def process(self, resource_id, *args, **kwargs):
from voluptuous import Schema
from google.appengine.api import namespace_manager
namespace_manager.set_namespace('_x_')
session_store = sessions.get_store(request=self.request)
session = session_store.get_session()
if not 'u' in session:
self.about(403)
return
obj = json.loads(self.request.body)
schema = Schema(self.schema, extra=True)
try:
obj = schema(obj)
except:
logging.exception('validation failed')
session_store = sessions.get_store()
session = session_store.get_session()
school_key = ndb.Key(urlsafe = session.get('s'))
obj['school'] = school_key
entity = self.entity.from_dict(obj)
entity.put()
self.write_json_response(entity.to_dict())
def dispatch(self):
# by default, the session ID is set in the Cookie header, but we can't rely on
# cookies because of 3rd party cookie restrictions. so we pass the session ID through GET
# parameters and unset the cookie before the response is sent
self.session_id = self.request.get("SESSION")
if self.session_id:
self.request.cookies["session"] = self.session_id
self.session_store = sessions.get_store(request=self.request)
self.session # touch the object to guarantee its instantiation
else:
self.session_store = sessions.get_store(request=self.request)
try:
# there was no session yet, so we assume a valid signed request from Speakap
# if the signed request is not valid, an exception is raised
signed_params = dict(self.request.params)
speakap_api.validate_signature(signed_params)
# we copy all parameters from the signed request to a new user session (the session
# is created implicitly), so the params are available on follow-up requests
for key in signed_params:
self.session[key] = signed_params[key]
self.session_store.save_sessions(self.response)
# ugly method to get the session ID from the Set-Cookie header
self.session_id = self.response.headers["Set-Cookie"].split(";")[0].split("=", 2)[1]
except speakap.SignatureValidationError, exception:
print exception
self.show_auth_error()
return
def dispatch(self):
self.session_store = sessions.get_store(factory=sessions.SessionStore, key='webapp2_extras.sessions.SessionStore', request=self.request)
self.session_flash = sessions.get_store(factory=sessions.SessionDict, key='webapp2_extras.sessions.SessionDict', request=self.request)
try:
RequestHandler.dispatch(self)
finally:
self.session_store.save_sessions(self.response)
def post_logout(self): self.auth.unset_session() # User is logged out, let's try redirecting to login page #try: # self.redirect(self.default_uri) #except (AttributeError, KeyError), e: # return "User is logged out" #finally: self.redirect(self.default_uri) sessions.get_store(request=self.request).save_sessions(self.response)
def dispatch(self):
self.session_store = sessions.get_store(request=self.request)
try:
webapp2.RequestHandler.dispatch(self)
except Exception, e:
logging.error(e)
self.redirect("/logout/")
def dispatch(self):
# get a session store for this request
self.session_store = sessions.get_store(request=self.request)
# always check CSRF if this is a post unless explicitly disabled
if self.request.method == 'POST' and not self.SKIP_CSRF:
if not self.checkCSRF():
return self.renderError(412)
if hasattr(self, "before"):
try:
self.before(*self.request.route_args, **self.request.route_kwargs)
except Exception as e:
self.handle_exception(e, False)
# only run the regular action if there isn't already an error or redirect
if self.response.status_int == 200:
webapp2.RequestHandler.dispatch(self)
if hasattr(self, "after"):
try:
self.after(*self.request.route_args, **self.request.route_kwargs)
except Exception as e:
self.handle_exception(e, False)
# save all sessions
self.session_store.save_sessions(self.response)
def session_store(self):
try:
store = sessions.get_store(request=self.request)
return store
except Exception as e:
print "Session_store"
print e
def __init__(self, request, response):
""" constructor """
main.log('Initializing base page.')
