view MoinMoin/web/ @ 4529:002c21b10561

fix / finish xmlrpc auth token (session) code
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Mon, 02 Feb 2009 01:08:29 +0100
parents 371bf2615ea1
children 0ac99fdbe65d
line wrap: on
line source

# -*- coding: iso-8859-1 -*-
    MoinMoin - WSGI session handling

    To provide sessions, the MoinMoin WSGI application interacts with an
    object implementing the `SessionService` API. The interface is quite
    straight forward. For documentation of the expected methods, refer
    to the documentation of `SessionService` in this module.

    @copyright: 2008 MoinMoin:FlorianKrupicka
    @license: GNU GPL, see COPYING for details.
import time

from werkzeug.utils import dump_cookie
from werkzeug.contrib.sessions import FilesystemSessionStore, Session

from MoinMoin import caching

from MoinMoin import log
logging = log.getLogger(__name__)

class MoinSession(Session):
    """ Compatibility interface to Werkzeug-sessions for old Moin-code. """
    is_new = property(lambda s:
    is_stored = property(lambda s: True)

class SessionService(object):
    A session service returns a session object given a request object and
    provides services like persisting sessions and cleaning up occasionally.
    def get_session(self, request, sid=None):
        """ Return a session object pertaining to the particular request."""
        raise NotImplementedError

    def destroy_session(self, request, session):
        """ Destroy an existing session (make it unusable). """
        raise NotImplementedError

    def finalize(self, request, session):
        If the service needs to do anything to the session and/or request,
        before it is sent back to the client, he can chose to do so here.
        Typical examples would be setting cookies for the client.
        raise NotImplementedError

class FileSessionService(SessionService):
    This sample session service stores session information in a temporary
    directory and identifies the session via a cookie in the request/response
    cycle. It is based on werkzeug's FilesystemSessionStore, that implements
    the whole logic for creating the actual session objects (which are
    inherited from the builtin `dict`)
    def __init__(self, cookie_name='MOIN_SESSION'): = FilesystemSessionStore(session_class=MoinSession)
        self.cookie_name = cookie_name

    def get_session(self, request, sid=None):
        if sid is None:
            sid = request.cookies.get(self.cookie_name, None)
        if sid is None:
            session =
            session =
        return session

    def destroy_session(self, request, session):

    def finalize(self, request, session):
        userobj = request.user
        if userobj and userobj.valid:
            if '' in session and session[''] !=
            session[''] =
            session['user.auth_method'] = userobj.auth_method
            session['user.auth_attribs'] = userobj.auth_attribs
            logging.debug("after auth: storing valid user into session: %r" %
            if '' in session:
                self.destroy_session(request, session)

            cookie_lifetime = request.cfg.cookie_lifetime * 3600
            cookie_expires = time.time() + cookie_lifetime
            if request.cfg.cookie_path:
                cookie_path = request.cfg.cookie_path
                cookie_path = request.script_root or '/'
            cookie = dump_cookie(self.cookie_name, session.sid,
                                 cookie_lifetime, cookie_expires,
                                 cookie_path, request.cfg.cookie_domain)
            request.headers.add('Set-Cookie', cookie)

        if session.should_save: