Now OpenERPSession is a subclass of werkzeug's session
bzr revid: nicolas.vanhoren@openerp.com-20130711103422-w7y05ox7tq0hz0og
This commit is contained in:
parent
57d18c1a34
commit
a7adac1189
|
@ -916,7 +916,7 @@ class Session(http.Controller):
|
||||||
|
|
||||||
@http.route('/web/session/destroy', type='json', auth="user")
|
@http.route('/web/session/destroy', type='json', auth="user")
|
||||||
def destroy(self):
|
def destroy(self):
|
||||||
request.session._suicide = True
|
request.session.logout()
|
||||||
|
|
||||||
class Menu(http.Controller):
|
class Menu(http.Controller):
|
||||||
|
|
||||||
|
|
|
@ -101,6 +101,8 @@ class WebRequest(object):
|
||||||
self.httprequest = httprequest
|
self.httprequest = httprequest
|
||||||
self.httpresponse = None
|
self.httpresponse = None
|
||||||
self.httpsession = httprequest.session
|
self.httpsession = httprequest.session
|
||||||
|
self.session = httprequest.session
|
||||||
|
self.session_id = httprequest.session.sid
|
||||||
self.db = None
|
self.db = None
|
||||||
self.uid = None
|
self.uid = None
|
||||||
self.func = None
|
self.func = None
|
||||||
|
@ -111,18 +113,10 @@ class WebRequest(object):
|
||||||
|
|
||||||
def init(self, params):
|
def init(self, params):
|
||||||
self.params = dict(params)
|
self.params = dict(params)
|
||||||
# OpenERP session setup
|
|
||||||
self.session_id = self.params.pop("session_id", None)
|
#remove now useless session id
|
||||||
if not self.session_id:
|
if "session_id" in self.params:
|
||||||
i0 = self.httprequest.cookies.get("instance0|session_id", None)
|
del self.params["session_id"]
|
||||||
if i0:
|
|
||||||
self.session_id = simplejson.loads(urllib2.unquote(i0))
|
|
||||||
else:
|
|
||||||
self.session_id = uuid.uuid4().hex
|
|
||||||
self.session = self.httpsession.get(self.session_id)
|
|
||||||
if not self.session:
|
|
||||||
self.session = OpenERPSession()
|
|
||||||
self.httpsession[self.session_id] = self.session
|
|
||||||
|
|
||||||
with set_request(self):
|
with set_request(self):
|
||||||
self.db = self.session._db or db_monodb()
|
self.db = self.session._db or db_monodb()
|
||||||
|
@ -130,7 +124,7 @@ class WebRequest(object):
|
||||||
# TODO: remove this
|
# TODO: remove this
|
||||||
# set db/uid trackers - they're cleaned up at the WSGI
|
# set db/uid trackers - they're cleaned up at the WSGI
|
||||||
# dispatching phase in openerp.service.wsgi_server.application
|
# dispatching phase in openerp.service.wsgi_server.application
|
||||||
if self.session._db:
|
if self.db:
|
||||||
threading.current_thread().dbname = self.session._db
|
threading.current_thread().dbname = self.session._db
|
||||||
if self.session._uid:
|
if self.session._uid:
|
||||||
threading.current_thread().uid = self.session._uid
|
threading.current_thread().uid = self.session._uid
|
||||||
|
@ -334,6 +328,7 @@ class JsonRequest(WebRequest):
|
||||||
return self.jsonp_handler()
|
return self.jsonp_handler()
|
||||||
response = {"jsonrpc": "2.0" }
|
response = {"jsonrpc": "2.0" }
|
||||||
error = None
|
error = None
|
||||||
|
|
||||||
try:
|
try:
|
||||||
#if _logger.isEnabledFor(logging.DEBUG):
|
#if _logger.isEnabledFor(logging.DEBUG):
|
||||||
# _logger.debug("--> %s.%s\n%s", func.im_class.__name__, func.__name__, pprint.pformat(self.jsonrequest))
|
# _logger.debug("--> %s.%s\n%s", func.im_class.__name__, func.__name__, pprint.pformat(self.jsonrequest))
|
||||||
|
@ -626,32 +621,30 @@ class Model(object):
|
||||||
return result
|
return result
|
||||||
return proxy
|
return proxy
|
||||||
|
|
||||||
class OpenERPSession(object):
|
class OpenERPSession(werkzeug.contrib.sessions.Session):
|
||||||
"""
|
def __init__(self, *args, **kwargs):
|
||||||
An OpenERP RPC session, a given user can own multiple such sessions
|
self.inited = False
|
||||||
in a web session.
