Context Navigation

session.py

リビジョン 3, 20.9 KB (コミッタ: kohda, 14 年前)
Install Unix tools http://hannonlab.cshl.edu/galaxy_unix_tools/galaxy.html

行番号
1	import cPickle
2	import Cookie
3	import hmac
4	import os
5	import random
6	import time
7	from datetime import datetime, timedelta
8	try:
9	from hashlib import md5
10	except ImportError:
11	from md5 import md5
12	try:
13	# Use PyCrypto (if available)
14	from Crypto.Hash import HMAC, SHA as SHA1
15
16	except ImportError:
17	# PyCrypto not available. Use the Python standard library.
18	import hmac as HMAC
19	import sys
20	# When using the stdlib, we have to make sure the hmac version and sha
21	# version are compatible
22	if sys.version_info[0:2] <= (2,4):
23	# hmac in python2.4 or less require the sha module
24	import sha as SHA1
25	else:
26	# NOTE: We have to use the callable with hashlib (hashlib.sha1),
27	# otherwise hmac only accepts the sha module object itself
28	from hashlib import sha1 as SHA1
29
30	# Check for pycryptopp encryption for AES
31	try:
32	from beaker.crypto import generateCryptoKeys, aesEncrypt
33	crypto_ok = True
34	except:
35	crypto_ok = False
36
37	from beaker.cache import clsmap
38	from beaker.exceptions import BeakerException
39	from beaker.util import b64decode, b64encode, Set
40
41	__all__ = ['SignedCookie', 'Session']
42
43	getpid = hasattr(os, 'getpid') and os.getpid or (lambda : '')
44
45	class SignedCookie(Cookie.BaseCookie):
46	"""Extends python cookie to give digital signature support"""
47	def __init__(self, secret, input=None):
48	self.secret = secret
49	Cookie.BaseCookie.__init__(self, input)
50
51	def value_decode(self, val):
52	val = val.strip('"')
53	sig = HMAC.new(self.secret, val[40:], SHA1).hexdigest()
54	if sig != val[:40]:
55	return None, val
56	else:
57	return val[40:], val
58
59	def value_encode(self, val):
60	sig = HMAC.new(self.secret, val, SHA1).hexdigest()
61	return str(val), ("%s%s" % (sig, val))
62
63
64	class Session(dict):
65	"""Session object that uses container package for storage"""
66	def __init__(self, request, id=None, invalidate_corrupt=False,
67	use_cookies=True, type=None, data_dir=None,
68	key='beaker.session.id', timeout=None, cookie_expires=True,
69	cookie_domain=None, secret=None, secure=False,
70	namespace_class=None, **namespace_args):
71	if not type:
72	if data_dir:
73	self.type = 'file'
74	else:
75	self.type = 'memory'
76	else:
77	self.type = type
78
79	self.namespace_class = namespace_class or clsmap[self.type]
80
81	self.namespace_args = namespace_args
82
83	self.request = request
84	self.data_dir = data_dir
85	self.key = key
86
87	self.timeout = timeout
88	self.use_cookies = use_cookies
89	self.cookie_expires = cookie_expires
90
91	# Default cookie domain/path
92	self._domain = cookie_domain
93	self._path = '/'
94	self.was_invalidated = False
95	self.secret = secret
96	self.secure = secure
97	self.id = id
98	self.accessed_dict = {}
99
100	if self.use_cookies:
101	cookieheader = request.get('cookie', '')
102	if secret:
103	try:
104	self.cookie = SignedCookie(secret, input=cookieheader)
105	except Cookie.CookieError:
106	self.cookie = SignedCookie(secret, input=None)
107	else:
108	self.cookie = Cookie.SimpleCookie(input=cookieheader)
109
110	if not self.id and self.key in self.cookie:
111	self.id = self.cookie[self.key].value
112
113	self.is_new = self.id is None
114	if self.is_new:
115	self._create_id()
116	self['_accessed_time'] = self['_creation_time'] = time.time()
117	else:
118	try:
119	self.load()
120	except:
121	if invalidate_corrupt:
122	self.invalidate()
123	else:
124	raise
125
126	def _create_id(self):
127	self.id = md5(
128	md5("%f%s%f%s" % (time.time(), id({}), random.random(),
129	getpid())).hexdigest(),
130	).hexdigest()
131	self.is_new = True
132	self.last_accessed = None
133	if self.use_cookies:
134	self.cookie[self.key] = self.id
135	if self._domain:
136	self.cookie[self.key]['domain'] = self._domain
137	if self.secure:
138	self.cookie[self.key]['secure'] = True
139	self.cookie[self.key]['path'] = self._path
