author | Sylvain Thénault <sylvain.thenault@logilab.fr> |
Mon, 19 Apr 2010 13:38:46 +0200 | |
branch | stable |
changeset 5326 | 0d9054eb3bd1 |
parent 5325 | f1c660e1169e |
child 5328 | c51e8f62652a |
child 5377 | 84d14ddfae13 |
permissions | -rw-r--r-- |
0 | 1 |
"""CubicWeb web client application object |
2 |
||
3 |
:organization: Logilab |
|
4212
ab6573088b4a
update copyright: welcome 2010
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
2849
diff
changeset
|
4 |
:copyright: 2001-2010 LOGILAB S.A. (Paris, FRANCE), license is LGPL v2. |
0 | 5 |
:contact: http://www.logilab.fr/ -- mailto:contact@logilab.fr |
1977
606923dff11b
big bunch of copyright / docstring update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1426
diff
changeset
|
6 |
:license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses |
0 | 7 |
""" |
8 |
__docformat__ = "restructuredtext en" |
|
9 |
||
10 |
import sys |
|
11 |
from time import clock, time |
|
12 |
||
2613
5e19c2bb370e
R [all] logilab.common 0.44 provides only deprecated
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
2476
diff
changeset
|
13 |
from logilab.common.deprecation import deprecated |
2058
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
14 |
|
0 | 15 |
from rql import BadRQLQuery |
16 |
||
2058
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
17 |
from cubicweb import set_log_methods, cwvreg |
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
18 |
from cubicweb import ( |
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
19 |
ValidationError, Unauthorized, AuthenticationError, NoSelectableObject, |
2685
0518ca8f63e3
[autoreload] recompute urlresolver / urlrewriter after autoreload
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
2666
diff
changeset
|
20 |
RepositoryError, CW_EVENT_MANAGER) |
2058
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
21 |
from cubicweb.web import LOGGER, component |
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
22 |
from cubicweb.web import ( |
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
23 |
StatusResponse, DirectResponse, Redirect, NotFound, |
2293 | 24 |
RemoteCallFailed, ExplicitLogin, InvalidSession, RequestError) |
0 | 25 |
|
26 |
# make session manager available through a global variable so the debug view can |
|
27 |
# print information about web session |
|
28 |
SESSION_MANAGER = None |
|
29 |
||
2058
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
30 |
class AbstractSessionManager(component.Component): |
0 | 31 |
"""manage session data associated to a session identifier""" |
3408
c92170fca813
[api] use __regid__ instead of deprecated id
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
2887
diff
changeset
|
32 |
__regid__ = 'sessionmanager' |
1426 | 33 |
|
2887
1282dc6525c5
give vreg where we need it (eg no bound request)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2867
diff
changeset
|
34 |
def __init__(self, vreg): |
1282dc6525c5
give vreg where we need it (eg no bound request)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2867
diff
changeset
|
35 |
self.session_time = vreg.config['http-session-time'] or None |
5283
9ad0eaa09d34
[config] better *-session-time documentation and usage in session handler
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5000
diff
changeset
|
36 |
if self.session_time is not None: |
9ad0eaa09d34
[config] better *-session-time documentation and usage in session handler
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5000
diff
changeset
|
37 |
assert self.session_time > 0 |
9ad0eaa09d34
[config] better *-session-time documentation and usage in session handler
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5000
diff
changeset
|
38 |
self.cleanup_session_time = self.session_time |
9ad0eaa09d34
[config] better *-session-time documentation and usage in session handler
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5000
diff
changeset
|
39 |
else: |
5326
0d9054eb3bd1
[config] properly use time type for options representing a time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5325
diff
changeset
|
40 |
