kallithea Changeset - f78bee8eec78

Changeset - f78bee8eec78

Parent rev.

Child rev.

[Not reviewed]

beta

0 6 0

Marcin Kuzminski - 14 years ago 2011-11-25 18:25:10
marcin@python-works.com

reduce cookie size for better support of client side sessions

6 files changed with 32 insertions and 17 deletions:

rhodecode/controllers/admin/settings.py

rhodecode/controllers/login.py

rhodecode/lib/auth.py

rhodecode/lib/base.py

rhodecode/tests/__init__.py

rhodecode/tests/functional/test_login.py

0 comments (0 inline, 0 general)

rhodecode/controllers/admin/settings.py

➞

Show inline comments

@@ @@ -38,26 +38,25 @@ from rhodecode.lib.auth import LoginRequ @@
     HasPermissionAnyDecorator, NotAnonymous
 from rhodecode.lib.base import BaseController, render
 from rhodecode.lib.celerylib import tasks, run_task
 from rhodecode.lib.utils import repo2db_mapper, invalidate_cache, \
     set_rhodecode_config, repo_name_slug
 from rhodecode.model.db import RhodeCodeUi, Repository, RepoGroup, \
     RhodeCodeSetting
 from rhodecode.model.forms import UserForm, ApplicationSettingsForm, \
     ApplicationUiSettingsForm
 from rhodecode.model.scm import ScmModel
 from rhodecode.model.user import UserModel
 from rhodecode.model.db import User
 from rhodecode.model.notification import NotificationModel, \
     EmailNotificationModel
 from rhodecode.model.notification import EmailNotificationModel
 log = logging.getLogger(__name__)
 class SettingsController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('setting', 'settings', controller='admin/settings',
     #         path_prefix='/admin', name_prefix='admin_')
     @LoginRequired()

rhodecode/controllers/login.py

➞

Show inline comments

@@ @@ -58,29 +58,30 @@ class LoginController(BaseController): @@
             return redirect(url('home'))
         if request.POST:
             #import Login Form validator class
             login_form = LoginForm()
             try:
                 c.form_result = login_form.to_python(dict(request.POST))
                 # form checks for username/password, now we're authenticated
                 username = c.form_result['username']
                 user = User.get_by_username(username, case_insensitive=True)
                 auth_user = AuthUser(user.user_id)
                 auth_user.set_authenticated()
                 session['rhodecode_user'] = auth_user
                 cs = auth_user.get_cookie_store()
                 session['rhodecode_user'] = cs
                 session.save()
                 log.info('user %s is now authenticated and stored in session',
                          username)
                 log.info('user %s is now authenticated and stored in '
                          'session, session attrs %s' % (username, cs))
                 user.update_lastlogin()
                 if c.came_from:
                     return redirect(c.came_from)
                 else:
                     return redirect(url('home'))
             except formencode.Invalid, errors:
                 return htmlfill.render(
                     render('/login.html'),
                     defaults=errors.value,
                     errors=errors.error_dict or {},

rhodecode/lib/auth.py

➞

Show inline comments

@@ @@ -347,24 +347,35 @@ class AuthUser(object): @@
     @property
     def full_contact(self):
         return '%s %s <%s>' % (self.name, self.lastname, self.email)
     def __repr__(self):
         return "<AuthUser('id:%s:%s|%s')>" % (self.user_id, self.username,
                                               self.is_authenticated)
     def set_authenticated(self, authenticated=True):
         if self.user_id != self.anonymous_user.user_id:
             self.is_authenticated = authenticated
     def get_cookie_store(self):
         return {'username':self.username,
                 'user_id': self.user_id,
                 'is_authenticated':self.is_authenticated}
     @classmethod
     def from_cookie_store(cls, cookie_store):
         user_id = cookie_store.get('user_id')
         username = cookie_store.get('username')
         api_key = cookie_store.get('api_key')
         return AuthUser(user_id, api_key, username)
 def set_available_permissions(config):
     """
     This function will propagate pylons globals with all available defined
     permission given in db. We don't want to check each time from db for new
     permissions since adding a new permission also requires application restart
     ie. to decorate new views with the newly created permission
     :param config: current pylons config instance
     """
     log.info('getting information about all available permissions')
@@ @@ -567,25 +578,26 @@ class PermsFunction(object): @@
     def __init__(self, *perms):
         available_perms = config['available_permissions']
         for perm in perms:
             if perm not in available_perms:
                 raise Exception("'%s' permission in not defined" % perm)
         self.required_perms = set(perms)
         self.user_perms = None
         self.granted_for = ''
         self.repo_name = None
     def __call__(self, check_Location=''):
         user = session.get('rhodecode_user', False)
         cookie_store = session.get('rhodecode_user')
         user = AuthUser.from_cookie_store(cookie_store)
         if not user:
             return False
         self.user_perms = user.permissions
         self.granted_for = user
         log.debug('checking %s %s %s', self.__class__.__name__,
                   self.required_perms, user)
         if self.check_permissions():
             log.debug('Permission granted %s @ %s', self.granted_for,
                       check_Location or 'unspecified location')
             return True

