cubicweb: web/application.py@c4380d8cfc25 (annotated)

5421 8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5377 diff changeset	1	# copyright 2003-2010 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5377 diff changeset	2	# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5377 diff changeset	3	#
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5377 diff changeset	4	# This file is part of CubicWeb.
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5377 diff changeset	5	#
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5377 diff changeset	6	# CubicWeb is free software: you can redistribute it and/or modify it under the
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5377 diff changeset	7	# terms of the GNU Lesser General Public License as published by the Free
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5377 diff changeset	8	# Software Foundation, either version 2.1 of the License, or (at your option)
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5377 diff changeset	9	# any later version.
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5377 diff changeset	10	#
5424 8ecbcbff9777 replace logilab-common by CubicWeb in disclaimer Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5421 diff changeset	11	# CubicWeb is distributed in the hope that it will be useful, but WITHOUT
5421 8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5377 diff changeset	12	# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5377 diff changeset	13	# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5377 diff changeset	14	# details.
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5377 diff changeset	15	#
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5377 diff changeset	16	# You should have received a copy of the GNU Lesser General Public License along
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5377 diff changeset	17	# with CubicWeb. If not, see <http://www.gnu.org/licenses/>.
5722 61d6a4caa963 [iprogress] move adapter to entities.adapters Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5655 diff changeset	18	"""CubicWeb web client application object"""
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	19
5223 6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	20	from __future__ import with_statement
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	21
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	22	__docformat__ = "restructuredtext en"
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	23
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	24	import sys
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	25	from time import clock, time
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	26
2613 5e19c2bb370e R [all] logilab.common 0.44 provides only deprecated Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 2476 diff changeset	27	from logilab.common.deprecation import deprecated
2058 7ef12c03447c nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 1977 diff changeset	28
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	29	from rql import BadRQLQuery
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	30
2058 7ef12c03447c nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 1977 diff changeset	31	from cubicweb import set_log_methods, cwvreg
7ef12c03447c nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 1977 diff changeset	32	from cubicweb import (
7ef12c03447c nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 1977 diff changeset	33	ValidationError, Unauthorized, AuthenticationError, NoSelectableObject,
2685 0518ca8f63e3 [autoreload] recompute urlresolver / urlrewriter after autoreload Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: 2666 diff changeset	34	RepositoryError, CW_EVENT_MANAGER)
5223 6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	35	from cubicweb.dbapi import DBAPISession
2058 7ef12c03447c nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 1977 diff changeset	36	from cubicweb.web import LOGGER, component
7ef12c03447c nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 1977 diff changeset	37	from cubicweb.web import (
5223 6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	38	StatusResponse, DirectResponse, Redirect, NotFound, LogOut,
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	39	RemoteCallFailed, InvalidSession, RequestError)
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	40
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	41	# make session manager available through a global variable so the debug view can
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	42	# print information about web session
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	43	SESSION_MANAGER = None
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	44
2058 7ef12c03447c nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 1977 diff changeset	45	class AbstractSessionManager(component.Component):
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	46	"""manage session data associated to a session identifier"""
3408 c92170fca813 [api] use __regid__ instead of deprecated id Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: 2887 diff changeset	47	__regid__ = 'sessionmanager'
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	48
2887 1282dc6525c5 give vreg where we need it (eg no bound request) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2867 diff changeset	49	def __init__(self, vreg):
1282dc6525c5 give vreg where we need it (eg no bound request) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2867 diff changeset	50	self.session_time = vreg.config['http-session-time'] or None
5283 9ad0eaa09d34 [config] better -session-time documentation and usage in session handler Sylvain Thénault <sylvain.thenault@logilab.fr>* parents: 5000 diff changeset	51	if self.session_time is not None:
9ad0eaa09d34 [config] better -session-time documentation and usage in session handler Sylvain Thénault <sylvain.thenault@logilab.fr>* parents: 5000 diff changeset	52	assert self.session_time > 0
9ad0eaa09d34 [config] better -session-time documentation and usage in session handler Sylvain Thénault <sylvain.thenault@logilab.fr>* parents: 5000 diff changeset	53	self.cleanup_session_time = self.session_time
9ad0eaa09d34 [config] better -session-time documentation and usage in session handler Sylvain Thénault <sylvain.thenault@logilab.fr>* parents: 5000 diff changeset	54	else:
5326 0d9054eb3bd1 [config] properly use time type for options representing a time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5325 diff changeset	55	self.cleanup_session_time = vreg.config['cleanup-session-time'] or 1440 * 60
5283 9ad0eaa09d34 [config] better -session-time documentation and usage in session handler Sylvain Thénault <sylvain.thenault@logilab.fr>* parents: 5000 diff changeset	56	assert self.cleanup_session_time > 0
5326 0d9054eb3bd1 [config] properly use time type for options representing a time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5325 diff changeset	57	self.cleanup_anon_session_time = vreg.config['cleanup-anonymous-session-time'] or 5 * 60
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	58	assert self.cleanup_anon_session_time > 0
2887 1282dc6525c5 give vreg where we need it (eg no bound request) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2867 diff changeset	59	self.authmanager = vreg['components'].select('authmanager', vreg=vreg)
5325 f1c660e1169e [web] consistent cleanup session interval time Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5283 diff changeset	60	if vreg.config.anonymous_user() is not None:
5721 3a9cd70bcfdc fix wrong calculation of clean_session_interval Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5650 diff changeset	61	self.clean_sessions_interval = max(
3a9cd70bcfdc fix wrong calculation of clean_session_interval Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5650 diff changeset	62	5 * 60, min(self.cleanup_session_time / 2.,
3a9cd70bcfdc fix wrong calculation of clean_session_interval Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5650 diff changeset	63	self.cleanup_anon_session_time / 2.))
