--- a/cubicweb/web/views/authentication.py Fri Mar 10 18:00:13 2017 +0100
+++ b/cubicweb/web/views/authentication.py Tue Mar 14 11:07:58 2017 +0100
@@ -20,10 +20,13 @@
from logilab.common.deprecation import class_renamed
+from logilab.common.textutils import unormalize
from cubicweb import AuthenticationError
+from cubicweb.utils import make_uid
from cubicweb.view import Component
from cubicweb.web import InvalidSession
+from cubicweb.server.session import Connection
class NoAuthInfo(Exception): pass
@@ -98,6 +101,38 @@
'("ie" instead of "ei")')
+class Session(object):
+ """In-memory user session
+ """
+
+ def __init__(self, repo, user):
+ self.user = user # XXX deprecate and store only a login.
+ self.repo = repo
+ self.sessionid = make_uid(unormalize(user.login))
+ self.data = {}
+
+ def __unicode__(self):
+ return '<session %s (0x%x)>' % (unicode(self.user.login), id(self))
+
+ @property
+ def anonymous_session(self):
+ # XXX for now, anonymous_user only exists in webconfig (and testconfig).
+ # It will only be present inside all-in-one instance.
+ # there is plan to move it down to global config.
+ if not hasattr(self.repo.config, 'anonymous_user'):
+ # not a web or test config, no anonymous user
+ return False
+ return self.user.login == self.repo.config.anonymous_user()[0]
+
+ def new_cnx(self):
+ """Return a new Connection object linked to the session
+
+ The returned Connection will *not* be managed by the Session.
+ """
+ cnx = Connection(self.repo, self.user)
+ cnx.session = self
+ return cnx
+
class RepositoryAuthenticationManager(object):
"""authenticate user associated to a request and check session validity"""
@@ -133,7 +168,7 @@
# check session.login and not user.login, since in case of login by
# email, login and cnx.login are the email while user.login is the
# actual user login
- if login and session.login != login:
+ if login and session.user.login != login:
raise InvalidSession('login mismatch')
def authenticate(self, req):
@@ -170,4 +205,6 @@
raise AuthenticationError()
def _authenticate(self, login, authinfo):
- return self.repo.new_session(login, **authinfo)
+ with self.repo.internal_cnx() as cnx:
+ user = self.repo.authenticate_user(cnx, login, **authinfo)
+ return Session(self.repo, user)