class Session(object):
SESSION_KEY = 'sessionid'
COOKIE_EXPIRATION = 3600 # seconds
def __init__(self, request, response):
# 'request' must be an instance of the WebOb Request class.
self.request = request
self.response = response
# set session id
self.id = None
if self.SESSION_KEY in request.cookies:
self.id = request.cookies[self.SESSION_KEY]
else:
self.id = generate_session_id(self.get_seed())
self.set_cookie()
# prepare session data
self.data = db.get(db.Key.from_path('SessionData', self.id))
if not self.data:
self.data = SessionData(key_name=self.id)
self.data.put()
def set_cookie(self):
cookie = Cookie.SimpleCookie()
cookie[self.SESSION_KEY] = self.id
expiration = (datetime.datetime.utcnow() +
datetime.timedelta(seconds=self.COOKIE_EXPIRATION))
cookie[self.SESSION_KEY]['expires'] = expiration.strftime('%a, %d-%b-%Y %H:%M:%S GMT')
self.response.headers.add_header('Set-Cookie', cookie.output(header=''))
def get_seed(self):
return get_seed_from_datastore(self.get_seed_key())
def get_seed_key(self):
# use hostname as the key for seed
return self.request.uri.split('/')[2]
def __init__(self, request, response):
# 'request' must be an instance of the WebOb Request class.
self.request = request
self.response = response
# set session id
self.id = None
if self.SESSION_KEY in request.cookies:
self.id = request.cookies[self.SESSION_KEY]
else:
self.id = generate_session_id(self.get_seed())
self.set_cookie()
# prepare session data
self.data = db.get(db.Key.from_path('SessionData', self.id))
if not self.data:
self.data = SessionData(key_name=self.id)
self.data.put()
def authenticate_and_call(handler, *args, **kwargs):
""" The decorator itself """
session = get_current_session()
sessionid = session.get(constants.SESSION_ID)
import logging
logging.info('SessionID: ' + str(sessionid))
session_data = SessionData.get_session(sessionid)
if not session_data or not session_data.is_valid():
# if persistent id is given:
cookies = handler.request.cookies
if constants.PERSISTENT_LOGIN_NAME in cookies:
token_data = cookies[constants.PERSISTENT_LOGIN_NAME]
token = LoginToken.get_token_data(token_data)
# if persistent id is correct (email matches id following it):
# peform login
if token is not None:
token.delete()
token.tokenid = LoginToken.generate_id()
token.put()
cookie_value = token.get_cookie_value()
days = constants.PERSISTENT_LOGIN_LIFETIME_DAYS
expiration = datetime.utcnow() + timedelta(days=days)
handler.response.set_cookie(constants.PERSISTENT_LOGIN_NAME,
cookie_value,
expires=expiration,
path="/",
httponly=False,
secure=True)
user = User.getUser(token.user)
user.login(handler.request.remote_addr)
success(handler)
logging.info('User logging in (with persistent token): ' +
str(user.email))
else:
LoginToken.delete_user_tokens(token_data)
error(handler)
logging.info('Someone tried to authenticate with \
invalid token - email pair.')
return
else:
error(handler)
return
else:
success(handler)
logging.info('User logging in: ' + str(handler.user_email))
return func(handler, *args, **kwargs)
def testSessionData(self):
good_email = '*****@*****.**'
bad_email = '*****@*****.**'
ip = '127.0.0.1'
sessionid = SessionData.generate_id()
session = SessionData(key_name=sessionid)
session.sessionid = sessionid
session.email = good_email
session.ip = ip
otherid = SessionData.generate_id()
self.assertNotEqual(session.sessionid, otherid, 'Two ids generated are the same.')
self.assertNotEqual('', session.sessionid, 'Empty id generated: ' + str(session.sessionid))
session.put()
start_date = session.startdate
valid_session = SessionData.get_session(sessionid)
self.assertIsNotNone(valid_session, 'Stored session not found')
self.assertTrue(valid_session.is_valid(), 'is_valid returned False for a valid session')
self.assertEqual(good_email, valid_session.email, 'Email field is wrong for returned session')
self.assertEqual(ip, valid_session.ip, 'IP field is wrong for returned session.')
self.assertEqual(start_date, valid_session.startdate, 'Startdate field is wrong for returned session.')
valid_session.update_startdate()
new_start_date = valid_session.startdate
self.assertNotEqual(start_date, valid_session.startdate, 'Startdate field is wrong after updating')
valid_session = SessionData.get_session(sessionid)
self.assertNotEqual(start_date, valid_session.startdate, 'Startdate field is wrong after updating')
self.assertEqual(new_start_date, valid_session.startdate, 'Startdate field is wrong after updating')
invalid_session = SessionData.get_session(otherid)
self.assertIsNone(invalid_session, 'Valid session found for invalid id')
valid_session.delete()
valid_session = SessionData.get_session(sessionid)
self.assertIsNone(valid_session, 'Valid session found for deleted id')
def success(handler):
""" Handle success """
session = get_current_session()
sessionid = session.get(constants.SESSION_ID)
SessionData.get_session(sessionid).update_startdate()
handler.user_email = session.get(constants.VAR_NAME_EMAIL)
