session cookie handling

2020-02-23 21:52:13 +01:00 · 2020-02-23 21:52:13 +01:00 · bd8b8ca410
commit bd8b8ca410
parent fb7422e5a8
3 changed files with 12 additions and 7 deletions
--- a/owrx/controllers/session.py
+++ b/owrx/controllers/session.py
@ -2,9 +2,6 @@ from .template import WebpageController
 from urllib.parse import parse_qs
 from uuid import uuid4
 from http.cookies import SimpleCookie
-import logging
-
-logger = logging.getLogger(__name__)


 class SessionStorage(object):
@ -43,14 +40,13 @@ class SessionController(WebpageController):
    def processLoginAction(self):
        data = parse_qs(self.get_body().decode("utf-8"))
        data = {k: v[0] for k, v in data.items()}
-        logger.debug(data)
        if "user" in data and "password" in data:
            # TODO actually check user and password
            if data["user"] == "admin" and data["password"] == "password":
                # TODO pass the final destination
                key = SessionStorage.getSharedInstance().startSession({"user": data["user"]})
                cookie = SimpleCookie()
-                cookie["session"] = key
+                cookie["owrx-session"] = key
                self.send_redirect("/settings", cookies=cookie)
            else:
                self.send_redirect("/login")
--- a/owrx/controllers/settings.py
+++ b/owrx/controllers/settings.py
@ -1,8 +1,12 @@
 from . import Controller
+from .session import SessionStorage


 class Authentication(object):
    def isAuthenticated(self, request):
+        if "owrx-session" in request.cookies:
+            session = SessionStorage.getSharedInstance().getSession(request.cookies["owrx-session"].value)
+            return session is not None
        return False


--- a/owrx/http.py
+++ b/owrx/http.py
@ -17,6 +17,7 @@ from http.server import BaseHTTPRequestHandler
 from urllib.parse import urlparse, parse_qs
 import re
 from abc import ABC, abstractmethod
+from http.cookies import SimpleCookie

 import logging

@ -40,11 +41,12 @@ class RequestHandler(BaseHTTPRequestHandler):


 class Request(object):
-    def __init__(self, url, method):
+    def __init__(self, url, method, cookies):
        self.path = url.path
        self.query = parse_qs(url.query)
        self.matches = None
        self.method = method
+        self.cookies = cookies

    def setMatches(self, matches):
        self.matches = matches
@ -111,7 +113,10 @@ class Router(object):

    def route(self, handler, method):
        url = urlparse(handler.path)
-        request = Request(url, method)
+        cookies = SimpleCookie()
+        if "Cookie" in handler.headers:
+            cookies.load(handler.headers["Cookie"])
+        request = Request(url, method, cookies)
        route = self.find_route(request)
        if route is not None:
            controller = route.controller