|
self.modified = False
|
||||||
|
super(OpenERPSession, self).__init__(*args, **kwargs)
|
||||||
|
self.inited = True
|
||||||
|
self.setdefault("_creation_time", time.time())
|
||||||
|
self.setdefault("_db", False)
|
||||||
|
self.setdefault("_uid", False)
|
||||||
|
self.setdefault("_login", False)
|
||||||
|
self.setdefault("_password", False)
|
||||||
|
self.setdefault("context", {})
|
||||||
|
self.setdefault("jsonp_requests", {})
|
||||||
|
self.setdefault("modified", False)
|
||||||
|
|
||||||
.. attribute:: context
|
def __getattr__(self, attr):
|
||||||
|
return self.get(attr, None)
|
||||||
The session context, a ``dict``. Can be reloaded by calling
|
def __setattr__(self, k, v):
|
||||||
:meth:`openerpweb.openerpweb.OpenERPSession.get_context`
|
if getattr(self, "inited", False):
|
||||||
|
try:
|
||||||
.. attribute:: domains_store
|
object.__getattribute__(self, k)
|
||||||
|
except:
|
||||||
A ``dict`` matching domain keys to evaluable (but non-literal) domains.
|
return self.__setitem__(k, v)
|
||||||
|
object.__setattr__(self, k, v)
|
||||||
Used to store references to non-literal domains which need to be
|
|
||||||
round-tripped to the client browser.
|
|
||||||
"""
|
|
||||||
def __init__(self):
|
|
||||||
self._creation_time = time.time()
|
|
||||||
self._db = False
|
|
||||||
self._uid = False
|
|
||||||
self._login = False
|
|
||||||
self._password = False
|
|
||||||
self._suicide = False
|
|
||||||
self.context = {}
|
|
||||||
self.jsonp_requests = {} # FIXME use a LRU
|
|
||||||
|
|
||||||
def authenticate(self, db, login=None, password=None, env=None, uid=None):
|
def authenticate(self, db, login=None, password=None, env=None, uid=None):
|
||||||
"""
|
"""
|
||||||
|
@ -660,6 +653,7 @@ class OpenERPSession(object):
|
||||||
|
|
||||||
:param uid: If not None, that user id will be used instead the login to authenticate the user.
|
:param uid: If not None, that user id will be used instead the login to authenticate the user.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if uid is None:
|
if uid is None:
|
||||||
uid = openerp.netsvc.dispatch_rpc('common', 'authenticate', [db, login, password, env])
|
uid = openerp.netsvc.dispatch_rpc('common', 'authenticate', [db, login, password, env])
|
||||||
else:
|
else:
|
||||||
|
@ -684,6 +678,10 @@ class OpenERPSession(object):
|
||||||
raise SessionExpiredException("Session expired")
|
raise SessionExpiredException("Session expired")
|
||||||
security.check(self._db, self._uid, self._password)
|
security.check(self._db, self._uid, self._password)
|
||||||
|
|
||||||
|
def logout(self):
|
||||||
|
for k in self.keys():
|
||||||
|
del self[k]
|
||||||
|
|
||||||
def get_context(self):
|
def get_context(self):
|
||||||
"""
|
"""
|
||||||
Re-initializes the current user's session context (based on
|
Re-initializes the current user's session context (based on
|
||||||
|
@ -791,69 +789,6 @@ class OpenERPSession(object):
|
||||||
|
|
||||||
return Model(self, model)
|
return Model(self, model)
|
||||||
|
|
||||||
#----------------------------------------------------------
|
|
||||||
# Session context manager
|
|
||||||
#----------------------------------------------------------
|
|
||||||
@contextlib.contextmanager
|
|
||||||
def session_context(httprequest, session_store, session_lock, sid):
|
|
||||||
with session_lock:
|
|
||||||
if sid:
|
|
||||||
httprequest.session = session_store.get(sid)
|
|
||||||
else:
|
|
||||||
httprequest.session = session_store.new()
|
|
||||||
try:
|
|
||||||
yield httprequest.session
|
|
||||||
finally:
|
|
||||||
# Remove all OpenERPSession instances with no uid, they're generated
|
|
||||||
# either by login process or by HTTP requests without an OpenERP
|
|
||||||
# session id, and are generally noise
|
|
||||||
removed_sessions = set()
|
|
||||||
for key, value in httprequest.session.items():
|
|
||||||
if not isinstance(value, OpenERPSession):
|
|
||||||
