kallithea Changeset - 8394211b1c32

Changeset - 8394211b1c32

Parent rev.

Child rev.

[Not reviewed]

default

0 2 0

Søren Løvborg - 10 years ago 2015-07-14 14:00:15
kwi@kwi.dk

AuthUser: refactor AuthUser cookie/session serialization

* All serialization/deserialization logic is now in one place.

* CookieStoreWrapper is gone; any login sessions established in 2012 or
earlier will be terminated and users will have to log in again.

* The term "cookie store" has been dropped in favor of simply "cookie"
(the value is not a cookie "store" or data repository, but just the
actual cookie/session serialization of AuthUser).

Note: from_cookie_store was never used.

2 files changed with 27 insertions and 45 deletions:

kallithea/lib/auth.py

kallithea/lib/base.py

0 comments (0 inline, 0 general)

kallithea/lib/auth.py

➞

Show inline comments

@@ @@ -144,21 +144,6 @@ def check_password(password, hashed): @@
     return KallitheaCrypto.hash_check(password, hashed)
 class CookieStoreWrapper(object):
     def __init__(self, cookie_store):
         self.cookie_store = cookie_store
     def __repr__(self):
         return 'CookieStore<%s>' % (self.cookie_store)
     def get(self, key, other=None):
         if isinstance(self.cookie_store, dict):
             return self.cookie_store.get(key, other)
         elif isinstance(self.cookie_store, AuthUser):
             return self.cookie_store.__dict__.get(key, other)
 def _cached_perms_data(user_id, user_is_admin, user_inherit_default_permissions,
                        explicit, algo):
@@ @@ -642,23 +627,28 @@ class AuthUser(object): @@
         if self.user_id != self.anonymous_user.user_id:
             self.is_authenticated = authenticated
     def get_cookie_store(self):
         return {'username': self.username,
                 'user_id': self.user_id,
                 'is_authenticated': self.is_authenticated}
     def to_cookie(self):
         """ Serializes this login session to a cookie `dict`. """
         return {
             'user_id': self.user_id,
             'username': self.username,
             'is_authenticated': self.is_authenticated,
+        }
     @classmethod
     def from_cookie_store(cls, cookie_store):
     @staticmethod
     def from_cookie(cookie):
         """
         Creates AuthUser from a cookie store
         :param cls:
         :param cookie_store:
         Deserializes an `AuthUser` from a cookie `dict`.
         """
         user_id = cookie_store.get('user_id')
         username = cookie_store.get('username')
         api_key = cookie_store.get('api_key')
         return AuthUser(user_id, api_key, username)
         au = AuthUser(
             user_id=cookie.get('user_id'),
             username=cookie.get('username'),
+        )
         if not au.is_authenticated and au.user_id is not None:
             # user is not authenticated and not empty
             au.set_authenticated(cookie.get('is_authenticated'))
         return au
     @classmethod
     def get_allowed_ips(cls, user_id, cache=False, inherit_from_default=False):

kallithea/lib/base.py

➞

Show inline comments

@@ @@ -49,7 +49,7 @@ from kallithea import __version__, BACKE @@
 from kallithea.lib.utils2 import str2bool, safe_unicode, AttributeDict,\
     safe_str, safe_int
 from kallithea.lib import auth_modules
-from kallithea.lib.auth import AuthUser, HasPermissionAnyMiddleware, CookieStoreWrapper
 from kallithea.lib.auth import AuthUser, HasPermissionAnyMiddleware
 from kallithea.lib.utils import get_repo_slug
 from kallithea.lib.exceptions import UserCreationError
 from kallithea.lib.vcs.exceptions import RepositoryError, EmptyRepositoryError, ChangesetDoesNotExistError
@@ @@ -120,8 +120,7 @@ def log_in_user(user, remember): @@
     # Start new session to prevent session fixation attacks.
     session.invalidate()
     cs = auth_user.get_cookie_store()
     session['authuser'] = cs
     session['authuser'] = cookie = auth_user.to_cookie()
     # If they want to be remembered, update the cookie
     if remember:
@@ @@ -131,7 +130,7 @@ def log_in_user(user, remember): @@
     session.save()
     log.info('user %s is now authenticated and stored in '
-             'session, session attrs %s', user.username, cs)
+             'session, session attrs %s', user.username, cookie)
     # dumps session attrs back to cookie
     session._update_cookie_out()
@@ @@ -388,11 +387,12 @@ class BaseController(WSGIController): @@
             return AuthUser(api_key=api_key)
         # Authenticate by session cookie
         cookie_store = CookieStoreWrapper(session_authuser)
         user_id = cookie_store.get('user_id')
         if user_id is not None:
         cookie = session.get('authuser')
         # In ancient login sessions, 'authuser' may not be a dict.
         # In that case, the user will have to log in again.
         if isinstance(cookie, dict):
             try:
-                auth_user = AuthUser(user_id=user_id)
+                return AuthUser.from_cookie(cookie)
             except UserCreationError as e:
                 # container auth or other auth functions that create users on
                 # the fly can throw UserCreationError to signal issues with
@@ @@ -400,14 +400,6 @@ class BaseController(WSGIController): @@
                 # exception object.
                 from kallithea.lib import helpers as h
                 h.flash(e, 'error', logf=log.error)
             else:
                 authenticated = cookie_store.get('is_authenticated')
                 if not auth_user.is_authenticated and auth_user.user_id is not None:
                     # user is not authenticated and not empty
                     auth_user.set_authenticated(authenticated)
                 return auth_user
         # Authenticate by auth_container plugin (if enabled)
         if any(

0 comments (0 inline, 0 general)