Login manager class allows to simply manage user access safety by session cookies It requires a cookieInterface instance to query and set user session id When the user login to the system you have to call login_manager.renew_session() #in order to force new session uid setup
| 104 | |
| 105 | |
| 106 | class LoginManager(gui.Tag, gui.EventSource): |
| 107 | """ |
| 108 | Login manager class allows to simply manage user access safety by session cookies |
| 109 | It requires a cookieInterface instance to query and set user session id |
| 110 | When the user login to the system you have to call |
| 111 | login_manager.renew_session() #in order to force new session uid setup |
| 112 | |
| 113 | The session have to be refreshed each user action (like button click or DB access) |
| 114 | in order to avoid expiration. BUT before renew, check if expired in order to ask user login |
| 115 | |
| 116 | if not login_manager.expired: |
| 117 | login_manager.renew_session() |
| 118 | #RENEW OK |
| 119 | else: |
| 120 | #UNABLE TO RENEW |
| 121 | #HAVE TO ASK FOR LOGIN |
| 122 | |
| 123 | In order to know session expiration, you should register to on_session_expired event |
| 124 | on_session_expired.do(mylistener.on_user_logout) |
| 125 | When this event happens, ask for user login |
| 126 | """ |
| 127 | def __init__(self, cookieInterface, session_timeout_seconds = 60, **kwargs): |
| 128 | super(LoginManager, self).__init__(**kwargs) |
| 129 | gui.EventSource.__init__(self) |
| 130 | self.expired = True |
| 131 | self.session_uid = str(random.randint(1,999999999)) |
| 132 | self.cookieInterface = cookieInterface |
| 133 | self.session_timeout_seconds = session_timeout_seconds |
| 134 | self.timer_request_cookies() #starts the cookie refresh |
| 135 | self.timeout_timer = None #checks the internal timeout |
| 136 | |
| 137 | def timer_request_cookies(self): |
| 138 | self.cookieInterface.request_cookies() |
| 139 | self.cookie_timer = threading.Timer(self.session_timeout_seconds/10.0, self.timer_request_cookies) |
| 140 | self.cookie_timer.daemon = True |
| 141 | self.cookie_timer.start() |
| 142 | |
| 143 | @gui.decorate_event |
| 144 | def on_session_expired(self): |
| 145 | self.expired = True |
| 146 | return () |
| 147 | |
| 148 | def renew_session(self): |
| 149 | """Have to be called on user actions to check and renew session |
| 150 | """ |
| 151 | if ((not 'user_uid' in self.cookieInterface.cookies) or self.cookieInterface.cookies['user_uid']!=self.session_uid) and (not self.expired): |
| 152 | self.on_session_expired() |
| 153 | |
| 154 | if self.expired: |
| 155 | self.session_uid = str(random.randint(1,999999999)) |
| 156 | |
| 157 | self.cookieInterface.set_cookie('user_uid', self.session_uid, str(self.session_timeout_seconds)) |
| 158 | |
| 159 | #here we renew the internal timeout timer |
| 160 | if self.timeout_timer: |
| 161 | self.timeout_timer.cancel() |
| 162 | self.timeout_timer = threading.Timer(self.session_timeout_seconds, self.on_session_expired) |
| 163 | self.timeout_timer.daemon = True |