self.cleanup_session_time = vreg.config['cleanup-session-time'] or 1440 * 60 |
5283
9ad0eaa09d34
[config] better *-session-time documentation and usage in session handler
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5000
diff
changeset
|
41 |
assert self.cleanup_session_time > 0 |
5326
0d9054eb3bd1
[config] properly use time type for options representing a time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5325
diff
changeset
|
42 |
self.cleanup_anon_session_time = vreg.config['cleanup-anonymous-session-time'] or 5 * 60 |
0 | 43 |
assert self.cleanup_anon_session_time > 0 |
2887
1282dc6525c5
give vreg where we need it (eg no bound request)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2867
diff
changeset
|
44 |
self.authmanager = vreg['components'].select('authmanager', vreg=vreg) |
5325
f1c660e1169e
[web] consistent cleanup session interval time
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5283
diff
changeset
|
45 |
if vreg.config.anonymous_user() is not None: |
f1c660e1169e
[web] consistent cleanup session interval time
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5283
diff
changeset
|
46 |
self.clean_sessions_interval = min( |
f1c660e1169e
[web] consistent cleanup session interval time
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5283
diff
changeset
|
47 |
5 * 60, |
f1c660e1169e
[web] consistent cleanup session interval time
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5283
diff
changeset
|
48 |
self.cleanup_session_time / 2., |
f1c660e1169e
[web] consistent cleanup session interval time
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5283
diff
changeset
|
49 |
self.cleanup_anon_session_time / 2.) |
f1c660e1169e
[web] consistent cleanup session interval time
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5283
diff
changeset
|
50 |
else: |
f1c660e1169e
[web] consistent cleanup session interval time
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5283
diff
changeset
|
51 |
self.clean_sessions_interval = min( |
f1c660e1169e
[web] consistent cleanup session interval time
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5283
diff
changeset
|
52 |
5 * 60, |
f1c660e1169e
[web] consistent cleanup session interval time
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5283
diff
changeset
|
53 |
self.cleanup_session_time / 2.) |
1426 | 54 |
|
0 | 55 |
def clean_sessions(self): |
56 |
"""cleanup sessions which has not been unused since a given amount of |
|
57 |
time. Return the number of sessions which have been closed. |
|
58 |
""" |
|
59 |
self.debug('cleaning http sessions') |
|
60 |
closed, total = 0, 0 |
|
61 |
for session in self.current_sessions(): |
|
62 |
no_use_time = (time() - session.last_usage_time) |
|
63 |
total += 1 |
|
64 |
if session.anonymous_connection: |
|
65 |
if no_use_time >= self.cleanup_anon_session_time: |
|
66 |
self.close_session(session) |
|
67 |
closed += 1 |
|
68 |
elif no_use_time >= self.cleanup_session_time: |
|
69 |
self.close_session(session) |
|
70 |
closed += 1 |
|
71 |
return closed, total - closed |
|
1426 | 72 |
|
0 | 73 |
def has_expired(self, session): |
74 |
"""return True if the web session associated to the session is expired |
|
75 |
""" |
|
76 |
return not (self.session_time is None or |
|
77 |
time() < session.last_usage_time + self.session_time) |
|
1426 | 78 |
|
0 | 79 |
def current_sessions(self): |
80 |
"""return currently open sessions""" |
|
81 |
raise NotImplementedError() |
|
1426 | 82 |
|
0 | 83 |
def get_session(self, req, sessionid): |
84 |
"""return existing session for the given session identifier""" |
|
85 |
raise NotImplementedError() |
|
86 |
||
87 |
def open_session(self, req): |
|
88 |
"""open and return a new session for the given request |
|
1426 | 89 |
|
0 | 90 |
:raise ExplicitLogin: if authentication is required |
91 |
""" |
|
92 |
raise NotImplementedError() |
|
1426 | 93 |
|
0 | 94 |
def close_session(self, session): |
95 |
"""close session on logout or on invalid session detected (expired out, |
|
96 |
corrupted...) |
|
97 |
""" |
|
98 |
raise NotImplementedError() |
|
99 |
||
100 |
||
2058
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
