rattail/tailbone
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Refactor logic used to login a user, for easier sharing

Browse source
This commit is contained in:
Lance Edgar 2017-02-11 17:08:27 -06:00
parent 61b3daa701
commit ca4d15f06c
2 changed files with 51 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
tailbone/auth.py
View file

@ -2,7 +2,7 @@
################################################################################
#
# Rattail -- Retail Software Framework
# Copyright © 2010-2016 Lance Edgar
# Copyright © 2010-2017 Lance Edgar
#
# This file is part of Rattail.
#
@ -26,17 +26,63 @@ Authentication & Authorization
from __future__ import unicode_literals, absolute_import
import logging
from rattail.db import model
from rattail.db.auth import has_permission
from rattail.util import prettify
from zope.interface import implementer
from pyramid.interfaces import IAuthorizationPolicy
from pyramid.security import Everyone, Authenticated
from pyramid.security import remember, Everyone, Authenticated
from tailbone.db import Session
log = logging.getLogger(__name__)
def login_user(request, user):
"""
Perform the steps necessary to login the given user. Note that this
returns a ``headers`` dict which you should pass to the redirect.
"""
headers = remember(request, user.uuid)
timeout = get_session_timeout_for_user(request.rattail_config, user) or None
log.debug("setting session timeout for '{}' to {}".format(user.username, timeout))
set_session_timeout(request, timeout)
return headers
def get_session_timeout_for_user(config, user):
"""
Must return a value to be used to set the session timeout for the given
user. By default this will return ``None`` if the user has the
"forever session" permission, otherwise will try to read a default
value from config:
.. code-block:: ini
[tailbone]
# set session timeout to 10 minutes:
session.default_timeout = 600
# or, set to 0 to disable:
#session.default_timeout = 0
"""
if not has_permission(Session(), user, 'general.forever_session'):
return config.getint('tailbone', 'session.default_timeout',
default=300) # 5 minutes
def set_session_timeout(request, timeout):
"""
Set the server-side session timeout to the given value.
"""
request.session['_timeout'] = timeout or None
@implementer(IAuthorizationPolicy)
class TailboneAuthorizationPolicy(object):

42
tailbone/views/auth.py
View file

@ -26,9 +26,7 @@ Auth Views
from __future__ import unicode_literals, absolute_import
import logging
from rattail.db.auth import authenticate_user, set_user_password, has_permission
from rattail.db.auth import authenticate_user, set_user_password
import formencode as fe
from pyramid.httpexceptions import HTTPForbidden
@ -39,9 +37,7 @@ from webhelpers.html import tags, literal
from tailbone import forms
from tailbone.db import Session
from tailbone.views import View
log = logging.getLogger(__name__)
from tailbone.auth import login_user
class UserLogin(fe.Schema):
@ -111,13 +107,8 @@ class AuthenticationView(View):
user = self.authenticate_user(form.data['username'],
form.data['password'])
if user:
# okay now they're truly logged in
headers = remember(self.request, user.uuid)
timeout = self.get_session_timeout_for_user(user) or None
log.debug("setting session timeout for '{}' to {}".format(user.username, timeout))
self.set_session_timeout(timeout)
headers = login_user(self.request, user)
# treat URL from session as referrer, if available
referrer = self.request.session.pop('next_url', referrer)
return self.redirect(referrer, headers=headers)
@ -134,33 +125,6 @@ class AuthenticationView(View):
def authenticate_user(self, username, password):
return authenticate_user(Session(), username, password)
def get_session_timeout_for_user(self, user):
"""
Must return a value to be used to set the session timeout for the given
user. By default this will return ``None`` if the user has the
"forever session" permission, otherwise will try to read a default
value from config:
.. code-block:: ini
[tailbone]
# set session timeout to 10 minutes:
session.default_timeout = 600
# or, set to 0 to disable:
#session.default_timeout = 0
"""
if not has_permission(Session(), user, 'general.forever_session'):
return self.rattail_config.getint('tailbone', 'session.default_timeout',
default=300) # 5 minutes
def set_session_timeout(self, timeout):
"""
Set the server-side session timeout to the given value.
"""
self.request.session['_timeout'] = timeout or None
def mobile_login(self):
return self.login(mobile=True)