annotate MoinMoin/session.py @ 2853:40e50e27ee50

test_text_html_text_moin_wiki: tests fixed
author Reimar Bauer <rb.proj AT googlemail DOT com>
date Thu, 20 Sep 2007 20:56:41 +0200
parents 56d8a8a14114
children cd9be78f15db
rev   line source
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
1 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
2 MoinMoin - session handling
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
3
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
4 Session handling in MoinMoin is done mostly by the request
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
5 with help from a SessionHandler instance (see below.)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
6
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
7
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
8 @copyright: 2007 MoinMoin:JohannesBerg
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
9
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
10 @license: GNU GPL, see COPYING for details.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
11 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
12
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
13 import Cookie
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
14 from MoinMoin import caching
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
15 from MoinMoin.user import User
2031
56d8a8a14114 don't use a separate random string function in session.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2019
diff changeset
16 from MoinMoin.util import random_string
56d8a8a14114 don't use a separate random string function in session.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2019
diff changeset
17 import time, random
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
18
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
19 class SessionData(object):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
20 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
21 MoinMoin session data base class
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
22
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
23 An object of this class must be assigned to
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
24 request.session by the SessionHandler's start
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
25 method.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
26
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
27 Instances conform to the dict protocol (__setitem__, __getitem__,
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
28 __contains__, __delitem__, get) and have the additional methods
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
29 is_stored and is_new.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
30 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
31 def __init__(self, request):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
32 self.is_stored = False
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
33 self.is_new = True
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
34 self.request = request
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
35
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
36 def __setitem__(self, name, value):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
37 raise NotImplementedError
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
38
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
39 def __getitem__(self, name):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
40 raise NotImplementedError
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
41
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
42 def __contains__(self, name):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
43 raise NotImplementedError
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
44
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
45 def __delitem__(self, name):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
46 raise NotImplementedError
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
47
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
48 def get(self, name, default=None):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
49 raise NotImplementedError
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
50
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
51
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
52 class DefaultSessionData(SessionData):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
53 """ DefaultSessionData -- session data for DefaultSessionHandler
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
54
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
55 If you wish to override just the session storage then you can
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
56 inherit from this class, implement all methods and assign the
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
57 class to the dataclass keyword parameter to the DefaultSessionHandler
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
58 constructor.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
59
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
60 Newly created objects should have be marked as expiring right away
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
61 until set_expiry() is called.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
62 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
63 def __init__(self, request, name):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
64 """create session object
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
65
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
66 @param request: the request
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
67 @param name: the session name
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
68 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
69 SessionData.__init__(self, request)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
70 self.name = name
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
71
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
72 def set_expiry(self, expires):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
73 """reset expiry for this session object"""
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
74 raise NotImplementedError
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
75
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
76 def delete(self):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
77 """clear session data and remove from it storage"""
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
78 raise NotImplementedError
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
79
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
80 class CacheSessionData(DefaultSessionData):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
81 """ SessionData -- store data for a session
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
82
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
83 This stores session data in memory and also maintains a cache of it on
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
84 disk, so the same data will be loaded from disk cache in the next request
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
85 of the same session.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
86
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
87 Once in a while, expired session's cache files will be automatically cleaned up.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
88 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
89 def __init__(self, request, name):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
90 DefaultSessionData.__init__(self, request, name)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
91
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
92 # we can use farm scope since the session name is totally random
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
93 # this means that the session is kept over multiple wikis in a farm
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
94 # when they share user_dir and cookies
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
95 self._ce = caching.CacheEntry(request, 'session', name, 'farm',
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
96 use_pickle=True)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
97 try:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
98 self._data = self._ce.content()
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
99 if self['expires'] <= time.time():
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
100 self._ce.remove()
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
101 self._data = {'expires': 0}
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
