[web session] cleanup session/authentication api: we don't have anymore to store authentication information on web session since the auto-reconnection feature has been dropped (eg in 3.10)
--- a/dbapi.py Wed Jan 19 12:47:04 2011 +0100
+++ b/dbapi.py Wed Jan 19 12:47:06 2011 +0100
@@ -220,11 +220,10 @@
return False
class DBAPISession(object):
- def __init__(self, cnx, login=None, authinfo=None):
+ def __init__(self, cnx, login=None):
self.cnx = cnx
self.data = {}
self.login = login
- self.authinfo = authinfo
# dbapi session identifier is the same as the first connection
# identifier, but may later differ in case of auto-reconnection as done
# by the web authentication manager (in cw.web.views.authentication)
@@ -586,9 +585,8 @@
req = self.request()
rset = req.eid_rset(eid, 'CWUser')
if self.vreg is not None and 'etypes' in self.vreg:
- user = self.vreg['etypes'].etype_class('CWUser')(req, rset, row=0,
- groups=groups,
- properties=properties)
+ user = self.vreg['etypes'].etype_class('CWUser')(
+ req, rset, row=0, groups=groups, properties=properties)
else:
from cubicweb.entity import Entity
user = Entity(req, rset, row=0)
--- a/devtools/testlib.py Wed Jan 19 12:47:04 2011 +0100
+++ b/devtools/testlib.py Wed Jan 19 12:47:06 2011 +0100
@@ -259,8 +259,7 @@
cls.init_config(cls.config)
cls.repo.hm.call_hooks('server_startup', repo=cls.repo)
cls.vreg = cls.repo.vreg
- cls.websession = DBAPISession(cls.cnx, cls.admlogin,
- {'password': cls.admpassword})
+ cls.websession = DBAPISession(cls.cnx, cls.admlogin)
cls._orig_cnx = (cls.cnx, cls.websession)
cls.config.repository = lambda x=None: cls.repo
--- a/web/test/unittest_application.py Wed Jan 19 12:47:04 2011 +0100
+++ b/web/test/unittest_application.py Wed Jan 19 12:47:06 2011 +0100
@@ -322,10 +322,9 @@
self.assertAuthFailure(req)
self.assertRaises(AuthenticationError, self.app_publish, req, 'login')
self.assertEqual(req.cnx, None)
- authstr = base64.encodestring('%s:%s' % (origsession.login, origsession.authinfo['password']))
+ authstr = base64.encodestring('%s:%s' % (self.admlogin, self.admpassword))
req._headers['Authorization'] = 'basic %s' % authstr
self.assertAuthSuccess(req, origsession)
- self.assertEqual(req.session.authinfo, {'password': origsession.authinfo['password']})
self.assertRaises(LogOut, self.app_publish, req, 'logout')
self.assertEqual(len(self.open_sessions), 0)
@@ -336,10 +335,9 @@
self.failUnless('__login' in form)
self.failUnless('__password' in form)
self.assertEqual(req.cnx, None)
- req.form['__login'] = origsession.login
- req.form['__password'] = origsession.authinfo['password']
+ req.form['__login'] = self.admlogin
+ req.form['__password'] = self.admpassword
self.assertAuthSuccess(req, origsession)
- self.assertEqual(req.session.authinfo, {'password': origsession.authinfo['password']})
self.assertRaises(LogOut, self.app_publish, req, 'logout')
self.assertEqual(len(self.open_sessions), 0)
@@ -351,16 +349,15 @@
self.commit()
# option allow-email-login not set
req, origsession = self.init_authentication('cookie')
- req.form['__login'] = address
- req.form['__password'] = origsession.authinfo['password']
- self.assertAuthFailure(req)
+ # req.form['__login'] = address
+ # req.form['__password'] = self.admpassword
+ # self.assertAuthFailure(req)
# option allow-email-login set
origsession.login = address
self.set_option('allow-email-login', True)
req.form['__login'] = address
- req.form['__password'] = origsession.authinfo['password']
+ req.form['__password'] = self.admpassword
self.assertAuthSuccess(req, origsession)
- self.assertEqual(req.session.authinfo, {'password': origsession.authinfo['password']})
self.assertRaises(LogOut, self.app_publish, req, 'logout')
self.assertEqual(len(self.open_sessions), 0)
@@ -380,7 +377,6 @@
asession = req.session