5325 f1c660e1169e [web] consistent cleanup session interval time Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5283 diff changeset	64	else:
5721 3a9cd70bcfdc fix wrong calculation of clean_session_interval Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5650 diff changeset	65	self.clean_sessions_interval = max(
5325 f1c660e1169e [web] consistent cleanup session interval time Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5283 diff changeset	66	5 * 60,
f1c660e1169e [web] consistent cleanup session interval time Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5283 diff changeset	67	self.cleanup_session_time / 2.)
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	68
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	69	def clean_sessions(self):
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	70	"""cleanup sessions which has not been unused since a given amount of
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	71	time. Return the number of sessions which have been closed.
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	72	"""
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	73	self.debug('cleaning http sessions')
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	74	closed, total = 0, 0
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	75	for session in self.current_sessions():
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	76	no_use_time = (time() - session.last_usage_time)
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	77	total += 1
5223 6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	78	if session.anonymous_session:
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	79	if no_use_time >= self.cleanup_anon_session_time:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	80	self.close_session(session)
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	81	closed += 1
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	82	elif no_use_time >= self.cleanup_session_time:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	83	self.close_session(session)
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	84	closed += 1
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	85	return closed, total - closed
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	86
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	87	def has_expired(self, session):
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	88	"""return True if the web session associated to the session is expired
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	89	"""
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	90	return not (self.session_time is None or
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	91	time() < session.last_usage_time + self.session_time)
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	92
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	93	def current_sessions(self):
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	94	"""return currently open sessions"""
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	95	raise NotImplementedError()
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	96
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	97	def get_session(self, req, sessionid):
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	98	"""return existing session for the given session identifier"""
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	99	raise NotImplementedError()
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	100
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	101	def open_session(self, req):
5223 6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	102	"""open and return a new session for the given request. The session is
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	103	also bound to the request.
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	104
5223 6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	105	raise :exc:`cubicweb.AuthenticationError` if authentication failed
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	106	(no authentication info found or wrong user/password)
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	107	"""
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	108	raise NotImplementedError()
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	109
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	110	def close_session(self, session):
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	111	"""close session on logout or on invalid session detected (expired out,
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	112	corrupted...)
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	113	"""
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	114	raise NotImplementedError()
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	115
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	116
2058 7ef12c03447c nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 1977 diff changeset	117	class AbstractAuthenticationManager(component.Component):
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	118	"""authenticate user associated to a request and check session validity"""
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	119	id = 'authmanager'
2887 1282dc6525c5 give vreg where we need it (eg no bound request) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2867 diff changeset	120	vreg = None # XXX necessary until property for deprecation warning is on appobject
1282dc6525c5 give vreg where we need it (eg no bound request) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2867 diff changeset	121
1282dc6525c5 give vreg where we need it (eg no bound request) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2867 diff changeset	122	def __init__(self, vreg):
1282dc6525c5 give vreg where we need it (eg no bound request) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2867 diff changeset	123	self.vreg = vreg
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	124
5223 6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	125	def validate_session(self, req, session):
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	126	"""check session validity, reconnecting it to the repository if the
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	127	associated connection expired in the repository side (hence the
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	128	necessity for this method).