101 |
class AbstractAuthenticationManager(component.Component): |
0 | 102 |
"""authenticate user associated to a request and check session validity""" |
103 |
id = 'authmanager' |
|
2887
1282dc6525c5
give vreg where we need it (eg no bound request)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2867
diff
changeset
|
104 |
vreg = None # XXX necessary until property for deprecation warning is on appobject |
1282dc6525c5
give vreg where we need it (eg no bound request)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2867
diff
changeset
|
105 |
|
1282dc6525c5
give vreg where we need it (eg no bound request)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2867
diff
changeset
|
106 |
def __init__(self, vreg): |
1282dc6525c5
give vreg where we need it (eg no bound request)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2867
diff
changeset
|
107 |
self.vreg = vreg |
0 | 108 |
|
109 |
def authenticate(self, req): |
|
110 |
"""authenticate user and return corresponding user object |
|
1426 | 111 |
|
0 | 112 |
:raise ExplicitLogin: if authentication is required (no authentication |
113 |
info found or wrong user/password) |
|
114 |
""" |
|
115 |
raise NotImplementedError() |
|
116 |
||
1426 | 117 |
|
0 | 118 |
class CookieSessionHandler(object): |
119 |
"""a session handler using a cookie to store the session identifier |
|
120 |
||
121 |
:cvar SESSION_VAR: |
|
122 |
string giving the name of the variable used to store the session |
|
123 |
identifier |
|
124 |
""" |
|
125 |
SESSION_VAR = '__session' |
|
1426 | 126 |
|
0 | 127 |
def __init__(self, appli): |
2706
09baf5175196
[web session] proper reloading of the session manager on vreg update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2705
diff
changeset
|
128 |
self.vreg = appli.vreg |
2887
1282dc6525c5
give vreg where we need it (eg no bound request)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2867
diff
changeset
|
129 |
self.session_manager = self.vreg['components'].select('sessionmanager', |
1282dc6525c5
give vreg where we need it (eg no bound request)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2867
diff
changeset
|
130 |
vreg=self.vreg) |
0 | 131 |
global SESSION_MANAGER |
132 |
SESSION_MANAGER = self.session_manager |
|
2706
09baf5175196
[web session] proper reloading of the session manager on vreg update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2705
diff
changeset
|
133 |
if not 'last_login_time' in self.vreg.schema: |
0 | 134 |
self._update_last_login_time = lambda x: None |
5000
f1a10b41417a
[test] don't try to reset session manager during test,
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4914
diff
changeset
|
135 |
if self.vreg.config.mode != 'test': |
f1a10b41417a
[test] don't try to reset session manager during test,
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4914
diff
changeset
|
136 |
# don't try to reset session manager during test, this leads to |
f1a10b41417a
[test] don't try to reset session manager during test,
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4914
diff
changeset
|
137 |
# weird failures when running multiple tests |
f1a10b41417a
[test] don't try to reset session manager during test,
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4914
diff
changeset
|
138 |
CW_EVENT_MANAGER.bind('after-registry-reload', |
f1a10b41417a
[test] don't try to reset session manager during test,
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4914
diff
changeset
|
139 |
self.reset_session_manager) |
2706
09baf5175196
[web session] proper reloading of the session manager on vreg update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2705
diff
changeset
|
140 |
|
09baf5175196
[web session] proper reloading of the session manager on vreg update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2705
diff
changeset
|
141 |
def reset_session_manager(self): |
09baf5175196
[web session] proper reloading of the session manager on vreg update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2705
diff
changeset
|
142 |
data = self.session_manager.dump_data() |
2887
1282dc6525c5
