def get_session(self):
session_id = self.get_argument("bokeh-session-id", default=None)
if session_id is None:
if self.application.generate_session_ids:
session_id = generate_session_id(secret_key=self.application.secret_key,
signed=self.application.sign_sessions)
else:
# if there is an auth server, redirect to it
auth_server = os.environ.get('AUTH_SERVER')
if auth_server:
callback_url = '%s://%s/login?page=%s' % (self.request.protocol, self.request.host, self.request.uri)
url = auth_server + '/login?next=%s' % callback_url
self.set_status(302)
self.set_header('Location', url)
raise Finish()
else:
log.debug("Server configured not to generate session IDs and none was provided")
raise HTTPError(status_code=403, reason="No bokeh-session-id provided")
elif not check_session_id_signature(session_id,
secret_key=self.application.secret_key,
signed=self.application.sign_sessions):
log.error("Session id had invalid signature: %r", session_id)
raise HTTPError(status_code=403, reason="Invalid session ID")
session = yield self.application_context.create_session_if_needed(session_id)
raise gen.Return(session)
def open(self):
''' Initialize a connection to a client.
'''
log.info('WebSocket connection opened')
proto_version = self.get_argument("bokeh-protocol-version", default=None)
if proto_version is None:
self.close()
raise ProtocolError("No bokeh-protocol-version specified")
session_id = self.get_argument("bokeh-session-id", default=None)
if session_id is None:
self.close()
raise ProtocolError("No bokeh-session-id specified")
if not check_session_id_signature(session_id,
signed=self.application.sign_sessions,
secret_key=self.application.secret_key):
log.error("Session id had invalid signature: %r", session_id)
raise ProtocolError("Invalid session ID")
def on_fully_opened(future):
e = future.exception()
if e is not None:
# this isn't really an error (unless we have a
# bug), it just means a client disconnected
# immediately, most likely.
log.debug("Failed to fully open connection %r", e)
future = self._async_open(session_id, proto_version)
self.application.io_loop.add_future(future,
on_fully_opened)
def open(self):
''' Initialize a connection to a client.
'''
log.info('WebSocket connection opened')
proto_version = self.get_argument("bokeh-protocol-version", default=None)
if proto_version is None:
self.close()
raise ProtocolError("No bokeh-protocol-version specified")
session_id = self.get_argument("bokeh-session-id", default=None)
if session_id is None:
self.close()
raise ProtocolError("No bokeh-session-id specified")
if not check_session_id_signature(session_id):
log.error("Session id had invalid signature: %r", session_id)
raise ProtocolError("Invalid session ID")
try:
self.application_context.create_session_if_needed(session_id)
session = self.application_context.get_session(session_id)
protocol = Protocol(proto_version)
self.receiver = Receiver(protocol)
log.debug("Receiver created created for %r", protocol)
self.handler = ServerHandler()
log.debug("ServerHandler created created for %r", protocol)
self.connection = self.application.new_connection(protocol, self, self.application_context, session)
log.info("ServerConnection created")
except ProtocolError as e:
log.error("Could not create new server session, reason: %s", e)
self.close()
raise e
def on_ack_sent(future):
e = future.exception()
if e is not None:
# this isn't really an error (unless we have a
# bug), it just means a client disconnected
# immediately, most likely.
log.debug("Failed to send ack %r", e)
msg = self.connection.protocol.create('ACK')
self.application.io_loop.add_future(self.send_message(msg), on_ack_sent)
def test__autocreate_signed_session_doc():
application = Application()
with ManagedServerLoop(application, sign_sessions=True, secret_key='foo') as server:
sessions = server.get_sessions('/')
assert 0 == len(sessions)
response = http_get(server.io_loop,
url(server))
html = response.body
sessionid = extract_sessionid_from_json(html)
sessions = server.get_sessions('/')
assert 1 == len(sessions)
assert sessionid == sessions[0].id
assert check_session_id_signature(sessionid, signed=True, secret_key='foo')
def get_session(self):
session_id = self.get_argument("bokeh-session-id", default=None)
if session_id is None:
if self.application.generate_session_ids:
session_id = generate_session_id(secret_key=self.application.secret_key,
signed=self.application.sign_sessions)
else:
log.debug("Server configured not to generate session IDs and none was provided")
raise HTTPError(status_code=403, reason="No bokeh-session-id provided")
elif not check_session_id_signature(session_id,
secret_key=self.application.secret_key,
signed=self.application.sign_sessions):
log.error("Session id had invalid signature: %r", session_id)
raise HTTPError(status_code=403, reason="Invalid session ID")
session = yield self.application_context.create_session_if_needed(session_id, self.request)
raise gen.Return(session)
def get(self, *args, **kwargs):
session_id = self.get_argument("bokeh-session-id", default=None)
if session_id is None:
session_id = generate_session_id()
elif not check_session_id_signature(session_id):
log.error("Session id had invalid signature: %r", session_id)
raise HTTPError(status_code=403, reason="Invalid session ID")
session = self.application_context.create_session_if_needed(session_id)
websocket_url = self.application.websocket_url_for_request(self.request, self.bokeh_websocket_path)
page = server_html_page_for_session(
session_id,
self.application.resources(self.request),
title=session.document.title,
websocket_url=websocket_url,
)
self.set_header("Content-Type", "text/html")
self.write(page)
async def get_session(self):
session_id = self.get_argument("bokeh-session-id", default=None)
if session_id is None:
if self.application.generate_session_ids:
session_id = generate_session_id(
secret_key=self.application.secret_key,
signed=self.application.sign_sessions)
else:
log.debug(
"Server configured not to generate session IDs and none was provided"
)
raise HTTPError(status_code=403,
reason="No bokeh-session-id provided")
elif not check_session_id_signature(
session_id,
secret_key=self.application.secret_key,
signed=self.application.sign_sessions):
log.error("Session id had invalid signature: %r", session_id)
raise HTTPError(status_code=403, reason="Invalid session ID")
session = await self.application_context.create_session_if_needed(
session_id, self.request)
return session
def test_check_signature_of_unsigned(self):
session_id = generate_session_id(signed=False, secret_key="abc") # secret shouldn't be used
assert not check_session_id_signature(session_id, secret_key="abc", signed=True)
def test_generate_signed(self):
session_id = generate_session_id(signed=True, secret_key="abc")
assert '-' in session_id
assert check_session_id_signature(session_id, secret_key="abc", signed=True)
assert not check_session_id_signature(session_id, secret_key="qrs", signed=True)
def test_check_signature_with_signing_disabled(self):
assert check_session_id_signature("gobbledygook",
secret_key="abc",
signed=False)
def test_check_signature_of_junk_with_hyphen_in_it(self):
assert not check_session_id_signature(
"foo-bar-baz", secret_key="abc", signed=True)
def test_check_signature_of_empty_string(self):
assert not check_session_id_signature(
"", secret_key="abc", signed=True)
def test_string_encoding_does_not_affect_session_id_check(self):
# originates from #6653
session_id = generate_session_id(signed=True, secret_key="abc")
assert check_session_id_signature(session_id, secret_key="abc", signed=True)
assert check_session_id_signature(decode_utf8(session_id), secret_key="abc", signed=True)
def test_check_signature_with_signing_disabled(self):
assert check_session_id_signature("gobbledygook", secret_key="abc", signed=False)
def test_generate_signed(self):
session_id = generate_session_id(signed=True, secret_key="abc")
self.assertTrue('-' in session_id)
self.assertTrue(check_session_id_signature(session_id, secret_key="abc", signed=True))
self.assertFalse(check_session_id_signature(session_id, secret_key="qrs", signed=True))
def test_check_signature_of_empty_string(self):
assert not check_session_id_signature("", secret_key="abc", signed=True)
def test_check_signature_of_junk_with_hyphen_in_it(self):
assert not check_session_id_signature("foo-bar-baz", secret_key="abc", signed=True)
def test_check_signature_of_unsigned(self):
session_id = generate_session_id(
signed=False, secret_key="abc") # secret shouldn't be used
assert not check_session_id_signature(
session_id, secret_key="abc", signed=True)
def test_string_encoding_does_not_affect_session_id_check(self):
# originates from #6653
session_id = generate_session_id(signed=True, secret_key="abc")
assert check_session_id_signature(session_id, secret_key="abc", signed=True)
assert check_session_id_signature(decode_utf8(session_id), secret_key="abc", signed=True)
def test_generate_signed(self):
session_id = generate_session_id(signed=True, secret_key="abc")
assert '-' in session_id
assert check_session_id_signature(session_id, secret_key="abc", signed=True)
assert not check_session_id_signature(session_id, secret_key="qrs", signed=True)
