Permalink
Browse files

Use django builtin session.

Currently, there is a duplicate of cookie entry. When we replace
Jekyll's customed auth system with django's auth, then most explict
session code can be omitted all together.
  • Loading branch information...
1 parent 6acb6b7 commit 038a8c4f288db6dc3f563e8d99eed9258e853d6e @dram committed Sep 14, 2012
Showing with 20 additions and 53 deletions.
  1. +1 −1 jaikuengine/actor/views.py
  2. +15 −48 jaikuengine/common/user.py
  3. +2 −2 jaikuengine/join/views.py
  4. +2 −2 jaikuengine/login/views.py
@@ -622,7 +622,7 @@ def actor_settings(request, nick, page='index'):
'Password updated')
request.user.password = util.hash_password(request.user.nick, password)
# TODO(mikie): change when cookie-auth is changed
- user.set_user_cookie(response, request.user)
+ user.set_user_cookie(request, response, request.user)
return response
except:
exception.handle_exception(request)
View
@@ -15,7 +15,6 @@
import datetime
import logging
-from appengine_django.sessions.models import Session
from django.conf import settings
from google.appengine.ext import db
import oauth.oauth as oauth
@@ -36,7 +35,7 @@ def get_user_from_request(request):
token = request.COOKIES.get(settings.PASSWORD_COOKIE, None)
if nick:
# try to authenticate the dude via cookie
- user = authenticate_user_cookie(nick, token)
+ user = authenticate_user_cookie(request, nick, token)
return user
if (settings.API_ALLOW_LEGACY_AUTH
@@ -63,41 +62,17 @@ def get_user_from_request(request):
return None
-def purge_expired_user_auth_token_keys():
- """ Remove expired tokens from the database. """
-
- #TODO: Remove hard coded limit
- limit = 10
- try:
- query = Session.gql("WHERE expire_date <= :1", api.utcnow())
- expired_tokens = query.count()
- if expired_tokens:
- db.delete(query.fetch(limit))
- logging.info("Removed %d expired user authentication "
- "tokens (%d remaining)",
- min(limit, expired_tokens),
- max(0, expired_tokens-limit))
- except Exception, e:
- logging.exception('Unhandled exception while removing expired tokens')
- return
-
-def generate_user_auth_token_key(nick, token):
- return "user_auth_token/%s/%s" % (nick, token)
-
-def lookup_user_auth_token(nick, token):
+def lookup_user_auth_token(request):
""" Look up a user authentication token from the database cache. """
- key = generate_user_auth_token_key(nick, token)
- user_auth_token_blob = Session.get_by_key_name(key)
- if not user_auth_token_blob:
+ if not 'data' in request.session:
return None
- elif user_auth_token_blob.expire_date <= api.utcnow():
+ elif request.session.get_expiry_date() <= api.utcnow():
return None
else:
- user_auth_token = user_auth_token_blob.session_data.decode("utf-8")
- return user_auth_token
+ return request.session['data'].decode("utf-8")
-def generate_user_auth_token(nick,
+def generate_user_auth_token(request,
password,
timeout=(14 * 24 * 60 * 60)):
""" Generates a user authentication token and stores it in the
@@ -108,31 +83,23 @@ def generate_user_auth_token(nick,
frequently than was acceptable.
"""
- # Clear cache of expired tokens
- purge_expired_user_auth_token_keys()
-
- token = util.hash_generic(util.generate_uuid())
- key = generate_user_auth_token_key(nick, token)
# Set an expiration date to enable us to purge old, inactive
# sessions from the database. Cookie expiration dates are what
# actually govern how long sessions last.
- expire_date = (api.utcnow() +
- datetime.timedelta(seconds=timeout))
- session = Session(key_name=key,
- session_data=db.Blob(password.encode("utf-8")),
- expire_date=expire_date)
- session.put()
- return token
-
-def authenticate_user_cookie(nick, token):
+ request.session.set_expiry(datetime.timedelta(seconds=timeout))
+ request.session['data'] = password.encode("utf-8")
+
+ return request.session.session_key
+
+def authenticate_user_cookie(request, nick, token):
user = api.actor_get_safe(api.ROOT, nick)
if not user:
return None
# user's authenticated via cookie have full access
user.access_level = api.DELETE_ACCESS
- cached_token = lookup_user_auth_token(user.nick, token)
+ cached_token = lookup_user_auth_token(request)
if not cached_token:
return None
@@ -195,7 +162,7 @@ def lookup_user_by_login(login, password):
return None
-def set_user_cookie(response, user, remember=False):
+def set_user_cookie(request, response, user, remember=False):
# We set max-age (because that's what HTTP 1.1 requires
# We set expires because IE6/IE7/IE8 don't support max-age
# We set both to be safe.
@@ -207,7 +174,7 @@ def set_user_cookie(response, user, remember=False):
expires = None
max_age_delta = None
- auth_token = generate_user_auth_token(user.nick, user.password)
+ auth_token = generate_user_auth_token(request, user.password)
if settings.COOKIE_DOMAIN == "localhost":
response.set_cookie(settings.USER_COOKIE,
@@ -88,7 +88,7 @@ def join_join(request):
# NOTE: does not provide a flash message
response = http.HttpResponseRedirect(welcome_url)
- user.set_user_cookie(response, actor_ref)
+ user.set_user_cookie(request, response, actor_ref)
return response
except:
exception.handle_exception(request)
@@ -344,4 +344,4 @@ def join_welcome_done(request):
def get_clean_redirect(request):
redirect_to = request.REQUEST.get('redirect_to', '/')
redirect_to = clean.redirect_to(redirect_to)
- return redirect_to
+ return redirect_to
@@ -54,7 +54,7 @@ def login_login(request):
if (not settings.HOSTED_DOMAIN_ENABLED
or not settings.SSL_LOGIN_ENABLED):
response = http.HttpResponseRedirect(redirect_to)
- response = user.set_user_cookie(response, current_user, rememberme)
+ response = user.set_user_cookie(request, response, current_user, rememberme)
return response
# otherwise, we're going to have to redirect to set the cookie on
@@ -91,7 +91,7 @@ def login_noreally(request):
cache.delete('sso/%s' % sso_token)
actor_ref = api.actor_get(api.ROOT, nick)
response = http.HttpResponseRedirect(redirect_to)
- response = user.set_user_cookie(response, actor_ref, rememberme)
+ response = user.set_user_cookie(request, response, actor_ref, rememberme)
return response
return http.HttpResponseRedirect('/login')

0 comments on commit 038a8c4

Please sign in to comment.