give vreg where we need it (eg no bound request)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2867
diff
changeset
|
143 |
self.session_manager = self.vreg['components'].select('sessionmanager', |
1282dc6525c5
give vreg where we need it (eg no bound request)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2867
diff
changeset
|
144 |
vreg=self.vreg) |
2706
09baf5175196
[web session] proper reloading of the session manager on vreg update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2705
diff
changeset
|
145 |
self.session_manager.restore_data(data) |
09baf5175196
[web session] proper reloading of the session manager on vreg update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2705
diff
changeset
|
146 |
global SESSION_MANAGER |
09baf5175196
[web session] proper reloading of the session manager on vreg update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2705
diff
changeset
|
147 |
SESSION_MANAGER = self.session_manager |
0 | 148 |
|
5325
f1c660e1169e
[web] consistent cleanup session interval time
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5283
diff
changeset
|
149 |
@property |
f1c660e1169e
[web] consistent cleanup session interval time
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5283
diff
changeset
|
150 |
def clean_sessions_interval(self): |
f1c660e1169e
[web] consistent cleanup session interval time
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5283
diff
changeset
|
151 |
return self.session_manager.clean_sessions_interval |
f1c660e1169e
[web] consistent cleanup session interval time
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5283
diff
changeset
|
152 |
|
0 | 153 |
def clean_sessions(self): |
154 |
"""cleanup sessions which has not been unused since a given amount of |
|
155 |
time |
|
156 |
""" |
|
157 |
self.session_manager.clean_sessions() |
|
1426 | 158 |
|
0 | 159 |
def set_session(self, req): |
160 |
"""associate a session to the request |
|
161 |
||
162 |
Session id is searched from : |
|
163 |
- # form variable |
|
164 |
- cookie |
|
165 |
||
166 |
if no session id is found, open a new session for the connected user |
|
167 |
or request authentification as needed |
|
168 |
||
1426 | 169 |
:raise Redirect: if authentication has occured and succeed |
0 | 170 |
""" |
171 |
assert req.cnx is None # at this point no cnx should be set on the request |
|
172 |
cookie = req.get_cookie() |
|
173 |
try: |
|
174 |
sessionid = str(cookie[self.SESSION_VAR].value) |
|
175 |
except KeyError: # no session cookie |
|
176 |
session = self.open_session(req) |
|
177 |
else: |
|
178 |
try: |
|
179 |
session = self.get_session(req, sessionid) |
|
180 |
except InvalidSession: |
|
181 |
try: |
|
182 |
session = self.open_session(req) |
|
183 |
except ExplicitLogin: |
|
184 |
req.remove_cookie(cookie, self.SESSION_VAR) |
|
185 |
raise |
|
186 |
# remember last usage time for web session tracking |
|
187 |
session.last_usage_time = time() |
|
188 |
||
189 |
def get_session(self, req, sessionid): |
|
190 |
return self.session_manager.get_session(req, sessionid) |
|
1426 | 191 |
|
0 | 192 |
def open_session(self, req): |
193 |
session = self.session_manager.open_session(req) |
|
194 |
cookie = req.get_cookie() |
|
195 |
cookie[self.SESSION_VAR] = session.sessionid |
|
196 |
req.set_cookie(cookie, self.SESSION_VAR, maxage=None) |
|
197 |
# remember last usage time for web session tracking |
|
198 |
session.last_usage_time = time() |
|
199 |
if not session.anonymous_connection: |
|
200 |
self._postlogin(req) |
|
201 |
return session |
|
202 |
||
203 |
def _update_last_login_time(self, req): |
|
204 |
try: |
|
205 |
req.execute('SET X last_login_time NOW WHERE X eid %(x)s', |
|
206 |
{'x' : req.user.eid}, 'x') |
|
207 |
req.cnx.commit() |
|
208 |
except (RepositoryError, Unauthorized): |
|
209 |
# ldap user are not writeable for instance |
|
210 |
req.cnx.rollback() |
|
211 |
except: |
|
212 |
req.cnx.rollback() |
|
213 |
raise |
|
1426 | 214 |
|
0 | 215 |
def _postlogin(self, req): |
216 |
"""postlogin: the user has been authenticated, redirect to the original |
|
217 |
page (index by default) with a welcome message |
|
218 |
""" |
|
219 |