140	if self.cookie_expires is not True:
141	if self.cookie_expires is False:
142	expires = datetime.fromtimestamp( 0x7FFFFFFF )
143	elif isinstance(self.cookie_expires, timedelta):
144	expires = datetime.today() + self.cookie_expires
145	elif isinstance(self.cookie_expires, datetime):
146	expires = self.cookie_expires
147	else:
148	raise ValueError("Invalid argument for cookie_expires: %s"
149	% repr(self.cookie_expires))
150	self.cookie[self.key]['expires'] = \
151	expires.strftime("%a, %d-%b-%Y %H:%M:%S GMT" )
152	self.request['cookie_out'] = self.cookie[self.key].output(header='')
153	self.request['set_cookie'] = False
154
155	def created(self):
156	return self['_creation_time']
157	created = property(created)
158
159	def _set_domain(self, domain):
160	self['_domain'] = domain
161	self.cookie[self.key]['domain'] = domain
162	self.request['cookie_out'] = self.cookie[self.key].output(header='')
163	self.request['set_cookie'] = True
164
165	def _get_domain(self, domain):
166	return self._domain
167
168	domain = property(_get_domain, _set_domain)
169
170	def _set_path(self, path):
171	self['_path'] = path
172	self.cookie[self.key]['path'] = path
173	self.request['cookie_out'] = self.cookie[self.key].output(header='')
174	self.request['set_cookie'] = True
175
176	def _get_domain(self, domain):
177	return self._domain
178
179	domain = property(_get_domain, _set_domain)
180
181	def _delete_cookie(self):
182	self.request['set_cookie'] = True
183	self.cookie[self.key] = self.id
184	if self._domain:
185	self.cookie[self.key]['domain'] = self._domain
186	if self.secure:
187	self.cookie[self.key]['secure'] = True
188	self.cookie[self.key]['path'] = '/'
189	expires = datetime.today().replace(year=2003)
190	self.cookie[self.key]['expires'] = \
191	expires.strftime("%a, %d-%b-%Y %H:%M:%S GMT" )
192	self.request['cookie_out'] = self.cookie[self.key].output(header='')
193	self.request['set_cookie'] = True
194
195	def delete(self):
196	"""Deletes the session from the persistent storage, and sends
197	an expired cookie out"""
198	if self.use_cookies:
199	self._delete_cookie()
200	self.clear()
201
202	def invalidate(self):
203	"""Invalidates this session, creates a new session id, returns
204	to the is_new state"""
205	self.clear()
206	self.was_invalidated = True
207	self._create_id()
208	self.load()
209
210	def load(self):
211	"Loads the data from this session from persistent storage"
212	self.namespace = self.namespace_class(self.id,
213	data_dir=self.data_dir, digest_filenames=False,
214	**self.namespace_args)
215	now = time.time()
216	self.request['set_cookie'] = True
217
218	self.namespace.acquire_read_lock()
219	timed_out = False
220	try:
221	self.clear()
222	try:
223	session_data = self.namespace['session']
224
225	# Memcached always returns a key, its None when its not
226	# present
227	if session_data is None:
228	session_data = {
229	'_creation_time':now,
230	'_accessed_time':now
231	}
232	self.is_new = True
233	except (KeyError, TypeError):
234	session_data = {
235	'_creation_time':now,
236	'_accessed_time':now
237	}
238	self.is_new = True
239
240	if self.timeout is not None and \
241	now - session_data['_accessed_time'] > self.timeout:
242	timed_out= True
243	else:
244	# Properly set the last_accessed time, which is different
245	# than the currently _accessed_time
246	if self.is_new or '_accessed_time' not in session_data:
247	self.last_accessed = None
248	else:
249	self.last_accessed = session_data['_accessed_time']
250
251	# Update the current _accessed_time
252	session_data['_accessed_time'] = now
253	self.update(session_data)
254	self.accessed_dict = session_data.copy()
255	finally:
256	self.namespace.release_read_lock()
257	if timed_out:
258	self.invalidate()
259
260	def save(self, accessed_only=False):
261	"""Saves the data for this session to persistent storage
262
263	If accessed_only is True, then only the original data loaded
264	at the beginning of the request will be saved, with the updated
265	last accessed time.
