|
|
@ -10,13 +10,14 @@ |
|
|
|
:license: BSD, see LICENSE for more details. |
|
|
|
:license: BSD, see LICENSE for more details. |
|
|
|
""" |
|
|
|
""" |
|
|
|
|
|
|
|
|
|
|
|
import cPickle as pickle |
|
|
|
|
|
|
|
from datetime import datetime |
|
|
|
from datetime import datetime |
|
|
|
from werkzeug.contrib.securecookie import SecureCookie |
|
|
|
|
|
|
|
from werkzeug.http import http_date, parse_date |
|
|
|
from werkzeug.http import http_date, parse_date |
|
|
|
from .helpers import json, _assert_have_json |
|
|
|
from werkzeug.datastructures import CallbackDict |
|
|
|
|
|
|
|
from .helpers import json |
|
|
|
from . import Markup |
|
|
|
from . import Markup |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
from itsdangerous import URLSafeTimedSerializer, BadSignature |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class SessionMixin(object): |
|
|
|
class SessionMixin(object): |
|
|
|
"""Expands a basic dictionary with an accessors that are expected |
|
|
|
"""Expands a basic dictionary with an accessors that are expected |
|
|
@ -51,8 +52,6 @@ class TaggedJSONSerializer(object): |
|
|
|
""" |
|
|
|
""" |
|
|
|
|
|
|
|
|
|
|
|
def dumps(self, value): |
|
|
|
def dumps(self, value): |
|
|
|
if __debug__: |
|
|
|
|
|
|
|
_assert_have_json() |
|
|
|
|
|
|
|
def _tag(value): |
|
|
|
def _tag(value): |
|
|
|
if isinstance(value, tuple): |
|
|
|
if isinstance(value, tuple): |
|
|
|
return {'##t': [_tag(x) for x in value]} |
|
|
|
return {'##t': [_tag(x) for x in value]} |
|
|
@ -68,8 +67,6 @@ class TaggedJSONSerializer(object): |
|
|
|
return json.dumps(_tag(value), separators=(',', ':')) |
|
|
|
return json.dumps(_tag(value), separators=(',', ':')) |
|
|
|
|
|
|
|
|
|
|
|
def loads(self, value): |
|
|
|
def loads(self, value): |
|
|
|
if __debug__: |
|
|
|
|
|
|
|
_assert_have_json() |
|
|
|
|
|
|
|
def object_hook(obj): |
|
|
|
def object_hook(obj): |
|
|
|
if len(obj) != 1: |
|
|
|
if len(obj) != 1: |
|
|
|
return obj |
|
|
|
return obj |
|
|
@ -87,32 +84,14 @@ class TaggedJSONSerializer(object): |
|
|
|
session_json_serializer = TaggedJSONSerializer() |
|
|
|
session_json_serializer = TaggedJSONSerializer() |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class SecureCookieSession(SecureCookie, SessionMixin): |
|
|
|
class SecureCookieSession(CallbackDict, SessionMixin): |
|
|
|
"""Expands the session with support for switching between permanent |
|
|
|
"""Baseclass for sessions based on signed cookies.""" |
|
|
|
and non-permanent sessions and changes the default pickle based |
|
|
|
|
|
|
|
serialization format to a tagged json one. |
|
|
|
|
|
|
|
""" |
|
|
|
|
|
|
|
serialization_method = session_json_serializer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class _UpgradeSerializer(object): |
|
|
|
|
|
|
|
def dumps(self, value): |
|
|
|
|
|
|
|
return session_json_serializer.dumps(value) |
|
|
|
|
|
|
|
def loads(self, value): |
|
|
|
|
|
|
|
try: |
|
|
|
|
|
|
|
return session_json_serializer.loads(value) |
|
|
|
|
|
|
|
except Exception: |
|
|
|
|
|
|
|
return pickle.loads(value) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class UpgradeSecureCookieSession(SecureCookieSession): |
|
|
|
def __init__(self, initial=None): |
|
|
|
"""This cookie sesion implementation tries json first but will also |
|
|
|
def on_update(self): |
|
|
|
support pickle based session. This exists mainly to upgrade existing |
|
|
|
self.modified = True |
|
|
|
pickle based users transparently to json. |
|
|
|
CallbackDict.__init__(self, initial, on_update) |
|
|
|
|
|
|
|
self.modified = False |
|
|
|