# Update last connection date |
|
220 |
# XXX: this should be in a post login hook in the repository, but there |
|
221 |
# we can't differentiate actual login of automatic session |
|
222 |
# reopening. Is it actually a problem? |
|
223 |
self._update_last_login_time(req) |
|
224 |
args = req.form |
|
4639
82afdc7d8cd8
cleanup internal forms parameters in postlogin
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4490
diff
changeset
|
225 |
for forminternal_key in ('__form_id', '__domid', '__errorurl'): |
82afdc7d8cd8
cleanup internal forms parameters in postlogin
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4490
diff
changeset
|
226 |
args.pop(forminternal_key, None) |
0 | 227 |
args['__message'] = req._('welcome %s !') % req.user.login |
228 |
if 'vid' in req.form: |
|
229 |
args['vid'] = req.form['vid'] |
|
230 |
if 'rql' in req.form: |
|
231 |
args['rql'] = req.form['rql'] |
|
232 |
path = req.relative_path(False) |
|
233 |
if path == 'login': |
|
234 |
path = 'view' |
|
235 |
raise Redirect(req.build_url(path, **args)) |
|
1426 | 236 |
|
4911
898c35be5873
#750055: make it easier to change post logout url
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4709
diff
changeset
|
237 |
def logout(self, req, goto_url): |
2476
1294a6bdf3bf
application -> instance where it makes sense
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2293
diff
changeset
|
238 |
"""logout from the instance by cleaning the session and raising |
0 | 239 |
`AuthenticationError` |
240 |
""" |
|
241 |
self.session_manager.close_session(req.cnx) |
|
242 |
req.remove_cookie(req.get_cookie(), self.SESSION_VAR) |
|
4911
898c35be5873
#750055: make it easier to change post logout url
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4709
diff
changeset
|
243 |
raise AuthenticationError(url=goto_url) |
0 | 244 |
|
245 |
||
246 |
class CubicWebPublisher(object): |
|
2058
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
247 |
"""the publisher is a singleton hold by the web frontend, and is responsible |
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
248 |
to publish HTTP request. |
0 | 249 |
""" |
1426 | 250 |
|
0 | 251 |
def __init__(self, config, debug=None, |
252 |
session_handler_fact=CookieSessionHandler, |
|
253 |
vreg=None): |
|
4484
d87989d91635
fix duplicated vregistry initialization during tests
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4212
diff
changeset
|
254 |
self.info('starting web instance from %s', config.apphome) |
0 | 255 |
if vreg is None: |
2666
c6c832d32936
[webapp] missing renaming
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2650
diff
changeset
|
256 |
vreg = cwvreg.CubicWebVRegistry(config, debug=debug) |
0 | 257 |
self.vreg = vreg |
4484
d87989d91635
fix duplicated vregistry initialization during tests
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4212
diff
changeset
|
258 |
# connect to the repository and get instance's schema |
0 | 259 |
self.repo = config.repository(vreg) |
260 |
if not vreg.initialized: |
|
261 |
self.config.init_cubes(self.repo.get_cubes()) |
|
262 |
vreg.init_properties(self.repo.properties()) |
|
4484
d87989d91635
fix duplicated vregistry initialization during tests
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4212
diff
changeset
|
263 |
vreg.set_schema(self.repo.get_schema()) |
0 | 264 |
# set the correct publish method |
265 |
if config['query-log-file']: |
|
266 |
from threading import Lock |
|
267 |
self._query_log = open(config['query-log-file'], 'a') |
|
268 |
self.publish = self.log_publish |
|
1426 | 269 |
self._logfile_lock = Lock() |
0 | 270 |
else: |
271 |
self._query_log = None |
|
272 |
self.publish = self.main_publish |
|
273 |
# instantiate session and url resolving helpers |
|
274 |
self.session_handler = session_handler_fact(self) |
|
2685
0518ca8f63e3
[autoreload] recompute urlresolver / urlrewriter after autoreload
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
2666
diff
changeset
|
275 |
self.set_urlresolver() |
2705
30bcdbd92820
[events] renamed source-reload into registry-reload to avoid potential confusions with datasources
