Changed the sessions management layout

lodel/auth/session.py

@@ -3,20 +3,157 @@
 from abc import ABC, abstractmethod
 from uuid import uuid1
 
+from werkzeug.contrib.sessions import generate_key, Session
+
 from lodel.auth.exceptions import AuthenticationError
 from lodel.utils.datetime import get_utc_timestamp
 
 
+class LodelSession(ABC):
+    expiration_limit = 900
+
+    __sessions = {}
+
+    ## @brief creates a session
+    # @param contests dict : session initialization keys
+    def __init__(self, contents={}):
+
+        self.sid = self.__class__.generate_new_sid()
+
+        for key, value in contents.items():
+            self.set_key(key, value)
+
+        self.store()
+        self.register_session()
+
+    ## @brief stores the session
+    @abstractmethod
+    def store(self):
+        pass
+
+    ## @brief registers the session
+    @abstractmethod
+    def register_session(self):
+        pass
+
+    ## @brief saves a session
+    @abstractmethod
+    def save(self):
+        pass
+
+    ## @brief loads a session
+    # @param sid str : session id
+    # @return LodelSession
+    @classmethod
+    @abstractmethod
+    def load(cls, sid):
+        return None
+
+    ## @brief cleans the session store
+    @classmethod
+    @abstractmethod
+    def clean(cls):
+        pass
+
+    ## @brief destroys a session
+    # @param sid str : session id
+    @classmethod
+    def destroy(cls, sid):
+        cls.delete_session(sid)
+        cls.unregister_session(sid)
+
+    ## @brief deletes a session
+    # @param sid str : session id
+    @classmethod
+    @abstractmethod
+    def delete_session(cls, sid):
+        pass
+
+    ## @brief unregisters a session from the session store list
+    # @param sid str : session id
+    @classmethod
+    def unregister_session(cls, sid):
+        if sid in cls.__sessions:
+            del cls.__sessions[sid]
+
+    ## @brief checks if a session if registered
+    # @param sid str : session id
+    # @return bool
+    @classmethod
+    def is_registered(cls, sid):
+        return (sid in cls.__sessions)
+
+
+    ## @brief checks if a session is expired
+    # @param sid str : session id
+    @classmethod
+    def is_expired(cls, sid):
+        expiration_timestamp = cls.get_last_modified(sid) + cls.EXPIRATION_LIMIT
+        now_timestamp = get_utc_timestamp()
+        return now_timestamp > expiration_timestamp
+
+    ## @brief gets the timestamp of the last modification
+    # @param sid str : session id
+    # @return float
+    @classmethod
+    @abstractmethod
+    def get_last_modified(cls, sid):
+        return 0.0
+
+    ## @brief generates a new session id
+    # @return sid
+    # @todo find a more secure way of building a session id
+    @classmethod
+    def generate_new_sid(cls):
+        return uuid1()
+
+    ## @brief sets a key's value in the session
+    # @param key str
+    # @param value unknown
+    def set_key(self, key, value):
+        setattr(self, key, value)
+        self.save()
+
+    ## @brief gets a key's value from the session
+    # @param key str
+    # @return unknown
+    def get_key(self, key):
+        return getattr(object=self, name=key, default=None)
+
+    ## @brief deletes a given key in the session
+    # @param key str
+    def delete_key(self, key):
+        delattr(p_object=self, key)
+        self.save()
+
+
+
+
+
+
+
+'''
 class SessionStore(ABC):
 
     expiration_limit = 900
 
+    _instance = None
+
+    def __init__(self, session_class=Session):
+        self.session_class = session_class
+        if self.__class__._instance is None:
+            self.__class__._instance = self.__class__()
+
+    def __getattr__(self, item):
+        return getattr(self.__class__._instance, item)
+
     ## @brief Generates a session unique ID
     # @param cls
+    # @param salt str
     # @return str
     @classmethod
-    def generate_new_sid(cls):
-        return uuid1()
+    def generate_new_sid(cls, salt=None):
+        return generate_key(salt)
 
     ## @brief Creates a new session
     # @param content dict : session content (default: {})
@@ -87,10 +224,15 @@ class SessionStore(ABC):
     # @param content dict : items to update with their new value
     def update_session(self, sid, content):
         session = self.get_session(sid)
-        for key, value in content.items():
-            if key != 'sid':
-                session[key] = value
-        self.save_session(sid, session)
+        if session is not None:
+            for key, value in content.items():
+                if key != 'sid':
+                    session[key] = value
+            self.save_session(sid, session)
+            return session
+        else:
+            session = self.create_new_session(content)
+            return session
 
