33 from cubicweb import set_log_methods, cwvreg |
33 from cubicweb import set_log_methods, cwvreg |
34 from cubicweb import ( |
34 from cubicweb import ( |
35 ValidationError, Unauthorized, Forbidden, |
35 ValidationError, Unauthorized, Forbidden, |
36 AuthenticationError, NoSelectableObject, |
36 AuthenticationError, NoSelectableObject, |
37 BadConnectionId, CW_EVENT_MANAGER) |
37 BadConnectionId, CW_EVENT_MANAGER) |
38 from cubicweb.dbapi import anonymous_session |
38 from cubicweb.repoapi import anonymous_cnx |
39 from cubicweb.web import LOGGER, component |
39 from cubicweb.web import LOGGER, component |
40 from cubicweb.web import ( |
40 from cubicweb.web import ( |
41 StatusResponse, DirectResponse, Redirect, NotFound, LogOut, |
41 StatusResponse, DirectResponse, Redirect, NotFound, LogOut, |
42 RemoteCallFailed, InvalidSession, RequestError) |
42 RemoteCallFailed, InvalidSession, RequestError) |
43 |
43 |
48 SESSION_MANAGER = None |
48 SESSION_MANAGER = None |
49 |
49 |
50 |
50 |
51 @contextmanager |
51 @contextmanager |
52 def anonymized_request(req): |
52 def anonymized_request(req): |
53 orig_session = req.session |
53 orig_cnx = req.cnx |
54 req.set_session(anonymous_session(req.vreg)) |
54 anon_clt_cnx = anonymous_cnx(orig_cnx._session.repo) |
|
55 req.set_cnx(anon_clt_cnx) |
55 try: |
56 try: |
56 yield req |
57 with anon_clt_cnx: |
|
58 yield req |
57 finally: |
59 finally: |
58 req.set_session(orig_session) |
60 req.set_cnx(orig_cnx) |
59 |
61 |
60 class AbstractSessionManager(component.Component): |
62 class AbstractSessionManager(component.Component): |
61 """manage session data associated to a session identifier""" |
63 """manage session data associated to a session identifier""" |
62 __regid__ = 'sessionmanager' |
64 __regid__ = 'sessionmanager' |
63 |
65 |
336 req.set_header('WWW-Authenticate', [('Basic', {'realm' : realm })], raw=False) |
338 req.set_header('WWW-Authenticate', [('Basic', {'realm' : realm })], raw=False) |
337 content = '' |
339 content = '' |
338 try: |
340 try: |
339 try: |
341 try: |
340 session = self.get_session(req) |
342 session = self.get_session(req) |
341 req.set_session(session) |
343 from cubicweb import repoapi |
|
344 cnx = repoapi.ClientConnection(session) |
|
345 req.set_cnx(cnx) |
342 except AuthenticationError: |
346 except AuthenticationError: |
343 # Keep the dummy session set at initialisation. |
347 # Keep the dummy session set at initialisation. |
344 # such session with work to an some extend but raise an |
348 # such session with work to an some extend but raise an |
345 # AuthenticationError on any database access. |
349 # AuthenticationError on any database access. |
346 pass |
350 import contextlib |
|
351 @contextlib.contextmanager |
|
352 def dummy(): |
|
353 yield |
|
354 cnx = dummy() |
347 # XXX We want to clean up this approach in the future. But |
355 # XXX We want to clean up this approach in the future. But |
348 # several cubes like registration or forgotten password rely on |
356 # several cubes like registration or forgotten password rely on |
349 # this principle. |
357 # this principle. |
350 assert req.session is not None |
358 |
351 # DENY https acces for anonymous_user |
359 # DENY https acces for anonymous_user |
352 if (req.https |
360 if (req.https |
353 and req.session.anonymous_session |
361 and req.session.anonymous_session |
354 and self.vreg.config['https-deny-anonymous']): |
362 and self.vreg.config['https-deny-anonymous']): |
355 # don't allow anonymous on https connection |
363 # don't allow anonymous on https connection |
356 raise AuthenticationError() |
364 raise AuthenticationError() |
357 # nested try to allow LogOut to delegate logic to AuthenticationError |
365 # nested try to allow LogOut to delegate logic to AuthenticationError |
358 # handler |
366 # handler |
359 try: |
367 try: |
360 ### Try to generate the actual request content |
368 ### Try to generate the actual request content |
361 content = self.core_handle(req, path) |
369 with cnx: |
|
370 content = self.core_handle(req, path) |
362 # Handle user log-out |
371 # Handle user log-out |
363 except LogOut as ex: |
372 except LogOut as ex: |
364 # When authentification is handled by cookie the code that |
373 # When authentification is handled by cookie the code that |
365 # raised LogOut must has invalidated the cookie. We can just |
374 # raised LogOut must has invalidated the cookie. We can just |
366 # reload the original url without authentification |
375 # reload the original url without authentification |