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	129
5223 6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	130	raise :exc:`InvalidSession` if session is corrupted for a reason or
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	131	another and should be closed
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	132	"""
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	133	raise NotImplementedError()
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	134
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	135	def authenticate(self, req):
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	136	"""authenticate user using connection information found in the request,
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	137	and return corresponding a :class:`~cubicweb.dbapi.Connection` instance,
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	138	as well as login and authentication information dictionary used to open
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	139	the connection.
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	140
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	141	raise :exc:`cubicweb.AuthenticationError` if authentication failed
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	142	(no authentication info found or wrong user/password)
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	143	"""
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	144	raise NotImplementedError()
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	145
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	146
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	147	class CookieSessionHandler(object):
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	148	"""a session handler using a cookie to store the session identifier
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	149
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	150	:cvar SESSION_VAR:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	151	string giving the name of the variable used to store the session
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	152	identifier
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	153	"""
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	154	SESSION_VAR = '__session'
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	155
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	156	def __init__(self, appli):
2706 09baf5175196 [web session] proper reloading of the session manager on vreg update Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2705 diff changeset	157	self.vreg = appli.vreg
2887 1282dc6525c5 give vreg where we need it (eg no bound request) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2867 diff changeset	158	self.session_manager = self.vreg['components'].select('sessionmanager',
1282dc6525c5 give vreg where we need it (eg no bound request) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2867 diff changeset	159	vreg=self.vreg)
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	160	global SESSION_MANAGER
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	161	SESSION_MANAGER = self.session_manager
2706 09baf5175196 [web session] proper reloading of the session manager on vreg update Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2705 diff changeset	162	if not 'last_login_time' in self.vreg.schema:
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	163	self._update_last_login_time = lambda x: None
5000 f1a10b41417a [test] don't try to reset session manager during test, Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4914 diff changeset	164	if self.vreg.config.mode != 'test':
f1a10b41417a [test] don't try to reset session manager during test, Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4914 diff changeset	165	# don't try to reset session manager during test, this leads to
f1a10b41417a [test] don't try to reset session manager during test, Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4914 diff changeset	166	# weird failures when running multiple tests
f1a10b41417a [test] don't try to reset session manager during test, Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4914 diff changeset	167	CW_EVENT_MANAGER.bind('after-registry-reload',
f1a10b41417a [test] don't try to reset session manager during test, Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4914 diff changeset	168	self.reset_session_manager)
2706 09baf5175196 [web session] proper reloading of the session manager on vreg update Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2705 diff changeset	169
09baf5175196 [web session] proper reloading of the session manager on vreg update Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2705 diff changeset	170	def reset_session_manager(self):
09baf5175196 [web session] proper reloading of the session manager on vreg update Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2705 diff changeset	171	data = self.session_manager.dump_data()
2887 1282dc6525c5 give vreg where we need it (eg no bound request) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2867 diff changeset	172	self.session_manager = self.vreg['components'].select('sessionmanager',
1282dc6525c5 give vreg where we need it (eg no bound request) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2867 diff changeset	173	vreg=self.vreg)
2706 09baf5175196 [web session] proper reloading of the session manager on vreg update Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2705 diff changeset	174	self.session_manager.restore_data(data)
09baf5175196 [web session] proper reloading of the session manager on vreg update Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2705 diff changeset	175	global SESSION_MANAGER
09baf5175196 [web session] proper reloading of the session manager on vreg update Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2705 diff changeset	176	SESSION_MANAGER = self.session_manager
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	177
5325 f1c660e1169e [web] consistent cleanup session interval time Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5283 diff changeset	178	@property
f1c660e1169e [web] consistent cleanup session interval time Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5283 diff changeset	179	def clean_sessions_interval(self):
f1c660e1169e [web] consistent cleanup session interval time Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5283 diff changeset	180	return self.session_manager.clean_sessions_interval
f1c660e1169e [web] consistent cleanup session interval time Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5283 diff changeset	181
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	182	def clean_sessions(self):
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	183	"""cleanup sessions which has not been unused since a given amount of
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	184	time
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	185	"""
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	186	self.session_manager.clean_sessions()
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	187
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	188	def set_session(self, req):
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	189	"""associate a session to the request
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	190
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	191	Session id is searched from :
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	192	- # form variable
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	193	- cookie
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	194
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	195	if no session id is found, open a new session for the connected user
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	196	or request authentification as needed
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	197
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	198	:raise Redirect: if authentication has occured and succeed
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	199	"""
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	200	cookie = req.get_cookie()
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	201	try:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	202	sessionid = str(cookie[self.SESSION_VAR].value)
