Create new session system for piwigo plugin.

Using the brand new itsdangerous sessions to power the
sessions for piwigo.
The real point is: Clients want to have the session in a
"pwg_id" cookie and don't accept any other cookie name.

mediagoblin/plugins/piwigo/__init__.py

@@ -17,6 +17,8 @@
 import logging
 
 from mediagoblin.tools import pluginapi
+from mediagoblin.tools.session import SessionManager
+from .tools import PWGSession
 
 _log = logging.getLogger(__name__)
 
@@ -32,6 +34,9 @@ def setup_plugin():
 
     pluginapi.register_routes(routes)
 
+    PWGSession.session_manager = SessionManager("pwg_id", "plugins.piwigo")
+
+
 hooks = {
     'setup': setup_plugin
 }

mediagoblin/plugins/piwigo/tools.py

@@ -20,6 +20,7 @@ import six
 import lxml.etree as ET
 from werkzeug.exceptions import MethodNotAllowed, BadRequest
 
+from mediagoblin.tools.request import setup_user_in_request
 from mediagoblin.tools.response import Response
 
 
@@ -119,3 +120,33 @@ def check_form(form):
     for f in form:
         dump.append("%s=%r" % (f.name, f.data))
     _log.debug("form: %s", " ".join(dump))
+
+
+class PWGSession(object):
+    session_manager = None
+
+    def __init__(self, request):
+        self.request = request
+        self.in_pwg_session = False
+
+    def __enter__(self):
+        # Backup old state
+        self.old_session = self.request.session
+        self.old_user = self.request.user
+        # Load piwigo session into state
+        self.request.session = self.session_manager.load_session_from_cookie(
+            self.request)
+        setup_user_in_request(self.request)
+        self.in_pwg_session = True
+        return self
+
+    def  __exit__(self, *args):
+        # Restore state
+        self.request.session = self.old_session
+        self.request.user = self.old_user
+        self.in_pwg_session = False
+
+    def save_to_cookie(self, response):
+        assert self.in_pwg_session
+        self.session_manager.save_session_to_cookie(self.request.session,
+            self.request, response)

mediagoblin/plugins/piwigo/views.py

@@ -20,10 +20,11 @@ import re
 from werkzeug.exceptions import MethodNotAllowed, BadRequest, NotImplemented
 from werkzeug.wrappers import BaseResponse
 
-from mediagoblin import mg_globals
 from mediagoblin.meddleware.csrf import csrf_exempt
 from mediagoblin.submit.lib import check_file_field
-from .tools import CmdTable, PwgNamedArray, response_xml, check_form
+from mediagoblin.auth.lib import fake_login_attempt
+from .tools import CmdTable, PwgNamedArray, response_xml, check_form, \
+    PWGSession
 from .forms import AddSimpleForm, AddForm
 
 
@@ -35,12 +36,21 @@ def pwg_login(request):
     username = request.form.get("username")
     password = request.form.get("password")
     _log.info("Login for %r/%r...", username, password)
+    user = request.db.User.query.filter_by(username=username).first()
+    if not user:
+        fake_login_attempt()
+        return False
+    if not user.check_login(password):
+        return False
+    request.session["user_id"] = user.id
+    request.session.save()
     return True
 
 
 @CmdTable("pwg.session.logout")
 def pwg_logout(request):
     _log.info("Logout")
+    request.session.delete()
     return True
 
 
@@ -154,11 +164,13 @@ def ws_php(request):
                   request.args, request.form)
         raise NotImplemented()
 
+    with PWGSession(request) as session:
         result = func(request)
 
         if isinstance(result, BaseResponse):
             return result
 
         response = response_xml(result)
+        session.save_to_cookie(response)
 
         return response