266
267	"""
268	# Look to see if its a new session that was only accessed
269	# Don't save it under that case
270	if accessed_only and self.is_new:
271	return None
272
273	if not hasattr(self, 'namespace'):
274	self.namespace = self.namespace_class(
275	self.id,
276	data_dir=self.data_dir,
277	digest_filenames=False,
278	**self.namespace_args)
279
280	self.namespace.acquire_write_lock()
281	try:
282	if accessed_only:
283	data = dict(self.accessed_dict.items())
284	else:
285	data = dict(self.items())
286
287	# Save the data
288	if not data and 'session' in self.namespace:
289	del self.namespace['session']
290	else:
291	self.namespace['session'] = data
292	finally:
293	self.namespace.release_write_lock()
294	if self.is_new:
295	self.request['set_cookie'] = True
296
297	def revert(self):
298	"""Revert the session to its original state from its first
299	access in the request"""
300	self.clear()
301	self.update(self.accessed_dict)
302
303	# TODO: I think both these methods should be removed. They're from
304	# the original mod_python code i was ripping off but they really
305	# have no use here.
306	def lock(self):
307	"""Locks this session against other processes/threads. This is
308	automatic when load/save is called.
309
310	*use with caution* and always with a corresponding 'unlock'
311	inside a "finally:" block, as a stray lock typically cannot be
312	unlocked without shutting down the whole application.
313
314	"""
315	self.namespace.acquire_write_lock()
316
317	def unlock(self):
318	"""Unlocks this session against other processes/threads. This
319	is automatic when load/save is called.
320
321	*use with caution* and always within a "finally:" block, as
322	a stray lock typically cannot be unlocked without shutting down
323	the whole application.
324
325	"""
326	self.namespace.release_write_lock()
327
328	class CookieSession(Session):
329	"""Pure cookie-based session
330
331	Options recognized when using cookie-based sessions are slightly
332	more restricted than general sessions.
333
334	``key``
335	The name the cookie should be set to.
336	``timeout``
337	How long session data is considered valid. This is used
338	regardless of the cookie being present or not to determine
339	whether session data is still valid.
340	``encrypt_key``
341	The key to use for the session encryption, if not provided the
342	session will not be encrypted.
343	``validate_key``
344	The key used to sign the encrypted session
345	``cookie_domain``
346	Domain to use for the cookie.
347	``secure``
348	Whether or not the cookie should only be sent over SSL.
349
350	"""
351	def __init__(self, request, key='beaker.session.id', timeout=None,
352	cookie_expires=True, cookie_domain=None, encrypt_key=None,
353	validate_key=None, secure=False, **kwargs):
354	if not crypto_ok and encrypt_key:
355	raise BeakerException("pycryptopp is not installed, can't use "
356	"encrypted cookie-only Session.")
357
358	self.request = request
359	self.key = key
360	self.timeout = timeout
361	self.cookie_expires = cookie_expires
362	self.encrypt_key = encrypt_key
363	self.validate_key = validate_key
364	self.request['set_cookie'] = False
365	self.secure = secure
366	self._domain = cookie_domain
367	self._path = '/'
368
369	try:
370	cookieheader = request['cookie']
371	except KeyError:
372	cookieheader = ''
373
374	if validate_key is None:
375	raise BeakerException("No validate_key specified for Cookie only "
376	"Session.")