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	203	except KeyError: # no session cookie
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	204	session = self.open_session(req)
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	205	else:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	206	try:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	207	session = self.get_session(req, sessionid)
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	208	except InvalidSession:
5223 6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	209	# try to open a new session, so we get an anonymous session if
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	210	# allowed
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	211	try:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	212	session = self.open_session(req)
5223 6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	213	except AuthenticationError:
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	214	req.remove_cookie(cookie, self.SESSION_VAR)
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	215	raise
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	216	# remember last usage time for web session tracking
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	217	session.last_usage_time = time()
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	218
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	219	def get_session(self, req, sessionid):
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	220	return self.session_manager.get_session(req, sessionid)
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	221
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	222	def open_session(self, req):
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	223	session = self.session_manager.open_session(req)
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	224	cookie = req.get_cookie()
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	225	cookie[self.SESSION_VAR] = session.sessionid
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	226	req.set_cookie(cookie, self.SESSION_VAR, maxage=None)
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	227	# remember last usage time for web session tracking
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	228	session.last_usage_time = time()
5223 6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	229	if not session.anonymous_session:
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	230	self._postlogin(req)
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	231	return session
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	232
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	233	def _update_last_login_time(self, req):
5587 72679e450f6d [web] dont attempt to update last login time on ldap users, avoiding spurious tb in logs (closes #914464) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5584 diff changeset	234	# XXX should properly detect missing permission / non writeable source
72679e450f6d [web] dont attempt to update last login time on ldap users, avoiding spurious tb in logs (closes #914464) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5584 diff changeset	235	# and avoid "except (RepositoryError, Unauthorized)" below
5591 c6edefa9b3f1 [web] update to 3.9 Entity api Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5590 diff changeset	236	if req.user.cw_metainformation()['source']['adapter'] == 'ldapuser':
5587 72679e450f6d [web] dont attempt to update last login time on ldap users, avoiding spurious tb in logs (closes #914464) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5584 diff changeset	237	return
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	238	try:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	239	req.execute('SET X last_login_time NOW WHERE X eid %(x)s',
5174 78438ad513ca #759035: Automate addition of eid cachekey in RQL analysis Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5000 diff changeset	240	{'x' : req.user.eid})
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	241	req.cnx.commit()
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	242	except (RepositoryError, Unauthorized):
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	243	req.cnx.rollback()
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	244	except:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	245	req.cnx.rollback()
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	246	raise
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	247
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	248	def _postlogin(self, req):
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	249	"""postlogin: the user has been authenticated, redirect to the original
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	250	page (index by default) with a welcome message
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	251	"""
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	252	# Update last connection date
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	253	# XXX: this should be in a post login hook in the repository, but there
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	254	# we can't differentiate actual login of automatic session
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	255	# reopening. Is it actually a problem?
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	256	self._update_last_login_time(req)
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	257	args = req.form
4639 82afdc7d8cd8 cleanup internal forms parameters in postlogin Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4490 diff changeset	258	for forminternal_key in ('__form_id', '__domid', '__errorurl'):
82afdc7d8cd8 cleanup internal forms parameters in postlogin Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4490 diff changeset	259	args.pop(forminternal_key, None)
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	260	args['__message'] = req._('welcome %s !') % req.user.login
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	261	if 'vid' in req.form:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	262	args['vid'] = req.form['vid']
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	263	if 'rql' in req.form:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	264	args['rql'] = req.form['rql']
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	265	path = req.relative_path(False)
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	266	if path == 'login':
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	267	path = 'view'
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	268	raise Redirect(req.build_url(path, **args))
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	269
4911 898c35be5873 #750055: make it easier to change post logout url Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4709 diff changeset	270	def logout(self, req, goto_url):
2476 1294a6bdf3bf application -> instance where it makes sense Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2293 diff changeset	271	"""logout from the instance by cleaning the session and raising
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	272	`AuthenticationError`
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	273	"""
5494 f3bb53f1737c [web session] fix potential key error on logout (occurs once the session has been transparently reconnected, hence session.sessionid and session.cnx.sessionid differs) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5426 diff changeset	274	self.session_manager.close_session(req.session)
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	275	req.remove_cookie(req.get_cookie(), self.SESSION_VAR)
5223 6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	276	raise LogOut(url=goto_url)
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	277
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	278
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	279	class CubicWebPublisher(object):
2058 7ef12c03447c nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 1977 diff changeset	280	"""the publisher is a singleton hold by the web frontend, and is responsible
7ef12c03447c nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 1977 diff changeset	281	to publish HTTP request.
