attribs and some debug code. Support for switching off some form fields.
Thomas Waldmann <tw@waldmann-edv.de>
parents: 238
diff changeset
37 must not get changed by the user using the UserPreferences form.
2cbc7dc436d7 auth changes: added u.auth_method, u.auth_attribs and some debug code. Support for switching off some form fields.
Thomas Waldmann <tw@waldmann-edv.de>
parents: 238
diff changeset
38 It also gives a kw arg "auth_method" that tells the name of the auth
2cbc7dc436d7 auth changes: added u.auth_method, u.auth_attribs and some debug code. Support for switching off some form fields.
Thomas Waldmann <tw@waldmann-edv.de>
parents: 238
diff changeset
39 method that authentified the user.
769
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
40
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
41 The moin_session method also defines request.session for both logged-in
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
42 as well as not logged-in users.
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
43
1950
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
44 @copyright: 2005-2006 Bastian Blank, Florian Festi,
775
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
45 MoinMoin:AlexanderSchremmer, Nick Phillips,
1950
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
46 MoinMoin:FrankieChow, MoinMoin:NirSoffer,
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
47 2005-2007 MoinMoin:ThomasWaldmann,
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
48 2007 MoinMoin:JohannesBerg
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
49
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
50 @license: GNU GPL, see COPYING for details.
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
51 """
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
52
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
53 import time, Cookie
1950
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
54 import hmac, sha, random
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
55
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
56 from MoinMoin import user, caching
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
57
770
1c76112a5ff6 removed some unneeded configurability, default value for cfg.cookie_secret
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 769
diff changeset
58 # cookie names
1c76112a5ff6 removed some unneeded configurability, default value for cfg.cookie_secret
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 769
diff changeset
59 MOIN_SESSION = 'MOIN_SESSION'
1c76112a5ff6 removed some unneeded configurability, default value for cfg.cookie_secret
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 769
diff changeset
60
1950
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
61 # maximum number of stored secrets, i.e. maximum number of different machines
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
62 # a user can use concurrently without having to log in again
1929
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
63 MAX_STORED_SECRETS = 20
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
64
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
65 class UserSecurityStringCache:
1950
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
66 """ UserSecurityStringCache -- cache a list of secrets for user cookies
1929
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
67
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
68 In order to avoid cookie stealing even after a user has logged out we
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
69 keep a list of secrets (in the cache) associated with a user and verify
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
70 that the cookie matches the right one.
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
71
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
72 This class manages the secrets and their LRU expiry.
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
73 """
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
74 def __init__(self, request, userid):
1950
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
75 # we use 'farm' scope but hash the user_dir into the secret cache name
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
76 # to make both shared and non-shared user_dir in a farm work properly
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
77 cache_name = sha.sha(userid + request.cfg.user_dir).hexdigest()
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
78 self.ce = caching.CacheEntry(request, 'ussc', cache_name, 'farm', use_pickle=True)
1937
8c594a7ca625 fix bug with removing sessions via the cookie secret LRU list code
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1935
diff changeset
79 self.request = request
1929
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
80
1950
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
81 def _load(self):
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
82 """ Internal: load string dict and LRU list from cache """
1929
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
83 if self.ce.exists():
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
84 return self.ce.content()
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
85 return {}, []
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
86
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
87 def update(self, secidx):
1950
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
88 """ tell the secret string cache that the secret identified was used
1929
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
89
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
90 @param secidx: the index of that secret or None if a new one
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
91 shall be assigned
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
92 """
1950
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
93 secrets, lru = self._load()
1929
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
94 # just move this secret to the front of the LRU queue
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
95 lru.remove(secidx)
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
96 lru.insert(0, secidx)
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
97 self.ce.update((secrets, lru))
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
98
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
99 def insert(self, secstring):
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
100 """ insert a new secret string into the cache
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
101
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
102 @param secstring: the new secret string
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
103 @rtype: int
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
104 @return: the new secret index
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
105 """
1950
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
106 secrets, lru = self._load()
1929
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
107 # find a new unused index
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
108 # try one that we'll expire first
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
109 if len(lru) >= MAX_STORED_SECRETS:
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
110 secidx = lru[-1]
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
111 else:
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
112 # select an unused index
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
113 secidx = random.randint(0, MAX_STORED_SECRETS*5)
