Source code for stalker.db.auth

#-*- coding: utf-8 -*-
"""This is the authentication system of Stalker. Uses Beaker for the session
management.

This helper module is written to help users to persist their login information
in their system. The aim of this function is not security. So one can quickly
by-pass this system and get himself/herself logged in or query information from
the database without login.

The user information is going to be used in the database to store who created,
updated, read or delete the data.

To login for the first time use::
    
    from stalker.db import auth
    userObj = auth.authenticate('username', 'password')

the basic usage of the system is as follows::
    
    from stalker import db
    from stalker.db import auth
    from stalker.models import user
    
    if 'user_id' in auth.SESSION:
        userObj = db.meta.session.query(user.User).\
            filter_by(id=auth.SESSION['user_id']).first()
    else:
        # ask the username and password of the user
        # then authenticate the given user
        username, password = the_interface_for_login()
        userObj = auth.authenticate(username, password)
    
    # login with the given user.User object
    # this will create the session 
    auth.login(userObj)


"""

import os
import tempfile
import datetime
from beaker import session as beakerSession
from stalker import db



SESSION = {}
SESSION_KEY = 'stalker_key'
SESSION_VALIDATE_KEY = 'stalker_validate_key'



#----------------------------------------------------------------------
[docs]def create_session(id_): """creates a session with the given id, generally this is the user.id """ tempdir = tempfile.gettempdir() session_options = { 'id': str(id_), 'type': 'file', 'cookie_expires': False, 'data_dir': os.path.sep.join([tempdir, 'stalker_cache', 'data']), 'lock_dir': os.path.sep.join([tempdir, 'stalker_cache', 'lock']), 'key': SESSION_KEY, 'validate_key': SESSION_VALIDATE_KEY, } SESSION = beakerSession.Session({}, **session_options) SESSION.save() #----------------------------------------------------------------------
[docs]def authenticate(username, password): """authenticates the given username and password, returns a stalker.models.user.User object """ # check if the database is setup if db.meta.session == None: raise(error.LoginError("stalker is not connected to any db right now, \ use stalker.db.setup(), to setup the default db")) # try to get the given user from stalker.models import user userObj = meta.session.query(user.User).filter_by(name=user_name).first() #assert(isinstance(userObj, user.User)) error_msg = "user name and login don't match" if userObj is None: raise(error.LoginError(error_msg)) if userObj.password != password: raise(error.LoginError(error_msg)) meta.logged_user = userObj return userObj #----------------------------------------------------------------------
[docs]def login(user_obj): """Persist a user id in the session. This way a user doesn't have to reauthenticate on every request """ user.last_login = datetime.datetime.now() db.meta.session.commit() if 'id' not in SESSION: # create the session first create_session(user_obj.id) # check if the session.id is same with the user if SESSION['id'] != user_obj.id: # create a new session with the current users id SESSION = {} #----------------------------------------------------------------------
[docs]def logout(): """removes the current session """ assert(isinstance(SESSION, beakerSession.Session)) SESSION.delete() SESSION = {} #----------------------------------------------------------------------
[docs]def get_user(): """returns the user from stored session """ if 'user_id' in SESSION: return db.meta.session.query(user.User).\ filter_by(id=SESSION['user_id']).first() else: return None