self.initialize(request, response)
self.session_store = sessions.get_store(request=request)
self._initialize_login()
def post(self):
username = self.request.get('username')
password = self.request.get('password')
try:
database = gdbm.open('database.gdbm','cf')
except:
time.sleep(0.1)
database = gdbm.open('database.gdbm','cf')
if ('usr'+username).encode('ascii','ignore') in database:
auth_info = json.loads(
database[('usr'+username).encode('ascii','ignore')]
)
if auth_info['password'] == password:
session_store = sessions.get_store(request=self.request)
session = session_store.get_session()
session['key'] = auth_info['key']
session['username'] = username
session_store.save_sessions(self.response)
database.close()
self.redirect('/jj70/abstracts')
else:
database.close()
self.redirect('/jj70/login')
else:
database.close()
self.redirect('/jj70/login')
def dispatch(self):
self.session_store = sessions.get_store(request = self.request)
try:
webapp2.RequestHandler.dispatch(self)
finally:
self.session_store.save_sessions(self.response)
def get(self):
session_store = sessions.get_store(request=self.request)
session = session_store.get_session()
username = session.get('username')
key = session.get('key')
try:
database = gdbm.open('database.gdbm','cf')
except:
time.sleep(1.0)
database = gdbm.open('database.gdbm','cf')
if username:
if ('usr'+username).encode('ascii','ignore') in database:
auth_info = json.loads(
database[('usr'+username).encode('ascii','ignore')]
)
if auth_info['key'] == key:
template_values = {'auth':auth_info}
template = JINJA_ENVIRONMENT.get_template('ko.html')
database.close()
self.response.write(template.render(template_values))
else:
database.close()
self.redirect('/jj70/login')
else:
database.close()
self.redirect('/jj70/login')
else:
database.close()
self.redirect('/jj70/login')
def dispatch(self):
# Get a session store for this request.
self.session_store = sessions.get_store(request=self.request)
try: # Dispatch the request.
webapp2.RequestHandler.dispatch(self)
finally: # Save all sessions.
self.session_store.save_sessions(self.response)
def get(self, *args, **kwargs):
session_store = sessions.get_store()
session = session_store.get_session()
if session:
# TODO: Is there a better way to do this?
for key in session.keys():
del session[key]
federated_identity = OPENID_ENDPOINT_GOOGLE
token = self.request.get('tk')
if token:
session['tk'] = token
session_store.save_sessions(self.response)
school = self.request.get('sc')
params = {}
if school:
params['sc'] = school
dest_url = '/_userconfig?' + urllib.urlencode(params)
login_url = users.create_login_url(
dest_url=dest_url,
federated_identity=federated_identity)
self.redirect(login_url)
def dispatch(self):
log.debug('starting dispatch')
# Get a session store for this request.
self.session_store = sessions.get_store(request=self.request)
self.request.registry['session'] = self.session
try:
# Dispatch the request.
webapp2.RequestHandler.dispatch(self)
except suds.WebFault as e:
if e.message == authentication_failed:
self.response.write(json.dumps({'logged_in': False}))
self.response.status = 401
elif e.message == access_denied:
self.response.write(json.dumps({'logged_in': True,
'message': "Access Denied"}))
self.response.status = 403
else:
self.response.write(json.dumps({
'logged_in': True,
'message': 'WebFault: {}. See logs'.format(e.message)}))
self.response.status = 500
log.exception('Got an unhandled WebFault. Sent a 500 message.')
finally:
# Save all sessions.
self.session_store.save_sessions(self.response)
log.debug('ending dispatch')
def dispatch(self):
self.user = User()
'''
Method dispatcher for wrapping method calls within the context of 'self'
Any variables created here are given to the method handlers as 'self'
:return:
'''
self.session_store = sessions.get_store(request=self.request)
try:
# call method handler
results = _webapp.RequestHandler.dispatch(self)
if results is True:
self.response.set_status(200)
elif results is False:
self.response.set_status(501)
elif results is dict or results is list:
# nah -- it's another type, it's JSON
self.response.content_type = "application/json"
self.response.out.write(json.dumps(results))
elif results is None:
self.response.set_status(200)
logging.info("null response from handler")
else:
self.response.out.write(results)
finally:
# store session
self.session_store.save_sessions(self.response)
def dispatch(self):
""" 需要管理員身份才可執行 """
self.session_store = sessions.get_store(request=self.request)
user = users.get_current_user()
if user is not None and users.is_current_user_admin() is False:
from application.database import DBAdministrator
from google.appengine.ext import db
ds = db.Query(DBAdministrator)
ds.filter('email =', str(user.email()))
record = ds.get()
if record is not None and record.is_enable == True :
self.session["administrator_email"] = record.email
if self.session["administrator_email"] is None or self.session["administrator_email"] == "":
self.login_message = u'此帳號權限不足,請使用別的帳號 <a href="' + users.create_login_url("/admin") + u'" class="register">重新登入</a>'
self.e403()
return
else:
if user is not None:
self.session["administrator_email"] = user.email()
if self.session.has_key("administrator_email") is False:
self.session["administrator_email"] = u""
if self.session["administrator_email"] is u"":
self.login_message = u"請先登入系統,您也可以使用 Google 帳號登入"
self.e403()
return
self.administrator_email = self.session["administrator_email"]
self.size = Pagination.get_int_param(self,"size",50)
self.page = Pagination.get_int_param(self,"page",1)
self.page_now = self.page
super(BaseHandler, self).dispatch()
self.session_store.save_sessions(self.response)
def dispatch(self):
self.session_store = sessions.get_store(request=self.request)
try:
super(BaseApiHandler, self).dispatch()
finally:
self.session_store.save_sessions(self.response)
def dispatch(self):
"""Wraps the dispatch method to add session handling."""
