yannweb
/
lodel2_mirror
mirror of https://github.com/yweber/lodel2.git
Watch 1
Star 0
Fork 0
Code Releases 0 Activity
No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2041 Commits
27 Branches
Tree: ec1e531aa2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ec1e531aa2'
${ noResults }
lodel2_mirror/lodel/plugins/filesystem_session/main.py

main.py 8.3KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247 
  1. # 

  2. # This file is part of Lodel 2 (https://github.com/OpenEdition)

  3. #

  4. # Copyright (C) 2015-2017 Cléo UMS-3287

  5. #

  6. # This program is free software: you can redistribute it and/or modify

  7. # it under the terms of the GNU Affero General Public License as published

  8. # by the Free Software Foundation, either version 3 of the License, or

  9. # (at your option) any later version.

  10. #

  11. # This program is distributed in the hope that it will be useful,

  12. # but WITHOUT ANY WARRANTY; without even the implied warranty of

  13. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  14. # GNU Affero General Public License for more details.

  15. #

  16. # You should have received a copy of the GNU Affero General Public License

  17. # along with this program.  If not, see <http://www.gnu.org/licenses/>.

  18. #

  19. 

  20. 

  21. ## @package lodel.plugins.filesystem_session.main Main entry point of the plugin

  22. 

  23. import binascii

  24. import datetime

  25. import os

  26. import pickle

  27. import re

  28. import time

  29. from .filesystem_session import FileSystemSession

  30. from lodel.context import LodelContext

  31. 

  32. 

  33. LodelContext.expose_modules(globals(), {

  34.     'lodel.logger': 'logger',

  35.     'lodel.auth.exceptions': ['ClientAuthenticationFailure'],

  36.     'lodel.settings': ['Settings']})

  37. 

  38. __sessions = dict()

  39. 

  40. SESSION_TOKENSIZE = 150

  41. 

  42. 

  43. ##

  44. # @brief generates a new session token

  45. #

  46. # @return str

  47. #

  48. # @warning The tokensize should absolutely be used as set! os.urandom function

  49. #            takes a number of bytes as a parameter, dividing it by 2 is an

  50. #            extremely dangerous idea as it drastically decrease the token expected 

  51. #            entropy expected from the value set in configs.

  52. # @remarks There is no valid reason for checking the generated token uniqueness:

  53. #        - checking for uniqueness is slow ;

  54. #        - keeping a dict with a few thousand keys of hundred bytes also is

  55. #            memory expensive ;

  56. #        - should the system get distributed while sharing session storage, there

  57. #            would be no reasonable way to efficiently check for uniqueness ;

  58. #        - sessions do have a really short life span, drastically reducing

  59. #            even more an already close to inexistent risk of collision. A 64 bits

  60. #            id would perfectly do the job, or to be really cautious, a 128 bits

  61. #            one (actual size of UUIDs) ;

  62. #        - if we are still willing to ensure uniqueness, then simply salt it

  63. #            with a counter, or a timestamp, and hash the whole thing with a 

  64. #            cryptographically secured method such as sha-2 if we are paranoids

  65. #            and trying to avoid what will never happen, ever ;

  66. #        - sure, two hexadecimal characters is one byte long. Simply go for 

  67. #            bit length, not chars length.

  68. def generate_token():

  69.     token = binascii.hexlify(os.urandom(SESSION_TOKENSIZE//2))

  70.     if token in __sessions.keys():

  71.         token = generate_token()

  72.     return token.decode('utf-8')

  73. 

  74. 

  75. ##

  76. # @brief checks the validity of a given session token

  77. #

  78. # @param token str

  79. # @raise ClientAuthenticationFailure for invalid or not found session token

  80. #

  81. # @remarks It is useless to check the token size, unless urandom you don't

  82. #            trust in PRNG such as urandom.

  83. # @remarks Linear key search...

  84. # @remarks Consider renaming. The "validity of a session token" usually means

  85. #            that it is a active session token and/or that it was actually

  86. #            produced by the application (signed for exemple).

  87. def check_token(token):

  88.     if len(token) != SESSION_TOKENSIZE:

  89.         raise ClientAuthenticationFailure("Invalid token string")

  90.     if token not in __sessions.keys():

  91.         raise ClientAuthenticationFailure("No session found for this token")

  92. 

  93. 

  94. ## @brief returns a session file path for a specific token

  95. # @param token str

  96. # @return str

  97. def generate_file_path(token):

  98.     return os.path.abspath(os.path.join(Settings.sessions.directory, Settings.sessions.file_template) % token)

  99. 

  100. 

  101. ##

  102. # @brief Retrieve the token from the file system

  103. #

  104. # @param filepath str

  105. # @return str|None : returns the token or None if no token was found

  106. #

  107. # @remarks What is the purpose of the regex right here? There should be a way

  108. #            to avoid slow operations.