     ## @brief gets a session's content
     # @param sid str : id of the session to read
@@ -103,6 +245,7 @@ class SessionStore(ABC):
                 self.delete_session(sid)
                 session = None
         else:
-            raise AuthenticationError("No session file found for the sid %s" % sid)
+            session = None
 
         return session
+'''

plugins/filesystem_session/filesystem_session_store.py

@@ -4,86 +4,106 @@ import os
 import pickle
 import re
 
-from lodel.auth.exceptions import AuthenticationError
-from lodel.auth.session import SessionStore
+from lodel.auth.session import LodelSession
 from lodel.settings import Settings
 
 
-class FileSystemSessionStore(SessionStore):
+class FileSystemSession(LodelSession):
 
-    ## @brief instanciates a FileSystemSessionStore
-    # @param base_directory str : path to the base directory containing the session files (default: session.directory param of the settings)
-    # @param file_name_template str : template for the session files name (default : session.file_template param of the settings)
-    # @param expiration_limit int : duration of a session validity without any action made (defaut : session.expiration param of the settings)
-    def __init__(self, base_directory=Settings.sessions.directory, file_name_template=Settings.sessions.file_template, expiration_limit=Settings.sessions.expiration):
-        self.expiration_limit = expiration_limit
-        self.base_directory = base_directory
-        self.file_name_template = file_name_template
+    __sessions = {}
 
-    # === CRUD === #
+    EXPIRATION_LIMIT = Settings.sessions.expiration
+    BASE_DIRECTORY = Settings.sessions.directory
+    FILENAME_TEMPLATE = Settings.sessions.file_template
 
-    ## @brief delete a session
-    # @param sid str : id of the session to be deleted
-    def delete_session(self, sid):
-        if self.is_session_existing(sid):
-            os.unlink(self.get_session_file_path(sid))
-        else:
-            raise AuthenticationError("No session file found for the sid %s" % sid)
+    def __init__(self):
+        self.path = None  # Is initialized in the store method
+        super().__init__()
 
-    ## @brief reads the content of a session
+    ## @brief stores the session
+    def store(self):
+        self.path = self.__class__.generate_session_file_name(self.sid)
+        self.save()
+
+    ## @brief registers the session in the active sessions list
+    def register_session(self):
+        self.__class__.__sessions[self.sid] = self.path
+
+    ## @brief saves the session
+    # @todo security
+    def save(self):
+        with open(self.path, 'wb') as session_file:
+            pickle.dump(self, session_file)
+
+    ## @brief loads a session
     # @param sid str : session id
-    def read_session(self, sid):
-        session_file_path = self.get_session_file_path(sid)
-        with open(session_file_path, 'rb') as session_file:
-            session_content = pickle.load(session_file)
-        return session_content
+    # @return FileSystemSession
+    @classmethod
+    def load(cls, sid):
+        if sid in cls.__sessions.keys():
+            session_file_path = cls.__sessions[sid]
+            with open(session_file_path, 'rb') as session_file:
+                session = pickle.load(session_file)
+            return session
+        return None
 
-    ## @brief saves a session to a file
+    ## @brief cleans the session store
+    # @todo add more checks
+    @classmethod
+    def clean(cls):
+        # unregistered files in the session directory (if any)
+        session_dir_files = cls.list_all_session_files()
+        for session_dir_file in session_dir_files:
+            sid = cls.filename_to_sid(session_dir_file)
+            if sid is None or sid not in cls.__sessions.keys():
+                os.unlink(session_dir_file)
+        # registered sessions
+        for sid in cls.__sessions.keys():
+            if cls.is_expired(sid):
+                cls.destroy(sid)
+
+    ## @brief gets the last modified date of a session
     # @param sid str : session id
-    # @param session dict : content to be saved
-    def save_session(self, sid, session):
-        session_file_path = self.get_session_file_path(sid)
-        with open(session_file_path, 'wb') as session_file:
-            pickle.dump(session, session_file)
+    @classmethod
+    def get_last_modified(cls, sid):
+        return os.stat(cls.__sessions[sid]).st_mtime
 
+    ## @brief lists all the files contained in the session directory
+    # @return list
+    @classmethod
+    def list_all_session_files(cls):
+        session_files_directory = os.abspath(cls.BASE_DIRECTORY)
+        files_list = [file_path for file_path in os.listdir(session_files_directory) if os.path.isfile(os.path.join(session_files_directory, file_path))]
+        return files_list
 
