- Timestamp:
- 10/03/08 16:09:05 (4 years ago)
- Location:
- stable
- Files:
-
- 1 removed
- 5 modified
-
HelpIM/intranet/lib/auth.py (deleted)
-
HelpIM/intranet/lib/servletbase.py (modified) (2 diffs)
-
HelpIM/intranet/lib/session.py (modified) (6 diffs)
-
HelpIM/intranet/scripts/login.py (modified) (4 diffs)
-
HelpIM/revision.py (modified) (1 diff)
-
setup/skeleton.sql (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
stable/HelpIM/intranet/lib/servletbase.py
r427 r476 9 9 import HelpIM.logger 10 10 import HelpIM.intranet.lib.session 11 import HelpIM.intranet.lib.auth12 11 import HelpIM.intranet.lib.inpy 13 12 … … 56 55 # start session 57 56 if self.cookies.get('sessid'): 58 self.session = HelpIM.intranet.lib.session.fileSession( 59 self.cookies.get('sessid'), 60 config['conf']['session']['tmpdir']) 61 else: 62 self.session = HelpIM.intranet.lib.session.fileSession(empty = True) 57 self.session = HelpIM.intranet.lib.session.dbSession( 58 self.cookies.get('sessid')) 59 else: 60 self.session = HelpIM.intranet.lib.session.dbSession(empty = True) 63 61 64 62 # the whole application needs a valid user to be logged in: 65 if self.session. get('userId'):63 if self.session.userId: 66 64 try: 67 self.user = HelpIM.users.user(self.session ['userId'])65 self.user = HelpIM.users.user(self.session.userId) 68 66 except AttributeError: 69 67 # user has been changing him / her self, clean-up autentification and login again 70 68 # To-Do: make this so that a relogin is only nesseceraly when user deleted him / herself 71 HelpIM.intranet.lib.auth.logout(self.session)69 self.session.logout() 72 70 self.user = None 73 71 else: -
stable/HelpIM/intranet/lib/session.py
r474 r476 9 9 import md5 10 10 import random 11 import datetime 11 12 12 TEMPDIR = '/tmp' 13 import HelpIM.database 14 import HelpIM.users 13 15 14 class fileSession(dict): 16 class PasswordError(Exception): 17 "The password or username given are not correct." 18 19 20 class dbSession(): 15 21 """ 16 fileSession handles the saving and loading of a session to and from disk.22 Session handles the saving and loading of a session to and from the database 17 23 """ 18 24 19 def __init__(self, sessionId='', tmpDir=TEMPDIR, empty=False):25 def __init__(self, sessionId='', empty=False, timeOut = 5400): 20 26 """ 21 27 Create a new session. If there is a sessionId, try to find it on disk. … … 24 30 """ 25 31 self.sessionId = sessionId 26 self. tmpDir = tmpDir27 32 self.userId = None 33 self.time_out = timeOut 28 34 self.readSession(empty) 29 35 … … 33 39 """ 34 40 self.writeSession() 41 self.cleanStaleSessions() 35 42 36 43 def getUniqueId(self): … … 48 55 """ 49 56 if self.sessionId: 57 self.cleanStaleSessions() 58 c = HelpIM.database.cursor() 50 59 try: 51 fp = file(os.path.normpath("%s/%s" % (self.tmpDir, self.sessionId)), 'rb') 52 self.update(pickle.Unpickler(fp).load()) 53 except IOError: 54 pass 60 c.execute(["SELECT user_id FROM userSession WHERE sessionId = ", c.p(self.sessionId)]) 61 result = c.fetchone() 62 if result: 63 self.userId = result[0] 64 c.execute(["UPDATE userSession SET lastactive = NOW() WHERE sessionId = ", c.p(self.sessionId)]) 65 finally: 66 c.close() 55 67 else: 56 68 if not empty: … … 62 74 Write The session to file. 63 75 """ 64 if self.sessionId: 65 data = {} 66 for key, value in self.items(): 67 data[key] = value 68 fp = file(os.path.normpath("%s/%s" % (self.tmpDir, self.sessionId)),'wb') 69 pickle.Pickler(fp, 1).dump(data) 76 if self.sessionId and self.userId: 77 c = HelpIM.database.cursor() 78 try: 79 c.execute(["INSERT INTO userSession SET user_id = ", c.p(self.userId), 80 ", sessionId = ", c.p(self.sessionId), 81 ", lastactive = NOW() ON DUPLICATE KEY UPDATE user_id = ", c.p(self.userId), 82 ", sessionId = ", c.p(self.sessionId), 83 ", lastactive = NOW()"]) 84 finally: 85 c.close() 70 86 71 87 def getSessionId(self): … … 76 92 """ 77 93 return self.sessionId 94 95 def login(self, username, password): 96 """ 97 Try to authorize the user 98 99 @param session: A valid session 100 @param username: A valid username 101 @param password: A valid password with the username 102 """ 103 id = HelpIM.users.auth(username, password) 104 if id: 105 self.userId = id 106 self.writeSession() 107 else: 108 self.userId = None 109 raise PasswordError() 110 111 def logout(self): 112 """ 113 Log the user out 114 115 @param session: The session containing a userId 116 """ 117 c = HelpIM.database.cursor() 118 try: 119 c.execute(["DELETE FROM userSession WHERE sessionId = ", c.p(self.sessionId)]) 120 finally: 121 c.close() 122 self.userId = None 123 124 def cleanStaleSessions(self): 125 c = HelpIM.database.cursor() 126 try: 127 c.execute(["DELETE FROM userSession WHERE lastactive < ", 128 c.p(datetime.datetime.now()-datetime.timedelta(seconds=self.time_out))]) 129 finally: 130 c.close() -
stable/HelpIM/intranet/scripts/login.py
r425 r476 2 2 import HelpIM.users 3 3 import HelpIM.revision 4 import HelpIM.intranet.lib.auth5 4 import HelpIM.intranet.lib.servletbase 5 from HelpIM.intranet.lib.session import PasswordError 6 6 7 7 class servlet(HelpIM.intranet.lib.servletbase.servlet): … … 14 14 namespace['version'] = "HelpIM 2.2 - revision " + str(HelpIM.revision.revision) 15 15 16 if self.session.get('userId') is None:16 if not self.session.userId: 17 17 form = self.requestVars.get('form') 18 18 if form is not None: 19 19 try: 20 HelpIM.intranet.lib.auth.login(self.session,form.get('username'), form.get('password'))21 except HelpIM.intranet.lib.auth.PasswordError:20 self.session.login(form.get('username'), form.get('password')) 21 except PasswordError: 22 22 namespace['errors'].append('password_invalid') 23 23 self.log.warn('failed login attempt: ' + form.get('username')) … … 33 33 self.log.info('login: ' + form.get('username')) 34 34 35 if self.session. get('userId') is not None:36 currentuser = HelpIM.users.user(self.session ['userId'])35 if self.session.userId: 36 currentuser = HelpIM.users.user(self.session.userId) 37 37 else: 38 38 currentuser = None … … 40 40 if self.requestVars.get('action') == 'logout': 41 41 if currentuser is not None: 42 HelpIM.intranet.lib.auth.logout(self.session)42 self.session.logout() 43 43 else: 44 44 if (currentuser is not None) and currentuser.id: -
stable/HelpIM/revision.py
r475 r476 1 revision = '47 4'1 revision = '475' -
stable/setup/skeleton.sql
r471 r476 352 352 ); 353 353 354 CREATE TABLE userSession ( 355 id int(10) unsigned NOT NULL auto_increment, 356 timestamp timestamp(14) NOT NULL, 357 user_id int(10) unsigned NOT NULL, 358 sessionId varchar(32), 359 lastactive timestamp(14), 360 PRIMARY KEY (id), 361 UNIQUE KEY user_id(user_id), 362 UNIQUE KEY sessionId(sessionId) 363 ); 364 354 365 -- When upgrading to revision 468 or higher (from a lower revision) 355 366 -- execute these two lines of SQL: … … 358 369 -- ALTER TABLE staffstatus ADD priority INT DEFAULT 1; 359 370 371 -- When upgrading to revision 476 or higher (from a lower revision) 372 -- execute these three lines of SQL: 373 374 -- ALTER TABLE user ADD passwordChanged timestamp(14); 375 -- ALTER TABLE user ADD lastLogin timestamp(14); 376 -- ALTER TABLE user ADD passwordFailures int(10); 377 378 379 380
