1. Thomas Goessler
  2. RhodeCode

Commits

Marcin Kuzminski  committed f78bee8

reduce cookie size for better support of client side sessions

  • Participants
  • Parent commits 7ff304d
  • Branches beta

Comments (0)

Files changed (6)

File rhodecode/controllers/admin/settings.py

View file
 from rhodecode.model.scm import ScmModel
 from rhodecode.model.user import UserModel
 from rhodecode.model.db import User
-from rhodecode.model.notification import NotificationModel, \
-    EmailNotificationModel
+from rhodecode.model.notification import EmailNotificationModel
 
 log = logging.getLogger(__name__)
 

File rhodecode/controllers/login.py

View file
             return redirect(url('home'))
 
         if request.POST:
-            #import Login Form validator class
+            # import Login Form validator class
             login_form = LoginForm()
             try:
                 c.form_result = login_form.to_python(dict(request.POST))
                 user = User.get_by_username(username, case_insensitive=True)
                 auth_user = AuthUser(user.user_id)
                 auth_user.set_authenticated()
-                session['rhodecode_user'] = auth_user
+                cs = auth_user.get_cookie_store()
+                session['rhodecode_user'] = cs
                 session.save()
 
-                log.info('user %s is now authenticated and stored in session',
-                         username)
+                log.info('user %s is now authenticated and stored in '
+                         'session, session attrs %s' % (username, cs))
                 user.update_lastlogin()
 
                 if c.came_from:

File rhodecode/lib/auth.py

View file
     :param str_:
     :param salt:
     """
-    
+
     if salt is None:
         salt = _RandomNameSequence().next()
 
         return None
 
     user.update_lastlogin()
-    log.debug('User %s is now logged in by container authentication', 
+    log.debug('User %s is now logged in by container authentication',
               user.username)
     return user
 
         user_model = UserModel()
         self.anonymous_user = User.get_by_username('default')
         is_user_loaded = False
-        
+
         # try go get user by api key
         if self._api_key and self._api_key != self.anonymous_user.api_key:
             log.debug('Auth User lookup by API KEY %s', self._api_key)
             is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
         # lookup by userid    
-        elif (self.user_id is not None and 
+        elif (self.user_id is not None and
               self.user_id != self.anonymous_user.user_id):
             log.debug('Auth User lookup by USER ID %s', self.user_id)
             is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
         if not is_user_loaded:
             # if we cannot authenticate user try anonymous
             if self.anonymous_user.active is True:
-                user_model.fill_data(self,user_id=self.anonymous_user.user_id)
+                user_model.fill_data(self, user_id=self.anonymous_user.user_id)
                 # then we set this user is logged in
                 self.is_authenticated = True
             else:
         if self.user_id != self.anonymous_user.user_id:
             self.is_authenticated = authenticated
 
+    def get_cookie_store(self):
+        return {'username':self.username,
+                'user_id': self.user_id,
+                'is_authenticated':self.is_authenticated}
+
+    @classmethod
+    def from_cookie_store(cls, cookie_store):
+        user_id = cookie_store.get('user_id')
+        username = cookie_store.get('username')
+        api_key = cookie_store.get('api_key')
+        return AuthUser(user_id, api_key, username)
 
 def set_available_permissions(config):
     """
         self.repo_name = None
 
     def __call__(self, check_Location=''):
-        user = session.get('rhodecode_user', False)
+        cookie_store = session.get('rhodecode_user')
+        user = AuthUser.from_cookie_store(cookie_store)
         if not user:
             return False
         self.user_perms = user.permissions

File rhodecode/lib/base.py

View file
 from pylons.controllers.util import redirect
 from pylons.templating import render_mako as render
 
-from rhodecode import __version__
+from rhodecode import __version__, BACKENDS
+
 from rhodecode.lib import str2bool
 from rhodecode.lib.auth import AuthUser, get_container_username
 from rhodecode.lib.utils import get_repo_slug
 from rhodecode.model import meta
-from rhodecode.model.scm import ScmModel
-from rhodecode import BACKENDS
+
 from rhodecode.model.db import Repository
 from rhodecode.model.notification import NotificationModel
+from rhodecode.model.scm import ScmModel
 
 log = logging.getLogger(__name__)
 
         try:
             # make sure that we update permissions each time we call controller
             api_key = request.GET.get('api_key')
-            user_id = getattr(session.get('rhodecode_user'), 'user_id', None)
+            cookie_store = session.get('rhodecode_user') or {}
+            user_id = cookie_store.get('user_id', None)
             username = get_container_username(environ, config)
 
             auth_user = AuthUser(user_id, api_key, username)
             self.rhodecode_user = c.rhodecode_user = auth_user
             if not self.rhodecode_user.is_authenticated and \
                        self.rhodecode_user.user_id is not None:
-                self.rhodecode_user.set_authenticated(
-                                        getattr(session.get('rhodecode_user'),
-                                       'is_authenticated', False))
-            session['rhodecode_user'] = self.rhodecode_user
+                self.rhodecode_user\
+                    .set_authenticated(cookie_store.get('is_authenticated'))
+
+            session['rhodecode_user'] = self.rhodecode_user.get_cookie_store()
             session.save()
             return WSGIController.__call__(self, environ, start_response)
         finally:
-            log.debug('Request time: %.3fs' % (time.time()-start))
+            log.debug('Request time: %.3fs' % (time.time() - start))
             meta.Session.remove()
 
 

File rhodecode/tests/__init__.py

View file
             self.fail('could not login using %s %s' % (username, password))
 
         self.assertEqual(response.status, '302 Found')
-        self.assertEqual(response.session['rhodecode_user'].username, username)
+        self.assertEqual(response.session['rhodecode_user'].get('username'),
+                         username)
         return response.follow()
 
     def _get_logged_user(self):

File rhodecode/tests/functional/test_login.py

View file
                                  {'username':'test_admin',
                                   'password':'test12'})
         self.assertEqual(response.status, '302 Found')
-        self.assertEqual(response.session['rhodecode_user'].username ,
+        self.assertEqual(response.session['rhodecode_user'].get('username') ,
                          'test_admin')
         response = response.follow()
         self.assertTrue('%s repository' % HG_REPO in response.body)
                                   'password':'test12'})
 
         self.assertEqual(response.status, '302 Found')
-        self.assertEqual(response.session['rhodecode_user'].username ,
+        self.assertEqual(response.session['rhodecode_user'].get('username') ,
                          'test_regular')
         response = response.follow()
         self.assertTrue('%s repository' % HG_REPO in response.body)