goa/appobjects/sessions.py
author Sylvain Thénault <sylvain.thenault@logilab.fr>
Thu, 12 Nov 2009 17:15:07 +0100
branchstable
changeset 3830 3b6bbb3a3c3e
parent 1977 606923dff11b
child 2887 1282dc6525c5
child 4212 ab6573088b4a
permissions -rw-r--r--
close #472361: omit password and bytes attributes in allowed mass-mailing keys by fixing default implementation for allowed_massmail_keys() in the Emailable pluggable mixin (cw.common.mixins). Added test (in entities.test though), also fix CWUserTC classes conflicts in the test module.

"""persistent sessions stored in big table

:organization: Logilab
:copyright: 2008-2009 LOGILAB S.A. (Paris, FRANCE), license is LGPL v2.
:contact: http://www.logilab.fr/ -- mailto:contact@logilab.fr

XXX TODO:
* cleanup persistent session
* use user as ancestor?
:license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses
"""
__docformat__ = "restructuredtext en"

from pickle import loads, dumps
from time import localtime, strftime

from logilab.common.decorators import cached, clear_cache

from cubicweb import BadConnectionId
from cubicweb.dbapi import Connection, ConnectionProperties, repo_connect
from cubicweb.selectors import none_rset, match_user_groups
from cubicweb.server.session import Session
from cubicweb.web import InvalidSession
from cubicweb.web.application import AbstractSessionManager
from cubicweb.web.application import AbstractAuthenticationManager

from google.appengine.api.datastore import Key, Entity, Get, Put, Delete, Query
from google.appengine.api.datastore_errors import EntityNotFoundError
from google.appengine.api.datastore_types import Blob

try:
    del Connection.__del__
except AttributeError:
    pass # already deleted


class GAEAuthenticationManager(AbstractAuthenticationManager):
    """authenticate user associated to a request and check session validity,
    using google authentication service
    """

    def __init__(self, *args, **kwargs):
        super(GAEAuthenticationManager, self).__init__(*args, **kwargs)
        self._repo = self.config.repository(vreg=self.vreg)

    def authenticate(self, req, _login=None, _password=None):
        """authenticate user and return an established connection for this user

        :raise ExplicitLogin: if authentication is required (no authentication
        info found or wrong user/password)
        """
        if _login is not None:
            login, password = _login, _password
        else:
            login, password = req.get_authorization()
        # remove possibly cached cursor coming from closed connection
        clear_cache(req, 'cursor')
        cnxprops = ConnectionProperties(self.vreg.config.repo_method,
                                        close=False, log=False)
        cnx = repo_connect(self._repo, login, password, cnxprops=cnxprops)
        self._init_cnx(cnx, login, password)
        # associate the connection to the current request
        req.set_connection(cnx)
        return cnx

    def _init_cnx(self, cnx, login, password):
        cnx.anonymous_connection = self.config.is_anonymous_user(login)
        cnx.vreg = self.vreg
        cnx.login = login
        cnx.password = password


class GAEPersistentSessionManager(AbstractSessionManager):
    """manage session data associated to a session identifier"""

    def __init__(self, *args, **kwargs):
        super(GAEPersistentSessionManager, self).__init__(*args, **kwargs)
        self._repo = self.config.repository(vreg=self.vreg)

    def get_session(self, req, sessionid):
        """return existing session for the given session identifier"""
        # search a record for the given session
        key = Key.from_path('CubicWebSession', 'key_' + sessionid, parent=None)
        try:
            record = Get(key)
        except EntityNotFoundError:
            raise InvalidSession()
        repo = self._repo
        if self.has_expired(record):
            repo._sessions.pop(sessionid, None)
            Delete(record)
            raise InvalidSession()
        # associate it with a repository session
        try:
            reposession = repo._get_session(sessionid)
            user = reposession.user
            # touch session to avoid closing our own session when sessions are
            # cleaned (touch is done on commit/rollback on the server side, too
            # late in that case)
            reposession._touch()
        except BadConnectionId:
            # can't found session in the repository, this probably mean the
            # session is not yet initialized on this server, hijack the repo
            # to create it
            # use an internal connection
            ssession = repo.internal_session()
            # try to get a user object
            try:
                user = repo.authenticate_user(ssession, record['login'],
                                              record['password'])
            finally:
                ssession.close()
            reposession = Session(user, self._repo, _id=sessionid)
            self._repo._sessions[sessionid] = reposession
        cnx = Connection(self._repo, sessionid)
        return self._get_proxy(req, record, cnx, user)

