From: Elrond Date: Fri, 29 Mar 2013 13:49:13 +0000 (+0100) Subject: Create new session system for piwigo plugin. X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=7fb419ddd2bd1770d62fffadc674c53b670cba81;p=mediagoblin.git Create new session system for piwigo plugin. Using the brand new itsdangerous sessions to power the sessions for piwigo. The real point is: Clients want to have the session in a "pwg_id" cookie and don't accept any other cookie name. --- diff --git a/mediagoblin/plugins/piwigo/__init__.py b/mediagoblin/plugins/piwigo/__init__.py index 73326e9e..c4da708a 100644 --- a/mediagoblin/plugins/piwigo/__init__.py +++ b/mediagoblin/plugins/piwigo/__init__.py @@ -17,6 +17,8 @@ import logging from mediagoblin.tools import pluginapi +from mediagoblin.tools.session import SessionManager +from .tools import PWGSession _log = logging.getLogger(__name__) @@ -32,6 +34,9 @@ def setup_plugin(): pluginapi.register_routes(routes) + PWGSession.session_manager = SessionManager("pwg_id", "plugins.piwigo") + + hooks = { 'setup': setup_plugin } diff --git a/mediagoblin/plugins/piwigo/tools.py b/mediagoblin/plugins/piwigo/tools.py index cd466367..400be615 100644 --- a/mediagoblin/plugins/piwigo/tools.py +++ b/mediagoblin/plugins/piwigo/tools.py @@ -20,6 +20,7 @@ import six import lxml.etree as ET from werkzeug.exceptions import MethodNotAllowed, BadRequest +from mediagoblin.tools.request import setup_user_in_request from mediagoblin.tools.response import Response @@ -119,3 +120,33 @@ def check_form(form): for f in form: dump.append("%s=%r" % (f.name, f.data)) _log.debug("form: %s", " ".join(dump)) + + +class PWGSession(object): + session_manager = None + + def __init__(self, request): + self.request = request + self.in_pwg_session = False + + def __enter__(self): + # Backup old state + self.old_session = self.request.session + self.old_user = self.request.user + # Load piwigo session into state + self.request.session = self.session_manager.load_session_from_cookie( + self.request) + setup_user_in_request(self.request) + self.in_pwg_session = True + return self + + def __exit__(self, *args): + # Restore state + self.request.session = self.old_session + self.request.user = self.old_user + self.in_pwg_session = False + + def save_to_cookie(self, response): + assert self.in_pwg_session + self.session_manager.save_session_to_cookie(self.request.session, + self.request, response) diff --git a/mediagoblin/plugins/piwigo/views.py b/mediagoblin/plugins/piwigo/views.py index 837d8eca..6a246f18 100644 --- a/mediagoblin/plugins/piwigo/views.py +++ b/mediagoblin/plugins/piwigo/views.py @@ -20,10 +20,11 @@ import re from werkzeug.exceptions import MethodNotAllowed, BadRequest, NotImplemented from werkzeug.wrappers import BaseResponse -from mediagoblin import mg_globals from mediagoblin.meddleware.csrf import csrf_exempt from mediagoblin.submit.lib import check_file_field -from .tools import CmdTable, PwgNamedArray, response_xml, check_form +from mediagoblin.auth.lib import fake_login_attempt +from .tools import CmdTable, PwgNamedArray, response_xml, check_form, \ + PWGSession from .forms import AddSimpleForm, AddForm @@ -35,12 +36,21 @@ def pwg_login(request): username = request.form.get("username") password = request.form.get("password") _log.info("Login for %r/%r...", username, password) + user = request.db.User.query.filter_by(username=username).first() + if not user: + fake_login_attempt() + return False + if not user.check_login(password): + return False + request.session["user_id"] = user.id + request.session.save() return True @CmdTable("pwg.session.logout") def pwg_logout(request): _log.info("Logout") + request.session.delete() return True @@ -154,11 +164,13 @@ def ws_php(request): request.args, request.form) raise NotImplemented() - result = func(request) + with PWGSession(request) as session: + result = func(request) - if isinstance(result, BaseResponse): - return result + if isinstance(result, BaseResponse): + return result - response = response_xml(result) + response = response_xml(result) + session.save_to_cookie(response) - return response + return response