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
2685
diff
changeset
|
276 |
CW_EVENT_MANAGER.bind('after-registry-reload', self.set_urlresolver) |
2685
0518ca8f63e3
[autoreload] recompute urlresolver / urlrewriter after autoreload
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
2666
diff
changeset
|
277 |
|
0518ca8f63e3
[autoreload] recompute urlresolver / urlrewriter after autoreload
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
2666
diff
changeset
|
278 |
def set_urlresolver(self): |
2887
1282dc6525c5
give vreg where we need it (eg no bound request)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2867
diff
changeset
|
279 |
self.url_resolver = self.vreg['components'].select('urlpublisher', |
1282dc6525c5
give vreg where we need it (eg no bound request)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2867
diff
changeset
|
280 |
vreg=self.vreg) |
1426 | 281 |
|
0 | 282 |
def connect(self, req): |
283 |
"""return a connection for a logged user object according to existing |
|
284 |
sessions (i.e. a new connection may be created or an already existing |
|
285 |
one may be reused |
|
286 |
""" |
|
287 |
self.session_handler.set_session(req) |
|
288 |
||
289 |
# publish methods ######################################################### |
|
1426 | 290 |
|
0 | 291 |
def log_publish(self, path, req): |
292 |
"""wrapper around _publish to log all queries executed for a given |
|
293 |
accessed path |
|
294 |
""" |
|
295 |
try: |
|
296 |
return self.main_publish(path, req) |
|
297 |
finally: |
|
298 |
cnx = req.cnx |
|
299 |
self._logfile_lock.acquire() |
|
300 |
try: |
|
301 |
try: |
|
302 |
result = ['\n'+'*'*80] |
|
303 |
result.append(req.url()) |
|
304 |
result += ['%s %s -- (%.3f sec, %.3f CPU sec)' % q for q in cnx.executed_queries] |
|
305 |
cnx.executed_queries = [] |
|
306 |
self._query_log.write('\n'.join(result).encode(req.encoding)) |
|
307 |
self._query_log.flush() |
|
308 |
except Exception: |
|
309 |
self.exception('error while logging queries') |
|
310 |
finally: |
|
311 |
self._logfile_lock.release() |
|
312 |
||
2788
8d3dbe577d3a
R put version info in deprecation warnings
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
2706
diff
changeset
|
313 |
@deprecated("[3.4] use vreg['controllers'].select(...)") |
2058
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
314 |
def select_controller(self, oid, req): |
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
315 |
try: |
2650
18aec79ec3a3
R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2613
diff
changeset
|
316 |
return self.vreg['controllers'].select(oid, req=req, appli=self) |
2058
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
317 |
except NoSelectableObject: |
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
318 |
raise Unauthorized(req._('not authorized')) |
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
319 |
|
0 | 320 |
def main_publish(self, path, req): |
321 |
"""method called by the main publisher to process <path> |
|
1426 | 322 |
|
0 | 323 |
should return a string containing the resulting page or raise a |
324 |
`NotFound` exception |
|
325 |
||
326 |
:type path: str |
|
327 |
:param path: the path part of the url to publish |
|
1426 | 328 |
|
0 | 329 |
:type req: `web.Request` |
330 |
:param req: the request object |
|
331 |
||
332 |
:rtype: str |
|
333 |
:return: the result of the pusblished url |
|
334 |
""" |
|
335 |
path = path or 'view' |
|
336 |
# don't log form values they may contains sensitive information |
|
337 |
self.info('publish "%s" (form params: %s)', path, req.form.keys()) |
|
338 |
# remove user callbacks on a new request (except for json controllers |
|
339 |
# to avoid callbacks being unregistered before they could be called) |
|
340 |
tstart = clock() |
|
341 |
try: |
|
342 |
try: |
|
343 |
ctrlid, rset = self.url_resolver.process(req, path) |
|
2058
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
344 |
try: |
2650
18aec79ec3a3
R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2613
diff
changeset
|
345 |
controller = self.vreg['controllers'].select(ctrlid, req, |
18aec79ec3a3
R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2613