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	282	"""
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	283
5442 3ed8afbbdf70 [webconfig] refactor/cleanup debug mode management on startup: simply use config.debugmode instead of debug argument everywhere... Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5426 diff changeset	284	def __init__(self, config,
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	285	session_handler_fact=CookieSessionHandler,
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	286	vreg=None):
4484 d87989d91635 fix duplicated vregistry initialization during tests Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4212 diff changeset	287	self.info('starting web instance from %s', config.apphome)
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	288	if vreg is None:
5442 3ed8afbbdf70 [webconfig] refactor/cleanup debug mode management on startup: simply use config.debugmode instead of debug argument everywhere... Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5426 diff changeset	289	vreg = cwvreg.CubicWebVRegistry(config)
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	290	self.vreg = vreg
4484 d87989d91635 fix duplicated vregistry initialization during tests Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4212 diff changeset	291	# connect to the repository and get instance's schema
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	292	self.repo = config.repository(vreg)
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	293	if not vreg.initialized:
5650 86e874fe30ea [web] cleanup use of config in web application initialisation Julien Jehannet <julien.jehannet@logilab.fr> parents: 5587 diff changeset	294	config.init_cubes(self.repo.get_cubes())
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	295	vreg.init_properties(self.repo.properties())
4484 d87989d91635 fix duplicated vregistry initialization during tests Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4212 diff changeset	296	vreg.set_schema(self.repo.get_schema())
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	297	# set the correct publish method
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	298	if config['query-log-file']:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	299	from threading import Lock
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	300	self._query_log = open(config['query-log-file'], 'a')
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	301	self.publish = self.log_publish
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	302	self._logfile_lock = Lock()
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	303	else:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	304	self._query_log = None
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	305	self.publish = self.main_publish
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	306	# instantiate session and url resolving helpers
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	307	self.session_handler = session_handler_fact(self)
2685 0518ca8f63e3 [autoreload] recompute urlresolver / urlrewriter after autoreload Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: 2666 diff changeset	308	self.set_urlresolver()
2705 30bcdbd92820 [events] renamed source-reload into registry-reload to avoid potential confusions with datasources Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: 2685 diff changeset	309	CW_EVENT_MANAGER.bind('after-registry-reload', self.set_urlresolver)
2685 0518ca8f63e3 [autoreload] recompute urlresolver / urlrewriter after autoreload Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: 2666 diff changeset	310
0518ca8f63e3 [autoreload] recompute urlresolver / urlrewriter after autoreload Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: 2666 diff changeset	311	def set_urlresolver(self):
2887 1282dc6525c5 give vreg where we need it (eg no bound request) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2867 diff changeset	312	self.url_resolver = self.vreg['components'].select('urlpublisher',
1282dc6525c5 give vreg where we need it (eg no bound request) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2867 diff changeset	313	vreg=self.vreg)
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	314
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	315	def connect(self, req):
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	316	"""return a connection for a logged user object according to existing
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	317	sessions (i.e. a new connection may be created or an already existing
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	318	one may be reused
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	319	"""
5223 6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	320	try:
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	321	self.session_handler.set_session(req)
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	322	except AuthenticationError:
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	323	req.set_session(DBAPISession(None))
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	324
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	325	# publish methods #########################################################
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	326
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	327	def log_publish(self, path, req):
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	328	"""wrapper around _publish to log all queries executed for a given
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	329	accessed path
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	330	"""
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	331	try:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	332	return self.main_publish(path, req)
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	333	finally:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	334	cnx = req.cnx
5244 5467674ad101 [web] put a fake object that raise Unauthorized on any attribute access as req.cnx and req._user, so we are properly asked to authenticated on any view that tries to do something with one of those attributes (instead of doing defensive programming everywhere we're doing that) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5223 diff changeset	335	if cnx:
5223 6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	336	with self._logfile_lock:
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	337	try:
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	338	result = ['\n'+''80]
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	339	result.append(req.url())
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	340	result += ['%s %s -- (%.3f sec, %.3f CPU sec)' % q
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	341	for q in cnx.executed_queries]
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	342	cnx.executed_queries = []
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	343	self._query_log.write('\n'.join(result).encode(req.encoding))
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	344	self._query_log.flush()
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	345	except Exception:
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	346	self.exception('error while logging queries')
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	347
2788 8d3dbe577d3a R put version info in deprecation warnings Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 2706 diff changeset	348	@deprecated("[3.4] use vreg['controllers'].select(...)")
