Mercurial Mercurial > pub > hg > cubicweb / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
cubicweb/web/views/authentication.py
changeset 12043 b8d2e6b9f548
parent 11767 432f87a63057
child 12046 9056a41d91ba 
--- a/cubicweb/web/views/authentication.py	Fri Mar 10 18:00:13 2017 +0100
+++ b/cubicweb/web/views/authentication.py	Tue Mar 14 11:07:58 2017 +0100
@@ -20,10 +20,13 @@
 
 
 from logilab.common.deprecation import class_renamed
+from logilab.common.textutils import unormalize
 
 from cubicweb import AuthenticationError
+from cubicweb.utils import make_uid
 from cubicweb.view import Component
 from cubicweb.web import InvalidSession
+from cubicweb.server.session import Connection
 
 
 class NoAuthInfo(Exception): pass
@@ -98,6 +101,38 @@
     '("ie" instead of "ei")')
 
 
+class Session(object):
+    """In-memory user session
+    """
+
+    def __init__(self, repo, user):
+        self.user = user  # XXX deprecate and store only a login.
+        self.repo = repo
+        self.sessionid = make_uid(unormalize(user.login))
+        self.data = {}
+
+    def __unicode__(self):
+        return '<session %s (0x%x)>' % (unicode(self.user.login), id(self))
+
+    @property
+    def anonymous_session(self):
+        # XXX for now, anonymous_user only exists in webconfig (and testconfig).
+        # It will only be present inside all-in-one instance.
+        # there is plan to move it down to global config.
+        if not hasattr(self.repo.config, 'anonymous_user'):
+            # not a web or test config, no anonymous user
+            return False
+        return self.user.login == self.repo.config.anonymous_user()[0]
+
+    def new_cnx(self):
+        """Return a new Connection object linked to the session
+
+        The returned Connection will *not* be managed by the Session.
+        """
+        cnx = Connection(self.repo, self.user)
+        cnx.session = self
+        return cnx
+
 
 class RepositoryAuthenticationManager(object):
     """authenticate user associated to a request and check session validity"""
@@ -133,7 +168,7 @@
         # check session.login and not user.login, since in case of login by
         # email, login and cnx.login are the email while user.login is the
         # actual user login
-        if login and session.login != login:
+        if login and session.user.login != login:
             raise InvalidSession('login mismatch')
 
     def authenticate(self, req):
@@ -170,4 +205,6 @@
         raise AuthenticationError()
 
     def _authenticate(self, login, authinfo):
-        return self.repo.new_session(login, **authinfo)
+        with self.repo.internal_cnx() as cnx:
+            user = self.repo.authenticate_user(cnx, login, **authinfo)
+        return Session(self.repo, user)
cubicweb