[Kimchi-devel] [PATCH V5 5/5] login page prompts error when session timeout

shaohef at linux.vnet.ibm.com shaohef at linux.vnet.ibm.com
Thu Jun 12 10:55:05 UTC 2014


From: ShaoHe Feng <shaohef at linux.vnet.ibm.com>

When session timeout, come back to login page with an
error message.

When session logout, close session directly.

Signed-off-by: ShaoHe Feng <shaohef at linux.vnet.ibm.com>
---
 src/kimchi/auth.py       | 25 ++++++++++++++++++++++---
 src/kimchi/config.py.in  |  4 ++++
 src/kimchi/server.py     |  2 ++
 ui/js/src/kimchi.main.js | 11 +++++++++--
 ui/pages/login.html.tmpl |  2 ++
 5 files changed, 39 insertions(+), 5 deletions(-)

diff --git a/src/kimchi/auth.py b/src/kimchi/auth.py
index 9cb40d3..59889ed 100644
--- a/src/kimchi/auth.py
+++ b/src/kimchi/auth.py
@@ -161,7 +161,7 @@ def check_auth_session():
                     cherrypy.session.timeout * 60):
                 cherrypy.session[USER_NAME] = None
                 cherrypy.lib.sessions.expire()
-                raise cherrypy.HTTPError(401)
+                raise cherrypy.HTTPError(401, "sessionTimeout")
         else:
             cherrypy.session[REFRESH] = time.time()
         return True
@@ -223,7 +223,7 @@ def logout():
     cherrypy.session[USER_NAME] = None
     cherrypy.session[REFRESH] = 0
     cherrypy.session.release_lock()
-    cherrypy.lib.sessions.expire()
+    cherrypy.lib.sessions.close()
 
 
 def has_permission(admin_methods):
@@ -238,6 +238,7 @@ def has_permission(admin_methods):
 
 def kimchiauth(admin_methods=None):
     debug("Entering kimchiauth...")
+    session_missing = cherrypy.session.missing
     if check_auth_session():
         if not has_permission(admin_methods):
             raise cherrypy.HTTPError(403)
@@ -249,11 +250,29 @@ def kimchiauth(admin_methods=None):
         return
 
     # not a REST full request, redirect login page directly
-    if not template.can_accept('application/json'):
+    if ("Accept" in cherrypy.request.headers and
+       not template.can_accept('application/json')):
         redirect_login()
 
+    # from browser, and it stays on one page.
+    if session_missing and cherrypy.request.cookie.get("lastPage") is not None:
+        raise cherrypy.HTTPError(401, "sessionTimeout")
+
     if not from_browser():
         cherrypy.response.headers['WWW-Authenticate'] = 'Basic realm=kimchi'
 
     e = InvalidOperation('KCHAUTH0002E')
     raise cherrypy.HTTPError(401, e.message.encode('utf-8'))
+
+
+def kimchisession(admin_methods=None):
+    session = cherrypy.request.cookie.get("kimchi")
+    last_page = cherrypy.request.cookie.get("lastPage")
+    headers = cherrypy.request.headers
+    authheader = headers.get('AUTHORIZATION')
+    # when client browser first login in, both the session and lastPage cookie
+    # are None.
+    # when session timeout, only session cookie is None.
+    if (session is None and last_page is None and authheader is None and
+       ("Accept" in headers and not template.can_accept('application/json'))):
+            redirect_login()
diff --git a/src/kimchi/config.py.in b/src/kimchi/config.py.in
index d4cbda0..f557516 100644
--- a/src/kimchi/config.py.in
+++ b/src/kimchi/config.py.in
@@ -179,6 +179,7 @@ class KimchiConfig(dict):
             'tools.sessions.locking': 'explicit',
             'tools.sessions.storage_type': 'ram',
             'tools.sessions.timeout': SESSIONSTIMEOUT,
+            'tools.kimchisession.on': True,
             'tools.kimchiauth.on': False
         },
         '/vnc_auto.html': {
@@ -190,6 +191,9 @@ class KimchiConfig(dict):
        '/kimchi-ui.html': {
             'tools.kimchiauth.on': True
         },
+       '/login.html': {
+            'tools.kimchisession.on': False,
+        },
         '/data/screenshots': {
             'tools.staticdir.on': True,
             'tools.staticdir.dir': get_screenshot_path(),
diff --git a/src/kimchi/server.py b/src/kimchi/server.py
index 7344349..30140ce 100644
--- a/src/kimchi/server.py
+++ b/src/kimchi/server.py
@@ -77,6 +77,8 @@ def __init__(self, options):
         cherrypy.tools.nocache = cherrypy.Tool('on_end_resource', set_no_cache)
         cherrypy.tools.kimchiauth = cherrypy.Tool('before_handler',
                                                   auth.kimchiauth)
+        cherrypy.tools.kimchisession = cherrypy.Tool('before_request_body',
+                                                     auth.kimchisession)
         # Setting host to 127.0.0.1. This makes kimchi runs
         # as a localhost app, inaccessible to the outside
         # directly. You must go through the proxy.
diff --git a/ui/js/src/kimchi.main.js b/ui/js/src/kimchi.main.js
index 2a8f461..4dc57e5 100644
--- a/ui/js/src/kimchi.main.js
+++ b/ui/js/src/kimchi.main.js
@@ -138,7 +138,13 @@ kimchi.main = function() {
      */
     var loadPage = function(url) {
         // Get the page content through Ajax and render it.
-        url && $('#main').load(url, function(responseText, textStatus, jqXHR) {});
+        url && $('#main').load(url, function(responseText, textStatus, jqXHR) {
+            if (jqXHR['status'] === 401 || jqXHR['status'] === 303) {
+                var isSessionTimeout = jqXHR['responseText'].indexOf("sessionTimeout")!=-1;
+                document.location.href= isSessionTimeout ? 'login.html?error=sessionTimeout' : 'login.html';
+                return;
+            }
+        });
     };
 
     /*
@@ -223,11 +229,12 @@ kimchi.main = function() {
             }
 
             if (jqXHR['status'] === 401) {
+                var isSessionTimeout = jqXHR['responseText'].indexOf("sessionTimeout")!=-1;
                 kimchi.user.showUser(false);
                 kimchi.previousAjax = ajaxSettings;
                 $(".empty-when-logged-off").empty();
                 $(".remove-when-logged-off").remove();
-                document.location.href='login.html';
+                document.location.href= isSessionTimeout ? 'login.html?error=sessionTimeout' : 'login.html';
                 return;
             }
             else if((jqXHR['status'] == 0) && ("error"==jqXHR.statusText)) {
diff --git a/ui/pages/login.html.tmpl b/ui/pages/login.html.tmpl
index 0e53041..1e80aad 100644
--- a/ui/pages/login.html.tmpl
+++ b/ui/pages/login.html.tmpl
@@ -74,6 +74,8 @@ function setMessage() {
     var err = "$getVar('data.error', '')";
     if(err=="userPassWrong")
         document.getElementById("messUserPass").style.display = "";
+    if(err=="sessionTimeout")
+        document.getElementById("messSession").style.display = "";
 }
 function init() {
     setLang();
-- 
1.9.3




More information about the Kimchi-devel mailing list