102 except caching.CacheError:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
103 self._data = {'expires': 0}
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
104
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
105 def __setitem__(self, name, value):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
106 self._data[name] = value
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
107 if len(self._data) > 1 and self['expires'] > time.time():
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
108 self._ce.update(self._data)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
109
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
110 def __getitem__(self, name):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
111 return self._data[name]
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
112
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
113 def __contains__(self, name):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
114 return name in self._data
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
115
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
116 def __delitem__(self, name):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
117 del self._data[name]
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
118 if len(self._data) <= 1:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
119 self._ce.remove()
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
120 elif self['expires'] > time.time():
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
121 self._ce.update(self._data)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
122
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
123 def get(self, name, default=None):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
124 return self._data.get(name, default)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
125
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
126 def set_expiry(self, expires):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
127 # Set 'expires' an hour later than it should actually expire.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
128 # That way, the expiry code will delete the item an hour later
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
129 # than it has actually expired, but that is acceptable and we
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
130 # don't need to update the file all the time
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
131 if expires and self['expires'] < expires:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
132 self['expires'] = expires + 3600
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
133
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
134 def delete(self):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
135 try:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
136 self._ce.remove()
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
137 except caching.CacheError:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
138 pass
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
139 self._data = {'expires': 0}
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
140
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
141
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
142 def cleanup_session_data_cache(request):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
143 cachelist = caching.get_cache_list(request, 'session', 'farm')
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
144 tnow = time.time()
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
145 for name in cachelist:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
146 entry = caching.CacheEntry(request, 'session', name, 'farm',
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
147 use_pickle=True)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
148 try:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
149 data = entry.content()
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
150 if 'expires' in data and data['expires'] < tnow:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
151 entry.remove()
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
152 except caching.CacheError:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
153 pass
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
154
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
155
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
156 class SessionHandler(object):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
157 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
158 MoinMoin session handler base class
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
159
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
160 SessionHandler is an abstract method defining the interface
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
161 to a session handler object.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
162
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
163 Session handling in MoinMoin works as follows:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
164
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
165 When a request is received, first the cookie is read into a
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
166 Cookie.SimpleCookie instance, this is passed to the selected
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
167 session handler's (cfg.session_handler) start method (see below)
2019
149573c7ecaf session must store user.auth_attribs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2009
diff changeset
168 which must return a MoinMoin.user.User instance (or None). The
149573c7ecaf session must store user.auth_attribs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2009
diff changeset
169 session handler is also responsible for string the user object's
149573c7ecaf session must store user.auth_attribs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2009
diff changeset
170 auth_method and auth_attribs fields across sessions as those are
149573c7ecaf session must store user.auth_attribs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2009
diff changeset
171 not saved to the user file.
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
172
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
173 Then, all authentication methods are called with this user object,
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
174 they can modify it or return a different one.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
175
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
176 After they have changed the user object suitably, the session
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
177 handler's after_auth method is invoked to set the cookie.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
178
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
179 Then, the request is executed and finally the session handler's
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
180 finish method is invoked.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
181 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
182 def __init__(self):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
183 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
184 Session handler initialisation
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
185
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
186 Only provided for future compatibility.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
187 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
188 pass
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
189
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
190 def start(self, request, cookie):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
191 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
192 Session handler start
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
193
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
194 Invoked very early during request handling to preload
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
195 a user object from the session (if any.)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
196 This method must also assign to request.session an object
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
197 derived from SessionDataInterface.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
198
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
199 @param request: the request instance
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
200 @param cookie: a Cookie.SimpleCookie with the request cookie
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
201 @return: a MoinMoin.user.User instance or None
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
202 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