2058 7ef12c03447c nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 1977 diff changeset	349	def select_controller(self, oid, req):
7ef12c03447c nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 1977 diff changeset	350	try:
2650 18aec79ec3a3 R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2613 diff changeset	351	return self.vreg['controllers'].select(oid, req=req, appli=self)
2058 7ef12c03447c nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 1977 diff changeset	352	except NoSelectableObject:
7ef12c03447c nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 1977 diff changeset	353	raise Unauthorized(req._('not authorized'))
7ef12c03447c nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 1977 diff changeset	354
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	355	def main_publish(self, path, req):
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	356	"""method called by the main publisher to process <path>
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	357
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	358	should return a string containing the resulting page or raise a
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	359	`NotFound` exception
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	360
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	361	:type path: str
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	362	:param path: the path part of the url to publish
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	363
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	364	:type req: `web.Request`
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	365	:param req: the request object
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	366
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	367	:rtype: str
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	368	:return: the result of the pusblished url
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	369	"""
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	370	path = path or 'view'
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	371	# don't log form values they may contains sensitive information
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	372	self.info('publish "%s" (form params: %s)', path, req.form.keys())
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	373	# remove user callbacks on a new request (except for json controllers
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	374	# to avoid callbacks being unregistered before they could be called)
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	375	tstart = clock()
5865 af414723598d [publisher] avoid useless rollback after successful commit, which clutters debug logs and may also not be cost-free Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5721 diff changeset	376	commited = False
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	377	try:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	378	try:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	379	ctrlid, rset = self.url_resolver.process(req, path)
2058 7ef12c03447c nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 1977 diff changeset	380	try:
2650 18aec79ec3a3 R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2613 diff changeset	381	controller = self.vreg['controllers'].select(ctrlid, req,
18aec79ec3a3 R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2613 diff changeset	382	appli=self)
2058 7ef12c03447c nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 1977 diff changeset	383	except NoSelectableObject:
5584 c1823448f81d [web] disallow authenticated users to access to the login form (closes #914873) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5494 diff changeset	384	if ctrlid == 'login':
c1823448f81d [web] disallow authenticated users to access to the login form (closes #914873) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5494 diff changeset	385	raise Unauthorized(req._('log out first'))
2058 7ef12c03447c nicer vreg api, try to make rset an optional named argument in select and derivated (including selectors) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 1977 diff changeset	386	raise Unauthorized(req._('not authorized'))
581 09f87f2c535e update_search_state in the publisher since it should be done whatever the controller sylvain.thenault@logilab.fr parents: 168 diff changeset	387	req.update_search_state()
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	388	result = controller.publish(rset=rset)
5244 5467674ad101 [web] put a fake object that raise Unauthorized on any attribute access as req.cnx and req._user, so we are properly asked to authenticated on any view that tries to do something with one of those attributes (instead of doing defensive programming everywhere we're doing that) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5223 diff changeset	389	if req.cnx:
5467674ad101 [web] put a fake object that raise Unauthorized on any attribute access as req.cnx and req._user, so we are properly asked to authenticated on any view that tries to do something with one of those attributes (instead of doing defensive programming everywhere we're doing that) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5223 diff changeset	390	# no req.cnx if anonymous aren't allowed and we are
5467674ad101 [web] put a fake object that raise Unauthorized on any attribute access as req.cnx and req._user, so we are properly asked to authenticated on any view that tries to do something with one of those attributes (instead of doing defensive programming everywhere we're doing that) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5223 diff changeset	391	# displaying some anonymous enabled view such as the cookie
5467674ad101 [web] put a fake object that raise Unauthorized on any attribute access as req.cnx and req._user, so we are properly asked to authenticated on any view that tries to do something with one of those attributes (instead of doing defensive programming everywhere we're doing that) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5223 diff changeset	392	# authentication form
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	393	req.cnx.commit()
5865 af414723598d [publisher] avoid useless rollback after successful commit, which clutters debug logs and may also not be cost-free Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5721 diff changeset	394	commited = True
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	395	except (StatusResponse, DirectResponse):
5244 5467674ad101 [web] put a fake object that raise Unauthorized on any attribute access as req.cnx and req._user, so we are properly asked to authenticated on any view that tries to do something with one of those attributes (instead of doing defensive programming everywhere we're doing that) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5223 diff changeset	396	if req.cnx:
5223 6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	397	req.cnx.commit()