    def open_session(self, req):
        """open and return a new session for the given request"""
        cnx = self.authmanager.authenticate(req)
        # avoid rebuilding a user
        user = self._repo._get_session(cnx.sessionid).user
        # build persistent record for session data
        record = Entity('CubicWebSession', name='key_' + cnx.sessionid)
        record['login'] = cnx.login
        record['password'] = cnx.password
        record['anonymous_connection'] = cnx.anonymous_connection
        Put(record)
        return self._get_proxy(req, record, cnx, user)

    def close_session(self, proxy):
        """close session on logout or on invalid session detected (expired out,
        corrupted...)
        """
        proxy.close()

    def current_sessions(self):
        for record in Query('CubicWebSession').Run():
            yield ConnectionProxy(record)

    def _get_proxy(self, req, record, cnx, user):
        proxy = ConnectionProxy(record, cnx, user)
        user.req = req
        req.set_connection(proxy, user)
        return proxy


class ConnectionProxy(object):

    def __init__(self, record, cnx=None, user=None):
        self.__record = record
        self.__cnx = cnx
        self.__user = user
        self.__data = None
        self.__is_dirty = False
        self.sessionid = record.key().name()[4:] # remove 'key_' prefix

    def __repr__(self):
        sstr = '<ConnectionProxy %s' % self.sessionid
        if self.anonymous_connection:
            sstr += ' (anonymous)'
        elif self.__user:
            sstr += ' for %s' % self.__user.login
        sstr += ', last used %s>' % strftime('%T', localtime(self.last_usage_time))
        return sstr

    def __getattribute__(self, name):
        try:
            return super(ConnectionProxy, self).__getattribute__(name)
        except AttributeError:
            return getattr(self.__cnx, name)

    def _set_last_usage_time(self, value):
        self.__is_dirty = True
        self.__record['last_usage_time'] = value
    def _get_last_usage_time(self):
        return self.__record['last_usage_time']

    last_usage_time = property(_get_last_usage_time, _set_last_usage_time)

    @property
    def anonymous_connection(self):
        # use get() for bw compat if sessions without anonymous information are
        # found. Set default to True to limit lifetime of those sessions.
        return self.__record.get('anonymous_connection', True)

    @property
    @cached
    def data(self):
        if self.__record.get('data') is not None:
            try:
                return loads(self.__record['data'])
            except:
                self.__is_dirty = True
                self.exception('corrupted session data for session %s',
                               self.__cnx)
        return {}

    def get_session_data(self, key, default=None, pop=False):
        """return value associated to `key` in session data"""
        if pop:
            try:
                value = self.data.pop(key)
                self.__is_dirty = True
                return value
            except KeyError:
                return default
        else:
            return self.data.get(key, default)

    def set_session_data(self, key, value):
        """set value associated to `key` in session data"""
        self.data[key] = value
        self.__is_dirty = True

    def del_session_data(self, key):
        """remove value associated to `key` in session data"""
        try:
            del self.data[key]
            self.__is_dirty = True
        except KeyError:
            pass

    def commit(self):
        if self.__is_dirty:
            self.__save()
        self.__cnx.commit()

    def rollback(self):
        self.__save()
        self.__cnx.rollback()

    def close(self):
        if self.__cnx is not None:
            self.__cnx.close()
        Delete(self.__record)

    def __save(self):
        if self.__is_dirty:
            self.__record['data'] = Blob(dumps(self.data))
            Put(self.__record)
            self.__is_dirty = False

    def user(self, req=None, props=None):
        """return the User object associated to this connection"""
        return self.__user


import logging
from cubicweb import set_log_methods
set_log_methods(ConnectionProxy, logging.getLogger('cubicweb.web.goa.session'))


from cubicweb.common.view import StartupView
from cubicweb.web import application

class SessionsCleaner(StartupView):
    id = 'cleansessions'
    __select__ = none_rset() & match_user_groups('managers')

    def call(self):
        # clean web session
        session_manager = application.SESSION_MANAGER
        nbclosed, remaining = session_manager.clean_sessions()
        self.w(u'<div class="message">')
        self.w(u'%s web sessions closed<br/>\n' % nbclosed)
        # clean repository sessions
        repo = self.config.repository(vreg=self.vreg)
        nbclosed = repo.clean_sessions()
        self.w(u'%s repository sessions closed<br/>\n' % nbclosed)
        self.w(u'%s remaining sessions<br/>\n' % remaining)
        self.w(u'</div>')


def registration_callback(vreg):
    vreg.register(SessionsCleaner)
    vreg.register(GAEAuthenticationManager, clear=True)
    vreg.register(GAEPersistentSessionManager, clear=True)