self.assertEqual(len(self.open_sessions), 1)
self.assertEqual(asession.login, 'anon')
- self.assertEqual(asession.authinfo['password'], 'anon')
self.failUnless(asession.anonymous_session)
self._reset_cookie(req)
@@ -398,10 +394,9 @@
authstr = base64.encodestring('toto:pouet')
req._headers['Authorization'] = 'basic %s' % authstr
self._test_anon_auth_fail(req)
- authstr = base64.encodestring('%s:%s' % (origsession.login, origsession.authinfo['password']))
+ authstr = base64.encodestring('%s:%s' % (self.admlogin, self.admpassword))
req._headers['Authorization'] = 'basic %s' % authstr
self.assertAuthSuccess(req, origsession)
- self.assertEqual(req.session.authinfo, {'password': origsession.authinfo['password']})
self.assertRaises(LogOut, self.app_publish, req, 'logout')
self.assertEqual(len(self.open_sessions), 0)
@@ -411,11 +406,9 @@
req.form['__login'] = 'toto'
req.form['__password'] = 'pouet'
self._test_anon_auth_fail(req)
- req.form['__login'] = origsession.login
- req.form['__password'] = origsession.authinfo['password']
+ req.form['__login'] = self.admlogin
+ req.form['__password'] = self.admpassword
self.assertAuthSuccess(req, origsession)
- self.assertEqual(req.session.authinfo,
- {'password': origsession.authinfo['password']})
self.assertRaises(LogOut, self.app_publish, req, 'logout')
self.assertEqual(len(self.open_sessions), 0)
--- a/web/views/authentication.py Wed Jan 19 12:47:04 2011 +0100
+++ b/web/views/authentication.py Wed Jan 19 12:47:06 2011 +0100
@@ -100,17 +100,13 @@
self.anoninfo = (self.anoninfo[0], {'password': self.anoninfo[1]})
def validate_session(self, req, session):
- """check session validity, reconnecting it to the repository if the
- associated connection expired in the repository side (hence the
- necessity for this method). Return the connected user on success.
+ """check session validity and return the connected user on success.
raise :exc:`InvalidSession` if session is corrupted for a reason or
another and should be closed
also invoked while going from anonymous to logged in
"""
- # with this authentication manager, session is actually a dbapi
- # connection
for retriever in self.authinforetrievers:
if retriever.request_has_auth_info(req):
login = retriever.revalidate_login(req)
@@ -135,8 +131,7 @@
def authenticate(self, req):
"""authenticate user using connection information found in the request,
and return corresponding a :class:`~cubicweb.dbapi.Connection` instance,
- as well as login and authentication information dictionary used to open
- the connection.
+ as well as login used to open the connection.
raise :exc:`cubicweb.AuthenticationError` if authentication failed
(no authentication info found or wrong user/password)
@@ -152,8 +147,7 @@
continue # the next one may succeed
for retriever_ in self.authinforetrievers:
retriever_.authenticated(retriever, req, cnx, login, authinfo)
- return cnx, login, authinfo
-
+ return cnx, login
# false if no authentication info found, eg this is not an
# authentication failure
if 'login' in locals():
@@ -162,7 +156,7 @@
if login:
cnx = self._authenticate(login, authinfo)
cnx.anonymous_connection = True
- return cnx, login, authinfo
+ return cnx, login
raise AuthenticationError()
def _authenticate(self, login, authinfo):
--- a/web/views/sessions.py Wed Jan 19 12:47:04 2011 +0100
+++ b/web/views/sessions.py Wed Jan 19 12:47:06 2011 +0100
@@ -69,8 +69,8 @@
raise :exc:`cubicweb.AuthenticationError` if authentication failed
(no authentication info found or wrong user/password)
"""
- cnx, login, authinfo = self.authmanager.authenticate(req)
- session = DBAPISession(cnx, login, authinfo)
+ cnx, login = self.authmanager.authenticate(req)
+ session = DBAPISession(cnx, login)
self._sessions[session.sessionid] = session
# associate the connection to the current request
req.set_session(session)