[application] call req.set_session in application.main_handle_request
The Session handling chain is no more responsible for calling req.set_session.
It just returns a valid session and lets the caller link it to the Request.
This opens the way to explicitly creating and closing a connection/transaction
in ``application.main_handle_request``.
Related to #2503918
--- a/devtools/testlib.py Thu Jun 13 18:46:39 2013 +0200
+++ b/devtools/testlib.py Fri Jun 14 13:43:29 2013 +0200
@@ -780,15 +780,15 @@
def assertAuthSuccess(self, req, origsession, nbsessions=1):
sh = self.app.session_handler
- self.app.connect(req)
- session = req.session
+ session = self.app.get_session(req)
+ req.set_session(session)
self.assertEqual(len(self.open_sessions), nbsessions, self.open_sessions)
self.assertEqual(session.login, origsession.login)
self.assertEqual(session.anonymous_session, False)
def assertAuthFailure(self, req, nbsessions=0):
with self.assertRaises(AuthenticationError):
- self.app.connect(req)
+ self.app.get_session(req)
# +0 since we do not track the opened session
self.assertEqual(len(self.open_sessions), nbsessions)
clear_cache(req, 'get_authorization')
--- a/web/application.py Thu Jun 13 18:46:39 2013 +0200
+++ b/web/application.py Fri Jun 14 13:43:29 2013 +0200
@@ -111,8 +111,7 @@
raise NotImplementedError()
def open_session(self, req):
- """open and return a new session for the given request. The session is
- also bound to the request.
+ """open and return a new session for the given request.
raise :exc:`cubicweb.AuthenticationError` if authentication failed
(no authentication info found or wrong user/password)
@@ -196,27 +195,28 @@
return '__%s_https_session' % self.vreg.config.appid
return '__%s_session' % self.vreg.config.appid
- def set_session(self, req):
- """associate a session to the request
+ def get_session(self, req):
+ """Return a session object corresponding to credentials held by the req
Session id is searched from :
- # form variable
- cookie
- if no session id is found, open a new session for the connected user
- or request authentification as needed
+ If no session id is found, try opening a new session with credentials
+ found in the request.
- :raise Redirect: if authentication has occurred and succeed
+ Raises AuthenticationError if no session can be found or created.
"""
cookie = req.get_cookie()
sessioncookie = self.session_cookie(req)
try:
sessionid = str(cookie[sessioncookie].value)
- self.get_session(req, sessionid)
+ session = self.get_session_by_id(req, sessionid)
except (KeyError, InvalidSession): # no valid session cookie
- self.open_session(req)
+ session = self.open_session(req)
+ return session
- def get_session(self, req, sessionid):
+ def get_session_by_id(self, req, sessionid):
session = self.session_manager.get_session(req, sessionid)
session.mtime = time()
return session
@@ -283,12 +283,12 @@
self.url_resolver = self.vreg['components'].select('urlpublisher',
vreg=self.vreg)
- def connect(self, req):
- """return a connection for a logged user object according to existing
- sessions (i.e. a new connection may be created or an already existing
- one may be reused
+ def get_session(self, req):
+ """Return a session object corresponding to credentials held by the req
+
+ May raise AuthenticationError.
"""
- self.session_handler.set_session(req)
+ return self.session_handler.get_session(req)
# publish methods #########################################################
@@ -336,7 +336,8 @@
content = ''
try:
try:
- self.connect(req)
+ session = self.get_session(req)
+ req.set_session(session)
except AuthenticationError:
# XXX We want to clean up this approach in the future. But
# several cubes like registration or forgotten password rely on
--- a/web/test/data/views.py Thu Jun 13 18:46:39 2013 +0200
+++ b/web/test/data/views.py Fri Jun 14 13:43:29 2013 +0200
@@ -34,7 +34,8 @@
req.cnx.close()
req.cnx = None
try:
- self.session_handler.set_session(req)
+ session = self.session_handler.get_session(req)
+ req.set_session(session)
except Redirect:
pass
assert req.user.login == login
--- a/web/test/unittest_application.py Thu Jun 13 18:46:39 2013 +0200
+++ b/web/test/unittest_application.py Fri Jun 14 13:43:29 2013 +0200
@@ -378,8 +378,8 @@
req.session = req.cnx = None
def _test_auth_anon(self, req):
- self.app.connect(req)
- asession = req.session
+ asession = self.app.get_session(req)
+ req.set_session(asession)
self.assertEqual(len(self.open_sessions), 1)
self.assertEqual(asession.login, 'anon')
self.assertTrue(asession.anonymous_session)
@@ -387,7 +387,8 @@
def _test_anon_auth_fail(self, req):
self.assertEqual(len(self.open_sessions), 1)
- self.app.connect(req)
+ session = self.app.get_session(req)
+ req.set_session(session)
self.assertEqual(req.message, 'authentication failure')
self.assertEqual(req.session.anonymous_session, True)
self.assertEqual(len(self.open_sessions), 1)
--- a/web/views/sessions.py Thu Jun 13 18:46:39 2013 +0200
+++ b/web/views/sessions.py Fri Jun 14 13:43:29 2013 +0200
@@ -60,8 +60,6 @@
# invalid session
self.close_session(session)
raise
- # associate the connection to the current request
- req.set_session(session, user)
return session
def open_session(self, req):
@@ -74,8 +72,6 @@
cnx, login = self.authmanager.authenticate(req)
session = DBAPISession(cnx, login)
self._sessions[session.sessionid] = session
- # associate the connection to the current request
- req.set_session(session)
return session
def postlogin(self, req, session):