From b91b8b890bd18a1b1fd082e7d22b51fe65948645 Mon Sep 17 00:00:00 2001 From: Antonio de la Rosa Date: Sun, 17 Apr 2016 05:00:09 +0200 Subject: [PATCH] Fixes in cookies --- paramecio/citoplasma/httputils.py | 4 +- paramecio/citoplasma/sessions.py | 5 +- paramecio/index.py | 88 +++++++++++++++-------------- paramecio/modules/admin/index.py | 18 +++--- paramecio/settings/config.py.sample | 1 - 5 files changed, 58 insertions(+), 58 deletions(-) diff --git a/paramecio/citoplasma/httputils.py b/paramecio/citoplasma/httputils.py index b27a29e..1c79e6c 100644 --- a/paramecio/citoplasma/httputils.py +++ b/paramecio/citoplasma/httputils.py @@ -37,13 +37,13 @@ class GetPostFiles: GetPostFiles.post['csrf_token']=GetPostFiles.post.get('csrf_token', '') - if GetPostFiles.post['csrf_token']!=s['csrf_token']: + if GetPostFiles.post['csrf_token']!=s['csrf_token'] and GetPostFiles.post['csrf_token'].strip()!="": raise NameError('Error: you need a valid csrf_token') else: #Clean csrf_token - s['csrf_token']='' + del s['csrf_token'] else: diff --git a/paramecio/citoplasma/sessions.py b/paramecio/citoplasma/sessions.py index dd2d044..d0cfb99 100644 --- a/paramecio/citoplasma/sessions.py +++ b/paramecio/citoplasma/sessions.py @@ -63,13 +63,12 @@ class ParamecioSession: return self.session.keys() def remove(self): - print("pepe") - response.delete_cookie(config.cookie_name) + response.delete_cookie(config.cookie_name, path="/") def generate_session(): random_text=create_key_encrypt_256(30) - response.set_cookie(config.cookie_name, random_text) + response.set_cookie(config.cookie_name, random_text, secret=config.key_encrypt, path="/") request.environ[config.cookie_name]={'token': random_text} def get_session(): diff --git a/paramecio/index.py b/paramecio/index.py index 5a1225e..d78d6ad 100644 --- a/paramecio/index.py +++ b/paramecio/index.py @@ -136,57 +136,59 @@ if config.session_enabled==True: if not os.path.isdir(config.session_opts['session.data_dir']): os.makedirs(config.session_opts['session.data_dir'], 0o700, True) - def load_session(): - - code_session=request.get_cookie(config.cookie_name) - - if code_session==None: - # Send cookie - generate_session() - else: + if config.session_opts['session.type']=='file': + + def load_session(): - # Check if file exists + code_session=request.get_cookie(config.cookie_name, secret=config.key_encrypt) - if os.path.isfile(config.session_opts['session.data_dir']+'/session_'+code_session): - with open(config.session_opts['session.data_dir']+'/session_'+code_session, 'r') as f: - - try: - - s = JSONWebSignatureSerializer(key_encrypt) - session_dict=f.read() - request.environ[config.cookie_name]=s.loads(session_dict) - request.environ[config.cookie_name]['token']=code_session - - except: + if code_session==None: + # Send cookie + generate_session() + else: + + # Check if file exists + + if os.path.isfile(config.session_opts['session.data_dir']+'/session_'+code_session): + with open(config.session_opts['session.data_dir']+'/session_'+code_session, 'r') as f: - # Clean fake session + try: - try: - os.remove(config.session_opts['session.data_dir']+'/session_'+code_session) + s = JSONWebSignatureSerializer(key_encrypt) + session_dict=f.read() + request.environ[config.cookie_name]=s.loads(session_dict) + request.environ[config.cookie_name]['token']=code_session except: - pass - - generate_session() - - else: - request.environ[config.cookie_name]={'token': code_session} + # Clean fake session + + try: + os.remove(config.session_opts['session.data_dir']+'/session_'+code_session) + + except: + + pass + + generate_session() + + else: + request.environ[config.cookie_name]={'token': code_session} - def save_session(): - - save_session=request.environ[config.cookie_name] - if 'save' in save_session: - del save_session['save'] - # Here define the session type, if memcached, save data in memcached - try: - with open(config.session_opts['session.data_dir']+'/session_'+save_session['token'], 'w') as f: - s = JSONWebSignatureSerializer(key_encrypt) - json_encode=s.dumps(save_session) - f.write(json_encode.decode('utf8')) - - except: - pass + def save_session(): + + save_session=request.environ[config.cookie_name] + if 'save' in save_session: + del save_session['save'] + # Here define the session type, if memcached, save data in memcached + try: + with open(config.session_opts['session.data_dir']+'/session_'+save_session['token'], 'w') as f: + s = JSONWebSignatureSerializer(key_encrypt) + json_encode=s.dumps(save_session) + f.write(json_encode.decode('utf8')) + + except: + pass #request.environ[config.cookie_name]['save'] #def save_session() diff --git a/paramecio/modules/admin/index.py b/paramecio/modules/admin/index.py index 67e21a8..d6e8589 100644 --- a/paramecio/modules/admin/index.py +++ b/paramecio/modules/admin/index.py @@ -215,7 +215,7 @@ def login(): s['privileges']=arr_user['privileges'] remember_login=GetPostFiles.post.get('remember_login', '0') - + """ if remember_login=='1': timestamp=time()+315360000 @@ -238,7 +238,7 @@ def login(): #else: #print(user_admin.query_error) #s.save() - + """ return {'error': 0} else: return {'error': 1} @@ -294,21 +294,21 @@ def logout(): s=get_session() - if 'login' in s.keys(): + #if 'login' in s.keys(): - del s['login'] - del s['privileges'] + # del s['login'] + # del s['privileges'] #s.save() + s.remove() + if request.get_cookie("remember_login", secret=key_encrypt): # delete cookie - response.delete_cookie("remember_login") + response.delete_cookie("remember_login", path="/") - #Remove cookie session - - s.remove() + #return "" redirect('/'+config.admin_folder) diff --git a/paramecio/settings/config.py.sample b/paramecio/settings/config.py.sample index 82685f6..68d2053 100644 --- a/paramecio/settings/config.py.sample +++ b/paramecio/settings/config.py.sample @@ -53,7 +53,6 @@ cookie_name = 'paramecio.session' session_opts = { 'session.type': 'file', - 'session.cookie_expires': False, 'session.data_dir': './sessions' }