.. versionadded:: 0.10 |
|
|
|
|
|
|
|
""" |
|
|
|
|
|
|
|
serialization_method = _UpgradeSerializer() |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class NullSession(SecureCookieSession): |
|
|
|
class NullSession(SecureCookieSession): |
|
|
@ -246,38 +225,43 @@ class SessionInterface(object): |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class SecureCookieSessionInterface(SessionInterface): |
|
|
|
class SecureCookieSessionInterface(SessionInterface): |
|
|
|
"""The cookie session interface that uses the Werkzeug securecookie |
|
|
|
salt = 'cookie-session' |
|
|
|
as client side session backend. |
|
|
|
|
|
|
|
""" |
|
|
|
|
|
|
|
session_class = SecureCookieSession |
|
|
|
session_class = SecureCookieSession |
|
|
|
|
|
|
|
serializer = session_json_serializer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def get_serializer(self, app): |
|
|
|
|
|
|
|
if not app.secret_key: |
|
|
|
|
|
|
|
return None |
|
|
|
|
|
|
|
return URLSafeTimedSerializer(app.secret_key, |
|
|
|
|
|
|
|
salt=self.salt, |
|
|
|
|
|
|
|
serializer=self.serializer) |
|
|
|
|
|
|
|
|
|
|
|
def open_session(self, app, request): |
|
|
|
def open_session(self, app, request): |
|
|
|
key = app.secret_key |
|
|
|
s = self.get_serializer(app) |
|
|
|
if key is not None: |
|
|
|
if s is None: |
|
|
|
return self.session_class.load_cookie(request, |
|
|
|
return None |
|
|
|
app.session_cookie_name, |
|
|
|
val = request.cookies.get(app.session_cookie_name) |
|
|
|
secret_key=key) |
|
|
|
if not val: |
|
|
|
|
|
|
|
return self.session_class() |
|
|
|
|
|
|
|
max_age = app.permanent_session_lifetime.total_seconds() |
|
|
|
|
|
|
|
try: |
|
|
|
|
|
|
|
data = s.loads(val, max_age=max_age) |
|
|
|
|
|
|
|
return self.session_class(data) |
|
|
|
|
|
|
|
except BadSignature: |
|
|
|
|
|
|
|
return self.session_class() |
|
|
|
|
|
|
|
|
|
|
|
def save_session(self, app, session, response): |
|
|
|
def save_session(self, app, session, response): |
|
|
|
expires = self.get_expiration_time(app, session) |
|
|
|
|
|
|
|
domain = self.get_cookie_domain(app) |
|
|
|
domain = self.get_cookie_domain(app) |
|
|
|
path = self.get_cookie_path(app) |
|
|
|
path = self.get_cookie_path(app) |
|
|
|
httponly = self.get_cookie_httponly(app) |
|
|
|
httponly = self.get_cookie_httponly(app) |
|
|
|
secure = self.get_cookie_secure(app) |
|
|
|
secure = self.get_cookie_secure(app) |
|
|
|
if session.modified and not session: |
|
|
|
if not session: |
|
|
|
response.delete_cookie(app.session_cookie_name, path=path, |
|
|
|
if session.modified: |
|
|
|
domain=domain) |
|
|
|
response.delete_cookie(app.session_cookie_name, |
|
|
|
else: |
|
|
|
domain=domain, path=path) |
|
|
|
session.save_cookie(response, app.session_cookie_name, path=path, |
|
|
|
return |
|
|
|
expires=expires, httponly=httponly, |
|
|
|
expires = self.get_expiration_time(app, session) |
|
|
|
secure=secure, domain=domain) |
|
|
|
val = self.get_serializer(app).dumps(dict(session)) |
|
|
|
|
|
|
|
response.set_cookie(app.session_cookie_name, val, |
|
|
|
|
|
|
|
expires=expires, httponly=httponly, |
|
|
|
class UpgradeSecureCookieSessionInterface(SecureCookieSessionInterface): |
|
|
|
domain=domain, path=path, secure=secure) |
|
|
|
"""This session interface works exactly like the regular one but uses |
|
|
|
|
|
|
|
the :class:`UpgradeSecureCookieSession` classes to upgrade from pickle |
|
|
|
|
|
|
|
sessions to JSON sessions. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
.. versionadded:: 0.10 |
|
|
|
|
|
|
|
""" |
|
|
|
|
|
|
|
session_class = UpgradeSecureCookieSession |
|
|
|
|
|
|
|