Create new session system for piwigo plugin.

Using the brand new itsdangerous sessions to power the sessions for piwigo. The real point is: Clients want to have the session in a "pwg_id" cookie and don't accept any other cookie name.
2013-03-29 14:49:13 +01:00 · 2013-03-29 14:49:13 +01:00 · 7fb419ddd2
commit 7fb419ddd2
parent c1df8d1963
3 changed files with 55 additions and 7 deletions
--- a/mediagoblin/plugins/piwigo/init.py
+++ b/mediagoblin/plugins/piwigo/init.py
@ -17,6 +17,8 @@
 import logging

 from mediagoblin.tools import pluginapi
+from mediagoblin.tools.session import SessionManager
+from .tools import PWGSession

 _log = logging.getLogger(__name__)

@ -32,6 +34,9 @@ def setup_plugin():

    pluginapi.register_routes(routes)

+    PWGSession.session_manager = SessionManager("pwg_id", "plugins.piwigo")
+
+
 hooks = {
    'setup': setup_plugin
 }
--- a/mediagoblin/plugins/piwigo/tools.py
+++ b/mediagoblin/plugins/piwigo/tools.py
@ -20,6 +20,7 @@ import six
 import lxml.etree as ET
 from werkzeug.exceptions import MethodNotAllowed, BadRequest

+from mediagoblin.tools.request import setup_user_in_request
 from mediagoblin.tools.response import Response


@ -119,3 +120,33 @@ def check_form(form):
    for f in form:
        dump.append("%s=%r" % (f.name, f.data))
    _log.debug("form: %s", " ".join(dump))
+
+
+class PWGSession(object):
+    session_manager = None
+
+    def __init__(self, request):
+        self.request = request
+        self.in_pwg_session = False
+
+    def __enter__(self):
+        # Backup old state
+        self.old_session = self.request.session
+        self.old_user = self.request.user
+        # Load piwigo session into state
+        self.request.session = self.session_manager.load_session_from_cookie(
+            self.request)
+        setup_user_in_request(self.request)
+        self.in_pwg_session = True
+        return self
+
+    def  __exit__(self, *args):
+        # Restore state
+        self.request.session = self.old_session
+        self.request.user = self.old_user
+        self.in_pwg_session = False
+
+    def save_to_cookie(self, response):
+        assert self.in_pwg_session
+        self.session_manager.save_session_to_cookie(self.request.session,
+            self.request, response)
--- a/mediagoblin/plugins/piwigo/views.py
+++ b/mediagoblin/plugins/piwigo/views.py
@ -20,10 +20,11 @@ import re
 from werkzeug.exceptions import MethodNotAllowed, BadRequest, NotImplemented
 from werkzeug.wrappers import BaseResponse

-from mediagoblin import mg_globals
 from mediagoblin.meddleware.csrf import csrf_exempt
 from mediagoblin.submit.lib import check_file_field
-from .tools import CmdTable, PwgNamedArray, response_xml, check_form
+from mediagoblin.auth.lib import fake_login_attempt
+from .tools import CmdTable, PwgNamedArray, response_xml, check_form, \
+    PWGSession
 from .forms import AddSimpleForm, AddForm


@ -35,12 +36,21 @@ def pwg_login(request):
    username = request.form.get("username")
    password = request.form.get("password")
    _log.info("Login for %r/%r...", username, password)
+    user = request.db.User.query.filter_by(username=username).first()
+    if not user:
+        fake_login_attempt()
+        return False
+    if not user.check_login(password):
+        return False
+    request.session["user_id"] = user.id
+    request.session.save()
    return True


@CmdTable("pwg.session.logout")
 def pwg_logout(request):
    _log.info("Logout")
+    request.session.delete()
    return True


@ -154,11 +164,13 @@ def ws_php(request):
                  request.args, request.form)
        raise NotImplemented()

-    result = func(request)
+    with PWGSession(request) as session:
+        result = func(request)

-    if isinstance(result, BaseResponse):
-        return result
+        if isinstance(result, BaseResponse):
+            return result

-    response = response_xml(result)
+        response = response_xml(result)
+        session.save_to_cookie(response)

-    return response
+        return response