Mercurial Mercurial > pub > hg > cubicweb / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
web/views/sessions.py
author Sylvain Thénault <sylvain.thenault@logilab.fr>
Wed, 14 Apr 2010 10:29:38 +0200
changeset 5244 5467674ad101
parent 5223 6abd6e3599f4
child 5423 e15abfdcce38
permissions -rw-r--r--
[web] put a fake object that raise Unauthorized on any attribute access as req.cnx and req._user, so we are properly asked to authenticated on any view that tries to do something with one of those attributes (instead of doing defensive programming everywhere we're doing that)

"""web session component: by dfault the session is actually the db connection
object :/

:organization: Logilab
:copyright: 2001-2010 LOGILAB S.A. (Paris, FRANCE), license is LGPL v2.
:contact: http://www.logilab.fr/ -- mailto:contact@logilab.fr
:license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses
"""
__docformat__ = "restructuredtext en"

from cubicweb.web import InvalidSession
from cubicweb.web.application import AbstractSessionManager
from cubicweb.dbapi import DBAPISession


class InMemoryRepositorySessionManager(AbstractSessionManager):
    """manage session data associated to a session identifier"""

    def __init__(self, *args, **kwargs):
        AbstractSessionManager.__init__(self, *args, **kwargs)
        # XXX require a RepositoryAuthenticationManager which violates
        #     authenticate interface by returning a session instead of a user
        #assert isinstance(self.authmanager, RepositoryAuthenticationManager)
        self._sessions = {}

    # dump_data / restore_data to avoid loosing open sessions on registry
    # reloading
    def dump_data(self):
        return self._sessions
    def restore_data(self, data):
        self._sessions = data

    def current_sessions(self):
        return self._sessions.values()

    def get_session(self, req, sessionid):
        """return existing session for the given session identifier"""
        if not sessionid in self._sessions:
            raise InvalidSession()
        session = self._sessions[sessionid]
        if self.has_expired(session):
            self.close_session(session)
            raise InvalidSession()
        try:
            user = self.authmanager.validate_session(req, session)
        except InvalidSession:
            # invalid session
            self.close_session(session)
            raise
        # associate the connection to the current request
        req.set_session(session, user)
        return session

    def open_session(self, req):
        """open and return a new session for the given request. The session is
        also bound to the request.

        raise :exc:`cubicweb.AuthenticationError` if authentication failed
        (no authentication info found or wrong user/password)
        """
        cnx, login, authinfo = self.authmanager.authenticate(req)
        session = DBAPISession(cnx, login, authinfo)
        self._sessions[session.sessionid] = session
        # associate the connection to the current request
        req.set_session(session)
        return session

    def close_session(self, session):
        """close session on logout or on invalid session detected (expired out,
        corrupted...)
        """
        self.info('closing http session %s' % session)
        del self._sessions[session.sessionid]
        try:
            session.cnx.close()
        except:
            # already closed, may occurs if the repository session expired but
            # not the web session
            pass
        session.cnx = None
cubicweb