8 """ |
8 """ |
9 __docformat__ = "restructuredtext en" |
9 __docformat__ = "restructuredtext en" |
10 |
10 |
11 from cubicweb.web import InvalidSession |
11 from cubicweb.web import InvalidSession |
12 from cubicweb.web.application import AbstractSessionManager |
12 from cubicweb.web.application import AbstractSessionManager |
|
13 from cubicweb.dbapi import DBAPISession |
13 |
14 |
14 |
15 |
15 class InMemoryRepositorySessionManager(AbstractSessionManager): |
16 class InMemoryRepositorySessionManager(AbstractSessionManager): |
16 """manage session data associated to a session identifier""" |
17 """manage session data associated to a session identifier""" |
17 |
18 |
38 raise InvalidSession() |
39 raise InvalidSession() |
39 session = self._sessions[sessionid] |
40 session = self._sessions[sessionid] |
40 if self.has_expired(session): |
41 if self.has_expired(session): |
41 self.close_session(session) |
42 self.close_session(session) |
42 raise InvalidSession() |
43 raise InvalidSession() |
43 # give an opportunity to auth manager to hijack the session (necessary |
|
44 # with the RepositoryAuthenticationManager in case the connection to the |
|
45 # repository has expired) |
|
46 try: |
44 try: |
47 session = self.authmanager.validate_session(req, session) |
45 user = self.authmanager.validate_session(req, session) |
48 # necessary in case session has been hijacked |
|
49 self._sessions[session.sessionid] = session |
|
50 except InvalidSession: |
46 except InvalidSession: |
51 # invalid session |
47 # invalid session |
52 del self._sessions[sessionid] |
48 self.close_session(session) |
53 raise |
49 raise |
|
50 # associate the connection to the current request |
|
51 req.set_session(session, user) |
54 return session |
52 return session |
55 |
53 |
56 def open_session(self, req): |
54 def open_session(self, req): |
57 """open and return a new session for the given request |
55 """open and return a new session for the given request. The session is |
|
56 also bound to the request. |
58 |
57 |
59 :raise ExplicitLogin: if authentication is required |
58 raise :exc:`cubicweb.AuthenticationError` if authentication failed |
|
59 (no authentication info found or wrong user/password) |
60 """ |
60 """ |
61 session = self.authmanager.authenticate(req) |
61 cnx, login, authinfo = self.authmanager.authenticate(req) |
|
62 session = DBAPISession(cnx, login, authinfo) |
62 self._sessions[session.sessionid] = session |
63 self._sessions[session.sessionid] = session |
|
64 # associate the connection to the current request |
|
65 req.set_session(session) |
63 return session |
66 return session |
64 |
67 |
65 def close_session(self, session): |
68 def close_session(self, session): |
66 """close session on logout or on invalid session detected (expired out, |
69 """close session on logout or on invalid session detected (expired out, |
67 corrupted...) |
70 corrupted...) |
68 """ |
71 """ |
69 self.info('closing http session %s' % session) |
72 self.info('closing http session %s' % session) |
70 del self._sessions[session.sessionid] |
73 del self._sessions[session.sessionid] |
71 try: |
74 try: |
72 session.close() |
75 session.cnx.close() |
73 except: |
76 except: |
74 # already closed, may occurs if the repository session expired but |
77 # already closed, may occurs if the repository session expired but |
75 # not the web session |
78 # not the web session |
76 pass |
79 pass |
|
80 session.cnx = None |