  109. def get_token_from_filepath(filepath):

  110.     token_regex = re.compile(os.path.abspath(os.path.join(Settings.sessions.directory, Settings.sessions.file_template % '(?P<token>.*)')))

  111.     token_search_result = token_regex.match(filepath)

  112.     if token_search_result is not None:

  113.         return token_search_result.groupdict()['token']

  114.     return None

  115. 

  116. 

  117. ##

  118. # @brief Returns the session's last modification timestamp

  119. #

  120. # @param token str

  121. # @return float

  122. # @raise ValueError if the given token doesn't match with an existing session

  123. #

  124. # @remarks Consider renaming

  125. # @warning Linear search in array, again. See @ref generate_token().

  126. def get_session_last_modified(token):

  127.     if token in __sessions[token]:

  128.         return os.stat(__sessions[token]).st_mtime

  129.     else:

  130.         raise ValueError("The given token %s doesn't match with an existing session")

  131. 

  132. 

  133. ##

  134. # @brief Starts a new session and returns a new token

  135. #

  136. # @return str : the new token

  137. def start_session():

  138.     session = FileSystemSession(generate_token())

  139.     session.path = generate_file_path(session.token)

  140.     

  141.     with open(session.path, 'wb') as session_file:

  142.         pickle.dump(session, session_file)

  143. 

  144.     __sessions[session.token] = session.path

  145.     logger.debug("New session created")

  146. 

  147.     return session.token

  148. 

  149. 

  150. ##

  151. # @brief destroys a session given its token

  152. #

  153. # @param token str

  154. def destroy_session(token):

  155.     check_token(token)

  156.     if os.path.isfile(__sessions[token]):

  157.         os.unlink(__sessions[token])

  158.         logger.debug("Session file for %s destroyed" % token)

  159.     del(__sessions[token])

  160.     logger.debug("Session %s unregistered" % token)

  161. 

  162. 

  163. ##

  164. # @brief Restores a session's content

  165. #

  166. # @param token str

  167. # @return FileSystemSession|None

  168. def restore_session(token):

  169.     gc()

  170.     check_token(token)

  171.     logger.debug("Restoring session : %s" % token)

  172.     if os.path.isfile(__sessions[token]):

  173.         with open(__sessions[token], 'rb') as session_file:

  174.             session = pickle.load(session_file)

  175.         return session

  176.     else:

  177.         return None  # raise FileNotFoundError("Session file not found for the token %s" % token)

  178. 

  179. 

  180. ## @brief saves the session's content to a file

  181. # @param token str

  182. # @param datas dict

  183. def save_session(token, datas):

  184.     session = datas

  185.     if not isinstance(datas, FileSystemSession):

  186.         session = FileSystemSession(token)

  187.         session.path = generate_file_path(token)

  188.         session.update(datas)

  189. 

  190.     with open(__sessions[token], 'wb') as session_file:

  191.         pickle.dump(session, session_file)

  192. 

  193.     if token not in __sessions.keys():

  194.         __sessions[token] = session.path

  195. 

  196.     logger.debug("Session %s saved" % token)

  197. 

  198. 

  199. ## @brief session store's garbage collector

  200. #

  201. # @remarks 

  202. def gc():

  203.     # Unregistered files in the session directory

  204.     session_files_directory = os.path.abspath(Settings.sessions.directory)

  205.     for session_file in [file_path for file_path in os.listdir(session_files_directory) if os.path.isfile(os.path.join(session_files_directory, file_path))]:

  206.         session_file_path = os.path.join(session_files_directory, session_file)

  207.         token = get_token_from_filepath(session_file_path)

  208.         if token is None or token not in __sessions.keys():

  209.             os.unlink(session_file_path)

  210.             logger.debug("Unregistered session file %s has been deleted" % session_file)

  211. 

  212.     # Expired registered sessions

  213.     for token in __sessions.keys():

  214.         if os.path.isfile(__sessions[token]):

  215.             now_timestamp = time.mktime(datetime.datetime.now().timetuple())

  216.             if now_timestamp - get_session_last_modified(token) > Settings.sessions.expiration:

  217.                 destroy_session(token)

  218.                 logger.debug("Expired session %s has been destroyed" % token)

  219. 

  220. 

  221. ##

  222. # @param token str

  223. # @param key str

  224. # @param value

  225. def set_session_value(token, key, value):

  226.     session = restore_session(token)

  227.     session[key] = value

  228.     save_session(token, session)

  229. 

  230. ##

  231. # @param token str

  232. # @param key str

  233. def get_session_value(token, key):

  234.     session = restore_session(token)

  235.     return session[key]

  236. 

  237. ##

  238. # @brief deletes a session value

  239. #

  240. # @param token str

  241. # @param key str

  242. #

  243. # @todo Should we add a save_session at the end of this method?

  244. def del_session_value(token, key):

  245.     session = restore_session(token)

  246.     if key in session:

  247.         del(session[key])