paramecio/parameciofm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixes in cookies

Browse source
This commit is contained in:
Antonio de la Rosa 2016-04-17 05:00:09 +02:00
parent 963254a7ec
commit b91b8b890b
5 changed files with 58 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

4
paramecio/citoplasma/httputils.py
View file

@ -37,13 +37,13 @@ class GetPostFiles:
GetPostFiles.post['csrf_token']=GetPostFiles.post.get('csrf_token', '') GetPostFiles.post['csrf_token']=GetPostFiles.post.get('csrf_token', '')
if GetPostFiles.post['csrf_token']!=s['csrf_token']: if GetPostFiles.post['csrf_token']!=s['csrf_token'] and GetPostFiles.post['csrf_token'].strip()!="":
raise NameError('Error: you need a valid csrf_token') raise NameError('Error: you need a valid csrf_token')
else: else:
#Clean csrf_token #Clean csrf_token
s['csrf_token']='' del s['csrf_token']
else: else:

5
paramecio/citoplasma/sessions.py
View file

@ -63,13 +63,12 @@ class ParamecioSession:
return self.session.keys() return self.session.keys()
def remove(self): def remove(self):
print("pepe") response.delete_cookie(config.cookie_name, path="/")
response.delete_cookie(config.cookie_name)
def generate_session(): def generate_session():
random_text=create_key_encrypt_256(30) random_text=create_key_encrypt_256(30)
response.set_cookie(config.cookie_name, random_text) response.set_cookie(config.cookie_name, random_text, secret=config.key_encrypt, path="/")
request.environ[config.cookie_name]={'token': random_text} request.environ[config.cookie_name]={'token': random_text}
def get_session(): def get_session():

74
paramecio/index.py
View file

@ -136,57 +136,59 @@ if config.session_enabled==True:
if not os.path.isdir(config.session_opts['session.data_dir']): if not os.path.isdir(config.session_opts['session.data_dir']):
os.makedirs(config.session_opts['session.data_dir'], 0o700, True) os.makedirs(config.session_opts['session.data_dir'], 0o700, True)
def load_session(): if config.session_opts['session.type']=='file':
code_session=request.get_cookie(config.cookie_name) def load_session():
if code_session==None: code_session=request.get_cookie(config.cookie_name, secret=config.key_encrypt)
# Send cookie
generate_session()
else:
# Check if file exists if code_session==None:
# Send cookie
generate_session()
else:
if os.path.isfile(config.session_opts['session.data_dir']+'/session_'+code_session): # Check if file exists
with open(config.session_opts['session.data_dir']+'/session_'+code_session, 'r') as f:
try: if os.path.isfile(config.session_opts['session.data_dir']+'/session_'+code_session):
with open(config.session_opts['session.data_dir']+'/session_'+code_session, 'r') as f:
s = JSONWebSignatureSerializer(key_encrypt)
session_dict=f.read()
request.environ[config.cookie_name]=s.loads(session_dict)
request.environ[config.cookie_name]['token']=code_session
except:
# Clean fake session
try: try:
os.remove(config.session_opts['session.data_dir']+'/session_'+code_session)
s = JSONWebSignatureSerializer(key_encrypt)
session_dict=f.read()
request.environ[config.cookie_name]=s.loads(session_dict)
request.environ[config.cookie_name]['token']=code_session
except: except:
pass # Clean fake session
generate_session() try:
os.remove(config.session_opts['session.data_dir']+'/session_'+code_session)
else: except:
request.environ[config.cookie_name]={'token': code_session}
def save_session(): pass
save_session=request.environ[config.cookie_name] generate_session()
if 'save' in save_session:
del save_session['save']
# Here define the session type, if memcached, save data in memcached
try:
with open(config.session_opts['session.data_dir']+'/session_'+save_session['token'], 'w') as f:
s = JSONWebSignatureSerializer(key_encrypt)
json_encode=s.dumps(save_session)
f.write(json_encode.decode('utf8'))
except: else:
pass request.environ[config.cookie_name]={'token': code_session}
def save_session():
save_session=request.environ[config.cookie_name]
if 'save' in save_session:
del save_session['save']
# Here define the session type, if memcached, save data in memcached
try:
with open(config.session_opts['session.data_dir']+'/session_'+save_session['token'], 'w') as f:
s = JSONWebSignatureSerializer(key_encrypt)
json_encode=s.dumps(save_session)
f.write(json_encode.decode('utf8'))
except:
pass
#request.environ[config.cookie_name]['save'] #request.environ[config.cookie_name]['save']
#def save_session() #def save_session()

18
paramecio/modules/admin/index.py
View file

@ -215,7 +215,7 @@ def login():
s['privileges']=arr_user['privileges'] s['privileges']=arr_user['privileges']
remember_login=GetPostFiles.post.get('remember_login', '0') remember_login=GetPostFiles.post.get('remember_login', '0')
"""
if remember_login=='1': if remember_login=='1':
timestamp=time()+315360000 timestamp=time()+315360000
@ -238,7 +238,7 @@ def login():
#else: #else:
#print(user_admin.query_error) #print(user_admin.query_error)
#s.save() #s.save()
"""
return {'error': 0} return {'error': 0}
else: else:
return {'error': 1} return {'error': 1}
@ -294,21 +294,21 @@ def logout():
s=get_session() s=get_session()
if 'login' in s.keys(): #if 'login' in s.keys():
del s['login'] # del s['login']
del s['privileges'] # del s['privileges']
#s.save() #s.save()
s.remove()
if request.get_cookie("remember_login", secret=key_encrypt): if request.get_cookie("remember_login", secret=key_encrypt):
# delete cookie # delete cookie
response.delete_cookie("remember_login") response.delete_cookie("remember_login", path="/")
#Remove cookie session #return ""
s.remove()
redirect('/'+config.admin_folder) redirect('/'+config.admin_folder)

1
paramecio/settings/config.py.sample
View file

@ -53,7 +53,6 @@ cookie_name = 'paramecio.session'
session_opts = { session_opts = {
'session.type': 'file', 'session.type': 'file',
'session.cookie_expires': False,
'session.data_dir': './sessions' 'session.data_dir': './sessions'
} }