continue
|
|
||||||
if getattr(value, '_suicide', False) or (
|
|
||||||
not value._uid
|
|
||||||
and not value.jsonp_requests
|
|
||||||
# FIXME do not use a fixed value
|
|
||||||
and value._creation_time + (60*5) < time.time()):
|
|
||||||
_logger.debug('remove session %s', key)
|
|
||||||
removed_sessions.add(key)
|
|
||||||
del httprequest.session[key]
|
|
||||||
|
|
||||||
with session_lock:
|
|
||||||
if sid:
|
|
||||||
# Re-load sessions from storage and merge non-literal
|
|
||||||
# contexts and domains (they're indexed by hash of the
|
|
||||||
# content so conflicts should auto-resolve), otherwise if
|
|
||||||
# two requests alter those concurrently the last to finish
|
|
||||||
# will overwrite the previous one, leading to loss of data
|
|
||||||
# (a non-literal is lost even though it was sent to the
|
|
||||||
# client and client errors)
|
|
||||||
#
|
|
||||||
# note that domains_store and contexts_store are append-only (we
|
|
||||||
# only ever add items to them), so we can just update one with the
|
|
||||||
# other to get the right result, if we want to merge the
|
|
||||||
# ``context`` dict we'll need something smarter
|
|
||||||
in_store = session_store.get(sid)
|
|
||||||
for k, v in httprequest.session.iteritems():
|
|
||||||
stored = in_store.get(k)
|
|
||||||
if stored and isinstance(v, OpenERPSession):
|
|
||||||
if hasattr(v, 'contexts_store'):
|
|
||||||
del v.contexts_store
|
|
||||||
if hasattr(v, 'domains_store'):
|
|
||||||
del v.domains_store
|
|
||||||
if not hasattr(v, 'jsonp_requests'):
|
|
||||||
v.jsonp_requests = {}
|
|
||||||
v.jsonp_requests.update(getattr(
|
|
||||||
stored, 'jsonp_requests', {}))
|
|
||||||
|
|
||||||
# add missing keys
|
|
||||||
for k, v in in_store.iteritems():
|
|
||||||
if k not in httprequest.session and k not in removed_sessions:
|
|
||||||
httprequest.session[k] = v
|
|
||||||
|
|
||||||
session_store.save(httprequest.session)
|
|
||||||
|
|
||||||
def session_gc(session_store):
|
def session_gc(session_store):
|
||||||
if random.random() < 0.001:
|
if random.random() < 0.001:
|
||||||
# we keep session one week
|
# we keep session one week
|
||||||
|
@ -931,8 +866,7 @@ class Root(object):
|
||||||
|
|
||||||
# Setup http sessions
|
# Setup http sessions
|
||||||
path = session_path()
|
path = session_path()
|
||||||
self.session_store = werkzeug.contrib.sessions.FilesystemSessionStore(path)
|
self.session_store = werkzeug.contrib.sessions.FilesystemSessionStore(path, session_class=OpenERPSession)
|
||||||
self.session_lock = threading.Lock()
|
|
||||||
_logger.debug('HTTP sessions stored in: %s', path)
|
_logger.debug('HTTP sessions stored in: %s', path)
|
||||||
|
|
||||||
|
|
||||||
|
@ -953,39 +887,44 @@ class Root(object):
|
||||||
httprequest.parameter_storage_class = werkzeug.datastructures.ImmutableDict
|
httprequest.parameter_storage_class = werkzeug.datastructures.ImmutableDict
|
||||||
httprequest.app = self
|
httprequest.app = self
|
||||||
|
|
||||||
|
session_gc(self.session_store)
|
||||||
|
|
||||||
sid = httprequest.cookies.get('sid')
|
sid = httprequest.cookies.get('sid')
|
||||||
if not sid:
|
if not sid:
|
||||||
sid = httprequest.args.get('sid')
|
sid = httprequest.args.get('sid')
|
||||||
|
if sid is None:
|
||||||
|
httprequest.session = self.session_store.new()
|
||||||
|
else:
|
||||||
|
httprequest.session = self.session_store.get(sid)
|
||||||
|
|
||||||
session_gc(self.session_store)
|
request = self._build_request(httprequest)
|
||||||
|
db = request.db
|
||||||
|
|
||||||
with session_context(httprequest, self.session_store, self.session_lock, sid) as session:
|
if db:
|
||||||
request = self._build_request(httprequest)
|
updated = openerp.modules.registry.RegistryManager.check_registry_signaling(db)
|
||||||
db = request.db
|
if updated:
|
||||||
|
with self.db_routers_lock:
|
||||||
|
del self.db_routers[db]
|
||||||
|
|
||||||
if db:
|
with set_request(request):
