def add_cookies(request):
global COOKIES
for cookie in COOKIES:
request.set_cookie(**cookie)
return (request)
def save_success(self, user, remember=True):
logger.debug('Saving success: %s' % user)
request.transaction['%s_loggedin' % self.full_name] = True
request.transaction['%s_user' % self.full_name] = user
request.transaction['%s_last_login' % self.full_name] = datetime.now()
if remember:
logger.debug('Remembering the following: %s' % user)
logger.debug('Remembering the following: %s' % json.dumps(user))
# We should remember the auth in a Remembered object and a reauth
# cookie
authsesid = uuid4().hex
signed_authsesid = request.signer.sign(authsesid)
logger.debug('Signed authsesid: %s' % signed_authsesid)
Remembered.remember('authses',
timedelta(minutes=self.config['reauth_timeout']),
json.dumps(user),
self.full_name,
authsesid)
request.set_cookie('%s_auth_ses' % self.full_name,
signed_authsesid,
secure=APP.config['GLOBAL']['cookies_secure'])
logger.debug('Cookie set')
logger.debug('Login complete')
request.save_transaction()
def logged_in(self):
if ('%s_loggedin' % self.full_name) in request.transaction and \
request.transaction['%s_loggedin' % self.full_name] is True:
return True
# Check if the user still has an active auth session
if ('%s_auth_ses' % self.full_name) in request.cookies:
# Seems so, let's check if it is still valid
# We don't really care about the reauth_timeout when the cookie
# was set. All that matters is the setting as of this request
authsesid = request.cookies['%s_auth_ses' % self.full_name]
logger.debug('Got an authsesid: %s' % authsesid)
try:
authsesid = request.signer.unsign(authsesid,
self.config['reauth_timeout']
* 60)
logger.debug('Correctly verified authsesid')
remembered = Remembered.getremembered('authses',
self.full_name,
authsesid)
logger.debug('Authsesid remembered: %s' % remembered)
if remembered is not None:
# Yay, we got a still valid auth session. Let us restore
# the user info and set the loggedin information
# We should not re-store the auth cookie, so that it keeps
# the old expiry date/time
self.save_success(json.loads(remembered.data), False)
return True
except:
# If anything fails in retrieving session, we don't want
# anything to do with it anymore
# But let's clear up the previous session so we don't spend
# every request checking if it happens to be valid this time
request.set_cookie('%s_auth_ses' % self.full_name,
None,
expires=0)
pass
return False
def view_logout():
cookies = json.dumps(request.cookies)
for cookie in request.cookies:
request.set_cookie(cookie, None, expires=0)
return 'The following cookies have been removed: %s. YUM' % cookies
def set_cookie(request):
request.set_cookie('lang', lang, 60*60*24*31*12)
def set_cookie(request):
request.set_cookie('lang', lang, 60 * 60 * 24 * 31 * 12)