author | Sylvain Thénault <sylvain.thenault@logilab.fr> |
Thu, 21 Apr 2011 12:35:41 +0200 | |
branch | stable |
changeset 7342 | d1c8b5b3531c |
parent 6848 | f87cd875c6db |
child 7428 | 5338d895b891 |
permissions | -rw-r--r-- |
5421
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
1 |
# copyright 2003-2010 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
2 |
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
3 |
# |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
4 |
# This file is part of CubicWeb. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
5 |
# |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
6 |
# CubicWeb is free software: you can redistribute it and/or modify it under the |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
7 |
# terms of the GNU Lesser General Public License as published by the Free |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
8 |
# Software Foundation, either version 2.1 of the License, or (at your option) |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
9 |
# any later version. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
10 |
# |
5424
8ecbcbff9777
replace logilab-common by CubicWeb in disclaimer
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5421
diff
changeset
|
11 |
# CubicWeb is distributed in the hope that it will be useful, but WITHOUT |
5421
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
12 |
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
13 |
# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
14 |
# details. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
15 |
# |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
16 |
# You should have received a copy of the GNU Lesser General Public License along |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
17 |
# with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
0 | 18 |
"""web session component: by dfault the session is actually the db connection |
19 |
object :/ |
|
6240 | 20 |
""" |
0 | 21 |
|
22 |
__docformat__ = "restructuredtext en" |
|
23 |
||
6791
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
24 |
from cubicweb import RepositoryError, Unauthorized |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
25 |
from cubicweb.web import InvalidSession, Redirect |
0 | 26 |
from cubicweb.web.application import AbstractSessionManager |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
27 |
from cubicweb.dbapi import DBAPISession |
0 | 28 |
|
29 |
||
30 |
class InMemoryRepositorySessionManager(AbstractSessionManager): |
|
31 |
"""manage session data associated to a session identifier""" |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
32 |
|
2887
1282dc6525c5
give vreg where we need it (eg no bound request)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2706
diff
changeset
|
33 |
def __init__(self, *args, **kwargs): |
1282dc6525c5
give vreg where we need it (eg no bound request)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2706
diff
changeset
|
34 |
AbstractSessionManager.__init__(self, *args, **kwargs) |
0 | 35 |
# XXX require a RepositoryAuthenticationManager which violates |
36 |
# authenticate interface by returning a session instead of a user |
|
37 |
#assert isinstance(self.authmanager, RepositoryAuthenticationManager) |
|
38 |
self._sessions = {} |
|
39 |
||
5080
cfc7c2b24f9e
[cleanup] some notes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4252
diff
changeset
|
40 |
# dump_data / restore_data to avoid loosing open sessions on registry |
cfc7c2b24f9e
[cleanup] some notes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4252
diff
changeset
|
41 |
# reloading |
2706
09baf5175196
[web session] proper reloading of the session manager on vreg update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
42 |
def dump_data(self): |
09baf5175196
[web session] proper reloading of the session manager on vreg update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
43 |
return self._sessions |
09baf5175196
[web session] proper reloading of the session manager on vreg update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
44 |
def restore_data(self, data): |
09baf5175196
[web session] proper reloading of the session manager on vreg update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
45 |
self._sessions = data |
09baf5175196
[web session] proper reloading of the session manager on vreg update
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
46 |
|
0 | 47 |
def current_sessions(self): |
48 |
return self._sessions.values() |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
49 |
|
0 | 50 |
def get_session(self, req, sessionid): |
51 |
"""return existing session for the given session identifier""" |
|
52 |
if not sessionid in self._sessions: |
|
53 |
raise InvalidSession() |
|
54 |
session = self._sessions[sessionid] |
|
55 |
try: |
|
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
56 |
user = self.authmanager.validate_session(req, session) |
0 | 57 |
except InvalidSession: |
58 |
# invalid session |
|
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
59 |
self.close_session(session) |
0 | 60 |
raise |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
61 |
# associate the connection to the current request |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
62 |
req.set_session(session, user) |
0 | 63 |
return session |
64 |
||
65 |
def open_session(self, req): |
|
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
66 |
"""open and return a new session for the given request. The session is |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
67 |
also bound to the request. |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
68 |
|
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
69 |
raise :exc:`cubicweb.AuthenticationError` if authentication failed |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
70 |
(no authentication info found or wrong user/password) |
0 | 71 |
""" |
6848
f87cd875c6db
[web session] cleanup session/authentication api: we don't have anymore to store authentication information on web session since the auto-reconnection feature has been dropped (eg in 3.10)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6791
diff
changeset
|
72 |
cnx, login = self.authmanager.authenticate(req) |
f87cd875c6db
[web session] cleanup session/authentication api: we don't have anymore to store authentication information on web session since the auto-reconnection feature has been dropped (eg in 3.10)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6791
diff
changeset
|
73 |
session = DBAPISession(cnx, login) |
0 | 74 |
self._sessions[session.sessionid] = session |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
75 |
# associate the connection to the current request |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
76 |
req.set_session(session) |
0 | 77 |
return session |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
78 |
|
6791
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
79 |
def postlogin(self, req): |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
80 |
"""postlogin: the user has been authenticated, redirect to the original |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
81 |
page (index by default) with a welcome message |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
82 |
""" |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
83 |
# Update last connection date |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
84 |
# XXX: this should be in a post login hook in the repository, but there |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
85 |
# we can't differentiate actual login of automatic session |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
86 |
# reopening. Is it actually a problem? |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
87 |
if 'last_login_time' in req.vreg.schema: |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
88 |
self._update_last_login_time(req) |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
89 |
args = req.form |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
90 |
for forminternal_key in ('__form_id', '__domid', '__errorurl'): |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
91 |
args.pop(forminternal_key, None) |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
92 |
args['__message'] = req._('welcome %s !') % req.user.login |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
93 |
if 'vid' in req.form: |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
94 |
args['vid'] = req.form['vid'] |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
95 |
if 'rql' in req.form: |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
96 |
args['rql'] = req.form['rql'] |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
97 |
path = req.relative_path(False) |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
98 |
if path == 'login': |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
99 |
path = 'view' |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
100 |
raise Redirect(req.build_url(path, **args)) |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
101 |
|
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
102 |
def _update_last_login_time(self, req): |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
103 |
# XXX should properly detect missing permission / non writeable source |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
104 |
# and avoid "except (RepositoryError, Unauthorized)" below |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
105 |
if req.user.cw_metainformation()['source']['type'] == 'ldapuser': |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
106 |
return |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
107 |
try: |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
108 |
req.execute('SET X last_login_time NOW WHERE X eid %(x)s', |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
109 |
{'x' : req.user.eid}) |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
110 |
req.cnx.commit() |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
111 |
except (RepositoryError, Unauthorized): |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
112 |
req.cnx.rollback() |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
113 |
except: |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
114 |
req.cnx.rollback() |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
115 |
raise |
fe58b234f9c2
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6279
diff
changeset
|
116 |
|
0 | 117 |
def close_session(self, session): |
118 |
"""close session on logout or on invalid session detected (expired out, |
|
119 |
corrupted...) |
|
120 |
""" |
|
5799
93f4b4d2fecf
use sessionid in log message
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5426
diff
changeset
|
121 |
self.info('closing http session %s' % session.sessionid) |
0 | 122 |
del self._sessions[session.sessionid] |
123 |
try: |
|
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
124 |
session.cnx.close() |
0 | 125 |
except: |
126 |
# already closed, may occurs if the repository session expired but |
|
127 |
# not the web session |
|
128 |
pass |
|
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5080
diff
changeset
|
129 |
session.cnx = None |