Merge with pyramid-cubicweb
The following tasks have been done:
- merge packaging files
- merge documentation
- move pyramid_cubicweb package at cubicweb/pyramid and update imports
accordingly
- rename tests directory into test
- move pyramid-cubicweb README.rst into README.pyramid.rst until better idea
- add a test dependency on unreleased cubicweb-pyramid to have both py27 and
py34 tests pass
Closes #14023058.
import warnings
import logging
from contextlib import contextmanager
from pyramid.compat import pickle
from pyramid.session import SignedCookieSessionFactory
from cubicweb import Binary
log = logging.getLogger(__name__)
def logerrors(logger):
def wrap(fn):
def newfn(*args, **kw):
try:
return fn(*args, **kw)
except:
logger.exception("Error in %s" % fn.__name__)
return newfn
return wrap
@contextmanager
def unsafe_cnx_context_manager(request):
"""Return a connection for use as a context manager, with security disabled
If request has an attached connection, its security will be deactived in the context manager's
scope, else a new internal connection is returned.
"""
cnx = request.cw_cnx
if cnx is None:
with request.registry['cubicweb.repository'].internal_cnx() as cnx:
yield cnx
else:
with cnx.security_enabled(read=False, write=False):
yield cnx
def CWSessionFactory(
secret,
cookie_name='session',
max_age=None,
path='/',
domain=None,
secure=False,
httponly=True,
set_on_exception=True,
timeout=1200,
reissue_time=120,
hashalg='sha512',
salt='pyramid.session.',
serializer=None):
""" A pyramid session factory that store session data in the CubicWeb
database.
Storage is done with the 'CWSession' entity, which is provided by the
'pyramid' cube.
.. warning::
Although it provides a sane default behavior, this session storage has
a serious overhead because it uses RQL to access the database.
Using pure SQL would improve a bit (it is roughly twice faster), but it
is still pretty slow and thus not an immediate priority.
It is recommended to use faster session factory
(pyramid_redis_sessions_ for example) if you need speed.
.. _pyramid_redis_sessions: http://pyramid-redis-sessions.readthedocs.org/
en/latest/index.html
"""
SignedCookieSession = SignedCookieSessionFactory(
secret,
cookie_name=cookie_name,
max_age=max_age,
path=path,
domain=domain,
secure=secure,
httponly=httponly,
set_on_exception=set_on_exception,
timeout=timeout,
reissue_time=reissue_time,
hashalg=hashalg,
salt=salt,
serializer=serializer)
class CWSession(SignedCookieSession):
def __init__(self, request):
# _set_accessed will be called by the super __init__.
# Setting _loaded to True inhibates it.
self._loaded = True
# the super __init__ will load a single value in the dictionnary,
# the session id.
super(CWSession, self).__init__(request)
# Remove the session id from the dict
self.sessioneid = self.pop('sessioneid', None)
self.repo = request.registry['cubicweb.repository']
# We need to lazy-load only for existing sessions
self._loaded = self.sessioneid is None
@logerrors(log)
def _set_accessed(self, value):
self._accessed = value
if self._loaded:
return
with unsafe_cnx_context_manager(self.request) as cnx:
value_rset = cnx.execute('Any D WHERE X eid %(x)s, X cwsessiondata D',
{'x': self.sessioneid})
value = value_rset[0][0]
if value:
# Use directly dict.update to avoir _set_accessed to be
# recursively called
dict.update(self, pickle.load(value))
self._loaded = True
def _get_accessed(self):
return self._accessed
accessed = property(_get_accessed, _set_accessed)
@logerrors(log)
def _set_cookie(self, response):
# Save the value in the database
data = Binary(pickle.dumps(dict(self)))
sessioneid = self.sessioneid
with unsafe_cnx_context_manager(self.request) as cnx:
if not sessioneid:
session = cnx.create_entity(
'CWSession', cwsessiondata=data)
sessioneid = session.eid
else:
session = cnx.entity_from_eid(sessioneid)
session.cw_set(cwsessiondata=data)
cnx.commit()
# Only if needed actually set the cookie
if self.new or self.accessed - self.renewed > self._reissue_time:
dict.clear(self)
dict.__setitem__(self, 'sessioneid', sessioneid)
return super(CWSession, self)._set_cookie(response)
return True
return CWSession
def includeme(config):
""" Activate the CubicWeb session factory.
Usually called via ``config.include('cubicweb.pyramid.auth')``.
See also :ref:`defaults_module`
"""
settings = config.registry.settings
secret = settings.get('cubicweb.session.secret', '')
if not secret:
secret = config.registry['cubicweb.config'].get('pyramid-session-secret')
warnings.warn('''
Please migrate pyramid-session-secret from
all-in-one.conf to cubicweb.session.secret config entry in
your pyramid.ini file.
''')
if not secret:
secret = 'notsosecret'
warnings.warn('''
!! WARNING !! !! WARNING !!
The session cookies are signed with a static secret key.
To put your own secret key, edit your pyramid.ini file
and set the 'cubicweb.session.secret' key.
YOU SHOULD STOP THIS INSTANCE unless your really know what you
are doing !!
''')
session_factory = CWSessionFactory(secret)
config.set_session_factory(session_factory)