[session-handler] use session directly to update last usage
We don't really need the WebRequest for that. Not using the WebRequest to access
the cubicweb repository here will allow a delayed set_session.
Related to #2503918
--- a/doc/4.0.rst Thu Jun 13 18:50:19 2013 +0200
+++ b/doc/4.0.rst Thu Jun 13 18:46:39 2013 +0200
@@ -1,6 +1,14 @@
What's new in CubicWeb 4.0?
============================
+API changes
+-----------
+
+* ``RepositorySessionManager.postlogin`` is now called with two arguments,
+ request and session. And this now happens before the session is linked to the
+ request.
+
+
Deprecated Code Drops
----------------------
--- a/web/application.py Thu Jun 13 18:50:19 2013 +0200
+++ b/web/application.py Thu Jun 13 18:46:39 2013 +0200
@@ -228,7 +228,7 @@
req.set_cookie(sessioncookie, session.sessionid,
maxage=None, secure=secure)
if not session.anonymous_session:
- self.session_manager.postlogin(req)
+ self.session_manager.postlogin(req, session)
return session
def logout(self, req, goto_url):
--- a/web/views/sessions.py Thu Jun 13 18:50:19 2013 +0200
+++ b/web/views/sessions.py Thu Jun 13 18:46:39 2013 +0200
@@ -78,29 +78,33 @@
req.set_session(session)
return session
- def postlogin(self, req):
- """postlogin: the user has been authenticated, redirect to the original
- page (index by default) with a welcome message
+ def postlogin(self, req, session):
+ """postlogin: the user have been related to a session
+
+ Both req and session are passed to this function because actually
+ linking the request to the session is not yet done and not the
+ responsability of this object.
"""
# Update last connection date
# XXX: this should be in a post login hook in the repository, but there
# we can't differentiate actual login of automatic session
# reopening. Is it actually a problem?
if 'last_login_time' in req.vreg.schema:
- self._update_last_login_time(req)
- req.set_message(req._('welcome %s !') % req.user.login)
+ self._update_last_login_time(session)
+ req.set_message(req._('welcome %s !') % session.cnx.user().login)
- def _update_last_login_time(self, req):
+ def _update_last_login_time(self, session):
# XXX should properly detect missing permission / non writeable source
# and avoid "except (RepositoryError, Unauthorized)" below
try:
- req.execute('SET X last_login_time NOW WHERE X eid %(x)s',
- {'x' : req.user.eid})
- req.cnx.commit()
+ cu = session.cnx.cursor()
+ cu.execute('SET X last_login_time NOW WHERE X eid %(x)s',
+ {'x' : session.cnx.user().eid})
+ session.cnx.commit()
except (RepositoryError, Unauthorized):
- req.cnx.rollback()
+ session.cnx.rollback()
except Exception:
- req.cnx.rollback()
+ session.cnx.rollback()
raise
def close_session(self, session):