cubicweb: cubicweb/pyramid/session.py@e282711ac6b2 (annotated)

11506 bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	1	import warnings
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	2	import logging
11629 0459094d9728 Use opened connections as much as possible Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11625 diff changeset	3	from contextlib import contextmanager
11506 bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	4
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	5	from pyramid.compat import pickle
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	6	from pyramid.session import SignedCookieSessionFactory
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	7
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	8	from cubicweb import Binary
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	9
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	10
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	11	log = logging.getLogger(__name__)
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	12
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	13
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	14	def logerrors(logger):
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	15	def wrap(fn):
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	16	def newfn(args, *kw):
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	17	try:
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	18	return fn(args, *kw)
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	19	except:
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	20	logger.exception("Error in %s" % fn.__name__)
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	21	return newfn
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	22	return wrap
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	23
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	24
11629 0459094d9728 Use opened connections as much as possible Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11625 diff changeset	25	@contextmanager
0459094d9728 Use opened connections as much as possible Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11625 diff changeset	26	def unsafe_cnx_context_manager(request):
0459094d9728 Use opened connections as much as possible Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11625 diff changeset	27	"""Return a connection for use as a context manager, with security disabled
0459094d9728 Use opened connections as much as possible Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11625 diff changeset	28
0459094d9728 Use opened connections as much as possible Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11625 diff changeset	29	If request has an attached connection, its security will be deactived in the context manager's
0459094d9728 Use opened connections as much as possible Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11625 diff changeset	30	scope, else a new internal connection is returned.
11896 327585fd7670 [pyramid] Don't use unsafe_cnx_context_manager for write queries Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11631 diff changeset	31
327585fd7670 [pyramid] Don't use unsafe_cnx_context_manager for write queries Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11631 diff changeset	32	This should be used for read-only queries, not if you intend to commit/rollback some data.
11629 0459094d9728 Use opened connections as much as possible Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11625 diff changeset	33	"""
0459094d9728 Use opened connections as much as possible Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11625 diff changeset	34	cnx = request.cw_cnx
0459094d9728 Use opened connections as much as possible Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11625 diff changeset	35	if cnx is None:
0459094d9728 Use opened connections as much as possible Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11625 diff changeset	36	with request.registry['cubicweb.repository'].internal_cnx() as cnx:
0459094d9728 Use opened connections as much as possible Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11625 diff changeset	37	yield cnx
0459094d9728 Use opened connections as much as possible Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11625 diff changeset	38	else:
0459094d9728 Use opened connections as much as possible Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11625 diff changeset	39	with cnx.security_enabled(read=False, write=False):
0459094d9728 Use opened connections as much as possible Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11625 diff changeset	40	yield cnx
0459094d9728 Use opened connections as much as possible Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11625 diff changeset	41
0459094d9728 Use opened connections as much as possible Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11625 diff changeset	42
11506 bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	43	def CWSessionFactory(
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	44	secret,
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	45	cookie_name='session',
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	46	max_age=None,
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	47	path='/',
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	48	domain=None,
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	49	secure=False,
11579 78ba3e88a549 set httponly on session cookie Julien Cristau <julien.cristau@logilab.fr> parents: 11537 diff changeset	50	httponly=True,
11506 bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	51	set_on_exception=True,
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	52	timeout=1200,
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	53	reissue_time=120,
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	54	hashalg='sha512',
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	55	salt='pyramid.session.',
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	56	serializer=None):
11537 caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	57	""" A pyramid session factory that store session data in the CubicWeb
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	58	database.
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	59
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	60	Storage is done with the 'CWSession' entity, which is provided by the
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	61	'pyramid' cube.
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	62
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	63	.. warning::
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	64
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	65	Although it provides a sane default behavior, this session storage has
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	66	a serious overhead because it uses RQL to access the database.
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	67
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	68	Using pure SQL would improve a bit (it is roughly twice faster), but it
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	69	is still pretty slow and thus not an immediate priority.
