# HG changeset patch
# User Sylvain Thénault <sylvain.thenault@logilab.fr>
# Date 1294402480 -3600
# Node ID fe58b234f9c2caab7f472bb7633e23439d680730
# Parent  f4f67ea5436a6af4d948527c7b88f35f315cca5a
[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading

diff -r f4f67ea5436a -r fe58b234f9c2 web/application.py
--- a/web/application.py	Fri Jan 07 08:13:43 2011 +0100
+++ b/web/application.py	Fri Jan 07 13:14:40 2011 +0100
@@ -31,7 +31,7 @@
 from cubicweb import set_log_methods, cwvreg
 from cubicweb import (
     ValidationError, Unauthorized, AuthenticationError, NoSelectableObject,
-    RepositoryError, BadConnectionId, CW_EVENT_MANAGER)
+    BadConnectionId, CW_EVENT_MANAGER)
 from cubicweb.dbapi import DBAPISession
 from cubicweb.web import LOGGER, component
 from cubicweb.web import (
@@ -148,8 +148,6 @@
                                                               vreg=self.vreg)
         global SESSION_MANAGER
         SESSION_MANAGER = self.session_manager
-        if not 'last_login_time' in self.vreg.schema:
-            self._update_last_login_time = lambda x: None
         if self.vreg.config.mode != 'test':
             # don't try to reset session manager during test, this leads to
             # weird failures when running multiple tests
@@ -224,46 +222,9 @@
             cookie[sessioncookie]['secure'] = True
         req.set_cookie(cookie, sessioncookie, maxage=None)
         if not session.anonymous_session:
-            self._postlogin(req)
+            self.session_manager.postlogin(req)
         return session
 
-    def _update_last_login_time(self, req):
-        # XXX should properly detect missing permission / non writeable source
-        # and avoid "except (RepositoryError, Unauthorized)" below
-        if req.user.cw_metainformation()['source']['type'] == 'ldapuser':
-            return
-        try:
-            req.execute('SET X last_login_time NOW WHERE X eid %(x)s',
-                        {'x' : req.user.eid})
-            req.cnx.commit()
-        except (RepositoryError, Unauthorized):
-            req.cnx.rollback()
-        except:
-            req.cnx.rollback()
-            raise
-
-    def _postlogin(self, req):
-        """postlogin: the user has been authenticated, redirect to the original
-        page (index by default) with a welcome message
-        """
-        # Update last connection date
-        # XXX: this should be in a post login hook in the repository, but there
-        #      we can't differentiate actual login of automatic session
-        #      reopening. Is it actually a problem?
-        self._update_last_login_time(req)
-        args = req.form
-        for forminternal_key in ('__form_id', '__domid', '__errorurl'):
-            args.pop(forminternal_key, None)
-        args['__message'] = req._('welcome %s !') % req.user.login
-        if 'vid' in req.form:
-            args['vid'] = req.form['vid']
-        if 'rql' in req.form:
-            args['rql'] = req.form['rql']
-        path = req.relative_path(False)
-        if path == 'login':
-            path = 'view'
-        raise Redirect(req.build_url(path, **args))
-
     def logout(self, req, goto_url):
         """logout from the instance by cleaning the session and raising
         `AuthenticationError`
diff -r f4f67ea5436a -r fe58b234f9c2 web/views/sessions.py
--- a/web/views/sessions.py	Fri Jan 07 08:13:43 2011 +0100
+++ b/web/views/sessions.py	Fri Jan 07 13:14:40 2011 +0100
@@ -21,7 +21,8 @@
 
 __docformat__ = "restructuredtext en"
 
-from cubicweb.web import InvalidSession
+from cubicweb import RepositoryError, Unauthorized
+from cubicweb.web import InvalidSession, Redirect
 from cubicweb.web.application import AbstractSessionManager
 from cubicweb.dbapi import DBAPISession
 
@@ -75,6 +76,44 @@
         req.set_session(session)
         return session
 
+    def postlogin(self, req):
+        """postlogin: the user has been authenticated, redirect to the original
+        page (index by default) with a welcome message
+        """
+        # Update last connection date
+        # XXX: this should be in a post login hook in the repository, but there
+        #      we can't differentiate actual login of automatic session
+        #      reopening. Is it actually a problem?
+        if 'last_login_time' in req.vreg.schema:
+            self._update_last_login_time(req)
+        args = req.form
+        for forminternal_key in ('__form_id', '__domid', '__errorurl'):
+            args.pop(forminternal_key, None)
+        args['__message'] = req._('welcome %s !') % req.user.login
+        if 'vid' in req.form:
+            args['vid'] = req.form['vid']
+        if 'rql' in req.form:
+            args['rql'] = req.form['rql']
+        path = req.relative_path(False)
+        if path == 'login':
+            path = 'view'
+        raise Redirect(req.build_url(path, **args))
+
+    def _update_last_login_time(self, req):
+        # XXX should properly detect missing permission / non writeable source
+        # and avoid "except (RepositoryError, Unauthorized)" below
+        if req.user.cw_metainformation()['source']['type'] == 'ldapuser':
+            return
+        try:
+            req.execute('SET X last_login_time NOW WHERE X eid %(x)s',
+                        {'x' : req.user.eid})
+            req.cnx.commit()
+        except (RepositoryError, Unauthorized):
+            req.cnx.rollback()
+        except:
+            req.cnx.rollback()
+            raise
+
     def close_session(self, session):
         """close session on logout or on invalid session detected (expired out,
         corrupted...)