-    # === UTILS === #
     ## @brief returns the session id from the filename
-    # @param filename str : session file's name (not the complete path)
+    # @param filename str : session file's name
     # @return str
-    # @raise AuthenticationError : in case the sid could not be found for the given filename
-    def filename_to_sid(self,filename):
-        sid_regex = self.file_name_template % '(?P<sid>.*)'
-        sid_regex_compiled = re.compile(sid_regex)
-        sid_searching_result = sid_regex_compiled.match(filename)
+    @classmethod
+    def filename_to_sid(cls, filename):
+        sid_regex = re.compile(cls.FILENAME_TEMPLATE % '(?P<sid>.*)')
+        sid_searching_result = sid_regex.match(filename)
         if sid_searching_result is not None:
             return sid_searching_result.groupdict()['sid']
-        else:
-            raise AuthenticationError('No session id could be found for this filename')
+        return None
 
-    ## @brief lists all the session files paths
-    # @return list
-    def list_all_sessions(self):
-        session_files_directory = os.path.abspath(self.base_directory)
-        sid_list = [self.filename_to_sid(file_object) for file_object in os.listdir(session_files_directory) if os.path.isfile(os.path.join(session_files_directory, file_object))]
-        return sid_list
+    ## @brief deletes a session's informations
+    @classmethod
+    def delete_session(cls, sid):
+        if os.path.isfile(cls.__sessions[sid]):
+            # Deletes the session file
+            os.unlink(cls.__sessions[sid])
 
-    ## @brief returns the file path for a given session id
+    ## @brief generates session file name
     # @param sid str : session id
     # @return str
-    def get_session_file_path(self, sid):
-        return os.path.join(self.base_directory, self.file_name_template) % sid
+    @classmethod
+    def generate_session_file_name(cls, sid):
+        return os.path.join(cls.BASE_DIRECTORY, cls.FILENAME_TEMPLATE) % sid
 
     ## @brief checks if a session exists
-    # @param sid str : session id
-    # @return bool
-    def is_session_existing(self, sid):
-        session_file = self.get_session_file_path(sid)
-        return os.path.is_file(session_file)
-
-    ## @brief gets a session's last modified timestamp
     # @param sid str: session id
-    # @return float
-    def get_session_last_modified(self, sid):
-        session_file = self.get_session_file_path(sid)
-        return os.stat(session_file).st_mtime
+    # @return bool
+    @classmethod
+    def exists(cls, sid):
+        return cls.is_registered(sid) and (os.path.isfile(cls.__sessions[sid]))

plugins/filesystem_session/main.py

@@ -3,10 +3,7 @@
 from lodel.auth.exceptions import AuthenticationError
 from lodel.plugin import LodelHook
 
-from .filesystem_session_store import FileSystemSessionStore
-
-session_store = FileSystemSessionStore()
-
+from .filesystem_session_store import FileSystemSession
 
 ## @brief starts a new session and returns its sid
 # @param caller *
@@ -14,41 +11,30 @@ session_store = FileSystemSessionStore()
 # @return str
 @LodelHook('session_start')
 def start_session(caller, payload):
-    return session_store.create_new_session(payload)
-
+    new_session = FileSystemSession(content=payload)
+    return new_session.sid
 
+'''
 ## @brief destroys a session
 # @param caller *
 # @param sid str : session id
 @LodelHook('session_destroy')
 def stop_session(caller, sid):
-    session_store.delete_session(sid)
-
+    FileSystemSession.destroy(sid)
+'''
 
 ## @brief reads a session content
 # @param caller *
 # @param sid str: session id
-# @return dict
+# @return FileSystemSession
 @LodelHook('session_load')
 def read_session(caller, sid):
-    return session_store.get_session(sid)
-
+    return FileSystemSession.load(sid)
 
+'''
 ## @brief destroys all the old sessions (expired ones)
 # @param caller *
 @LodelHook('session_clean')
 def clean_sessions(caller):
-    session_store.clean()
-
-
-## @brief updates the content of the session
-# @param caller *
-# @param payload dict : datas to insert/update in the session
-@LodelHook('update_session')
-def update_session_content(caller, payload):
-    if 'sid' in payload:
-        sid = payload['sid']
-        del payload['sid']
-        session_store.update_session(sid, payload)
-    else:
-        raise AuthenticationError("Session Update: Missing sid (session id) in the given payload argument")
+    FileSystemSession.clean()
+'''