mediagoblin/tools/session.py

   1 # GNU MediaGoblin -- federated, autonomous media hosting
   2 # Copyright (C) 2013 MediaGoblin contributors.  See AUTHORS.
   3 #
   4 # This program is free software: you can redistribute it and/or modify
   5 # it under the terms of the GNU Affero General Public License as published by
   6 # the Free Software Foundation, either version 3 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # This program is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU Affero General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU Affero General Public License
  15 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16
  17 import itsdangerous
  18 import logging
  19
  20 from mediagoblin.tools import crypto
  21
  22 _log = logging.getLogger(__name__)
  23
  24 MAX_AGE = 30 * 24 * 60 * 60
  25
  26 class Session(dict):
  27     def __init__(self, *args, **kwargs):
  28         self.send_new_cookie = False
  29         dict.__init__(self, *args, **kwargs)
  30
  31     def save(self):
  32         self.send_new_cookie = True
  33
  34     def is_updated(self):
  35         return self.send_new_cookie
  36
  37     def delete(self):
  38         self.clear()
  39         self.save()
  40
  41
  42 class SessionManager(object):
  43     def __init__(self, cookie_name='MGSession', namespace=None):
  44         if namespace is None:
  45             namespace = cookie_name
  46         self.signer = crypto.get_timed_signer_url(namespace)
  47         self.cookie_name = cookie_name
  48
  49     def load_session_from_cookie(self, request):
  50         cookie = request.cookies.get(self.cookie_name)
  51         if not cookie:
  52             return Session()
  53         ### FIXME: Future cookie-blacklisting code
  54         # m = BadCookie.query.filter_by(cookie = cookie)
  55         # if m:
  56         #     _log.warn("Bad cookie received: %s", m.reason)
  57         #     raise BadRequest()
  58         try:
  59             return Session(self.signer.loads(cookie))
  60         except itsdangerous.BadData:
  61             return Session()
  62
  63     def save_session_to_cookie(self, session, request, response):
  64         if not session.is_updated():
  65             return
  66         elif not session:
  67             response.delete_cookie(self.cookie_name)
  68         else:
  69             if session.get('stay_logged_in', False):
  70                 max_age = MAX_AGE
  71             else:
  72                 max_age = None
  73
  74             response.set_cookie(self.cookie_name, self.signer.dumps(session),
  75                 max_age=max_age, httponly=True)