|
||||||
updated = openerp.modules.registry.RegistryManager.check_registry_signaling(db)
|
self.find_handler()
|
||||||
if updated:
|
result = request.dispatch()
|
||||||
with self.db_routers_lock:
|
|
||||||
del self.db_routers[db]
|
|
||||||
|
|
||||||
with set_request(request):
|
if db:
|
||||||
self.find_handler()
|
openerp.modules.registry.RegistryManager.signal_caches_change(db)
|
||||||
result = request.dispatch()
|
|
||||||
|
|
||||||
if db:
|
if isinstance(result, basestring):
|
||||||
openerp.modules.registry.RegistryManager.signal_caches_change(db)
|
headers=[('Content-Type', 'text/html; charset=utf-8'), ('Content-Length', len(result))]
|
||||||
|
response = werkzeug.wrappers.Response(result, headers=headers)
|
||||||
|
else:
|
||||||
|
response = result
|
||||||
|
|
||||||
if isinstance(result, basestring):
|
if httprequest.session.should_save:
|
||||||
headers=[('Content-Type', 'text/html; charset=utf-8'), ('Content-Length', len(result))]
|
self.session_store.save(httprequest.session)
|
||||||
response = werkzeug.wrappers.Response(result, headers=headers)
|
if hasattr(response, 'set_cookie'):
|
||||||
else:
|
response.set_cookie('sid', httprequest.session.sid)
|
||||||
response = result
|
|
||||||
|
|
||||||
if hasattr(response, 'set_cookie'):
|
return response(environ, start_response)
|
||||||
response.set_cookie('sid', session.sid)
|
|
||||||
|
|
||||||
return response(environ, start_response)
|
|
||||||
except werkzeug.exceptions.HTTPException, e:
|
except werkzeug.exceptions.HTTPException, e:
|
||||||
return e(environ, start_response)
|
return e(environ, start_response)
|
||||||
|
|
||||||
|
|
|
@ -1599,7 +1599,7 @@ instance.web.EmbeddedClient = instance.web.Client.extend({
|
||||||
if (s.session_is_valid() && s.db === this.dbname && s.login === this.login) {
|
if (s.session_is_valid() && s.db === this.dbname && s.login === this.login) {
|
||||||
return $.when();
|
return $.when();
|
||||||
}
|
}
|
||||||
return instance.session.session_authenticate(this.dbname, this.login, this.key, true);
|
return instance.session.session_authenticate(this.dbname, this.login, this.key);
|
||||||
},
|
},
|
||||||
|
|
||||||
bind_credentials: function(dbname, login, key) {
|
bind_credentials: function(dbname, login, key) {
|
||||||
|
|
|
@ -58,7 +58,7 @@ instance.web.Session = instance.web.JsonRPC.extend( /** @lends instance.web.Sess
|
||||||
session_init: function () {
|
session_init: function () {
|
||||||
var self = this;
|
var self = this;
|
||||||
// TODO: session store in cookie should be optional
|
// TODO: session store in cookie should be optional
|
||||||
this.session_id = this.get_cookie('session_id');
|
this.session_id = this.get_cookie('sid');
|
||||||
return this.session_reload().then(function(result) {
|
return this.session_reload().then(function(result) {
|
||||||
var modules = instance._modules.join(',');
|
var modules = instance._modules.join(',');
|
||||||
var deferred = self.rpc('/web/webclient/qweblist', {mods: modules}).then(self.load_qweb.bind(self));
|
var deferred = self.rpc('/web/webclient/qweblist', {mods: modules}).then(self.load_qweb.bind(self));
|
||||||
|
@ -107,14 +107,10 @@ instance.web.Session = instance.web.JsonRPC.extend( /** @lends instance.web.Sess
|
||||||
return $.Deferred().reject();
|
return $.Deferred().reject();
|
||||||
}
|
}
|
||||||
_.extend(self, result);
|
_.extend(self, result);
|
||||||
if (!_volatile) {
|
|
||||||
self.set_cookie('session_id', self.session_id);
|
|
||||||
}
|
|
||||||
return self.load_modules();
|
return self.load_modules();
|
||||||
});
|
});
|
||||||
},
|
},
|
||||||
session_logout: function() {
|
session_logout: function() {
|
||||||
this.set_cookie('session_id', '');
|
|
||||||
$.bbq.removeState();
|
$.bbq.removeState();
|
||||||
return this.rpc("/web/session/destroy", {});
|
return this.rpc("/web/session/destroy", {});
|
||||||
},
|
},
|
||||||
|
|
Loading…
Reference in New Issue