203 raise NotImplementedError
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
204
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
205 def after_auth(self, request, cookie, user_obj):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
206 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
207 Session handler auth chain callback
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
208
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
209 Invoked after all auth items have run (or multistage was
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
210 requested by one), but before the request is actually
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
211 handled and output is made. Should set the cookie.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
212
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
213 @param request: the request instance
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
214 @param cookie: a Cookie.SimpleCookie with the request cookie
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
215 @param user_obj: the user object returned from the auth methods
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
216 (or None)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
217 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
218 raise NotImplementedError
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
219
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
220 def finish(self, request, cookie, user_obj):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
221 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
222 Session handler request finish callback
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
223
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
224 Invoked after the request is completely finished.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
225
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
226 @param request: the request instance
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
227 @param cookie: a Cookie.SimpleCookie with the request cookie
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
228 @param user_obj: the user object that was used in this request
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
229 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
230 raise NotImplementedError
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
231
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
232 _MOIN_SESSION = 'MOIN_SESSION'
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
233
2031
56d8a8a14114 don't use a separate random string function in session.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2019
diff changeset
234 _SESSION_NAME_CHARS = 'abcdefghijklmnopqrstuvwxyz0123456789_-'
56d8a8a14114 don't use a separate random string function in session.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2019
diff changeset
235 _SESSION_NAME_LEN = 32
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
236
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
237
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
238 def _make_cookie(request, cookie_name, cookie_string, maxage, expires):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
239 """ create an appropriate cookie """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
240 cookie = Cookie.SimpleCookie()
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
241 cfg = request.cfg
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
242 cookie[cookie_name] = cookie_string
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
243 cookie[cookie_name]['max-age'] = maxage
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
244 if cfg.cookie_domain:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
245 cookie[cookie_name]['domain'] = cfg.cookie_domain
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
246 if cfg.cookie_path:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
247 cookie[cookie_name]['path'] = cfg.cookie_path
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
248 else:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
249 path = request.getScriptname()
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
250 if not path:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
251 path = '/'
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
252 cookie[cookie_name]['path'] = path
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
253 # Set expires for older clients
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
254 cookie[cookie_name]['expires'] = request.httpDate(when=expires, rfc='850')
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
255 return cookie.output()
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
256
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
257
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
258 def _get_cookie_lifetime(request, user_obj):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
259 """ Get cookie lifetime for the user object user_obj """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
260 lifetime = int(request.cfg.cookie_lifetime) * 3600
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
261 forever = 10 * 365 * 24 * 3600 # 10 years
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
262 if not lifetime:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
263 return forever
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
264 elif lifetime > 0:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
265 if user_obj.remember_me:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
266 return forever
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
267 return lifetime
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
268 elif lifetime < 0:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
269 return -lifetime
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
270 return lifetime
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
271
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
272
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
273 def _set_cookie(request, cookie_string, maxage, expires):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
274 """ Set cookie, raw helper. """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
275 cookie = _make_cookie(request, _MOIN_SESSION, cookie_string,
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
276 maxage, expires)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
277 # Set cookie
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
278 request.setHttpHeader(cookie)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
279 # IMPORTANT: Prevent caching of current page and cookie
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
280 request.disableHttpCaching()
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
281
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
282 def _delete_cookie(request):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
283 """ Delete the user cookie by sending expired cookie with null value
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
284
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
285 According to http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc2109.html#sec-4.2.2
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
286 Deleted cookie should have Max-Age=0. We also have expires attribute,
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
287 which is probably needed for older browsers.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
288
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
289 Finally, delete the saved cookie and create a new user based on the new settings.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
290 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
291 cookie_string = ''
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
292 maxage = 0
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
293 # Set expires to one year ago for older clients
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
294 expires = time.time() - 3600 * 24 * 365 # 1 year ago
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
295 cookie = _make_cookie(request, _MOIN_SESSION, cookie_string,
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
296 maxage, expires)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
297 # Set cookie
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
298 request.setHttpHeader(cookie)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
299 # IMPORTANT: Prevent caching of current page and cookie
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
300 request.disableHttpCaching()
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
301
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
302
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