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	398	raise
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	399	except (AuthenticationError, LogOut):
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	400	raise
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	401	except Redirect:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	402	# redirect is raised by edit controller when everything went fine,
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	403	# so try to commit
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	404	try:
4913 083b4d454192 server/web api for accessing to deleted_entites Katia Saurfelt <katia.saurfelt@logilab.fr> parents: 4897 diff changeset	405	txuuid = req.cnx.commit()
083b4d454192 server/web api for accessing to deleted_entites Katia Saurfelt <katia.saurfelt@logilab.fr> parents: 4897 diff changeset	406	if txuuid is not None:
083b4d454192 server/web api for accessing to deleted_entites Katia Saurfelt <katia.saurfelt@logilab.fr> parents: 4897 diff changeset	407	msg = u'<span class="undo">[<a href="%s">%s</a>]</span>' %(
083b4d454192 server/web api for accessing to deleted_entites Katia Saurfelt <katia.saurfelt@logilab.fr> parents: 4897 diff changeset	408	req.build_url('undo', txuuid=txuuid), req._('undo'))
083b4d454192 server/web api for accessing to deleted_entites Katia Saurfelt <katia.saurfelt@logilab.fr> parents: 4897 diff changeset	409	req.append_to_redirect_message(msg)
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	410	except ValidationError, ex:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	411	self.validation_error_handler(req, ex)
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	412	except Unauthorized, ex:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	413	req.data['errmsg'] = req._('You\'re not authorized to access this page. '
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	414	'If you think you should, please contact the site administrator.')
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	415	self.error_handler(req, ex, tb=False)
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	416	except Exception, ex:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	417	self.error_handler(req, ex, tb=True)
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	418	else:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	419	# delete validation errors which may have been previously set
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	420	if '__errorurl' in req.form:
5223 6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	421	req.session.data.pop(req.form['__errorurl'], None)
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	422	raise
5223 6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	423	except RemoteCallFailed, ex:
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	424	req.set_header('content-type', 'application/json')
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	425	raise StatusResponse(500, ex.dumps())
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	426	except NotFound:
6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	427	raise StatusResponse(404, self.notfound_content(req))
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	428	except ValidationError, ex:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	429	self.validation_error_handler(req, ex)
2272 f27a3a75be0d no tb for RequestError Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2263 diff changeset	430	except (Unauthorized, BadRQLQuery, RequestError), ex:
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	431	self.error_handler(req, ex, tb=False)
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	432	except Exception, ex:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	433	self.error_handler(req, ex, tb=True)
5377 84d14ddfae13 [python2.6] prefer python2.6's builtin json module over simplejson Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5326 diff changeset	434	except:
84d14ddfae13 [python2.6] prefer python2.6's builtin json module over simplejson Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5326 diff changeset	435	self.critical('Catch all triggered!!!')
84d14ddfae13 [python2.6] prefer python2.6's builtin json module over simplejson Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5326 diff changeset	436	self.exception('this is what happened')
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	437	finally:
5865 af414723598d [publisher] avoid useless rollback after successful commit, which clutters debug logs and may also not be cost-free Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5721 diff changeset	438	if req.cnx and not commited:
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	439	try:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	440	req.cnx.rollback()
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	441	except:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	442	pass # ignore rollback error at this point
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	443	self.info('query %s executed in %s sec', req.relative_path(), clock() - tstart)
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	444	return result
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	445
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	446	def validation_error_handler(self, req, ex):
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	447	ex.errors = dict((k, v) for k, v in ex.errors.items())
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	448	if '__errorurl' in req.form:
4224 5998df006968 refactor form error handling: Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 3408 diff changeset	449	forminfo = {'error': ex,
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	450	'values': req.form,
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	451	'eidmap': req.data.get('eidmap', {})
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	452	}
5223 6abd6e3599f4 #773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5174 diff changeset	453	req.session.data[req.form['__errorurl']] = forminfo
4679 d8ad65dab3e9 remove #<formid> from url used to redirect after a validation error Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4639 diff changeset	454	# XXX form session key / __error_url should be differentiated:
d8ad65dab3e9 remove #<formid> from url used to redirect after a validation error Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4639 diff changeset	455	# session key is 'url + #<form dom id', though we usually don't want
d8ad65dab3e9 remove #<formid> from url used to redirect after a validation error Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4639 diff changeset	456	# the browser to move to the form since it hides the global
d8ad65dab3e9 remove #<formid> from url used to redirect after a validation error Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4639 diff changeset	457	# messages.
