[mediagoblin.git] / mediagoblin / tools / session.py

# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2013 MediaGoblin contributors.  See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import itsdangerous
import logging

import crypto

_log = logging.getLogger(__name__)

class Session(dict):
    def save(self):
        self.send_new_cookie = True

    def is_updated(self):
        return getattr(self, 'send_new_cookie')

    def delete(self):
        self.clear()
        self.save()


class SessionManager(object):
    def __init__(self, cookie_name='MGSession', namespace=None):
        if namespace is None:
            namespace = cookie_name
        self.signer = crypto.get_timed_signer_url(namespace)
        self.cookie_name = cookie_name

    def load_session_from_cookie(self, request):
        cookie = request.cookies.get(self.cookie_name)
        if not cookie:
            return Session()
        ### FIXME: Future cookie-blacklisting code
        # m = BadCookie.query.filter_by(cookie = cookie)
        # if m:
        #     _log.warn("Bad cookie received: %s", m.reason)
        #     raise BadRequest()
        try:
            return Session(self.signer.loads(cookie))
        except itsdangerous.BadData:
            return Session()

    def save_session_to_cookie(self, session, response):
        if not session.is_updated:
            return
        elif not session:
            response.delete_cookie(self.cookie_name)
        else:
            response.set_cookie(self.cookie_name, self.signer.dumps(session))
Commit	Line	Data
c7424612 BS	1	# GNU MediaGoblin -- federated, autonomous media hosting
	2	# Copyright (C) 2013 MediaGoblin contributors. See AUTHORS.
	3	#
	4	# This program is free software: you can redistribute it and/or modify
	5	# it under the terms of the GNU Affero General Public License as published by
	6	# the Free Software Foundation, either version 3 of the License, or
	7	# (at your option) any later version.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU Affero General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16
	17	import itsdangerous
	18	import logging
	19
	20	import crypto
	21
	22	_log = logging.getLogger(__name__)
	23
	24	class Session(dict):
	25	def save(self):
	26	self.send_new_cookie = True
	27
	28	def is_updated(self):
	29	return getattr(self, 'send_new_cookie')
	30
	31	def delete(self):
	32	self.clear()
	33	self.save()
	34
	35
	36	class SessionManager(object):
	37	def __init__(self, cookie_name='MGSession', namespace=None):
	38	if namespace is None:
	39	namespace = cookie_name
	40	self.signer = crypto.get_timed_signer_url(namespace)
	41	self.cookie_name = cookie_name
	42
	43	def load_session_from_cookie(self, request):
	44	cookie = request.cookies.get(self.cookie_name)
	45	if not cookie:
	46	return Session()
	47	### FIXME: Future cookie-blacklisting code
	48	# m = BadCookie.query.filter_by(cookie = cookie)
	49	# if m:
	50	# _log.warn("Bad cookie received: %s", m.reason)
	51	# raise BadRequest()
	52	try:
	53	return Session(self.signer.loads(cookie))
	54	except itsdangerous.BadData:
	55	return Session()
	56
	57	def save_session_to_cookie(self, session, response):
	58	if not session.is_updated:
	59	return
627a721c BS	60	elif not session:
	61	response.delete_cookie(self.cookie_name)
	62	else:
	63	response.set_cookie(self.cookie_name, self.signer.dumps(session))