changeset 4529:002c21b10561

fix / finish xmlrpc auth token (session) code
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Mon, 02 Feb 2009 01:08:29 +0100
parents 699fed126481
children 0ac99fdbe65d
files MoinMoin/web/session.py MoinMoin/xmlrpc/__init__.py
diffstat 2 files changed, 18 insertions(+), 28 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/web/session.py	Sun Feb 01 23:01:35 2009 +0100
+++ b/MoinMoin/web/session.py	Mon Feb 02 01:08:29 2009 +0100
@@ -30,7 +30,7 @@
     A session service returns a session object given a request object and
     provides services like persisting sessions and cleaning up occasionally.
     """
-    def get_session(self, request):
+    def get_session(self, request, sid=None):
         """ Return a session object pertaining to the particular request."""
         raise NotImplementedError
 
@@ -58,8 +58,9 @@
         self.store = FilesystemSessionStore(session_class=MoinSession)
         self.cookie_name = cookie_name
 
-    def get_session(self, request):
-        sid = request.cookies.get(self.cookie_name, None)
+    def get_session(self, request, sid=None):
+        if sid is None:
+            sid = request.cookies.get(self.cookie_name, None)
         if sid is None:
             session = self.store.new()
         else:
@@ -97,3 +98,4 @@
 
         if session.should_save:
             self.store.save(session)
+
--- a/MoinMoin/xmlrpc/__init__.py	Sun Feb 01 23:01:35 2009 +0100
+++ b/MoinMoin/xmlrpc/__init__.py	Mon Feb 02 01:08:29 2009 +0100
@@ -39,18 +39,6 @@
 from MoinMoin import session
 
 
-class XmlRpcAuthTokenIDHandler(session.SessionIDHandler):
-    def __init__(self, token=None):
-        session.SessionIDHandler.__init__(self)
-        self.token = token
-
-    def get(self, request):
-        return self.token
-
-    def set(self, request, session_id, expires):
-        self.token = session_id
-
-
 logging_tearline = '- XMLRPC %s ' + '-' * 40
 
 class XmlRpcBase:
@@ -679,17 +667,19 @@
         """ Returns a token which can be used for authentication
             in other XMLRPC calls. If the token is empty, the username
             or the password were wrong.
+
+            Implementation note: token is same as cookie content would be for http session
         """
-        id_handler = XmlRpcAuthTokenIDHandler()
         request = self.request
-
         request.session = request.cfg.session_service.get_session(request)
 
         u = auth.setup_from_session(request, request.session)
         u = auth.handle_login(request, u, username=username, password=password)
 
         if u and u.valid:
-            return id_handler.token
+            request.user = u
+            request.cfg.session_service.finalize(request, request.session)
+            return request.session.sid
         else:
             return ""
 
@@ -717,11 +707,10 @@
         if not auth_token:
             return xmlrpclib.Fault("INVALID", "Empty token.")
 
-        id_handler = XmlRpcAuthTokenIDHandler(auth_token)
+        request = self.request
+        request.session = request.cfg.session_service.get_session(request, auth_token)
+        u = auth.setup_from_session(request, request.session)
 
-        u = self.request.cfg.session_handler.start(self.request, id_handler)
-        u = self.request.handle_auth(u)
-        self.request.cfg.session_handler.after_auth(self.request, id_handler, u)
         if u and u.valid:
             self.request.user = u
             return "SUCCESS"
@@ -731,13 +720,12 @@
 
     def xmlrpc_deleteAuthToken(self, auth_token):
         """ Delete the given auth token. """
-        id_handler = XmlRpcAuthTokenIDHandler(auth_token)
+        if not auth_token:
+            return xmlrpclib.Fault("INVALID", "Empty token.")
 
-        u = self.request.cfg.session_handler.start(self.request, id_handler)
-        u = self.request.handle_auth(u)
-        self.request.cfg.session_handler.after_auth(self.request, id_handler, u)
-
-        self.request.session.delete()
+        request = self.request
+        request.session = request.cfg.session_service.get_session(request, auth_token)
+        request.cfg.session_service.destroy_session(request, request.session)
 
         return "SUCCESS"