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
114 while secidx in lru:
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
115 secidx = random.randint(0, MAX_STORED_SECRETS*5)
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
116 for idx in lru[MAX_STORED_SECRETS-1:]:
1938
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
117 data = SessionData(self.request, secrets[idx], 0)
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
118 data.delete()
1929
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
119 del secrets[idx]
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
120 lru = lru[:MAX_STORED_SECRETS-1]
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
121 lru.insert(0, secidx)
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
122 secrets[secidx] = secstring
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
123 self.ce.update((secrets, lru))
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
124 return secidx
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
125
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
126 def remove(self, secidx):
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
127 """ remove a given secret from the cache
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
128
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
129 @param secidx: the index of the secret to be removed
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
130 """
1950
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
131 secrets, lru = self._load()
1929
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
132 del secrets[secidx]
1950
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
133 lru.remove(secidx)
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
134 self.ce.update((secrets, lru))
1929
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
135
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
136 def getsecret(self, secidx):
1950
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
137 """ get a secret from the cache
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
138
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
139 @param secidx: the index of the secret to get
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
140 """
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
141 secrets, lru = self._load()
1929
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
142 if secidx in secrets:
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
143 return secrets[secidx]
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
144 return ''
775
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
145
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
146 class SessionData:
1950
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
147 """ SessionData -- store data for a session
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
148
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
149 This stores session data in memory and also maintains a cache of it on
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
150 disk, so the same data will be loaded from disk cache in the next request
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
151 of the same session.
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
152
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
153 Once in a while, expired session's cache files will be automatically cleaned up.
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
154 """
1938
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
155 def __init__(self, request, name, expires):
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
156 # we can use farm scope since the session name is totally random
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
157 # this means that the session is kept over multiple wikis in a farm
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
158 # when they share user_dir and cookies
1950
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
159 self.ce = caching.CacheEntry(request, 'session', name, 'farm', use_pickle=True)
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
160 self.request = request
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
161 if self.ce.exists():
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
162 self._data = self.ce.content()
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
163 else:
1938
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
164 self._data = {'expires': expires + 3600}
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
165 # Set 'expires' an hour later than it should actually expire.
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
166 # That way, the expiry code will delete the item an hour later
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
167 # than it has actually expired, but that is acceptable and we
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
168 # don't need to update the file all the time
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
169 if expires and (not 'expires' in self or self['expires'] < expires):
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
170 self['expires'] = expires + 3600
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
171
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
172 # every once a while, clean up deleted sessions:
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
173 if random.randint(0, 999) == 0:
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
174 self._cleanup()
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
175
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
176 def _cleanup(self):
1950
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
177 cachelist = caching.get_cache_list(self.request, 'session', 'farm')
1938
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
178 tnow = time.time()
1950
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
179 for name in cachelist:
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
180 entry = caching.CacheEntry(self.request, 'session', name, 'farm', use_pickle=True)
1938
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
181 try:
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
182 data = entry.content()
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
183 if 'expires' in data and data['expires'] < tnow:
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
184 entry.remove()
1950
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
185 except caching.CacheError:
1938
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
186 pass
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
187
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
188 def __setitem__(self, name, value):
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
189 self._data[name] = value
1938
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
190 # if we have only one item it must be 'expires'
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
191 if len(self._data) > 1:
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
192 self.ce.update(self._data)
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
193
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
194 def __getitem__(self, name):
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
195 return self._data[name]
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
196
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
197 def __contains__(self, name):
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
198 return name in self._data
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
199
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
200 def __delitem__(self, name):
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
201 del self._data[name]
1938
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
202 # if just one item is left it'll be 'expires'
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
203 if len(self._data) == 1:
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
204 self.ce.remove()
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
205 else:
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
206 self.ce.update(self._data)
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
207
1990
9051a3a23124 some session bugfixes
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1950
diff changeset
208 def get(self, name, default=None):
1935
740d9939ffe9 use session object to store page trail (even for anon users, if anon sessions are enabled)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1932
diff changeset
209 return self._data.get(name, default)
740d9939ffe9 use session object to store page trail (even for anon users, if anon sessions are enabled)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1932
diff changeset
210
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
211 def delete(self):
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
212 if self.ce.exists():
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
213 self.ce.remove()
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
214
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
215 def rename(self, newname):
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
216 self.ce.remove()
1950
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
217 self.ce = caching.CacheEntry(self.request, 'session', newname, 'farm', use_pickle=True)
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
218 if len(self._data):
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
219 self.ce.update(self._data)
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
220
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
221
775
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
222 def generate_security_string(length):
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
223 """ generate a random length (length/2 .. length) string with random content """
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
224 random_length = random.randint(length/2, length)
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
225 safe = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-'
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
226 return ''.join([random.choice(safe) for i in range(random_length)])
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
227
1930
3b25f0f60ede remove per-wiki cookie_secret since it's no longer useful
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1929
diff changeset
228 def sign_cookie_data(request, data, securitystring):
1950
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
229 """ generate a hash string based the securitystring and the data """
1930
3b25f0f60ede remove per-wiki cookie_secret since it's no longer useful
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1929
diff changeset
230 return hmac.new(securitystring, data).hexdigest()
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
231
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
232 def makeCookie(request, cookie_name, cookie_string, maxage, expires):
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
233 """ create an appropriate cookie """
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
234 c = Cookie.SimpleCookie()
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
235 cfg = request.cfg
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
236 c[cookie_name] = cookie_string
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
237 c[cookie_name]['max-age'] = maxage
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
238 if cfg.cookie_domain:
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
239 c[cookie_name]['domain'] = cfg.cookie_domain
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
240 if cfg.cookie_path:
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
241 c[cookie_name]['path'] = cfg.cookie_path
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
242 else:
482
3c08c0657dad fix cookie path for root url wikis
Thomas Waldmann <tw@waldmann-edv.de>
parents: 460
diff changeset
243 path = request.getScriptname()
3c08c0657dad fix cookie path for root url wikis
Thomas Waldmann <tw@waldmann-edv.de>
parents: 460
diff changeset
244 if not path:
3c08c0657dad fix cookie path for root url wikis
Thomas Waldmann <tw@waldmann-edv.de>
parents: 460
diff changeset
245 path = '/'
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
246 c[cookie_name]['path'] = path
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
247 # Set expires for older clients
948
28ea5b3802b1 whitespace-only cleanup
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 776
diff changeset
248 c[cookie_name]['expires'] = request.httpDate(when=expires, rfc='850')
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
249 return c.output()
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
250
1928
57cbc30bfa31 Add cookie expiry to signed part of cookie and verify that cookies aren't
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1868
diff changeset
251 def getCookieLifetime(request, u):
1950
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
252 """ Get cookie lifetime for the user object u """
1928
57cbc30bfa31 Add cookie expiry to signed part of cookie and verify that cookies aren't
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1868
diff changeset
253 lifetime = int(request.cfg.cookie_lifetime) * 3600
57cbc30bfa31 Add cookie expiry to signed part of cookie and verify that cookies aren't
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1868
diff changeset
254 forever = 10 * 365 * 24 * 3600 # 10 years
57cbc30bfa31 Add cookie expiry to signed part of cookie and verify that cookies aren't
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1868
diff changeset
255 if not lifetime:
57cbc30bfa31 Add cookie expiry to signed part of cookie and verify that cookies aren't
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1868
diff changeset
256 return forever
57cbc30bfa31 Add cookie expiry to signed part of cookie and verify that cookies aren't
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1868
diff changeset
257 elif lifetime > 0:
57cbc30bfa31 Add cookie expiry to signed part of cookie and verify that cookies aren't
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1868
diff changeset
258 if u.remember_me:
57cbc30bfa31 Add cookie expiry to signed part of cookie and verify that cookies aren't
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1868
diff changeset
259 return forever
57cbc30bfa31 Add cookie expiry to signed part of cookie and verify that cookies aren't
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1868
diff changeset
260 return lifetime
57cbc30bfa31 Add cookie expiry to signed part of cookie and verify that cookies aren't
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1868
diff changeset
261 elif lifetime < 0:
57cbc30bfa31 Add cookie expiry to signed part of cookie and verify that cookies aren't
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1868
diff changeset
262 return -lifetime
57cbc30bfa31 Add cookie expiry to signed part of cookie and verify that cookies aren't
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1868
diff changeset
263 return lifetime
57cbc30bfa31 Add cookie expiry to signed part of cookie and verify that cookies aren't
