ticketfrei/session.py

from bottle import redirect, request, abort, response
from db import db
from functools import wraps
from inspect import Signature
from user import User


class SessionPlugin(object):
    name = 'SessionPlugin'
    keyword = 'user'
    api = 2

    def __init__(self, loginpage):
        self.loginpage = loginpage

    def apply(self, callback, route):
        if self.keyword in Signature.from_callable(route.callback).parameters:
            @wraps(callback)
            def wrapper(*args, **kwargs):
                uid = request.get_cookie('uid', secret=db.get_secret())
                if uid is None:
                    return redirect(self.loginpage)
                kwargs[self.keyword] = User(uid)
                if request.method == 'POST':
                    if request.forms['csrf'] != request.get_cookie('csrf',
                                                        secret=db.get_secret()):
                        abort(400)
                return callback(*args, **kwargs)

            return wrapper
        else:
            return callback
write and read CSRF cookie 2019-01-27 13:52:42 +00:00			`from bottle import redirect, request, abort, response`
Refactoring. 2018-03-28 15:36:35 +00:00			`from db import db`
			`from functools import wraps`
			`from inspect import Signature`
			`from user import User`


			`class SessionPlugin(object):`
			`name = 'SessionPlugin'`
			`keyword = 'user'`
			`api = 2`

			`def __init__(self, loginpage):`
			`self.loginpage = loginpage`

			`def apply(self, callback, route):`
			`if self.keyword in Signature.from_callable(route.callback).parameters:`
			`@wraps(callback)`
			`def wrapper(args, *kwargs):`
found last db.secret and fixed to use the getter 2019-01-27 10:37:21 +00:00			`uid = request.get_cookie('uid', secret=db.get_secret())`
Refactoring. 2018-03-28 15:36:35 +00:00			`if uid is None:`
			`return redirect(self.loginpage)`
small bugfixes 2018-03-28 18:24:21 +00:00			`kwargs[self.keyword] = User(uid)`
write and read CSRF cookie 2019-01-27 13:52:42 +00:00			`if request.method == 'POST':`
hardened the token and fixed the signature 2019-01-27 15:31:59 +00:00			`if request.forms['csrf'] != request.get_cookie('csrf',`
			`secret=db.get_secret()):`
write and read CSRF cookie 2019-01-27 13:52:42 +00:00			`abort(400)`
Refactoring. 2018-03-28 15:36:35 +00:00			`return callback(args, *kwargs)`

			`return wrapper`
			`else:`
			`return callback`