Merge branch 'newlodel' of git.labocleo.org:lodel2 into newlodel

lodel/auth/client.py

@@ -121,31 +121,20 @@ a session is allready started !!!")
 #@todo Maybe we can delete this metaclass....
 class ClientMetaclass(type):
     
-    SESSION_ID_NAME = '__SESSION_ID__'
-
     def __init__(self, name, bases, attrs):
-        self.__session = dict()
         return super(ClientMetaclass, self).__init__(name, bases, attrs)
 
     def __getitem__(self, key):
-        if key not in self.__session:
-            raise KeyError("This client instance does not have a '%s' data" % key)
-        return self.__session[key]
+        return self.session()[key]
+
+    def __delitem__(self, key):
+        del(self.session()[key])
 
     def __setitem__(self, key, value):
-        if SESSION_ID_NAME not in self.__session:
-            self.__session[SESSION_ID_NAME] = SessionHandler.start_session()
-        self.__session[key] = value
-    
-    def __token(self):
-        return None if SESSION_ID_NAME not in self.__sessions else self.__session[SESSION_ID_NAME]
-
-    ##@brief Return a copy of sessions infos
-    def session_dump(self): 
-        #first set all sessions values
-        SessionHandler.save_session(self.__session)
-        return copy.copy(self.__session)
+        self.session()[key] = value
 
+    def __str__(self):
+        return str(self._instance)
 
 ##@brief Abstract singleton class designed to handle client informations
 #
@@ -196,20 +185,6 @@ class Client(object, metaclass = ClientMetaclass):
         self.__session = LodelSession(session_token)
         logger.debug("New client : %s" % self)
     
-    ##@brief Attempt to restore a session given a session token
-    #@param token mixed : a session token
-    #@return Session datas (a dict)
-    #@throw ClientAuthenticationFailure if token is not valid or not
-    #existing
-    def _restore_session(self, token):
-        return self.__session.restore(token)
-    
-    ##@brief Return the current session token or None
-    #@return A session token or None
-    @classmethod
-    def session_token(cls):
-        return self.__session.retrieve_token()
-
     ##@brief Try to authenticate a user with a login and a password
     #@param login str : provided login
     #@param password str : provided password (hash)
@@ -245,6 +220,28 @@ class Client(object, metaclass = ClientMetaclass):
                 break
         if self.is_anon():
             self.fail() #Security logging
+    
+    ##@brief Attempt to restore a session given a session token
+    #@param token mixed : a session token
+    #@return Session datas (a dict)
+    #@throw ClientAuthenticationFailure if token is not valid or not
+    #existing
+    @classmethod
+    def restore_session(self, token):
+        cls._assert_instance()
+        return self.__session.restore(token)
+    
+    ##@brief Return the current session token or None
+    #@return A session token or None
+    @classmethod
+    def session_token(cls):
+        cls._assert_instance()
+        return cls._instance.__session.retrieve_token()
+
+    @classmethod
+    def session(cls):
+        cls._assert_instance()
+        return cls._instance.__session
 
     @classmethod
     def destroy(cls):

lodel/auth/exceptions.py

@@ -1,9 +1,10 @@
 from lodel import logger
+from lodel.plugin.hooks import LodelHook
 
 ##@brief Handles common errors with a Client
 class ClientError(Exception):
     ##@brief The logger function to use to log the error message
-    _loglvl = logger.warning
+    _loglvl = 'warning'
     ##@brief Error str
     _err_str = "Error"
     ##@brief the hook name to trigger with error
@@ -17,8 +18,9 @@ class ClientError(Exception):
     #"<client infos> : <_err_str>[ : <msg>]"
     def __init__(self, client, msg = ""):
         msg = self.build_message(client, msg)
-        if cls._loglvl is not None:
-            cls._loglvl(msg)
+        if self._loglvl is not None:
+            logfun = getattr(logger, self._loglvl)
+            logfun(msg)
         super().__init__(msg)
         if self._action is not None:
             LodelHook.call_hook(self._action, self, self._payload)
@@ -32,21 +34,21 @@ class ClientError(Exception):
 
 ##@brief Handles authentication failure errors
 class ClientAuthenticationFailure(ClientError):
-    _loglvl = logger.security
+    _loglvl = 'security'
     _err_str = 'Authentication failure'
     _action = 'lodel2_ui_authentication_failure'
 