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1868
diff changeset
264
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
265 def setCookie(request, cookie_name, cookie_string, maxage, expires):
1950
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
266 """ Set cookie, raw helper. """
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
267 cookie = makeCookie(request, cookie_name, cookie_string, maxage, expires)
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
268 # Set cookie
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
269 request.setHttpHeader(cookie)
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
270 # IMPORTANT: Prevent caching of current page and cookie
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
271 request.disableHttpCaching()
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
272
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
273 def setSessionCookie(request, u, secret=None, securitystringcache=None,
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
274 secidx=None, session=None):
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
275 """ Set moin_session cookie for user obj u
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
276
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
277 cfg.cookie_lifetime and the user 'remember_me' setting set the
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
278 lifetime of the cookie. lifetime in in hours, see table:
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
279
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
280 value cookie lifetime
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
281 ----------------------------------------------------------------
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
282 = 0 forever, ignoring user 'remember_me' setting
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
283 > 0 n hours, or forever if user checked 'remember_me'
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
284 < 0 -n hours, ignoring user 'remember_me' setting
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
285 """
775
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
286 import base64
1928
57cbc30bfa31 Add cookie expiry to signed part of cookie and verify that cookies aren't
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1868
diff changeset
287 maxage = getCookieLifetime(request, u)
57cbc30bfa31 Add cookie expiry to signed part of cookie and verify that cookies aren't
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1868
diff changeset
288 expires = time.time() + maxage
57cbc30bfa31 Add cookie expiry to signed part of cookie and verify that cookies aren't
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1868
diff changeset
289 enc_username = base64.encodestring(u.auth_username).replace('\n', '')
57cbc30bfa31 Add cookie expiry to signed part of cookie and verify that cookies aren't
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1868
diff changeset
290 enc_id = base64.encodestring(u.id).replace('\n', '')
1929
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
291 if secret is None and secidx is None:
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
292 secret = generate_security_string(32)
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
293 if securitystringcache is None:
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
294 securitystringcache = UserSecurityStringCache(request, u.id)
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
295 if secret is None:
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
296 # secidx must be assigned
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
297 securitystringcache.update(secidx)
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
298 secret = securitystringcache.getsecret(secidx)
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
299 else:
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
300 secidx = securitystringcache.insert(secret)
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
301 cookie_body = "username=%s:id=%s:expires=%d:secidx=%d" % (enc_username, enc_id, expires, secidx)
1930
3b25f0f60ede remove per-wiki cookie_secret since it's no longer useful
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1929
diff changeset
302 cookie_hash = sign_cookie_data(request, cookie_body, secret)
775
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
303 cookie_string = ':'.join([cookie_hash, cookie_body])
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
304 setCookie(request, MOIN_SESSION, cookie_string, maxage, expires)
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
305
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
306 # move session data to new identifier
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
307 if session:
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
308 session.rename(secret)
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
309 else:
1939
d5ac6f9a13d4 fix bug in the previous commit
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1938
diff changeset
310 session = SessionData(request, secret, expires)
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
311 request.session = session
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
312
774
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
313 def deleteCookie(request, cookie_name):
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
314 """ Delete the user cookie by sending expired cookie with null value
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
315
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
316 According to http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc2109.html#sec-4.2.2
769
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
317 Deleted cookie should have Max-Age=0. We also have expires attribute,
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
318 which is probably needed for older browsers.
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
319
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
320 Finally, delete the saved cookie and create a new user based on the new settings.
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
321 """
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
322 cookie_string = ''
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
323 maxage = 0
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
324 # Set expires to one year ago for older clients
1950
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
325 expires = time.time() - 3600 * 24 * 365 # 1 year ago
948
28ea5b3802b1 whitespace-only cleanup
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 776
diff changeset
326 cookie = makeCookie(request, cookie_name, cookie_string, maxage, expires)
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
327 # Set cookie
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
328 request.setHttpHeader(cookie)
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
329 # IMPORTANT: Prevent caching of current page and cookie
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
330 request.disableHttpCaching()
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
331
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
332 def setAnonCookie(request, session_name):
1950
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
333 """ Set moin_session cookie for anon user
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
334
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
335 cfg.anonymous_cookie_lifetime [h] sets the lifetime of the cookie, if
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
336 defined. if not defined, we do not set the cookie.
