anoopmb
/
frappe
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12109 Commits
1 Branch
314 MiB
 
 
 
 
 
 
Tree: 3076b2cc7a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3076b2cc7a'
${ noResults }
frappe/frappe/sessions.py

421 lines
12 KiB
Raw Blame History 

  1. # Copyright (c) 2015, Frappe Technologies Pvt. Ltd. and Contributors

  2. # MIT License. See license.txt

  3. 

  4. from __future__ import unicode_literals

  5. """

  6. Boot session from cache or build

  7. 

  8. Session bootstraps info needed by common client side activities including

  9. permission, homepage, default variables, system defaults etc

  10. """

  11. import frappe, json

  12. from frappe import _

  13. import frappe.utils

  14. from frappe.utils import cint, cstr

  15. import frappe.model.meta

  16. import frappe.defaults

  17. import frappe.translate

  18. from frappe.utils.change_log import get_change_log

  19. import redis

  20. from urllib import unquote

  21. from frappe.desk.notifications import clear_notifications

  22. 

  23. @frappe.whitelist()

  24. def clear(user=None):

  25. 	frappe.local.session_obj.update(force=True)

  26. 	frappe.local.db.commit()

  27. 	clear_cache(frappe.session.user)

  28. 	clear_global_cache()

  29. 	frappe.response['message'] = _("Cache Cleared")

  30. 

  31. def clear_cache(user=None):

  32. 	cache = frappe.cache()

  33. 

  34. 	groups = ("bootinfo", "user_recent", "roles", "user_doc", "lang",

  35. 		"defaults", "user_permissions", "roles", "home_page", "linked_with",

  36. 		"desktop_icons", 'portal_menu_items')

  37. 

  38. 	if user:

  39. 		for name in groups:

  40. 			cache.hdel(name, user)

  41. 		cache.delete_keys("user:" + user)

  42. 		frappe.defaults.clear_cache(user)

  43. 	else:

  44. 		for name in groups:

  45. 			cache.delete_key(name)

  46. 		clear_global_cache()

  47. 		frappe.defaults.clear_cache()

  48. 

  49. 	clear_notifications(user)

  50. 

  51. def clear_global_cache():

  52. 	frappe.model.meta.clear_cache()

  53. 	frappe.cache().delete_value(["app_hooks", "installed_apps",

  54. 		"app_modules", "module_app", "notification_config", 'system_settings'

  55. 		'scheduler_events', 'time_zone'])

  56. 	frappe.setup_module_map()

  57. 

  58. 

  59. def clear_sessions(user=None, keep_current=False, device=None):

  60. 	'''Clear other sessions of the current user. Called at login / logout

  61. 

  62. 	:param user: user name (default: current user)

  63. 	:param keep_current: keep current session (default: false)

  64. 	:param device: delete sessions of this device (default: desktop)

  65. 	'''

  66. 	for sid in get_sessions_to_clear(user, keep_current, device):

  67. 		delete_session(sid, reason="Logged In From Another Session")

  68. 

  69. def get_sessions_to_clear(user=None, keep_current=False, device=None):

  70. 	'''Returns sessions of the current user. Called at login / logout

  71. 

  72. 	:param user: user name (default: current user)

  73. 	:param keep_current: keep current session (default: false)

  74. 	:param device: delete sessions of this device (default: desktop)

  75. 	'''

  76. 	if not user:

  77. 		user = frappe.session.user

  78. 

  79. 	if not device:

  80. 		device = frappe.session.data.device or "desktop"

  81. 

  82. 	limit = 0

  83. 	if user == frappe.session.user:

  84. 		simultaneous_sessions = frappe.db.get_value('User', user, 'simultaneous_sessions') or 1

  85. 		limit = simultaneous_sessions - 1

  86. 

  87. 	condition = ''

  88. 	if keep_current:

  89. 		condition = ' and sid != "{0}"'.format(frappe.db.escape(frappe.session.sid))

  90. 

  91. 	return frappe.db.sql_list("""select sid from tabSessions

  92. 		where user=%s and device=%s {condition}

  93. 		order by lastupdate desc limit {limit}, 100""".format(condition=condition, limit=limit),

  94. 		(user, device))

  95. 

  96. def delete_session(sid=None, user=None, reason="Session Expired"):

  97. 	from frappe.core.doctype.communication.feed import logout_feed

  98. 

  99. 	frappe.cache().hdel("session", sid)

  100. 	frappe.cache().hdel("last_db_session_update", sid)

  101. 	if sid and not user:

  102. 		user_details = frappe.db.sql("""select user from tabSessions where sid=%s""", sid, as_dict=True)

  103. 		if user_details: user = user_details[0].get("user")

  104. 

