# HG changeset patch # User Pierre-Yves David # Date 1371210209 -7200 # Node ID e08f9c55dab5b6a3911bd9057f4ae66aa5480bd4 # Parent 9deb024a96c07f4835087c542a667ee076ab47b6 [application] call req.set_session in application.main_handle_request The Session handling chain is no more responsible for calling req.set_session. It just returns a valid session and lets the caller link it to the Request. This opens the way to explicitly creating and closing a connection/transaction in ``application.main_handle_request``. Related to #2503918 diff -r 9deb024a96c0 -r e08f9c55dab5 devtools/testlib.py --- a/devtools/testlib.py Thu Jun 13 18:46:39 2013 +0200 +++ b/devtools/testlib.py Fri Jun 14 13:43:29 2013 +0200 @@ -780,15 +780,15 @@ def assertAuthSuccess(self, req, origsession, nbsessions=1): sh = self.app.session_handler - self.app.connect(req) - session = req.session + session = self.app.get_session(req) + req.set_session(session) self.assertEqual(len(self.open_sessions), nbsessions, self.open_sessions) self.assertEqual(session.login, origsession.login) self.assertEqual(session.anonymous_session, False) def assertAuthFailure(self, req, nbsessions=0): with self.assertRaises(AuthenticationError): - self.app.connect(req) + self.app.get_session(req) # +0 since we do not track the opened session self.assertEqual(len(self.open_sessions), nbsessions) clear_cache(req, 'get_authorization') diff -r 9deb024a96c0 -r e08f9c55dab5 web/application.py --- a/web/application.py Thu Jun 13 18:46:39 2013 +0200 +++ b/web/application.py Fri Jun 14 13:43:29 2013 +0200 @@ -111,8 +111,7 @@ raise NotImplementedError() def open_session(self, req): - """open and return a new session for the given request. The session is - also bound to the request. + """open and return a new session for the given request. raise :exc:`cubicweb.AuthenticationError` if authentication failed (no authentication info found or wrong user/password) @@ -196,27 +195,28 @@ return '__%s_https_session' % self.vreg.config.appid return '__%s_session' % self.vreg.config.appid - def set_session(self, req): - """associate a session to the request + def get_session(self, req): + """Return a session object corresponding to credentials held by the req Session id is searched from : - # form variable - cookie - if no session id is found, open a new session for the connected user - or request authentification as needed + If no session id is found, try opening a new session with credentials + found in the request. - :raise Redirect: if authentication has occurred and succeed + Raises AuthenticationError if no session can be found or created. """ cookie = req.get_cookie() sessioncookie = self.session_cookie(req) try: sessionid = str(cookie[sessioncookie].value) - self.get_session(req, sessionid) + session = self.get_session_by_id(req, sessionid) except (KeyError, InvalidSession): # no valid session cookie - self.open_session(req) + session = self.open_session(req) + return session - def get_session(self, req, sessionid): + def get_session_by_id(self, req, sessionid): session = self.session_manager.get_session(req, sessionid) session.mtime = time() return session @@ -283,12 +283,12 @@ self.url_resolver = self.vreg['components'].select('urlpublisher', vreg=self.vreg) - def connect(self, req): - """return a connection for a logged user object according to existing - sessions (i.e. a new connection may be created or an already existing - one may be reused + def get_session(self, req): + """Return a session object corresponding to credentials held by the req + + May raise AuthenticationError. """ - self.session_handler.set_session(req) + return self.session_handler.get_session(req) # publish methods ######################################################### @@ -336,7 +336,8 @@ content = '' try: try: - self.connect(req) + session = self.get_session(req) + req.set_session(session) except AuthenticationError: # XXX We want to clean up this approach in the future. But # several cubes like registration or forgotten password rely on diff -r 9deb024a96c0 -r e08f9c55dab5 web/test/data/views.py --- a/web/test/data/views.py Thu Jun 13 18:46:39 2013 +0200 +++ b/web/test/data/views.py Fri Jun 14 13:43:29 2013 +0200 @@ -34,7 +34,8 @@ req.cnx.close() req.cnx = None try: - self.session_handler.set_session(req) + session = self.session_handler.get_session(req) + req.set_session(session) except Redirect: pass assert req.user.login == login diff -r 9deb024a96c0 -r e08f9c55dab5 web/test/unittest_application.py --- a/web/test/unittest_application.py Thu Jun 13 18:46:39 2013 +0200 +++ b/web/test/unittest_application.py Fri Jun 14 13:43:29 2013 +0200 @@ -378,8 +378,8 @@ req.session = req.cnx = None def _test_auth_anon(self, req): - self.app.connect(req) - asession = req.session + asession = self.app.get_session(req) + req.set_session(asession) self.assertEqual(len(self.open_sessions), 1) self.assertEqual(asession.login, 'anon') self.assertTrue(asession.anonymous_session) @@ -387,7 +387,8 @@ def _test_anon_auth_fail(self, req): self.assertEqual(len(self.open_sessions), 1) - self.app.connect(req) + session = self.app.get_session(req) + req.set_session(session) self.assertEqual(req.message, 'authentication failure') self.assertEqual(req.session.anonymous_session, True) self.assertEqual(len(self.open_sessions), 1) diff -r 9deb024a96c0 -r e08f9c55dab5 web/views/sessions.py --- a/web/views/sessions.py Thu Jun 13 18:46:39 2013 +0200 +++ b/web/views/sessions.py Fri Jun 14 13:43:29 2013 +0200 @@ -60,8 +60,6 @@ # invalid session self.close_session(session) raise - # associate the connection to the current request - req.set_session(session, user) return session def open_session(self, req): @@ -74,8 +72,6 @@ cnx, login = self.authmanager.authenticate(req) session = DBAPISession(cnx, login) self._sessions[session.sessionid] = session - # associate the connection to the current request - req.set_session(session) return session def postlogin(self, req, session):