 
 ##@brief Handles permission denied errors
 class ClientPermissionDenied(ClientError):
-    _loglvl = logger.security
+    _loglvl = 'security'
     _err_str = 'Permission denied'
     _action = 'lodel2_ui_permission_denied'
     
 
 ##@brief Handles common errors on authentication
 class ClientAuthenticationError(ClientError):
-    _loglvl = logger.error
+    _loglvl = 'error'
     _err_str = 'Authentication error'
     _action = 'lodel2_ui_error'
 

lodel/plugin/core_scripts.py

@@ -9,7 +9,8 @@ class DiscoverPlugin(lodel_script.LodelScript):
     
     @classmethod
     def argparser_config(cls, parser):
-        parser.add_argument('-d', '--directory',
+        #parser.add_argument('-d', '--directory',
+        parser.add_argument('PLUGIN_PATH',
             help="Directory to walk through looking for lodel2 plugins",
             nargs='+')
         parser.add_argument('-l', '--list-only', default=False,
@@ -20,11 +21,11 @@ without modifying existing cache")
     @classmethod
     def run(cls, args):
         from lodel.plugin.plugins import Plugin
-        if args.directory is None or len(args.directory) == 0:
+        if args.PLUGIN_PATH is None or len(args.PLUGIN_PATH) == 0:
             cls.help_exit("Specify a least one directory")
         no_cache = args.list_only
-        res = Plugin.discover(args.directory, no_cache)
-        print("Found plugins in : %s" % ', '.join(args.directory))
+        res = Plugin.discover(args.PLUGIN_PATH, no_cache)
+        print("Found plugins in : %s" % ', '.join(args.PLUGIN_PATH))
         for pname, pinfos in res['plugins'].items():
             print("\t- %s(%s) in %s" % (
                 pname, pinfos['version'], pinfos['path']))

lodel/plugin/scripts.py

@@ -142,19 +142,23 @@ def main_run():
     if len(sys.argv) == 1:
         default_parser.print_help()
         exit(1)
-    args = default_parser.parse_args()
-    if args.list_actions:
-        print("Available actions :")
-        for sname in sorted(__registered_scripts.keys()):
-            print("\t- %s" % __registered_scripts[sname])
-        exit(0)
     #preparing sys.argv (deleting action)
     action = sys.argv[1].lower()
-    del(sys.argv[1])
     if action not in __registered_scripts:
+        #Trying to parse argument with default parser
+        print("PASSAGE")
+        args = default_parser.parse_args()
+        if args.list_actions:
+            print("Available actions :")
+            for sname in sorted(__registered_scripts.keys()):
+                print("\t- %s" % __registered_scripts[sname])
+            exit(0)
+
         print("Unknow action '%s'\n" % action, file=sys.stderr)
         default_parser.print_help()
         exit(1)
+    #OK action is known, preparing argv to pass it to the action script
+    del(sys.argv[1])
     script = __registered_scripts[action]
     ret = script._run()
     ret = 0 if ret is None else ret

plugins/dummy/main.py

@@ -25,3 +25,10 @@ I'm a custom method on an instance of class %s" % self.__class__)
 def dummy_instance_method(self):
     print("Hello world !\
 I'm a custom method on class %s" % self.__class__)
+
+
+@LodelHook('lodel2_loader_main')
+def foofun(hname, caller, payload):
+    from lodel import dyncode
+    print("Hello world ! I read dyncode from lodel.dyncode : ",
+        dyncode.dynclasses)

plugins/ram_sessions/main.py

@@ -2,6 +2,7 @@
 import os
 import copy
 
+from lodel import logger
 from lodel.settings import Settings
 from lodel.auth.exceptions import *
 
@@ -24,6 +25,7 @@ def destroy_session(token):
 
 def restore_session(token):
     _check_token(token)
+    logger.debug("Restoring session : %s" %__sessions[token])
     return __sessions[token]
 
 def save_session(token, datas):

plugins/webui/run.py

@@ -2,14 +2,19 @@
 import loader # Lodel2 loader
 
 import os
+import hashlib
+import time
+
 from werkzeug.contrib.sessions import FilesystemSessionStore
 from werkzeug.wrappers import Response
+from werkzeug.contrib.securecookie import SecureCookie
 
 from lodel.settings import Settings
 from .interface.router import get_controller
 from .interface.lodelrequest import LodelRequest
 from .exceptions import *
 from .client import WebUiClient
+from lodel.auth.exceptions import *
 from lodel.utils.datetime import get_utc_timestamp
 from lodel.plugin.hooks import LodelHook
 