diff
changeset
|
346 |
appli=self) |
2058
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
347 |
except NoSelectableObject: |
7ef12c03447c
nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
348 |
raise Unauthorized(req._('not authorized')) |
581
09f87f2c535e
update_search_state in the publisher since it should be done whatever the controller
sylvain.thenault@logilab.fr
parents:
168
diff
changeset
|
349 |
req.update_search_state() |
0 | 350 |
result = controller.publish(rset=rset) |
351 |
if req.cnx is not None: |
|
352 |
# req.cnx is None if anonymous aren't allowed and we are |
|
353 |
# displaying the cookie authentication form |
|
354 |
req.cnx.commit() |
|
355 |
except (StatusResponse, DirectResponse): |
|
356 |
req.cnx.commit() |
|
357 |
raise |
|
358 |
except Redirect: |
|
359 |
# redirect is raised by edit controller when everything went fine, |
|
360 |
# so try to commit |
|
361 |
try: |
|
4913
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4897
diff
changeset
|
362 |
txuuid = req.cnx.commit() |
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4897
diff
changeset
|
363 |
if txuuid is not None: |
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4897
diff
changeset
|
364 |
msg = u'<span class="undo">[<a href="%s">%s</a>]</span>' %( |
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4897
diff
changeset
|
365 |
req.build_url('undo', txuuid=txuuid), req._('undo')) |
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4897
diff
changeset
|
366 |
req.append_to_redirect_message(msg) |
0 | 367 |
except ValidationError, ex: |
368 |
self.validation_error_handler(req, ex) |
|
369 |
except Unauthorized, ex: |
|
370 |
req.data['errmsg'] = req._('You\'re not authorized to access this page. ' |
|
371 |
'If you think you should, please contact the site administrator.') |
|
372 |
self.error_handler(req, ex, tb=False) |
|
373 |
except Exception, ex: |
|
374 |
self.error_handler(req, ex, tb=True) |
|
375 |
else: |
|
376 |
# delete validation errors which may have been previously set |
|
377 |
if '__errorurl' in req.form: |
|
378 |
req.del_session_data(req.form['__errorurl']) |
|
379 |
raise |
|
380 |
except (AuthenticationError, NotFound, RemoteCallFailed): |
|
381 |
raise |
|
382 |
except ValidationError, ex: |
|
383 |
self.validation_error_handler(req, ex) |
|
2272
f27a3a75be0d
no tb for RequestError
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2263
diff
changeset
|
384 |
except (Unauthorized, BadRQLQuery, RequestError), ex: |
0 | 385 |
self.error_handler(req, ex, tb=False) |
386 |
except Exception, ex: |
|
387 |
self.error_handler(req, ex, tb=True) |
|
388 |
finally: |
|
389 |
if req.cnx is not None: |
|
390 |
try: |
|
391 |
req.cnx.rollback() |
|
392 |
except: |
|
393 |
pass # ignore rollback error at this point |
|
394 |
self.info('query %s executed in %s sec', req.relative_path(), clock() - tstart) |
|
395 |
return result |
|
396 |
||
397 |
def validation_error_handler(self, req, ex): |
|
398 |
ex.errors = dict((k, v) for k, v in ex.errors.items()) |
|
399 |
if '__errorurl' in req.form: |
|
4224
5998df006968
refactor form error handling:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3408
diff
changeset
|
400 |
forminfo = {'error': ex, |
0 | 401 |
'values': req.form, |
402 |
'eidmap': req.data.get('eidmap', {}) |
|
403 |
} |
|
404 |
req.set_session_data(req.form['__errorurl'], forminfo) |
|
4679
d8ad65dab3e9
remove #<formid> from url used to redirect after a validation error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4639
diff
changeset
|
405 |
# XXX form session key / __error_url should be differentiated: |
d8ad65dab3e9
remove #<formid> from url used to redirect after a validation error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4639
diff
changeset
|
406 |
# session key is 'url + #<form dom id', though we usually don't want |
d8ad65dab3e9
remove #<formid> from url used to redirect after a validation error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4639
diff
changeset
|
407 |
# the browser to move to the form since it hides the global |
d8ad65dab3e9
