class Session(object): SESSION_KEY = 'sessionid' COOKIE_EXPIRATION = 3600 # seconds def __init__(self, request, response): # 'request' must be an instance of the WebOb Request class. self.request = request self.response = response # set session id self.id = None if self.SESSION_KEY in request.cookies: self.id = request.cookies[self.SESSION_KEY] else: self.id = generate_session_id(self.get_seed()) self.set_cookie() # prepare session data self.data = db.get(db.Key.from_path('SessionData', self.id)) if not self.data: self.data = SessionData(key_name=self.id) self.data.put() def set_cookie(self): cookie = Cookie.SimpleCookie() cookie[self.SESSION_KEY] = self.id expiration = (datetime.datetime.utcnow() + datetime.timedelta(seconds=self.COOKIE_EXPIRATION)) cookie[self.SESSION_KEY]['expires'] = expiration.strftime('%a, %d-%b-%Y %H:%M:%S GMT') self.response.headers.add_header('Set-Cookie', cookie.output(header='')) def get_seed(self): return get_seed_from_datastore(self.get_seed_key()) def get_seed_key(self): # use hostname as the key for seed return self.request.uri.split('/')[2]
def __init__(self, request, response): # 'request' must be an instance of the WebOb Request class. self.request = request self.response = response # set session id self.id = None if self.SESSION_KEY in request.cookies: self.id = request.cookies[self.SESSION_KEY] else: self.id = generate_session_id(self.get_seed()) self.set_cookie() # prepare session data self.data = db.get(db.Key.from_path('SessionData', self.id)) if not self.data: self.data = SessionData(key_name=self.id) self.data.put()
def authenticate_and_call(handler, *args, **kwargs): """ The decorator itself """ session = get_current_session() sessionid = session.get(constants.SESSION_ID) import logging logging.info('SessionID: ' + str(sessionid)) session_data = SessionData.get_session(sessionid) if not session_data or not session_data.is_valid(): # if persistent id is given: cookies = handler.request.cookies if constants.PERSISTENT_LOGIN_NAME in cookies: token_data = cookies[constants.PERSISTENT_LOGIN_NAME] token = LoginToken.get_token_data(token_data) # if persistent id is correct (email matches id following it): # peform login if token is not None: token.delete() token.tokenid = LoginToken.generate_id() token.put() cookie_value = token.get_cookie_value() days = constants.PERSISTENT_LOGIN_LIFETIME_DAYS expiration = datetime.utcnow() + timedelta(days=days) handler.response.set_cookie(constants.PERSISTENT_LOGIN_NAME, cookie_value, expires=expiration, path="/", httponly=False, secure=True) user = User.getUser(token.user) user.login(handler.request.remote_addr) success(handler) logging.info('User logging in (with persistent token): ' + str(user.email)) else: LoginToken.delete_user_tokens(token_data) error(handler) logging.info('Someone tried to authenticate with \ invalid token - email pair.') return else: error(handler) return else: success(handler) logging.info('User logging in: ' + str(handler.user_email)) return func(handler, *args, **kwargs)
def testSessionData(self): good_email = '*****@*****.**' bad_email = '*****@*****.**' ip = '127.0.0.1' sessionid = SessionData.generate_id() session = SessionData(key_name=sessionid) session.sessionid = sessionid session.email = good_email session.ip = ip otherid = SessionData.generate_id() self.assertNotEqual(session.sessionid, otherid, 'Two ids generated are the same.') self.assertNotEqual('', session.sessionid, 'Empty id generated: ' + str(session.sessionid)) session.put() start_date = session.startdate valid_session = SessionData.get_session(sessionid) self.assertIsNotNone(valid_session, 'Stored session not found') self.assertTrue(valid_session.is_valid(), 'is_valid returned False for a valid session') self.assertEqual(good_email, valid_session.email, 'Email field is wrong for returned session') self.assertEqual(ip, valid_session.ip, 'IP field is wrong for returned session.') self.assertEqual(start_date, valid_session.startdate, 'Startdate field is wrong for returned session.') valid_session.update_startdate() new_start_date = valid_session.startdate self.assertNotEqual(start_date, valid_session.startdate, 'Startdate field is wrong after updating') valid_session = SessionData.get_session(sessionid) self.assertNotEqual(start_date, valid_session.startdate, 'Startdate field is wrong after updating') self.assertEqual(new_start_date, valid_session.startdate, 'Startdate field is wrong after updating') invalid_session = SessionData.get_session(otherid) self.assertIsNone(invalid_session, 'Valid session found for invalid id') valid_session.delete() valid_session = SessionData.get_session(sessionid) self.assertIsNone(valid_session, 'Valid session found for deleted id')
def success(handler): """ Handle success """ session = get_current_session() sessionid = session.get(constants.SESSION_ID) SessionData.get_session(sessionid).update_startdate() handler.user_email = session.get(constants.VAR_NAME_EMAIL)