From ca4d15f06cd421d2239fb2f827d1cb1094cbe17a Mon Sep 17 00:00:00 2001
From: Lance Edgar <lance@edbob.org>
Date: Sat, 11 Feb 2017 17:08:27 -0600
Subject: [PATCH] Refactor logic used to login a user, for easier sharing

---
 tailbone/auth.py       | 50 ++++++++++++++++++++++++++++++++++++++++--
 tailbone/views/auth.py | 42 +++--------------------------------
 2 files changed, 51 insertions(+), 41 deletions(-)

diff --git a/tailbone/auth.py b/tailbone/auth.py
index 3a0aca0e..1fc46d68 100644
--- a/tailbone/auth.py
+++ b/tailbone/auth.py
@@ -2,7 +2,7 @@
 ################################################################################
 #
 #  Rattail -- Retail Software Framework
-#  Copyright © 2010-2016 Lance Edgar
+#  Copyright © 2010-2017 Lance Edgar
 #
 #  This file is part of Rattail.
 #
@@ -26,17 +26,63 @@ Authentication & Authorization
 
 from __future__ import unicode_literals, absolute_import
 
+import logging
+
 from rattail.db import model
 from rattail.db.auth import has_permission
 from rattail.util import prettify
 
 from zope.interface import implementer
 from pyramid.interfaces import IAuthorizationPolicy
-from pyramid.security import Everyone, Authenticated
+from pyramid.security import remember, Everyone, Authenticated
 
 from tailbone.db import Session
 
 
+log = logging.getLogger(__name__)
+
+
+def login_user(request, user):
+    """
+    Perform the steps necessary to login the given user.  Note that this
+    returns a ``headers`` dict which you should pass to the redirect.
+    """
+    headers = remember(request, user.uuid)
+    timeout = get_session_timeout_for_user(request.rattail_config, user) or None
+    log.debug("setting session timeout for '{}' to {}".format(user.username, timeout))
+    set_session_timeout(request, timeout)
+    return headers
+
+
+def get_session_timeout_for_user(config, user):
+    """
+    Must return a value to be used to set the session timeout for the given
+    user.  By default this will return ``None`` if the user has the
+    "forever session" permission, otherwise will try to read a default
+    value from config:
+
+    .. code-block:: ini
+
+       [tailbone]
+
+       # set session timeout to 10 minutes:
+       session.default_timeout = 600
+
+       # or, set to 0 to disable:
+       #session.default_timeout = 0
+    """
+    if not has_permission(Session(), user, 'general.forever_session'):
+        return config.getint('tailbone', 'session.default_timeout',
+                             default=300) # 5 minutes
+
+
+def set_session_timeout(request, timeout):
+    """
+    Set the server-side session timeout to the given value.
+    """
+    request.session['_timeout'] = timeout or None
+
+
 @implementer(IAuthorizationPolicy)
 class TailboneAuthorizationPolicy(object):
 
diff --git a/tailbone/views/auth.py b/tailbone/views/auth.py
index e57f2a00..2ff18efa 100644
--- a/tailbone/views/auth.py
+++ b/tailbone/views/auth.py
@@ -26,9 +26,7 @@ Auth Views
 
 from __future__ import unicode_literals, absolute_import
 
-import logging
-
-from rattail.db.auth import authenticate_user, set_user_password, has_permission
+from rattail.db.auth import authenticate_user, set_user_password
 
 import formencode as fe
 from pyramid.httpexceptions import HTTPForbidden
@@ -39,9 +37,7 @@ from webhelpers.html import tags, literal
 from tailbone import forms
 from tailbone.db import Session
 from tailbone.views import View
-
-
-log = logging.getLogger(__name__)
+from tailbone.auth import login_user
 
 
 class UserLogin(fe.Schema):
@@ -111,13 +107,8 @@ class AuthenticationView(View):
             user = self.authenticate_user(form.data['username'],
                                           form.data['password'])
             if user:
-
                 # okay now they're truly logged in
-                headers = remember(self.request, user.uuid)
-                timeout = self.get_session_timeout_for_user(user) or None
-                log.debug("setting session timeout for '{}' to {}".format(user.username, timeout))
-                self.set_session_timeout(timeout)
-
+                headers = login_user(self.request, user)
                 # treat URL from session as referrer, if available
                 referrer = self.request.session.pop('next_url', referrer)
                 return self.redirect(referrer, headers=headers)
@@ -134,33 +125,6 @@ class AuthenticationView(View):
     def authenticate_user(self, username, password):
         return authenticate_user(Session(), username, password)
 
-    def get_session_timeout_for_user(self, user):
-        """
-        Must return a value to be used to set the session timeout for the given
-        user.  By default this will return ``None`` if the user has the
-        "forever session" permission, otherwise will try to read a default
-        value from config:
-
-        .. code-block:: ini
-
-           [tailbone]
-
-           # set session timeout to 10 minutes:
-           session.default_timeout = 600
-
-           # or, set to 0 to disable:
-           #session.default_timeout = 0
-        """
-        if not has_permission(Session(), user, 'general.forever_session'):
-            return self.rattail_config.getint('tailbone', 'session.default_timeout',
-                                              default=300) # 5 minutes
-
-    def set_session_timeout(self, timeout):
-        """
-        Set the server-side session timeout to the given value.
-        """
-        self.request.session['_timeout'] = timeout or None
-
     def mobile_login(self):
         return self.login(mobile=True)