remove #<formid> from url used to redirect after a validation error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4639
diff
changeset
|
408 |
# messages. |
d8ad65dab3e9
remove #<formid> from url used to redirect after a validation error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4639
diff
changeset
|
409 |
raise Redirect(req.form['__errorurl'].rsplit('#', 1)[0]) |
0 | 410 |
self.error_handler(req, ex, tb=False) |
1426 | 411 |
|
0 | 412 |
def error_handler(self, req, ex, tb=False): |
413 |
excinfo = sys.exc_info() |
|
414 |
self.exception(repr(ex)) |
|
415 |
req.set_header('Cache-Control', 'no-cache') |
|
416 |
req.remove_header('Etag') |
|
4897
e402e0b32075
[web] start a new message system based on id of message stored in session's data
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4709
diff
changeset
|
417 |
req.reset_message() |
0 | 418 |
req.reset_headers() |
4709
6a71fc0b4274
[web] fix #724769: Use RemoteCallFailed in the publisher's error_handler
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
4679
diff
changeset
|
419 |
if req.json_request: |
6a71fc0b4274
[web] fix #724769: Use RemoteCallFailed in the publisher's error_handler
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
4679
diff
changeset
|
420 |
raise RemoteCallFailed(unicode(ex)) |
0 | 421 |
try: |
422 |
req.data['ex'] = ex |
|
423 |
if tb: |
|
424 |
req.data['excinfo'] = excinfo |
|
425 |
req.form['vid'] = 'error' |
|
2650
18aec79ec3a3
R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2613
diff
changeset
|
426 |
errview = self.vreg['views'].select('error', req) |
882
75488a2a875e
fix ui.main-template property handling
sylvain.thenault@logilab.fr
parents:
871
diff
changeset
|
427 |
template = self.main_template_id(req) |
2650
18aec79ec3a3
R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2613
diff
changeset
|
428 |
content = self.vreg['views'].main_template(req, template, view=errview) |
0 | 429 |
except: |
2650
18aec79ec3a3
R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2613
diff
changeset
|
430 |
content = self.vreg['views'].main_template(req, 'error-template') |
0 | 431 |
raise StatusResponse(500, content) |
1426 | 432 |
|
0 | 433 |
def need_login_content(self, req): |
2650
18aec79ec3a3
R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2613
diff
changeset
|
434 |
return self.vreg['views'].main_template(req, 'login') |
1426 | 435 |
|
0 | 436 |
def loggedout_content(self, req): |
2650
18aec79ec3a3
R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2613
diff
changeset
|
437 |
return self.vreg['views'].main_template(req, 'loggedout') |
1426 | 438 |
|
0 | 439 |
def notfound_content(self, req): |
440 |
req.form['vid'] = '404' |
|
2650
18aec79ec3a3
R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2613
diff
changeset
|
441 |
view = self.vreg['views'].select('404', req) |
882
75488a2a875e
fix ui.main-template property handling
sylvain.thenault@logilab.fr
parents:
871
diff
changeset
|
442 |
template = self.main_template_id(req) |
2650
18aec79ec3a3
R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2613
diff
changeset
|
443 |
return self.vreg['views'].main_template(req, template, view=view) |
0 | 444 |
|
882
75488a2a875e
fix ui.main-template property handling
sylvain.thenault@logilab.fr
parents:
871
diff
changeset
|
445 |
def main_template_id(self, req): |
2263
1f59cd5b710f
accept a __template parameter that specifies a different (main) template
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1977
diff
changeset
|
446 |
template = req.form.get('__template', req.property_value('ui.main-template')) |
2650
18aec79ec3a3
R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2613
diff
changeset
|
447 |
if template not in self.vreg['views']: |
882
75488a2a875e
fix ui.main-template property handling
sylvain.thenault@logilab.fr
parents:
871
diff
changeset
|
448 |
template = 'main-template' |
75488a2a875e
fix ui.main-template property handling
sylvain.thenault@logilab.fr
parents:
871
diff
changeset
|
449 |
return template |
1426 | 450 |
|
0 | 451 |
|
452 |
set_log_methods(CubicWebPublisher, LOGGER) |
|
453 |
set_log_methods(CookieSessionHandler, LOGGER) |