[web session] refactor to finally closes #343036: allow _postlogin behaviour overloading
--- a/web/application.py Fri Jan 07 08:13:43 2011 +0100
+++ b/web/application.py Fri Jan 07 13:14:40 2011 +0100
@@ -31,7 +31,7 @@
from cubicweb import set_log_methods, cwvreg
from cubicweb import (
ValidationError, Unauthorized, AuthenticationError, NoSelectableObject,
- RepositoryError, BadConnectionId, CW_EVENT_MANAGER)
+ BadConnectionId, CW_EVENT_MANAGER)
from cubicweb.dbapi import DBAPISession
from cubicweb.web import LOGGER, component
from cubicweb.web import (
@@ -148,8 +148,6 @@
vreg=self.vreg)
global SESSION_MANAGER
SESSION_MANAGER = self.session_manager
- if not 'last_login_time' in self.vreg.schema:
- self._update_last_login_time = lambda x: None
if self.vreg.config.mode != 'test':
# don't try to reset session manager during test, this leads to
# weird failures when running multiple tests
@@ -224,46 +222,9 @@
cookie[sessioncookie]['secure'] = True
req.set_cookie(cookie, sessioncookie, maxage=None)
if not session.anonymous_session:
- self._postlogin(req)
+ self.session_manager.postlogin(req)
return session
- def _update_last_login_time(self, req):
- # XXX should properly detect missing permission / non writeable source
- # and avoid "except (RepositoryError, Unauthorized)" below
- if req.user.cw_metainformation()['source']['type'] == 'ldapuser':
- return
- try:
- req.execute('SET X last_login_time NOW WHERE X eid %(x)s',
- {'x' : req.user.eid})
- req.cnx.commit()
- except (RepositoryError, Unauthorized):
- req.cnx.rollback()
- except:
- req.cnx.rollback()
- raise
-
- def _postlogin(self, req):
- """postlogin: the user has been authenticated, redirect to the original
- page (index by default) with a welcome message
- """
- # Update last connection date
- # XXX: this should be in a post login hook in the repository, but there
- # we can't differentiate actual login of automatic session
- # reopening. Is it actually a problem?
- self._update_last_login_time(req)
- args = req.form
- for forminternal_key in ('__form_id', '__domid', '__errorurl'):
- args.pop(forminternal_key, None)
- args['__message'] = req._('welcome %s !') % req.user.login
- if 'vid' in req.form:
- args['vid'] = req.form['vid']
- if 'rql' in req.form:
- args['rql'] = req.form['rql']
- path = req.relative_path(False)
- if path == 'login':
- path = 'view'
- raise Redirect(req.build_url(path, **args))
-
def logout(self, req, goto_url):
"""logout from the instance by cleaning the session and raising
`AuthenticationError`
--- a/web/views/sessions.py Fri Jan 07 08:13:43 2011 +0100
+++ b/web/views/sessions.py Fri Jan 07 13:14:40 2011 +0100
@@ -21,7 +21,8 @@
__docformat__ = "restructuredtext en"
-from cubicweb.web import InvalidSession
+from cubicweb import RepositoryError, Unauthorized
+from cubicweb.web import InvalidSession, Redirect
from cubicweb.web.application import AbstractSessionManager
from cubicweb.dbapi import DBAPISession
@@ -75,6 +76,44 @@
req.set_session(session)
return session
+ def postlogin(self, req):
+ """postlogin: the user has been authenticated, redirect to the original
+ page (index by default) with a welcome message
+ """
+ # Update last connection date
+ # XXX: this should be in a post login hook in the repository, but there
+ # we can't differentiate actual login of automatic session
+ # reopening. Is it actually a problem?
+ if 'last_login_time' in req.vreg.schema:
+ self._update_last_login_time(req)
+ args = req.form
+ for forminternal_key in ('__form_id', '__domid', '__errorurl'):
+ args.pop(forminternal_key, None)
+ args['__message'] = req._('welcome %s !') % req.user.login
+ if 'vid' in req.form:
+ args['vid'] = req.form['vid']
+ if 'rql' in req.form:
+ args['rql'] = req.form['rql']
+ path = req.relative_path(False)
+ if path == 'login':
+ path = 'view'
+ raise Redirect(req.build_url(path, **args))
+
+ def _update_last_login_time(self, req):
+ # XXX should properly detect missing permission / non writeable source
+ # and avoid "except (RepositoryError, Unauthorized)" below
+ if req.user.cw_metainformation()['source']['type'] == 'ldapuser':
+ return
+ try:
+ req.execute('SET X last_login_time NOW WHERE X eid %(x)s',
+ {'x' : req.user.eid})
+ req.cnx.commit()
+ except (RepositoryError, Unauthorized):
+ req.cnx.rollback()
+ except:
+ req.cnx.rollback()
+ raise
+
def close_session(self, session):
"""close session on logout or on invalid session detected (expired out,
corrupted...)