self.session_store = sessions.get_store(request=self.request)
self.decorator = decorator
# Add the user's credentials to the decorator if we have them.
if self.me:
self.decorator.credentials = self.decorator._storage_class(
model=self.decorator._credentials_class,
key_name='user:{}'.format(self.me.user_id()),
property_name=self.decorator._credentials_property_name).get()
else:
# Create a session ID for the session if it does not have one already.
# This is used to create an opaque string that can be passed to the OAuth2
# authentication server via the 'state' parameter.
if not self.session.get('sid'):
self.session['sid'] = security.generate_random_string(entropy=128)
# Store the state for the session user in a parameter on the flow.
# We only need to do this if we're not logged in.
self.decorator._create_flow(self)
session_user = SessionUser(self.session['sid'])
logging.info(self.decorator.flow.params)
self.decorator.flow.params['state'] = appengine._build_state_value(
self, session_user)
try:
webapp2.RequestHandler.dispatch(self)
finally:
self.session_store.save_sessions(self.response)
def dispatch(self):
# Get a session store for this request.
self.session_store = sessions.get_store(request=self.request)
self.request.mobile = False
try:
if self.request.headers.has_key("X-OperaMini-Features"):
#Then it's running opera mini. 'Nuff said.
#Reference from:
# http://dev.opera.com/articles/view/opera-mini-request-headers/
self.request.mobile = True
if self.request.headers.has_key("Accept"):
s = self.request.headers["Accept"].lower()
if 'application/vnd.wap.xhtml+xml' in s:
# Then it's a wap browser
self.request.mobile = True
if self.request.headers.has_key("User-Agent"):
# This takes the most processing. Surprisingly enough, when I
# Experimented on my own machine, this was the most efficient
# algorithm. Certainly more so than regexes.
# Also, Caching didn't help much, with real-world caches.
s = self.request.headers["User-Agent"].lower()
for ua in search_strings:
if ua in s:
self.request.mobile = True
#Otherwise it's not a mobile
webapp2.RequestHandler.dispatch(self)
finally:
# Save all sessions.
self.session_store.save_sessions(self.response)
def get(self, resource_id, *args, **kwargs):
session_store = sessions.get_store()
session = session_store.get_session()
session['tz'] = resource_id
session_store.save_sessions(self.response)
self.response.write(resource_id)
def dispatch(self):
self.session_store = sessions.get_store(request=self.request)
session = self.session_store.get_session()
User.setCurrentUser(session.get('user'))
try:
webapp2.RequestHandler.dispatch(self)
finally:
self.session_store.save_sessions(self.response)
def dispatch(self):
self.session_store = sessions.get_store(request=self.request)
# logging.info('BaseHandler:dispatch %s', self.request)
try:
webapp2.RequestHandler.dispatch(self)
finally:
self.session_store.save_sessions(self.response)
def dispatch(self):
self.session_store = sessions.get_store(request=self.request)
try:
super(BaseHandler, self).dispatch()
if self.__is_render__ is False:
self.render(None)
finally:
self.session_store.save_sessions(self.response)
def dispatch(self):
"""Override dispatch to initialize and persist session data."""