303 def _set_session_cookie(request, session_name, lifetime):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
304 """ Set moin_session cookie """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
305 expires = time.time() + lifetime
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
306 request.session.set_expiry(expires)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
307 _set_cookie(request, session_name, lifetime, expires)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
308
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
309
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
310 def _get_session_name(cookie):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
311 session_name = None
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
312 if _MOIN_SESSION in cookie:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
313 session_name = cookie[_MOIN_SESSION].value
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
314 session_name = ''.join([c for c in session_name
2031
56d8a8a14114 don't use a separate random string function in session.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2019
diff changeset
315 if c in _SESSION_NAME_CHARS])
56d8a8a14114 don't use a separate random string function in session.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2019
diff changeset
316 session_name = session_name[:_SESSION_NAME_LEN]
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
317 return session_name
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
318
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
319
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
320 def _set_anon_cookie(request, session_name):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
321 if hasattr(request.cfg, 'anonymous_cookie_lifetime'):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
322 lifetime = request.cfg.anonymous_cookie_lifetime * 3600
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
323 _set_session_cookie(request, session_name, lifetime)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
324
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
325
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
326 class DefaultSessionHandler(SessionHandler):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
327 """MoinMoin default session handler
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
328
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
329 This session handler uses the MOIN_SESSION cookie and a configurable
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
330 session data class.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
331 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
332 def __init__(self, dataclass=CacheSessionData):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
333 """DefaultSessionHandler constructor
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
334
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
335 @param dataclass: class derived from DefaultSessionData or a callable
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
336 that takes parameters (request, name, expires)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
337 and returns a DefaultSessionData instance.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
338 """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
339 SessionHandler.__init__(self)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
340 self.dataclass = dataclass
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
341
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
342 def start(self, request, cookie):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
343 user_obj = None
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
344 session_name = _get_session_name(cookie)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
345 if session_name:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
346 sessiondata = self.dataclass(request, session_name)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
347 sessiondata.is_new = False
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
348 sessiondata.is_stored = True
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
349 request.session = sessiondata
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
350 if 'user.id' in sessiondata:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
351 uid = sessiondata['user.id']
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
352 method = sessiondata['user.auth_method']
2019
149573c7ecaf session must store user.auth_attribs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2009
diff changeset
353 attribs = sessiondata['user.auth_attribs']
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
354 # Only allow valid methods that are still in the auth list.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
355 # This is necessary to kick out clients who authenticated in
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
356 # the past # with a method that was removed from the auth
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
357 # list!
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
358 if method:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
359 for auth in request.cfg.auth:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
360 if auth.name == method:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
361 user_obj = User(request, id=uid,
2019
149573c7ecaf session must store user.auth_attribs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2009
diff changeset
362 auth_method=method,
149573c7ecaf session must store user.auth_attribs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2009
diff changeset
363 auth_attribs=attribs)
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
364 if user_obj:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
365 sessiondata.is_stored = True
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
366 else:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
367 store = hasattr(request.cfg, 'anonymous_cookie_lifetime')
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
368 sessiondata.is_stored = store
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
369 else:
2031
56d8a8a14114 don't use a separate random string function in session.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2019
diff changeset
370 session_name = random_string(_SESSION_NAME_LEN,
56d8a8a14114 don't use a separate random string function in session.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2019
diff changeset
371 _SESSION_NAME_CHARS)
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
372 store = hasattr(request.cfg, 'anonymous_cookie_lifetime')
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
373 sessiondata = self.dataclass(request, session_name)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
374 sessiondata.is_new = True
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
375 sessiondata.is_stored = store
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
376 request.session = sessiondata
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
377 return user_obj
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
378
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
379 def after_auth(self, request, cookie, user_obj):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
380 session = request.session
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
381 if user_obj and user_obj.valid:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
382 session['user.id'] = user_obj.id
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
383 session['user.auth_method'] = user_obj.auth_method
2019
149573c7ecaf session must store user.auth_attribs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2009
diff changeset
384 session['user.auth_attribs'] = user_obj.auth_attribs
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
385 lifetime = _get_cookie_lifetime(request, user_obj)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
386 _set_session_cookie(request, session.name, lifetime)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
387 else:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
388 if 'user.id' in session:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
389 session.delete()
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
390 _set_anon_cookie(request, session.name)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
391
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
392 def finish(self, request, cookie, user_obj):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
393 # every once a while, clean up deleted sessions:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
394 if random.randint(0, 999) == 0:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
395 cleanup_session_data_cache(request)