appy.gen: added a session invalidation mechanism: authenticated users will be automatically logged out when their Zope session will expire; improvements in the CodeAnalysis system: more Zope-related extensions are recognized: .vpy, .cpy for Python files, .cpt for Zope Page Templates.

2011-06-10 17:20:09 +02:00 · 2011-06-10 17:20:09 +02:00 · 791ee42164
commit 791ee42164
parent 7f02ee3914
3 changed files with 32 additions and 9 deletions
--- a/gen/plone25/installer.py
+++ b/gen/plone25/installer.py
@ -543,9 +543,24 @@ def traverseWrapper(self, path, response=None, validated_hook=None):
    if os.path.splitext(path)[-1].lower() not in doNotTrack:
        # Do nothing when the user gets non-pages
        userId = self['AUTHENTICATED_USER'].getId()
-        if userId: loggedUsers[userId] = t
+        if userId:
+            loggedUsers[userId] = t
+            # "Touch" the SESSION object. Else, expiration won't occur.
+            session = self.SESSION
    return res

+def onDelSession(sessionObject, container):
+    '''This function is called when a session expires.'''
+    rq = container.REQUEST
+    if rq.cookies.has_key('__ac') and rq.cookies.has_key('_ZopeId') and \
+       (rq['_ZopeId'] == sessionObject.token):
+        # The request comes from a guy whose session has expired.
+        resp = rq.RESPONSE
+        resp.expireCookie('__ac', path='/')
+        # If the request is a (secundary) Ajax request, we return an empty page.
+        resp.write('<center>For security reasons, your session has ' \
+                   'expired.</center>')
+
 # ------------------------------------------------------------------------------
 class ZopeInstaller:
    '''This Zope installer runs every time Zope starts and encounters this
@ -629,6 +644,10 @@ class ZopeInstaller:
        cfg.profile_registry.registerProfile(self.productName, self.productName,
            'Installation of %s' % self.productName, 'profiles/default',
            self.productName, cfg.EXTENSION, for_=cfg.IPloneSiteRoot)
+        # Register a function warning us when a session object is deleted.
+        app = self.zopeContext._ProductContext__app
+        if hasattr(app, 'temp_folder'): # This is not the case in test mode
+            app.temp_folder.session_data.setDelNotificationTarget(onDelSession)

    def install(self):
        self.logger.info('is being installed...')
--- a/gen/plone25/templates/config.py
+++ b/gen/plone25/templates/config.py
@ -34,6 +34,7 @@ from Products.Archetypes.Extensions.utils import install_subskin
 from Products.Archetypes.config import TOOL_NAME as ARCHETYPETOOLNAME
 from Products.Archetypes import listTypes, process_types
 from Products.GenericSetup import EXTENSION, profile_registry
+from Products.Transience.Transience import TransientObjectContainer
 import appy.gen
 import logging
 logger = logging.getLogger('<!applicationName!>')