377
378	try:
379	self.cookie = SignedCookie(validate_key, input=cookieheader)
380	except Cookie.CookieError:
381	self.cookie = SignedCookie(validate_key, input=None)
382
383	self['_id'] = self._make_id()
384	self.is_new = True
385
386	# If we have a cookie, load it
387	if self.key in self.cookie and self.cookie[self.key].value is not None:
388	self.is_new = False
389	try:
390	self.update(self._decrypt_data())
391	except:
392	pass
393	if self.timeout is not None and time.time() - \
394	self['_accessed_time'] > self.timeout:
395	self.clear()
396	self.accessed_dict = self.copy()
397	self._create_cookie()
398
399	def created(self):
400	return self['_creation_time']
401	created = property(created)
402
403	def id(self):
404	return self['_id']
405	id = property(id)
406
407	def _set_domain(self, domain):
408	self['_domain'] = domain
409	self._domain = domain
410
411	def _set_path(self, path):
412	self['_path'] = path
413	self._path = path
414
415	def _encrypt_data(self):
416	"""Serialize, encipher, and base64 the session dict"""
417	if self.encrypt_key:
418	nonce = b64encode(os.urandom(40))[:8]
419	encrypt_key = generateCryptoKeys(self.encrypt_key,
420	self.validate_key + nonce, 1)
421	data = cPickle.dumps(self.copy(), 2)
422	return nonce + b64encode(aesEncrypt(data, encrypt_key))
423	else:
424	data = cPickle.dumps(self.copy(), 2)
425	return b64encode(data)
426
427	def _decrypt_data(self):
428	"""Bas64, decipher, then un-serialize the data for the session
429	dict"""
430	if self.encrypt_key:
431	nonce = self.cookie[self.key].value[:8]
432	encrypt_key = generateCryptoKeys(self.encrypt_key,
433	self.validate_key + nonce, 1)
434	payload = b64decode(self.cookie[self.key].value[8:])
435	data = aesEncrypt(payload, encrypt_key)
436	return cPickle.loads(data)
437	else:
438	data = b64decode(self.cookie[self.key].value)
439	return cPickle.loads(data)
440
441	def _make_id(self):
442	return md5(md5(
443	"%f%s%f%d" % (time.time(), id({}), random.random(), getpid())
444	).hexdigest()
445	).hexdigest()
446
447	def save(self, accessed_only=False):
448	"""Saves the data for this session to persistent storage"""
449	if accessed_only and self.is_new:
450	return
451	if accessed_only:
452	self.clear()
453	self.update(self.accessed_dict)
454	self._create_cookie()
455
456	def expire(self):
457	"""Delete the 'expires' attribute on this Session, if any."""