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	70
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	71	It is recommended to use faster session factory
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	72	(pyramid_redis_sessions_ for example) if you need speed.
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	73
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	74	.. _pyramid_redis_sessions: http://pyramid-redis-sessions.readthedocs.org/
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	75	en/latest/index.html
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	76	"""
11506 bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	77
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	78	SignedCookieSession = SignedCookieSessionFactory(
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	79	secret,
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	80	cookie_name=cookie_name,
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	81	max_age=max_age,
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	82	path=path,
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	83	domain=domain,
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	84	secure=secure,
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	85	httponly=httponly,
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	86	set_on_exception=set_on_exception,
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	87	timeout=timeout,
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	88	reissue_time=reissue_time,
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	89	hashalg=hashalg,
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	90	salt=salt,
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	91	serializer=serializer)
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	92
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	93	class CWSession(SignedCookieSession):
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	94	def __init__(self, request):
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	95	# _set_accessed will be called by the super __init__.
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	96	# Setting _loaded to True inhibates it.
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	97	self._loaded = True
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	98
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	99	# the super __init__ will load a single value in the dictionnary,
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	100	# the session id.
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	101	super(CWSession, self).__init__(request)
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	102
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	103	# Remove the session id from the dict
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	104	self.sessioneid = self.pop('sessioneid', None)
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	105	self.repo = request.registry['cubicweb.repository']
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	106
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	107	# We need to lazy-load only for existing sessions
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	108	self._loaded = self.sessioneid is None
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	109
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	110	@logerrors(log)
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	111	def _set_accessed(self, value):
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	112	self._accessed = value
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	113
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	114	if self._loaded:
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	115	return
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	116
11629 0459094d9728 Use opened connections as much as possible Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11625 diff changeset	117	with unsafe_cnx_context_manager(self.request) as cnx:
11625 b23d60a9ea84 retrieve session data in a single query Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11606 diff changeset	118	value_rset = cnx.execute('Any D WHERE X eid %(x)s, X cwsessiondata D',
b23d60a9ea84 retrieve session data in a single query Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11606 diff changeset	119	{'x': self.sessioneid})
b23d60a9ea84 retrieve session data in a single query Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11606 diff changeset	120	value = value_rset[0][0]
11506 bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	121	if value:
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	122	# Use directly dict.update to avoir _set_accessed to be
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	123	# recursively called
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	124	dict.update(self, pickle.load(value))
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	125
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	126	self._loaded = True
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	127
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	128	def _get_accessed(self):
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	129	return self._accessed
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	130
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	131	accessed = property(_get_accessed, _set_accessed)
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	132
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	133	@logerrors(log)
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	134	def _set_cookie(self, response):
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	135	# Save the value in the database
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	136	data = Binary(pickle.dumps(dict(self)))
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	137	sessioneid = self.sessioneid
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	138
11896 327585fd7670 [pyramid] Don't use unsafe_cnx_context_manager for write queries Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 11631 diff changeset	139	with self.request.registry['cubicweb.repository'].internal_cnx() as cnx:
11506 bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	140	if not sessioneid:
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	141	session = cnx.create_entity(
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	142	'CWSession', cwsessiondata=data)
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	143	sessioneid = session.eid
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	144	else:
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	145	session = cnx.entity_from_eid(sessioneid)
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	146	session.cw_set(cwsessiondata=data)
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	147	cnx.commit()
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	148
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	149	# Only if needed actually set the cookie
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	150	if self.new or self.accessed - self.renewed > self._reissue_time:
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	151	dict.clear(self)
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	152	dict.__setitem__(self, 'sessioneid', sessioneid)
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	153	return super(CWSession, self)._set_cookie(response)
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	154
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	155	return True
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	156
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	157	return CWSession
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	158
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	159
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	160	def includeme(config):
11537 caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	161	""" Activate the CubicWeb session factory.
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	162
11631 faf279e33298 Merge with pyramid-cubicweb Yann Voté <yann.vote@logilab.fr> parents: 11629 diff changeset	163	Usually called via ``config.include('cubicweb.pyramid.auth')``.
11537 caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	164
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	165	See also :ref:`defaults_module`
caf268942436 Initial documentation. Christophe de Vienne <christophe@unlish.com> parents: 11506 diff changeset	166	"""
11606 e245680acce3 [config] move config of the secret used to encrypt session's data ID in pyramid.ini (closes #11689082) David Douard <david.douard@logilab.fr> parents: 11579 diff changeset	167	settings = config.registry.settings
e245680acce3 [config] move config of the secret used to encrypt session's data ID in pyramid.ini (closes #11689082) David Douard <david.douard@logilab.fr> parents: 11579 diff changeset	168	secret = settings.get('cubicweb.session.secret', '')
e245680acce3 [config] move config of the secret used to encrypt session's data ID in pyramid.ini (closes #11689082) David Douard <david.douard@logilab.fr> parents: 11579 diff changeset	169	if not secret:
e245680acce3 [config] move config of the secret used to encrypt session's data ID in pyramid.ini (closes #11689082) David Douard <david.douard@logilab.fr> parents: 11579 diff changeset	170	secret = config.registry['cubicweb.config'].get('pyramid-session-secret')
e245680acce3 [config] move config of the secret used to encrypt session's data ID in pyramid.ini (closes #11689082) David Douard <david.douard@logilab.fr> parents: 11579 diff changeset	171	warnings.warn('''
e245680acce3 [config] move config of the secret used to encrypt session's data ID in pyramid.ini (closes #11689082) David Douard <david.douard@logilab.fr> parents: 11579 diff changeset	172	Please migrate pyramid-session-secret from
e245680acce3 [config] move config of the secret used to encrypt session's data ID in pyramid.ini (closes #11689082) David Douard <david.douard@logilab.fr> parents: 11579 diff changeset	173	all-in-one.conf to cubicweb.session.secret config entry in
e245680acce3 [config] move config of the secret used to encrypt session's data ID in pyramid.ini (closes #11689082) David Douard <david.douard@logilab.fr> parents: 11579 diff changeset	174	your pyramid.ini file.
e245680acce3 [config] move config of the secret used to encrypt session's data ID in pyramid.ini (closes #11689082) David Douard <david.douard@logilab.fr> parents: 11579 diff changeset	175	''')
11506 bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	176	if not secret:
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	177	secret = 'notsosecret'
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	178	warnings.warn('''
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	179
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	180	!! WARNING !! !! WARNING !!
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	181
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	182	The session cookies are signed with a static secret key.
11606 e245680acce3 [config] move config of the secret used to encrypt session's data ID in pyramid.ini (closes #11689082) David Douard <david.douard@logilab.fr> parents: 11579 diff changeset	183	To put your own secret key, edit your pyramid.ini file
e245680acce3 [config] move config of the secret used to encrypt session's data ID in pyramid.ini (closes #11689082) David Douard <david.douard@logilab.fr> parents: 11579 diff changeset	184	and set the 'cubicweb.session.secret' key.
11506 bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	185
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	186	YOU SHOULD STOP THIS INSTANCE unless your really know what you
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	187	are doing !!
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	188
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	189	''')
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	190	session_factory = CWSessionFactory(secret)
bfc1aa1dba30 DB-saved session data Christophe de Vienne <christophe@unlish.com> parents: diff changeset	191	config.set_session_factory(session_factory)

author	Denis Laxalde <denis.laxalde@logilab.fr>
	Mon, 20 Mar 2017 17:38:43 +0100
branch	3.24
changeset 12077	e282711ac6b2
parent 11896	327585fd7670
child 11967	83739be20fab
permissions	-rw-r--r--