def check_session(self,sid): try: session = http.root.session_store.get(sid) if(security.check_session(session)): return session except: return False
def web_client(self, s_action=None, **kw): # Ensure we have both a database and a user ensure_db() if not request.session.uid: return request.redirect('/web/login', 303) if kw.get('redirect'): return request.redirect(kw.get('redirect'), 303) if not security.check_session(request.session, request.env): raise http.SessionExpiredException("Session expired") if not is_user_internal(request.session.uid): return request.redirect('/web/login_successful', 303) # Side-effect, refresh the session lifetime request.session.touch() # Restore the user on the environment, it was lost due to auth="none" request.update_env(user=request.session.uid) try: context = request.env['ir.http'].webclient_rendering_context() response = request.render('web.webclient_bootstrap', qcontext=context) response.headers['X-Frame-Options'] = 'DENY' return response except AccessError: return request.redirect('/web/login?error=access')
def _authenticate(cls, endpoint): auth = 'none' if http.is_cors_preflight( request, endpoint) else endpoint.routing['auth'] try: if request.session.uid is not None: if not security.check_session(request.session, request.env): request.session.logout(keep_db=True) request.env = api.Environment(request.env.cr, None, request.session.context) getattr(cls, f'_auth_method_{auth}')() except (AccessDenied, http.SessionExpiredException, werkzeug.exceptions.HTTPException): raise except Exception: _logger.info("Exception during request Authentication.", exc_info=True) raise AccessDenied()
def assertSessionValid(self, sids): store_list = _store.list() for sid in sids: self.assertTrue(sid in store_list) self.assertTrue(security.check_session(_store.get(sid), self.env))