458
459	self.pop('_expires', None)
460
461	def _create_cookie(self):
462	if '_creation_time' not in self:
463	self['_creation_time'] = time.time()
464	if '_id' not in self:
465	self['_id'] = self._make_id()
466	self['_accessed_time'] = time.time()
467
468	if self.cookie_expires is not True:
469	if self.cookie_expires is False:
470	expires = datetime.fromtimestamp( 0x7FFFFFFF )
471	elif isinstance(self.cookie_expires, timedelta):
472	expires = datetime.today() + self.cookie_expires
473	elif isinstance(self.cookie_expires, datetime):
474	expires = self.cookie_expires
475	else:
476	raise ValueError("Invalid argument for cookie_expires: %s"
477	% repr(self.cookie_expires))
478	self['_expires'] = expires
479	elif '_expires' in self:
480	expires = self['_expires']
481	else:
482	expires = None
483
484	val = self._encrypt_data()
485	if len(val) > 4064:
486	raise BeakerException("Cookie value is too long to store")
487
488	self.cookie[self.key] = val
489	if '_domain' in self:
490	self.cookie[self.key]['domain'] = self['_domain']
491	elif self._domain:
492	self.cookie[self.key]['domain'] = self._domain
493	if self.secure:
494	self.cookie[self.key]['secure'] = True
495
496	self.cookie[self.key]['path'] = self.get('_path', '/')
497
498	if expires:
499	self.cookie[self.key]['expires'] = \
500	expires.strftime("%a, %d-%b-%Y %H:%M:%S GMT" )
501	self.request['cookie_out'] = self.cookie[self.key].output(header='')
502	self.request['set_cookie'] = True
503
504	def delete(self):
505	"""Delete the cookie, and clear the session"""
506	# Send a delete cookie request
507	self._delete_cookie()
508	self.clear()
509
510	def invalidate(self):
511	"""Clear the contents and start a new session"""
512	self.delete()
513	self['_id'] = self._make_id()
514
515
516	class SessionObject(object):
517	"""Session proxy/lazy creator
518
519	This object proxies access to the actual session object, so that in
520	the case that the session hasn't been used before, it will be
521	setup. This avoid creating and loading the session from persistent
522	storage unless its actually used during the request.
523
524	"""
525	def __init__(self, environ, **params):
526	self.__dict__['_params'] = params
527	self.__dict__['_environ'] = environ
528	self.__dict__['_sess'] = None
529	self.__dict__['_headers'] = []
530
531	def _session(self):
532	"""Lazy initial creation of session object"""
533	if self.__dict__['_sess'] is None:
534	params = self.__dict__['_params']
535	environ = self.__dict__['_environ']
536	self.__dict__['_headers'] = req = {'cookie_out':None}
537	req['cookie'] = environ.get('HTTP_COOKIE')
538	if params.get('type') == 'cookie':
539	self.__dict__['_sess'] = CookieSession(req, **params)
540	else:
541	self.__dict__['_sess'] = Session(req, use_cookies=True,
542	**params)
543	return self.__dict__['_sess']
544
545	def __getattr__(self, attr):
546	return getattr(self._session(), attr)
547
548	def __setattr__(self, attr, value):
549	setattr(self._session(), attr, value)
550
551	def __delattr__(self, name):
552	self._session().__delattr__(name)
553
554	def __getitem__(self, key):
555	return self._session()[key]
556
557	def __setitem__(self, key, value):
558	self._session()[key] = value
559
560	def __delitem__(self, key):
561	self._session().__delitem__(key)
562
563	def __repr__(self):
564	return self._session().__repr__()
565
566	def __iter__(self):
567	"""Only works for proxying to a dict"""
568	return iter(self._session().keys())
569
570	def __contains__(self, key):
571	return self._session().has_key(key)
572
573	def get_by_id(self, id):
574	params = self.__dict__['_params']
575	session = Session({}, use_cookies=False, id=id, **params)
576	if session.is_new:
577	return None
578	return session
579
580	def save(self):
581	self.__dict__['_dirty'] = True
582
583	def delete(self):
584	self.__dict__['_dirty'] = True
585	self._session().delete()
586
587	def persist(self):
588	"""Persist the session to the storage
589
590	If its set to autosave, then the entire session will be saved
591	regardless of if save() has been called. Otherwise, just the
592	accessed time will be updated if save() was not called, or
593	the session will be saved if save() was called.
594
595	"""
596	if self.__dict__['_params'].get('auto'):
597	self._session().save()
598	else:
599	if self.__dict__.get('_dirty'):
600	self._session().save()
601	else:
602	self._session().save(accessed_only=True)
603
604	def dirty(self):
605	return self.__dict__.get('_dirty', False)
606
607	def accessed(self):
608	return self.__dict__['_sess'] is not None

Note: リポジトリブラウザについてのヘルプは TracBrowser を参照してください。

Context Navigation

root/galaxy-central/eggs/Beaker-1.4-py2.6.egg/beaker/session.py

異なるフォーマットでダウンロード: