[mediagoblin.git] / mediagoblin / tools / session.py

# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2013 MediaGoblin contributors.  See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import itsdangerous
import logging

from mediagoblin.tools import crypto

_log = logging.getLogger(__name__)

MAX_AGE = 30 * 24 * 60 * 60

class Session(dict):
    def __init__(self, *args, **kwargs):
        self.send_new_cookie = False
        dict.__init__(self, *args, **kwargs)

    def save(self):
        self.send_new_cookie = True

    def is_updated(self):
        return self.send_new_cookie

    def delete(self):
        self.clear()
        self.save()


class SessionManager(object):
    def __init__(self, cookie_name='MGSession', namespace=None):
        if namespace is None:
            namespace = cookie_name
        self.signer = crypto.get_timed_signer_url(namespace)
        self.cookie_name = cookie_name

    def load_session_from_cookie(self, request):
        cookie = request.cookies.get(self.cookie_name)
        if not cookie:
            return Session()
        ### FIXME: Future cookie-blacklisting code
        # m = BadCookie.query.filter_by(cookie = cookie)
        # if m:
        #     _log.warn("Bad cookie received: %s", m.reason)
        #     raise BadRequest()
        try:
            return Session(self.signer.loads(cookie))
        except itsdangerous.BadData:
            return Session()

    def save_session_to_cookie(self, session, request, response):
        if not session.is_updated():
            return
        elif not session:
            response.delete_cookie(self.cookie_name)
        else:
            if session.get('stay_logged_in', False):
                max_age = MAX_AGE
            else:
                max_age = None

            response.set_cookie(self.cookie_name, self.signer.dumps(session),
                max_age=max_age, httponly=True)
Commit	Line	Data
c7424612 BS	1	# GNU MediaGoblin -- federated, autonomous media hosting
	2	# Copyright (C) 2013 MediaGoblin contributors. See AUTHORS.
	3	#
	4	# This program is free software: you can redistribute it and/or modify
	5	# it under the terms of the GNU Affero General Public License as published by
	6	# the Free Software Foundation, either version 3 of the License, or
	7	# (at your option) any later version.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU Affero General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16
	17	import itsdangerous
	18	import logging
	19
130b85f8	20	from mediagoblin.tools import crypto
c7424612 BS	21
	22	_log = logging.getLogger(__name__)
	23
ef57b062 JK	24	MAX_AGE = 30 * 24 * 60 * 60
ef57b062 JK	25
c7424612	26	class Session(dict):
5d1a8815 BS	27	def __init__(self, args, *kwargs):
	28	self.send_new_cookie = False
	29	dict.__init__(self, args, *kwargs)
	30
c7424612 BS	31	def save(self):
	32	self.send_new_cookie = True
	33
	34	def is_updated(self):
5d1a8815	35	return self.send_new_cookie
c7424612 BS	36
	37	def delete(self):
	38	self.clear()
	39	self.save()
	40
	41
	42	class SessionManager(object):
	43	def __init__(self, cookie_name='MGSession', namespace=None):
	44	if namespace is None:
	45	namespace = cookie_name
	46	self.signer = crypto.get_timed_signer_url(namespace)
	47	self.cookie_name = cookie_name
	48
	49	def load_session_from_cookie(self, request):
	50	cookie = request.cookies.get(self.cookie_name)
	51	if not cookie:
	52	return Session()
	53	### FIXME: Future cookie-blacklisting code
	54	# m = BadCookie.query.filter_by(cookie = cookie)
	55	# if m:
	56	# _log.warn("Bad cookie received: %s", m.reason)
	57	# raise BadRequest()
	58	try:
	59	return Session(self.signer.loads(cookie))
	60	except itsdangerous.BadData:
	61	return Session()
	62
b0ee3aae	63	def save_session_to_cookie(self, session, request, response):
3843697c	64	if not session.is_updated():
c7424612	65	return
627a721c	66	elif not session:
33cbccb0	67	response.delete_cookie(self.cookie_name)
627a721c	68	else:
ef57b062 JK	69	if session.get('stay_logged_in', False):
	70	max_age = MAX_AGE
	71	else:
	72	max_age = None
	73
b0ee3aae	74	response.set_cookie(self.cookie_name, self.signer.dumps(session),
ef57b062	75	max_age=max_age, httponly=True)