  105. 	logout_feed(user, reason)

  106. 	frappe.db.sql("""delete from tabSessions where sid=%s""", sid)

  107. 	frappe.db.commit()

  108. 

  109. def clear_all_sessions(reason=None):

  110. 	"""This effectively logs out all users"""

  111. 	frappe.only_for("Administrator")

  112. 	if not reason: reason = "Deleted All Active Session"

  113. 	for sid in frappe.db.sql_list("select sid from `tabSessions`"):

  114. 		delete_session(sid, reason=reason)

  115. 

  116. def get_expired_sessions():

  117. 	'''Returns list of expired sessions'''

  118. 	expired = []

  119. 	for device in ("desktop", "mobile"):

  120. 		expired += frappe.db.sql_list("""select sid from tabSessions

  121. 				where TIMEDIFF(NOW(), lastupdate) > TIME(%s)

  122. 				and device = %s""", (get_expiry_period(device), device))

  123. 

  124. 	return expired

  125. 

  126. def clear_expired_sessions():

  127. 	"""This function is meant to be called from scheduler"""

  128. 	for sid in get_expired_sessions():

  129. 		delete_session(sid, reason="Session Expired")

  130. 

  131. def get():

  132. 	"""get session boot info"""

  133. 	from frappe.desk.notifications import \

  134. 		get_notification_info_for_boot, get_notifications

  135. 	from frappe.boot import get_bootinfo, get_unseen_notes

  136. 	from frappe.limits import get_limits, get_expiry_message

  137. 

  138. 	bootinfo = None

  139. 	if not getattr(frappe.conf,'disable_session_cache', None):

  140. 		# check if cache exists

  141. 		bootinfo = frappe.cache().hget("bootinfo", frappe.session.user)

  142. 		if bootinfo:

  143. 			bootinfo['from_cache'] = 1

  144. 			bootinfo["notification_info"].update(get_notifications())

  145. 			bootinfo["user"]["recent"] = json.dumps(\

  146. 				frappe.cache().hget("user_recent", frappe.session.user))

  147. 

  148. 	if not bootinfo:

  149. 		# if not create it

  150. 		bootinfo = get_bootinfo()

  151. 		bootinfo["notification_info"] = get_notification_info_for_boot()

  152. 		frappe.cache().hset("bootinfo", frappe.session.user, bootinfo)

  153. 		try:

  154. 			frappe.cache().ping()

  155. 		except redis.exceptions.ConnectionError:

  156. 			message = _("Redis cache server not running. Please contact Administrator / Tech support")

  157. 			if 'messages' in bootinfo:

  158. 				bootinfo['messages'].append(message)

  159. 			else:

  160. 				bootinfo['messages'] = [message]

  161. 

  162. 		# check only when clear cache is done, and don't cache this

  163. 		if frappe.local.request:

  164. 			bootinfo["change_log"] = get_change_log()

  165. 

  166. 	bootinfo["metadata_version"] = frappe.cache().get_value("metadata_version")

  167. 	if not bootinfo["metadata_version"]:

  168. 		bootinfo["metadata_version"] = frappe.reset_metadata_version()

  169. 

  170. 	bootinfo.notes = get_unseen_notes()

  171. 

  172. 	for hook in frappe.get_hooks("extend_bootinfo"):

  173. 		frappe.get_attr(hook)(bootinfo=bootinfo)

  174. 

  175. 	bootinfo["lang"] = frappe.translate.get_user_lang()

  176. 	bootinfo["disable_async"] = frappe.conf.disable_async

  177. 

  178. 	# limits

  179. 	bootinfo.limits = get_limits()

  180. 	bootinfo.expiry_message = get_expiry_message()

  181. 

  182. 	return bootinfo

  183. 

  184. def get_csrf_token():

  185. 	if not frappe.local.session.data.csrf_token:

  186. 		generate_csrf_token()

  187. 

  188. 	return frappe.local.session.data.csrf_token

  189. 

  190. def generate_csrf_token():

  191. 	frappe.local.session.data.csrf_token = frappe.generate_hash()

  192. 	frappe.local.session_obj.update(force=True)

  193. 

  194. 	# send sid and csrf token to the user

  195. 	# handles the case when a user logs in again from another tab

  196. 	# and it leads to invalid request in the current tab

  197. 	frappe.publish_realtime(event="csrf_generated",

  198. 		message={"sid": frappe.local.session.sid, "csrf_token": frappe.local.session.data.csrf_token},

  199. 		user=frappe.session.user, after_commit=True)

  200. 