@@ -19,6 +24,48 @@ SESSION_EXPIRATION_LIMIT = Settings.webui.sessions.expiration
 
 session_store = FilesystemSessionStore(path=SESSION_FILES_BASE_DIR, filename_template=SESSION_FILES_TEMPLATE)
 
+COOKIE_SESSION_ID = 'toktoken'
+COOKIE_SESSION_HASH = 'nekotkot'
+COOKIE_SESSION_HASH_SALT = [ os.urandom(32) for _ in range(2) ] #Before and after salt (maybe useless)
+COOKIE_SESSION_HASH_ALGO = hashlib.sha512
+
+##@brief Return a salted hash of a cookie
+def cookie_hash(token):
+    return COOKIE_SESSION_HASH_ALGO(
+        COOKIE_SESSION_HASH_SALT[0]+token+COOKIE_SESSION_HASH_SALT[1]).hexdigest()
+    
+
+##@brief Load cookie from request
+#@note Can produce security warning logs
+#@param request
+#@return None or a session token
+def load_cookie(request):
+    token = request.cookies.get(COOKIE_SESSION_ID)
+    if token is None and token != '':
+        return None
+    token = bytes(token, 'utf-8')
+    hashtok = request.cookies.get(COOKIE_SESSION_HASH)
+    if hashtok is None:
+        raise ClientAuthenticationFailure(
+            WebUiClient, 'Bad cookies : no hash provided')
+    if cookie_hash(token) != hashtok:
+        raise ClientAuthenticationFailure(
+            WebUiClient, 'Bad cookies : hash mismatch')
+    return token
+
+##@brief Properly set cookies and hash given a token
+#@param response
+#@param token str : the session token
+def save_cookie(response, token):
+    response.set_cookie(COOKIE_SESSION_ID, token)
+    response.set_cookie(COOKIE_SESSION_HASH, cookie_hash(token))
+
+def empty_cookie(response):
+    response.set_cookie(COOKIE_SESSION_ID, '')
+    response.set_cookie(COOKIE_SESSION_HASH, '')
+    
+
+
 #Starting instance
 loader.start()
 #providing access to dyncode
@@ -49,38 +96,46 @@ def is_session_file_expired(timestamp_now, sid):
 
 # WSGI Application
 def application(env, start_response):
-    WebUiClient(env['REMOTE_ADDR'], env['HTTP_USER_AGENT'])
-    current_timestamp = get_utc_timestamp()
-    delete_old_session_files(current_timestamp)
     request = LodelRequest(env)
-    sid = request.cookies.get('sid')
-    if sid is None or sid not in session_store.list():
-        request.session = session_store.new()
-        request.session['last_accessed'] = current_timestamp
-    else:
-        request.session = session_store.get(sid)
-        if is_session_file_expired(current_timestamp, sid):
-            session_store.delete(request.session)
-            request.session = session_store.new()
-            request.session['user_context'] = None
-        request.session['last_accessed'] = current_timestamp
-    
+    session_token = None
     try:
-        controller = get_controller(request)
-        response = controller(request)
-    except HttpException as e:
+        #We have to create the client before restoring cookie in order to be able
+        #to log messages with client infos
+        client = WebUiClient(env['REMOTE_ADDR'], env['HTTP_USER_AGENT'], None)
+        session_token = load_cookie(request)
+
+        if session_token is not None:
+            WebClient.restore_session(token)
+        session_token = None
+        #test
+        WebUiClient['last_request'] = time.time()
         try:
-            response = e.render(request)
-        except Exception as eb:
-            res = Response()
-            res.status_code = 500
-            return res
-        
-        
-    if request.session.should_save:
-        session_store.save(request.session)
-        response.set_cookie('sid', request.session.sid)
-    
+            controller = get_controller(request)
+            response = controller(request)
+        except HttpException as e:
+            try:
+                response = e.render(request)
+            except Exception as eb:
+                raise eb
+                res = Response()
+                res.status_code = 500
+                return res
+        session_token = WebUiClient.session_token()
+        if session_token is not None:
+            save_cookie(response,session_token)
+        session_token = None
+            
+
+    except (ClientError, ClientAuthenticationError):
+        response = HttpException(400).render(request)
+        empty_cookie(response)
+    except ClientAuthenticationFailure:
+        response = HttpException(401).render(request)
+        empty_cookie(response)
+    except Exception as e:
+        raise e
+
     res = response(env, start_response)
+
     WebUiClient.destroy()
     return res