1 # copyright 2003-2010 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
1 # copyright 2003-2011 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
2 # contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
2 # contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
3 # |
3 # |
4 # This file is part of CubicWeb. |
4 # This file is part of CubicWeb. |
5 # |
5 # |
6 # CubicWeb is free software: you can redistribute it and/or modify it under the |
6 # CubicWeb is free software: you can redistribute it and/or modify it under the |
19 object :/ |
19 object :/ |
20 """ |
20 """ |
21 |
21 |
22 __docformat__ = "restructuredtext en" |
22 __docformat__ = "restructuredtext en" |
23 |
23 |
24 from cubicweb import RepositoryError, Unauthorized |
24 from cubicweb import RepositoryError, Unauthorized, AuthenticationError |
25 from cubicweb.web import InvalidSession, Redirect |
25 from cubicweb.web import InvalidSession, Redirect |
26 from cubicweb.web.application import AbstractSessionManager |
26 from cubicweb.web.application import AbstractSessionManager |
27 from cubicweb.dbapi import DBAPISession |
27 from cubicweb.dbapi import DBAPISession |
28 |
28 |
29 |
29 |
47 def current_sessions(self): |
47 def current_sessions(self): |
48 return self._sessions.values() |
48 return self._sessions.values() |
49 |
49 |
50 def get_session(self, req, sessionid): |
50 def get_session(self, req, sessionid): |
51 """return existing session for the given session identifier""" |
51 """return existing session for the given session identifier""" |
52 if not sessionid in self._sessions: |
52 if sessionid not in self._sessions: |
53 raise InvalidSession() |
53 raise InvalidSession() |
54 session = self._sessions[sessionid] |
54 session = self._sessions[sessionid] |
55 try: |
55 if session.cnx: |
56 user = self.authmanager.validate_session(req, session) |
56 try: |
57 except InvalidSession: |
57 user = self.authmanager.validate_session(req, session) |
58 # invalid session |
58 except InvalidSession: |
59 self.close_session(session) |
59 # invalid session |
60 raise |
60 self.close_session(session) |
61 # associate the connection to the current request |
61 raise |
62 req.set_session(session, user) |
62 # associate the connection to the current request |
|
63 req.set_session(session, user) |
63 return session |
64 return session |
64 |
65 |
65 def open_session(self, req): |
66 def open_session(self, req, allow_no_cnx=True): |
66 """open and return a new session for the given request. The session is |
67 """open and return a new session for the given request. The session is |
67 also bound to the request. |
68 also bound to the request. |
68 |
69 |
69 raise :exc:`cubicweb.AuthenticationError` if authentication failed |
70 raise :exc:`cubicweb.AuthenticationError` if authentication failed |
70 (no authentication info found or wrong user/password) |
71 (no authentication info found or wrong user/password) |
71 """ |
72 """ |
72 cnx, login = self.authmanager.authenticate(req) |
73 try: |
73 session = DBAPISession(cnx, login) |
74 cnx, login = self.authmanager.authenticate(req) |
|
75 except AuthenticationError: |
|
76 if allow_no_cnx: |
|
77 session = DBAPISession(None) |
|
78 else: |
|
79 raise |
|
80 else: |
|
81 session = DBAPISession(cnx, login) |
74 self._sessions[session.sessionid] = session |
82 self._sessions[session.sessionid] = session |
75 # associate the connection to the current request |
83 # associate the connection to the current request |
76 req.set_session(session) |
84 req.set_session(session) |
77 return session |
85 return session |
78 |
86 |
87 if 'last_login_time' in req.vreg.schema: |
95 if 'last_login_time' in req.vreg.schema: |
88 self._update_last_login_time(req) |
96 self._update_last_login_time(req) |
89 args = req.form |
97 args = req.form |
90 for forminternal_key in ('__form_id', '__domid', '__errorurl'): |
98 for forminternal_key in ('__form_id', '__domid', '__errorurl'): |
91 args.pop(forminternal_key, None) |
99 args.pop(forminternal_key, None) |
92 args['__message'] = req._('welcome %s !') % req.user.login |
|
93 if 'vid' in req.form: |
|
94 args['vid'] = req.form['vid'] |
|
95 if 'rql' in req.form: |
|
96 args['rql'] = req.form['rql'] |
|
97 path = req.relative_path(False) |
100 path = req.relative_path(False) |
98 if path == 'login': |
101 if path == 'login': |
99 path = 'view' |
102 path = 'view' |
100 raise Redirect(req.build_url(path, **args)) |
103 args['__message'] = req._('welcome %s !') % req.user.login |
|
104 if 'vid' in req.form: |
|
105 args['vid'] = req.form['vid'] |
|
106 if 'rql' in req.form: |
|
107 args['rql'] = req.form['rql'] |
|
108 raise Redirect(req.build_url(path, **args)) |
|
109 req.set_message(req._('welcome %s !') % req.user.login) |
101 |
110 |
102 def _update_last_login_time(self, req): |
111 def _update_last_login_time(self, req): |
103 # XXX should properly detect missing permission / non writeable source |
112 # XXX should properly detect missing permission / non writeable source |
104 # and avoid "except (RepositoryError, Unauthorized)" below |
113 # and avoid "except (RepositoryError, Unauthorized)" below |
105 if req.user.cw_metainformation()['source']['type'] == 'ldapuser': |
114 if req.user.cw_metainformation()['source']['type'] == 'ldapuser': |
118 """close session on logout or on invalid session detected (expired out, |
127 """close session on logout or on invalid session detected (expired out, |
119 corrupted...) |
128 corrupted...) |
120 """ |
129 """ |
121 self.info('closing http session %s' % session.sessionid) |
130 self.info('closing http session %s' % session.sessionid) |
122 del self._sessions[session.sessionid] |
131 del self._sessions[session.sessionid] |
123 try: |
132 if session.cnx: |
124 session.cnx.close() |
133 try: |
125 except: |
134 session.cnx.close() |
126 # already closed, may occurs if the repository session expired but |
135 except: |
127 # not the web session |
136 # already closed, may occur if the repository session expired |
128 pass |
137 # but not the web session |
129 session.cnx = None |
138 pass |
|
139 session.cnx = None |