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
337 """
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
338 if not hasattr(request.cfg, 'anonymous_cookie_lifetime'):
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
339 return
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
340 lifetime = request.cfg.anonymous_cookie_lifetime * 3600
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
341 expires = time.time() + lifetime
1939
d5ac6f9a13d4 fix bug in the previous commit
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1938
diff changeset
342 request.session = SessionData(request, session_name, expires)
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
343 setCookie(request, MOIN_SESSION, session_name, lifetime, expires)
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
344
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
345
774
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
346 def moin_login(request, **kw):
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
347 """ handle login from moin login form, session has to be established later by moin_session """
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
348 username = kw.get('name')
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
349 password = kw.get('password')
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
350 login = kw.get('login')
774
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
351 #logout = kw.get('logout')
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
352 user_obj = kw.get('user_obj')
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
353
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
354 cfg = request.cfg
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
355 verbose = False
774
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
356 if hasattr(cfg, 'moin_login_verbose'):
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
357 verbose = cfg.moin_login_verbose
948
28ea5b3802b1 whitespace-only cleanup
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 776
diff changeset
358
774
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
359 #request.log("auth.moin_login: name=%s login=%r logout=%r user_obj=%r" % (username, login, logout, user_obj))
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
360
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
361 if login:
774
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
362 if verbose: request.log("moin_login performing login action")
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
363 u = user.User(request, name=username, password=password, auth_method='moin_login')
298
6c74345f4d55 cleaned up and moved moin's cookie stuff to auth.moin_cookie
Thomas Waldmann <tw@waldmann-edv.de>
parents: 295
diff changeset
364 if u.valid:
774
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
365 if verbose: request.log("moin_login got valid user...")
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
366 user_obj = u
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
367 else:
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
368 if verbose: request.log("moin_login not valid, previous valid=%d." % user_obj.valid)
298
6c74345f4d55 cleaned up and moved moin's cookie stuff to auth.moin_cookie
Thomas Waldmann <tw@waldmann-edv.de>
parents: 295
diff changeset
369
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
370 return user_obj, True
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
371
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
372 def moin_session(request, **kw):
769
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
373 """ Authenticate via cookie.
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
374
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
375 We don't handle initial logins (except to set the appropriate cookie), just
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
376 ongoing sessions, and logout. Use another method for initial login.
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
377 """
775
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
378 import base64
948
28ea5b3802b1 whitespace-only cleanup
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 776
diff changeset
379
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
380 username = kw.get('name')
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
381 login = kw.get('login')
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
382 logout = kw.get('logout')
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
383 user_obj = kw.get('user_obj')
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
384
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
385 cfg = request.cfg
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
386 verbose = False
769
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
387 if hasattr(cfg, 'moin_session_verbose'):
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
388 verbose = cfg.moin_session_verbose
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
389
770
1c76112a5ff6 removed some unneeded configurability, default value for cfg.cookie_secret
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 769
diff changeset
390 cookie_name = MOIN_SESSION
948
28ea5b3802b1 whitespace-only cleanup
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 776
diff changeset
391
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
392 # load up our cookie
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
393 cookie = kw.get('cookie')
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
394 if cookie is not None and cookie_name in cookie:
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
395 cookievalue = cookie[cookie_name].value
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
396 cookieitems = cookievalue.split(':', 1)
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
397 else:
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
398 cookievalue = None
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
399
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
400 if verbose: request.log("auth.moin_session: name=%s login=%r logout=%r user_obj=%r" % (username, login, logout, user_obj))
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
401
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
402 if login:
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
403 if verbose: request.log("moin_session performing login action")
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
404
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
405 # Has any other method successfully authenticated?
769
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
406 if user_obj is not None and user_obj.valid:
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
407 # Yes - set up session cookie
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
408 if verbose: request.log("moin_session got valid user from previous auth method, setting cookie...")
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
409 if verbose: request.log("moin_session got auth_username %s." % user_obj.auth_username)
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
410 sessiondata = None
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
411 if cookievalue and len(cookieitems) == 1:
1938
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
412 # we have an anonymous session so migrate the data, since we
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
413 # will migrate it we don't need a proper expiry value
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
414 sessiondata = SessionData(request, cookievalue, 0)
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
415 setSessionCookie(request, user_obj, session=sessiondata)
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
416 return user_obj, True # we make continuing possible, e.g. for smbmount
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
417 else:
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
418 # No other method succeeded, so allow continuation...
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
419 # XXX Cookie clear here???
