Mercurial Repository: p/roundup/code: roundup/cgi/client.py comparison

comparison roundup/cgi/client.py @ 5319:62de601bdf6f

Fix commits although a Reject exception is raised Fix the problem that changes are committed to the database (due to commits to otk handling) even when a Reject exception occurs. The fix implements separate database connections for otk/session handling and normal database operation.

author	Ralf Schlatterbeck <rsc@runtux.com>
date	Fri, 20 Apr 2018 18:46:28 +0200
parents	198b6e810c67
children	66a17c80e035

comparison

equal deleted inserted replaced

-:506c7ee9a385
+:62de601bdf6f
 def destroy(self):
 self.client.add_cookie(self.cookie_name, None)
 self._data = {}
 self.session_db.destroy(self._sid)
-self.client.db.commit()
+self.session_db.commit()
 def get(self, name, default=None):
 return self._data.get(name, default)
 def set(self, **kwargs):
 # XXX added when patching 1.4.4 for backward compatibility
 # XXX remove
 self.client.session = self._sid
 else:
 self.session_db.set(self._sid, **self._data)
-self.client.db.commit()
+self.session_db.commit()
 def update(self, set_cookie=False, expire=None):
 """ update timestamp in db to avoid expiration
 if 'set_cookie' is True, set cookie with 'expire' seconds lifetime
 XXX the session can be purged within a week even if a cookie
 lifetime is longer
 """
 self.session_db.updateTimestamp(self._sid)
-self.client.db.commit()
+self.session_db.commit()
 if set_cookie:
 self.client.add_cookie(self.cookie_name, self._sid, expire=expire)
 hour = 60*60
 now = time.time()
 # XXX: hack - use OTK table to store last_clean time information
 #      'last_clean' string is used instead of otk key
-last_clean = self.db.getOTKManager().get('last_clean', 'last_use', 0)
+otks = self.db.getOTKManager()
+last_clean = otks.get('last_clean', 'last_use', 0)
 if now - last_clean < hour:
 return
 self.session_api.clean_up()
-self.db.getOTKManager().clean()
+otks.clean()
-self.db.getOTKManager().set('last_clean', last_use=now)
+otks.set('last_clean', last_use=now)
-self.db.commit(fail_ok=True)
+otks.commit()
 def determine_charset(self):
 """Look for client charset in the form parameters or browser cookie.
 If no charset requested by client, use storage charset (utf-8).
 if otks.exists(key):
 logger.error(
 self._("csrf key used with wrong method from: %s"),
 referer)
 otks.destroy(key)
-self.db.commit()
+otks.commit()
 # do return here. Keys have been obsoleted.
 # we didn't do a expire cycle of session keys,
 # but that's ok.
 return True
 # our own.
 otks.clean()
 if xmlrpc:
 # Save removal of expired keys from database.
-self.db.commit()
+otks.commit()
 # Return from here since we have done housekeeping
 # and don't use csrf tokens for xmlrpc.
 return True
 # process @csrf tokens past this point.
 # The key has been used or compromised.
 # Delete it to prevent replay.
 otks.destroy(key)
 # commit the deletion/expiration of all keys
-self.db.commit()
+otks.commit()
 enforce=config['WEB_CSRF_ENFORCE_TOKEN']
 if key is None: # we do not have an @csrf token
 if enforce == 'required':
 logger.error(self._("Required csrf field missing for user%s"), current_user)
 nonce_session is not None and \
 "@action" in self.form and \
 self.form["@action"].value == "Login":
 if header_pass > 0:
 otks.destroy(key)
-self.db.commit()
+otks.commit()
 return True
 else:
 self.add_error_message("Reload window before logging in.")
 '''
 # validate against user and session

Mercurial > p > roundup > code

comparison roundup/cgi/client.py @ 5319:62de601bdf6f