rhodecode/lib/base.py

➞

Show inline comments

 """The base Controller API
 Provides the BaseController class for subclassing.
 """
 import logging
 import time
 from pylons import config, tmpl_context as c, request, session, url
 from pylons.controllers import WSGIController
 from pylons.controllers.util import redirect
 from pylons.templating import render_mako as render
 from rhodecode import __version__
 from rhodecode import __version__, BACKENDS
 from rhodecode.lib import str2bool
 from rhodecode.lib.auth import AuthUser, get_container_username
 from rhodecode.lib.utils import get_repo_slug
 from rhodecode.model import meta
 from rhodecode.model.scm import ScmModel
 from rhodecode import BACKENDS
 from rhodecode.model.db import Repository
 from rhodecode.model.notification import NotificationModel
 from rhodecode.model.scm import ScmModel
 log = logging.getLogger(__name__)
 class BaseController(WSGIController):
     def __before__(self):
         c.rhodecode_version = __version__
         c.rhodecode_name = config.get('rhodecode_title')
         c.use_gravatar = str2bool(config.get('use_gravatar'))
         c.ga_code = config.get('rhodecode_ga_code')
         c.repo_name = get_repo_slug(request)
         c.backends = BACKENDS.keys()
@@ @@ -37,35 +38,36 @@ class BaseController(WSGIController): @@
         self.sa = meta.Session()
         self.scm_model = ScmModel(self.sa)
     def __call__(self, environ, start_response):
         """Invoke the Controller"""
         # WSGIController.__call__ dispatches to the Controller method
         # the request is routed to. This routing information is
         # available in environ['pylons.routes_dict']
         start = time.time()
         try:
             # make sure that we update permissions each time we call controller
             api_key = request.GET.get('api_key')
             user_id = getattr(session.get('rhodecode_user'), 'user_id', None)
             cookie_store = session.get('rhodecode_user') or {}
             user_id = cookie_store.get('user_id', None)
             username = get_container_username(environ, config)
             auth_user = AuthUser(user_id, api_key, username)
             self.rhodecode_user = c.rhodecode_user = auth_user
             if not self.rhodecode_user.is_authenticated and \
                        self.rhodecode_user.user_id is not None:
                 self.rhodecode_user.set_authenticated(
                                         getattr(session.get('rhodecode_user'),
                                        'is_authenticated', False))
             session['rhodecode_user'] = self.rhodecode_user
                 self.rhodecode_user\
                     .set_authenticated(cookie_store.get('is_authenticated'))
             session['rhodecode_user'] = self.rhodecode_user.get_cookie_store()
             session.save()
             return WSGIController.__call__(self, environ, start_response)
         finally:
             log.debug('Request time: %.3fs' % (time.time()-start))
             meta.Session.remove()
 class BaseRepoController(BaseController):
     """
     Base class for controllers responsible for loading all needed data for
     repository loaded items are

rhodecode/tests/__init__.py

➞

Show inline comments

@@ @@ -70,23 +70,24 @@ class TestController(TestCase): @@
     def log_user(self, username=TEST_USER_ADMIN_LOGIN,
                  password=TEST_USER_ADMIN_PASS):
         self._logged_username = username
         response = self.app.post(url(controller='login', action='index'),
                                  {'username':username,
                                   'password':password})
         if 'invalid user name' in response.body:
             self.fail('could not login using %s %s' % (username, password))
         self.assertEqual(response.status, '302 Found')
         self.assertEqual(response.session['rhodecode_user'].username, username)
         self.assertEqual(response.session['rhodecode_user'].get('username'),
                          username)
         return response.follow()
     def _get_logged_user(self):
         return User.get_by_username(self._logged_username)
     def checkSessionFlash(self, response, msg):
         self.assertTrue('flash' in response.session)
         self.assertTrue(msg in response.session['flash'][0][1])

rhodecode/tests/functional/test_login.py

➞

Show inline comments

@@ @@ -8,36 +8,36 @@ from rhodecode.lib.auth import check_pas @@
 class TestLoginController(TestController):
     def test_index(self):
         response = self.app.get(url(controller='login', action='index'))
         self.assertEqual(response.status, '200 OK')
         # Test response...
     def test_login_admin_ok(self):
         response = self.app.post(url(controller='login', action='index'),
                                  {'username':'test_admin',
                                   'password':'test12'})
         self.assertEqual(response.status, '302 Found')
         self.assertEqual(response.session['rhodecode_user'].username ,
+        self.assertEqual(response.session['rhodecode_user'].get('username') ,
                          'test_admin')
         response = response.follow()
         self.assertTrue('%s repository' % HG_REPO in response.body)
     def test_login_regular_ok(self):
         response = self.app.post(url(controller='login', action='index'),
                                  {'username':'test_regular',
                                   'password':'test12'})
         self.assertEqual(response.status, '302 Found')
         self.assertEqual(response.session['rhodecode_user'].username ,
+        self.assertEqual(response.session['rhodecode_user'].get('username') ,
                          'test_regular')
         response = response.follow()
         self.assertTrue('%s repository' % HG_REPO in response.body)
         self.assertTrue('<a title="Admin" href="/_admin">' not in response.body)
     def test_login_ok_came_from(self):
         test_came_from = '/_admin/users'
         response = self.app.post(url(controller='login', action='index',
                                      came_from=test_came_from),
                                  {'username':'test_admin',
                                   'password':'test12'})
         self.assertEqual(response.status, '302 Found')

0 comments (0 inline, 0 general)