d8ad65dab3e9 remove #<formid> from url used to redirect after a validation error Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4639 diff changeset	458	raise Redirect(req.form['__errorurl'].rsplit('#', 1)[0])
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	459	self.error_handler(req, ex, tb=False)
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	460
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	461	def error_handler(self, req, ex, tb=False):
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	462	excinfo = sys.exc_info()
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	463	self.exception(repr(ex))
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	464	req.set_header('Cache-Control', 'no-cache')
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	465	req.remove_header('Etag')
4897 e402e0b32075 [web] start a new message system based on id of message stored in session's data Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4709 diff changeset	466	req.reset_message()
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	467	req.reset_headers()
4709 6a71fc0b4274 [web] fix #724769: Use RemoteCallFailed in the publisher's error_handler Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: 4679 diff changeset	468	if req.json_request:
6a71fc0b4274 [web] fix #724769: Use RemoteCallFailed in the publisher's error_handler Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: 4679 diff changeset	469	raise RemoteCallFailed(unicode(ex))
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	470	try:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	471	req.data['ex'] = ex
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	472	if tb:
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	473	req.data['excinfo'] = excinfo
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	474	req.form['vid'] = 'error'
2650 18aec79ec3a3 R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2613 diff changeset	475	errview = self.vreg['views'].select('error', req)
882 75488a2a875e fix ui.main-template property handling sylvain.thenault@logilab.fr parents: 871 diff changeset	476	template = self.main_template_id(req)
2650 18aec79ec3a3 R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2613 diff changeset	477	content = self.vreg['views'].main_template(req, template, view=errview)
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	478	except:
2650 18aec79ec3a3 R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2613 diff changeset	479	content = self.vreg['views'].main_template(req, 'error-template')
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	480	raise StatusResponse(500, content)
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	481
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	482	def need_login_content(self, req):
2650 18aec79ec3a3 R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2613 diff changeset	483	return self.vreg['views'].main_template(req, 'login')
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	484
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	485	def loggedout_content(self, req):
2650 18aec79ec3a3 R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2613 diff changeset	486	return self.vreg['views'].main_template(req, 'loggedout')
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	487
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	488	def notfound_content(self, req):
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	489	req.form['vid'] = '404'
2650 18aec79ec3a3 R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2613 diff changeset	490	view = self.vreg['views'].select('404', req)
882 75488a2a875e fix ui.main-template property handling sylvain.thenault@logilab.fr parents: 871 diff changeset	491	template = self.main_template_id(req)
2650 18aec79ec3a3 R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2613 diff changeset	492	return self.vreg['views'].main_template(req, template, view=view)
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	493
882 75488a2a875e fix ui.main-template property handling sylvain.thenault@logilab.fr parents: 871 diff changeset	494	def main_template_id(self, req):
2263 1f59cd5b710f accept a __template parameter that specifies a different (main) template Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 1977 diff changeset	495	template = req.form.get('__template', req.property_value('ui.main-template'))
2650 18aec79ec3a3 R [vreg] important refactoring of the vregistry, moving behaviour to end dictionnary (and so leaving room for more flexibility ; keep bw compat ; update api usage in cw Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2613 diff changeset	496	if template not in self.vreg['views']:
882 75488a2a875e fix ui.main-template property handling sylvain.thenault@logilab.fr parents: 871 diff changeset	497	template = 'main-template'
75488a2a875e fix ui.main-template property handling sylvain.thenault@logilab.fr parents: 871 diff changeset	498	return template
1426 379261551578 remove trailing spaces sylvain.thenault@logilab.fr parents: 1132 diff changeset	499
0 b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	500
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	501	set_log_methods(CubicWebPublisher, LOGGER)
b97547f5f1fa Showtime ! Adrien Di Mascio <Adrien.DiMascio@logilab.fr> parents: diff changeset	502	set_log_methods(CookieSessionHandler, LOGGER)

author	Sylvain Thénault <sylvain.thenault@logilab.fr>
	Fri, 02 Jul 2010 14:47:44 +0200
changeset 5868	c4380d8cfc25
parent 5736	375819ec7d43
parent 5865	af414723598d
child 6012	d56fd78006cd
child 6109	47d9c0e0f7b7
permissions	-rw-r--r--