[session] adapt session expiration to authentic

Allows to keep data from old sessions when expiring them. The session object is kept, fields are reset or deleted. The session file is deleted from storage. It allows the 'service' to survive logout, so that we can keep the currently activated theme.
2011-01-27 13:41:00 +00:00 · 2011-01-27 13:41:00 +00:00 · d59a8349e7
parent 3f29e2430b
commit d59a8349e7
1 changed files with 35 additions and 2 deletions
--- a/authentic/sessions.py
+++ b/authentic/sessions.py
@ -1,6 +1,6 @@
 from quixote.session import Session, SessionManager
 from qommon.storage import StorableObject
-from quixote import get_request
+from quixote import get_request, get_response
 from qommon.sessions import CaptchaSession

 import identities
@ -29,7 +29,7 @@ class BasicSession(Session, CaptchaSession, StorableObject):

    _has_info_keys = [ "lasso_login_dump", "lasso_session_dump",
            "question_key", "after_url", "name_identifiers", "proxied_idp",
-            "authentication_method", "message" ]
+            "authentication_method", "message", "session" ]

    def __init__(self, id = None):
        Session.__init__(self, id)
@ -86,6 +86,22 @@ class BasicSession(Session, CaptchaSession, StorableObject):
    def set_service(self, value):
        self._service = value

+    _not_cleaned = ('_service')
+    _to_remove = ('login_tokens')
+
+    def clean_data(self):
+        fields_to_clean = [ f for f in self.__dict__ \
+                if f not in self._not_cleaned and not
+                    f.startswith('_') ]
+        for field in fields_to_clean:
+            if field in self._to_remove:
+                delattr(self, field)
+            elif hasattr(Session, field):
+                setattr(self, field. getattr(Session, field))
+            else:
+                setattr(self, field, None)
+        self.id = None
+
    service = property(get_service, set_service)

 class StorageSessionManager(SessionManager):
@ -113,6 +129,7 @@ class StorageSessionManager(SessionManager):

    # if HTTPS on set secure flag on the cookie, always set the HTTPOnly flag
    def _set_cookie(self, value, **attrs):
+        print '_set_cookie', value, attrs
        if get_request().environ.get('HTTPS'):
            attrs['secure'] = 1
        attrs['HTTPOnly'] = 1
@ -147,3 +164,19 @@ class StorageSessionManager(SessionManager):
            self.session_class.remove_object(session_id)
        except OSError:
            raise KeyError
+
+    def finish_successful_request(self):
+        print get_request().session.__dict__
+        SessionManager.finish_successful_request(self)
+
+    def expire_session(self):
+        # Delete the data from disk
+        # Clean some of the session fields
+        # Keep others
+        request = get_request()
+        if request.session and request.session.id:
+            try:
+                del self[request.session.id]
+            except KeyError:
+                pass
+            request.session.clean_data()