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
420 if verbose: request.log("moin_session did not get valid user from previous auth method, doing nothing")
1998
34391ad2825c fix cookie handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1990
diff changeset
421 if cookievalue and len(cookieitems) == 1:
1990
9051a3a23124 some session bugfixes
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1950
diff changeset
422 # keep non-logged in session
9051a3a23124 some session bugfixes
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1950
diff changeset
423 setAnonCookie(request, cookieitems[0])
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
424 return user_obj, True
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
425
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
426 if cookievalue is None:
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
427 # No valid cookie
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
428 if verbose: request.log("either no cookie or no %s key" % cookie_name)
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
429 return user_obj, True
948
28ea5b3802b1 whitespace-only cleanup
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 776
diff changeset
430
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
431 if len(cookieitems) == 1:
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
432 # non-logged in session
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
433 setAnonCookie(request, cookieitems[0])
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
434 return user_obj, True
948
28ea5b3802b1 whitespace-only cleanup
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 776
diff changeset
435
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
436 # otherwise we have a signed cookie
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
437 cookie_hash, cookie_body = cookieitems
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
438
1929
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
439 # Parse cookie, be careful
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
440 params = {'username': '', 'id': '', 'expires': 0, 'secidx': -1, }
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
441 cookie_pairs = cookie_body.split(":")
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
442 for key, value in [pair.split("=", 1) for pair in cookie_pairs]:
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
443 try:
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
444 if isinstance(params[key], str):
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
445 params[key] = base64.decodestring(value)
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
446 elif isinstance(params[key], int):
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
447 params[key] = int(value)
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
448 except Exception:
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
449 # ignore any errors from parsing the values
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
450 pass
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
451 # This may seem odd, but checking expiry is cheaper
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
452 # than checking the signature.
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
453 if params['expires'] < time.time():
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
454 # XXX Cookie clear here???
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
455 if verbose: request.log("cookie expired")
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
456 return user_obj, True
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
457
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
458 secidx = params['secidx']
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
459
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
460 ussc = UserSecurityStringCache(request, params['id'])
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
461 secstring = ussc.getsecret(secidx)
1930
3b25f0f60ede remove per-wiki cookie_secret since it's no longer useful
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1929
diff changeset
462 if cookie_hash != sign_cookie_data(request, cookie_body, secstring):
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
463 # XXX Cookie clear here???
775
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
464 if verbose: request.log("cookie recovered had invalid hash")
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
465 return user_obj, True
769
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
466
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
467 if verbose: request.log("Cookie OK, authenticated.")
1929
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
468
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
469 # XXX Should name be in auth_attribs?
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
470 u = user.User(request,
769
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
471 id=params['id'],
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
472 auth_username=params['username'],
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
473 auth_method='moin_session',
769
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
474 auth_attribs=(),
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
475 )
948
28ea5b3802b1 whitespace-only cleanup
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 776
diff changeset
476
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
477 if logout:
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
478 if verbose: request.log("Logout requested, setting u invalid and 'deleting' cookie")
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
479 u.valid = 0 # just make user invalid, but remember him
1929
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
480 # delete secret for this cookie
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
481 ussc.remove(secidx)
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
482 deleteCookie(request, cookie_name)
1938
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
483 session = SessionData(request, secstring, 0)
9801a267ab17 automatic session expiry
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1937
diff changeset
484 session.delete()
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
485 return u, True # we return a invalidated user object, so that
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
486 # following auth methods can get the name of
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
487 # the user who logged out
1929
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
488 # refresh cookie lifetime
aa6aa944246b introduce per-user and per-session secrets that are used for the cookie
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1928
diff changeset
489 setSessionCookie(request, u, securitystringcache=ussc, secidx=secidx)
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
490 return u, True # use True to get other methods called, too
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
491
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
492 def moin_anon_session(request, **kw):
1950
bbfc3144a567 auth/session: misc cleanup, added some docstrings
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1939
diff changeset
493 """ Anonymous session support.
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
494
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
495 If you need sessions for anonymous users add this to the config.auth list
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
496 and set config.anonymous_cookie_lifetime (in hours, can be fractional.)
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
497 """
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
498 user_obj = kw.get('user_obj')
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
499
1990
9051a3a23124 some session bugfixes
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1950
diff changeset
500 if request.session != {} or not hasattr(request.cfg, 'anonymous_cookie_lifetime'):
1932
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
501 return user_obj, True
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
502
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
503 # moin_session can handle this cookie and migrate
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
504 # the session to a known one when you log in
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
505 session_name = generate_security_string(32)
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
506 setAnonCookie(request, session_name)
8916520c8314 session handling. anonymous sessions are not enabled by default because they
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1931
diff changeset
507 return user_obj, True