self.session_store = sessions.get_store(request=self.request)
try:
super(BaseHandler, self).dispatch()
finally:
self.session_store.save_sessions(self.response)
def dispatch(self):
"""Dispatch the request."""
self.session_store = sessions.get_store(request=self.request)
try:
super(BaseHandler, self).dispatch()
finally:
# Save all sessions.
self.session_store.save_sessions(self.response)
def post(self):
presentation = Presentation(parent=self.get_group_key())
presentation.name = self.request.get("presentation_name")
presentation.outline = self.request.get("presentation_outline")
presentation.put()
session_store = sessions.get_store(request=self.request)
session_store.get_session().add_flash("Presentation Created", level="alert")
self.redirect(self.url_for("presentations"))
def setup_session(self, school_key):
"""Setup the session vars."""
session_store = sessions.get_store()
session = session_store.get_session()
session['u'] = self.user.user_id()
session['n'] = str(school_key.id())
session['s'] = school_key.urlsafe()
session_store.save_sessions(self.response)
def dispatch(self):
self._session_store = sessions.get_store(request=self.request)
try:
#super(RequestHandler, self).dispatch()
pass
finally:
self._session_store.save_sessions(self.response)
def dispatch(self, *args, **kwargs): #retrieve session session_store = sessions.get_store(request=self.request) self.session = session_store.get_session() try: webapp2.RequestHandler.dispatch(self, *args, **kwargs) finally: session_store.save_sessions(self.response)
def dispatch(self):
# Get a session store for this request.
self.session_store = sessions.get_store(request=self.request)
try:
# Dispatch the request.
super(BaseHandler, self).dispatch()
finally:
# Save all sessions.
self.session_store.save_sessions(self.response)
def dispatch(self):
# Get a session store for this request.
self.session_store = sessions.get_store(request=self.request)
try:
# Dispatch the request.
webapp2.RequestHandler.dispatch(self)
finally:
# Save all sessions.
self.session_store.save_sessions(self.response)
def get_session(self, request):
"""Returns an auth session.
:param request:
A :class:`webapp2.Request` instance.
:returns:
A session dict.
"""
store = sessions.get_store(request=request)
return store.get_session(self.config['cookie_name'],
backend=self.config['session_backend'])
def dispatch(self):
if self.request.host == 'dev.trot.to':
if not users.get_current_user():
self.redirect(users.create_login_url('/'))
return
elif not users.is_current_user_admin():
self.abort(403)
self.is_local_env = not os.getenv('SERVER_SOFTWARE',
'').startswith('Google App Engine/')
# Get a session store for this request.
self.session_store = sessions.get_store(request=self.request)
self.login_error = None
self.user_email = None
self.user = None
if not self.user_email:
self.user_email = self.session.get('user_email')
self.user_org = get_organization_id_for_email(
self.user_email) if self.user_email else None
if not self.user_email:
self.attempt_auth_by_emailed_link()
if not self.user_email and env.current_env_is_local():
self.attempt_auth_by_user_header()
self.session['already_accepted_terms'] = False
if self.user_email:
self.user = get_or_create_user(self.user_email, self.user_org)
self.session[
'already_accepted_terms'] = not not self.user.accepted_terms_at
if not self.session.get('csrf_token'):
self.session['csrf_token'] = utils.generate_secret(32)
try:
self.redirect_to = None
self.check_authorization()
if self.redirect_to:
self.response.write(
json.dumps({'redirect_to': self.redirect_to}))
return
# Dispatch the request.
webapp2.RequestHandler.dispatch(self)
finally:
# Save all sessions, IFF secure connection
if self.request.scheme == 'https' or self.is_local_env:
self.session_store.save_sessions(self.response)
def dispatch(self):
# pylint: disable=attribute-defined-outside-init
# Get a session store for this request.
self.session_store = sessions.get_store(request=self.request)
try:
# Dispatch the request.
webapp2.RequestHandler.dispatch(self)
finally:
# Save all sessions.
self.session_store.save_sessions(self.response)
def dispatch(self):
"""
This snippet of code is taken from the webapp2 framework documentation.
See more at
http://webapp-improved.appspot.com/api/webapp2_extras/sessions.html
"""
self.session_store = sessions.get_store(request=self.request)
try:
webapp2.RequestHandler.dispatch(self)
finally:
self.session_store.save_sessions(self.response)
def dispatch(self):
# get a session store for this request
self.session_store = sessions.get_store(request=self.request)
if hasattr(self, "headers"):
self.headers()
webapp2.RequestHandler.dispatch(self)
# save all sessions
self.session_store.save_sessions(self.response)
def dispatch(self):
if (self._required_credentials > Credentials.NONE
and GetUserCredentialsLevel() < self._required_credentials):
self.abort(httplib.UNAUTHORIZED)
return
self.session_store = sessions.get_store(request=self.request)
try:
super(RestHandler, self).dispatch()
finally:
self.session_store.save_sessions(self.response)
def dispatch(self):
"""Initialize and manage sessions."""
if self.naked_domain_redirect():
return
# Get a session store for this request.
self.session_store = sessions.get_store(request=self.request)
try:
# Dispatch the request.
webapp2.RequestHandler.dispatch(self)
finally:
# Save all sessions.
self.session_store.save_sessions(self.response)
def dispatch(self):
# esegue il dispatch della richiesta e tiene traccia della sessione
# metodo richiesto dal modulo sessions di webapp2
self.session_store = sessions.get_store(request=self.request)
try:
webapp2.RequestHandler.dispatch(self)
finally:
self.session_store.save_sessions(self.response)
pass
def dispatch(self):
self.template_values = {}
# Get a session store for this request.
self.session_store = sessions.get_store(request=self.request)
try:
self.assert_is_allowed()
webapp2.RequestHandler.dispatch(self)
finally:
# Save all sessions.
self.session_store.save_sessions(self.response)
def dispatch(self):
"""Intercepts default request dispatching to ensure that an HTTP session
has been created before calling dispatch in the base type.
"""
# Get a session store for this request.
self.session_store = sessions.get_store(request=self.request)
try:
# Dispatch the request.
webapp2.RequestHandler.dispatch(self)
finally:
# Save all sessions.
self.session_store.save_sessions(self.response)
def dispatch(self):
"""Crea un almacén de sesión para la petición actual. Permite mantener parámetros a través de las diferentes peticiones y almacena las cookies generadas que hayan usado la misma instancia de Session.
"""
# Get a session store for this request.
self.session_store = sessions.get_store(request=self.request)
try:
# Dispatch the request.
webapp2.RequestHandler.dispatch(self)
finally:
# Save all sessions.
self.session_store.save_sessions(self.response)
def test_get_session_store(self):
app = webapp2.WSGIApplication(config={
"webapp2_extras.sessions": {
"secret_key": "my-super-secret",
}
})
req = webapp2.Request.blank("/")
req.app = app
self.assertEqual(len(req.registry), 0)
s = sessions.get_store(request=req)
self.assertEqual(len(req.registry), 1)
self.assertTrue(isinstance(s, sessions.SessionStore))
def __init__(self, *args, **kwargs):
super(BaseView, self).__init__(*args, **kwargs)
# Get a session store for this request.
self.session_store = sessions.get_store(request=self.request)
self.user = self.getCurrentUser()
self.template_values = {'settings': settings, 'signin_url': '',
'signout_url': '', 'alerts': []}
self.template_values['signout_url'] = context.get_signout_url()
self.template_values['google_signin_url'] = context.google_signin_url
self.template_values['reCAPTCHA_site_key'] = settings.reCAPTCHA_SITEKEY
self.template_values['user'] = self.user
def dispatch(self):
# Get a session store for this request.
self.session_store = sessions.get_store(request=self.request)
# Set the loale
i18n.get_i18n().set_locale(self.locale)
try:
# Dispatch the request.
webapp2.RequestHandler.dispatch(self)
finally:
# Save all sessions.
self.session_store.save_sessions(self.response)
def post(self):
try:
database = gdbm.open('database.gdbm','cf')
except:
time.sleep(1.0)
database = gdbm.open('database.gdbm','cf')
session_store = sessions.get_store(request=self.request)
session = session_store.get_session()
username = session.get('username')
key = session.get('key')
database['abstract'+key.encode('ascii','ignore')] = self.request.body
database.close()
def dispatch(self):
self.session_store = sessions.get_store(request=self.request)
try:
if self.is_unsafe_request() and not self.is_task_queue_request():
if self.request.params[CSRF_TOKEN_DICT_KEY] != self.csrf_token:
del self.session[CSRF_TOKEN_DICT_KEY]
self.abort(403, 'CSRF token missing')
webapp2.RequestHandler.dispatch(self)
finally:
# Save all sessions.
self.session_store.save_sessions(self.response)
def dispatch(self):
# Get a session store for this request.
self.session_store = sessions.get_store(request=self.request)
# todo may need to check what page you are going to before sending them to login
if not (self.request.path_info == "/login"
or self.request.path_info == "/"):
self.checkLogin()
try:
# Dispatch the request.
webapp2.RequestHandler.dispatch(self)
finally:
# Save all sessions.
self.session_store.save_sessions(self.response)
def dispatch(self):
# for requests still going to appspot, redirect
request = self.request
if request.host.startswith("gig-o-matic.appspot.com") or request.host.startswith("gig-o-matic.com"):
import urlparse
scheme, netloc, path, query, fragment = urlparse.urlsplit(request.url)
# the cron stuff should not redirect
if not path.startswith("/admin_"):
url = urlparse.urlunsplit([scheme, "www.gig-o-matic.com", path, query, fragment])
# Send redirect
self.redirect(url, permanent=True, abort=True)
if request.host.startswith("127.0.0.1"):
import urlparse
scheme, netloc, path, query, fragment = urlparse.urlsplit(request.url)
# the cron stuff should not redirect
if not path.startswith("/admin_"):
url = urlparse.urlunsplit([scheme, "localhost:8080", path, query, fragment])
# Send redirect
self.redirect(url, permanent=True, abort=True)
# Get a session store for this request.
self.session_store = sessions.get_store(request=self.request)
# Set locale on each request right away, to make it available to both
# templates and backend Python code
if self.request.get("locale"):
locale = self.request.get("locale")
elif self.user and self.user.preferences.locale:
locale = self.user.preferences.locale
else:
locale = None
i18n.get_i18n().set_locale(locale)
try:
# Dispatch the request.
webapp2.RequestHandler.dispatch(self)
except gigoexceptions.GigoException as error:
logging.error( "Exception: %s" % error )
self.render_template('error.html', [])
except gigoexceptions.GigoRestException as error:
logging.error( "Rest Exception: %s" % error )
self.abort(401)
finally:
# Save all sessions.
self.session_store.save_sessions(self.response)
def dispatch(self):
"""
Calls startup, checks authorization, and then the controller method.
If a view is set and auto rendering is enabled, then it will try to automatically
render the view if the action doesn't return anything.
If the controller method returns anything other than None, auto-rendering is skipped
and the result is transformed into a response using the :mod:`~ferris.core.response_handlers`.
"""
# Setup everything, the session, etc.
self._init_meta()
self.session_store = sessions.get_store(request=self.request)
self.context.set_dotted('this.session', self.session)
self.events.before_startup(controller=self)
self.startup()
self.events.after_startup(controller=self)
# Authorization
self._is_authorized()
# Dispatch to the method
self.events.before_dispatch(controller=self)
result = super(Controller, self).dispatch()
self.events.after_dispatch(response=result, controller=self)
# Return value handlers.
# Response has highest precendence, the view class has lowest.
response_handler = response_handlers.factory(type(result))
if response_handler:
self.response = response_handler(self, result)
# View rendering works similar to the string mode above.
elif self.meta.view.auto_render:
self._clear_redirect()
self.response = self.meta.view.render()
else:
self.abort(
500, 'Nothing was able to handle the response %s (%s)' %
(result, type(result)))
self.events.dispatch_complete(controller=self)
self.session_store.save_sessions(self.response)
self.events.clear()
return self.response
def check_login(self, *args, **kwargs):
"""
If handler has no login_url specified invoke a 403 error
"""
session_store = sessions.get_store()
session = session_store.get_session()
try:
if not 'u' in session:
try:
self.redirect('/school')
except (AttributeError, KeyError), e:
self.abort(403)
else:
def dispatch(self):
# Get a session store for this request.
# See this for more info on webapp2 sessions:
# http://webapp-improved.appspot.com/api/webapp2_extras/sessions.html
self.session_store = sessions.get_store(request=self.request)
i18n.get_i18n().set_locale('en')
try:
# Dispatch the request.
RequestHandler.dispatch(self)
finally:
# Save all sessions.
self.session_store.save_sessions(self.response)
def dispatch(self):
# activate session store.
self.session_store = sessions.get_store(request=self.request)
# dispatch handler.
out = webapp2.RequestHandler.dispatch(self)
# Let angular know about our XSRF-TOKEN
self.response.set_cookie("XSRF-TOKEN", self.get_csrf_token())
# save session.
self.session_store.save_sessions(self.response)
return out
def dispatch(self):
"""
Override dispatch() to provide session support
"""
# Get a session store for this request.
self.session_store = sessions.get_store(request=self.request)
try:
# Dispatch the request.
webapp2.RequestHandler.dispatch(self)
finally:
# Save all sessions.
self.session_store.save_sessions(self.response)
def get(self, *args, **kwargs):
from google.appengine.api import namespace_manager
namespace_manager.set_namespace('_x_')
session_store = sessions.get_store(request=self.request)
session = session_store.get_session()
if not 'u' in session:
self.abort(403)
return
self.request.GET['feq_school'] = session.get('s')
super(SchoolRestApiListHandler, self).get(self, *args, **kwargs)
def dispatch(self):
"""Wraps the other request handlers.
* Manages sessions
* Manages request profiling
"""
# ** Code to run before all handlers goes here. ** #
# Mark the start time of the request. You can add events to this
# profiler in any request handler like this:
# util.profiler.add_event("this is my event")
util.profiler.clear()
util.profiler.add_event('START')
# Get a session store for this request.
self.session_store = sessions.get_store(request=self.request)
if (False and app_engine_users.is_current_user_admin()
and not self.get_current_user()
and self.request.path != '/logout'):
# Admins/devs are sometimes logged in through google, but not our
# site, if they visit /admin pages. This is because app.yaml
# requires admin login, and directs them to google sign in without
# talking to our normal /login process. We can clean up this
# situation by logging them in here.
user = self.authenticate('google')
else:
user = self.get_current_user()
# Give every request handler an api in the context of the current user.
# Don't do this when a user isn't present.
logging.info("BaseHandler:Dispatch with user: {}".format(user))
self.api = Api(user)
try:
# Call the overridden dispatch(), which has the effect of running
# the get() or post() etc. of the inheriting class.
webapp2.RequestHandler.dispatch(self)
except webapp2.exc.HTTPMethodNotAllowed as error:
trace = traceback.format_exc()
logging.info("{}\n{}".format(error, trace))
self.error(405)
self.response.write('405 Method Not Allowed: {}'.format(error))
return
finally:
# ** Code to run after all handlers goes here. ** #
# Save all sessions.
self.session_store.save_sessions(self.response)
def my_get_dispatch(self, *args, **kwargs):
''' A Fake dispatch method that you want to call inside your Route()
Just an imitation of the webapp2 style dispatch() with limited functions
'''
self.session_store = sessions.get_store(request=self.request)
try:
if self.request.method == 'GET':
self.get(*args,
**kwargs) # this is the real get method we want here
else:
self.error(405)
self.response.out.write('Method not allowed')
finally:
# Save all sessions.
self.session_store.save_sessions(self.response)
def GetOrMakeSession(request):
session_store = sessions.get_store(request=request)
session = session_store.get_session()
if not session:
session['xsrf'] = security.generate_random_string(entropy=128)
user = users.get_current_user()
if user:
if _ANON_USER_KEY in session:
AdoptAnonymousProjects(user.email(), session[_ANON_USER_KEY])
else:
if _ANON_USER_KEY not in session:
session[_ANON_USER_KEY] = MakeAnonUserKey()
return session
def test_set_session_store(self):
app = webapp2.WSGIApplication(config={
'webapp2_extras.sessions': {
'secret_key': 'my-super-secret',
}
})
req = webapp2.Request.blank('/')
req.app = app
store = sessions.SessionStore(req)
self.assertEqual(len(req.registry), 0)
sessions.set_store(store, request=req)
self.assertEqual(len(req.registry), 1)
s = sessions.get_store(request=req)
self.assertTrue(isinstance(s, sessions.SessionStore))
