From 1098ac88253ab7bee225bbb620381d3c7c4f99af Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Thu, 27 Feb 2014 16:28:08 -0500 Subject: 79-char line widths! --- pyramid/session.py | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/pyramid/session.py b/pyramid/session.py index 9fe2add60..ea7a5628c 100644 --- a/pyramid/session.py +++ b/pyramid/session.py @@ -165,10 +165,10 @@ def BaseCookieSessionFactory( Parameters: ``serializer`` - An object with two methods: ``loads`` and ``dumps``. The ``loads`` method - should accept bytes and return a Python object. The ``dumps`` method - should accept a Python object and return bytes. A ``ValueError`` should - be raised for malformed inputs. + An object with two methods: ``loads`` and ``dumps``. The ``loads`` + method should accept bytes and return a Python object. The ``dumps`` + method should accept a Python object and return bytes. A ``ValueError`` + should be raised for malformed inputs. ``cookie_name`` The name of the cookie used for sessioning. Default: ``'session'``. @@ -473,8 +473,8 @@ def UnencryptedCookieSessionFactoryConfig( deprecated( 'UnencryptedCookieSessionFactoryConfig', 'The UnencryptedCookieSessionFactoryConfig callable is deprecated as of ' - 'Pyramid 1.5. Use ``pyramid.session.SignedCookieSessionFactory`` instead. ' - 'Caveat: Cookies generated using SignedCookieSessionFactory are not ' + 'Pyramid 1.5. Use ``pyramid.session.SignedCookieSessionFactory`` instead.' + ' Caveat: Cookies generated using SignedCookieSessionFactory are not ' 'compatible with cookies generated using UnencryptedCookieSessionFactory, ' 'so existing user session data will be destroyed if you switch to it.' ) @@ -578,11 +578,11 @@ def SignedCookieSessionFactory( while rendering a view. Default: ``True``. ``serializer`` - An object with two methods: ``loads`` and ``dumps``. The ``loads`` method - should accept bytes and return a Python object. The ``dumps`` method - should accept a Python object and return bytes. A ``ValueError`` should - be raised for malformed inputs. If a serializer is not passed, the - :class:`pyramid.session.PickleSerializer` serializer will be used. + An object with two methods: ``loads`` and ``dumps``. The ``loads`` + method should accept bytes and return a Python object. The ``dumps`` + method should accept a Python object and return bytes. A ``ValueError`` + should be raised for malformed inputs. If a serializer is not passed, + the :class:`pyramid.session.PickleSerializer` serializer will be used. .. versionadded: 1.5a3 """ @@ -591,7 +591,7 @@ def SignedCookieSessionFactory( signed_serializer = SignedSerializer( secret, - salt, + salt, hashalg, serializer=serializer, ) -- cgit v1.2.3 From 7075e1742529f7de53dd794e9ded0baaa3584135 Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Thu, 27 Feb 2014 16:51:10 -0500 Subject: reproduce timeout=None bug --- pyramid/tests/test_session.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/pyramid/tests/test_session.py b/pyramid/tests/test_session.py index 1ad0729b3..1abc43e82 100644 --- a/pyramid/tests/test_session.py +++ b/pyramid/tests/test_session.py @@ -52,6 +52,15 @@ class SharedCookieSessionTests(object): session = self._makeOne(request, timeout=1) self.assertEqual(dict(session), {}) + def test_timeout_never(self): + import time + request = testing.DummyRequest() + LONG_TIME = 31536000 + cookieval = self._serialize((time.time() + LONG_TIME, 0, {'state': 1})) + request.cookies['session'] = cookieval + session = self._makeOne(request, timeout=None) + self.assertEqual(dict(session), {'state': 1}) + def test_changed(self): request = testing.DummyRequest() session = self._makeOne(request) -- cgit v1.2.3 From 8f4fbd84220a3256cbeee3f2adcc333c0ef0e6aa Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Thu, 27 Feb 2014 16:51:43 -0500 Subject: fix timeout=None bug as well as some other potential unpacking problems --- pyramid/session.py | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/pyramid/session.py b/pyramid/session.py index ea7a5628c..5cc51869c 100644 --- a/pyramid/session.py +++ b/pyramid/session.py @@ -256,17 +256,24 @@ def BaseCookieSessionFactory( if value is not None: try: - renewed, created, state = value + # since the value is not necessarily signed, we have + # to unpack it a little carefully + rval, cval, sval = value + renewed = float(rval) + created = float(cval) + state = sval new = False - if now - renewed > self._timeout: - # expire the session because it was not renewed - # before the timeout threshold - state = {} - except TypeError: + except (TypeError, ValueError): # value failed to unpack properly or renewed was not # a numeric type so we'll fail deserialization here state = {} + if self._timeout is not None: + if now - renewed > self._timeout: + # expire the session because it was not renewed + # before the timeout threshold + state = {} + self.created = created self.accessed = renewed self.renewed = renewed -- cgit v1.2.3 From 9549f66c78f18e4a041e96cbc78e7aa8d75fb4fe Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Thu, 27 Feb 2014 16:52:12 -0500 Subject: reproduce reissue_time=None bug --- pyramid/tests/test_session.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/pyramid/tests/test_session.py b/pyramid/tests/test_session.py index 1abc43e82..1aaa7a2ba 100644 --- a/pyramid/tests/test_session.py +++ b/pyramid/tests/test_session.py @@ -288,6 +288,14 @@ class TestBaseCookieSession(SharedCookieSessionTests, unittest.TestCase): self.assertEqual(session['state'], 1) self.assertFalse(session._dirty) + def test_reissue_never(self): + request = testing.DummyRequest() + cookieval = self._serialize((0, 0, {'state': 1})) + request.cookies['session'] = cookieval + session = self._makeOne(request, reissue_time=None, timeout=None) + self.assertEqual(session['state'], 1) + self.assertFalse(session._dirty) + class TestSignedCookieSession(SharedCookieSessionTests, unittest.TestCase): def _makeOne(self, request, **kw): from pyramid.session import SignedCookieSessionFactory @@ -314,6 +322,14 @@ class TestSignedCookieSession(SharedCookieSessionTests, unittest.TestCase): self.assertEqual(session['state'], 1) self.assertFalse(session._dirty) + def test_reissue_never(self): + request = testing.DummyRequest() + cookieval = self._serialize((0, 0, {'state': 1})) + request.cookies['session'] = cookieval + session = self._makeOne(request, reissue_time=None, timeout=None) + self.assertEqual(session['state'], 1) + self.assertFalse(session._dirty) + def test_custom_salt(self): import time request = testing.DummyRequest() -- cgit v1.2.3 From b2dd47336c200bbbfea31526f85652226c335687 Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Thu, 27 Feb 2014 16:52:44 -0500 Subject: handle reissue_time=None properly --- pyramid/session.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pyramid/session.py b/pyramid/session.py index 5cc51869c..56d99e9de 100644 --- a/pyramid/session.py +++ b/pyramid/session.py @@ -27,8 +27,9 @@ def manage_accessed(wrapped): method is called.""" def accessed(session, *arg, **kw): session.accessed = now = int(time.time()) - if now - session.renewed > session._reissue_time: - session.changed() + if session._reissue_time is not None: + if now - session.renewed > session._reissue_time: + session.changed() return wrapped(session, *arg, **kw) accessed.__doc__ = wrapped.__doc__ return accessed -- cgit v1.2.3