  201. class Session:

  202. 	def __init__(self, user, resume=False, full_name=None, user_type=None):

  203. 		self.sid = cstr(frappe.form_dict.get('sid') or

  204. 			unquote(frappe.request.cookies.get('sid', 'Guest')))

  205. 		self.user = user

  206. 		self.device = frappe.form_dict.get("device") or "desktop"

  207. 		self.user_type = user_type

  208. 		self.full_name = full_name

  209. 		self.data = frappe._dict({'data': frappe._dict({})})

  210. 		self.time_diff = None

  211. 

  212. 		# set local session

  213. 		frappe.local.session = self.data

  214. 

  215. 		if resume:

  216. 			self.resume()

  217. 

  218. 		else:

  219. 			if self.user:

  220. 				self.start()

  221. 

  222. 	def start(self):

  223. 		"""start a new session"""

  224. 		# generate sid

  225. 		if self.user=='Guest':

  226. 			sid = 'Guest'

  227. 		else:

  228. 			sid = frappe.generate_hash()

  229. 

  230. 		self.data.user = self.user

  231. 		self.data.sid = sid

  232. 		self.data.data.user = self.user

  233. 		self.data.data.session_ip = frappe.local.request_ip

  234. 		if self.user != "Guest":

  235. 			self.data.data.update({

  236. 				"last_updated": frappe.utils.now(),

  237. 				"session_expiry": get_expiry_period(self.device),

  238. 				"full_name": self.full_name,

  239. 				"user_type": self.user_type,

  240. 				"device": self.device,

  241. 				"session_country": get_geo_ip_country(frappe.local.request_ip) if frappe.local.request_ip else None,

  242. 			})

  243. 

  244. 		# insert session

  245. 		if self.user!="Guest":

  246. 			self.insert_session_record()

  247. 

  248. 			# update user

  249. 			frappe.db.sql("""UPDATE tabUser SET last_login = %(now)s, last_ip = %(ip)s, last_active = %(now)s

  250. 				where name=%(name)s""", {

  251. 					"now": frappe.utils.now(),

  252. 					"ip": frappe.local.request_ip,

  253. 					"name": self.data['user']

  254. 				})

  255. 

  256. 			frappe.db.commit()

  257. 

  258. 	def insert_session_record(self):

  259. 		frappe.db.sql("""insert into tabSessions

  260. 			(sessiondata, user, lastupdate, sid, status, device)

  261. 			values (%s , %s, NOW(), %s, 'Active', %s)""",

  262. 				(str(self.data['data']), self.data['user'], self.data['sid'], self.device))

  263. 

  264. 		# also add to memcache

  265. 		frappe.cache().hset("session", self.data.sid, self.data)

  266. 

  267. 	def resume(self):

  268. 		"""non-login request: load a session"""

  269. 		import frappe

  270. 

  271. 		data = self.get_session_record()

  272. 

  273. 		if data:

  274. 			# set language

  275. 			self.data.update({'data': data, 'user':data.user, 'sid': self.sid})

  276. 			self.user = data.user

  277. 			self.device = data.device

  278. 		else:

  279. 			self.start_as_guest()

  280. 

  281. 		if self.sid != "Guest":

  282. 			frappe.local.user_lang = frappe.translate.get_user_lang(self.data.user)

  283. 			frappe.local.lang = frappe.local.user_lang

  284. 

  285. 	def get_session_record(self):

  286. 		"""get session record, or return the standard Guest Record"""

  287. 		from frappe.auth import clear_cookies

  288. 		r = self.get_session_data()

  289. 		if not r:

  290. 			frappe.response["session_expired"] = 1

  291. 			clear_cookies()

  292. 			self.sid = "Guest"

  293. 			r = self.get_session_data()

  294. 

  295. 		return r

  296. 

  297. 	def get_session_data(self):

  298. 		if self.sid=="Guest":

  299. 			return frappe._dict({"user":"Guest"})

  300. 

  301. 		data = self.get_session_data_from_cache()

  302. 		if not data:

  303. 			data = self.get_session_data_from_db()

  304. 		return data

  305. 

  306. 	def get_session_data_from_cache(self):

  307. 		data = frappe.cache().hget("session", self.sid)

  308. 		if data:

  309. 			data = frappe._dict(data)

  310. 			session_data = data.get("data", {})

  311. 

  312. 			# set user for correct timezone

  313. 			self.time_diff = frappe.utils.time_diff_in_seconds(frappe.utils.now(),

  314. 				session_data.get("last_updated"))

  315. 			expiry = self.get_expiry_in_seconds(session_data.get("session_expiry"))

  316. 

  317. 			if self.time_diff > expiry:

  318. 				self.delete_session()

  319. 				data = None

  320. 

  321. 		return data and data.data

  322. 

  323. 	def get_session_data_from_db(self):

  324. 		self.device = frappe.db.sql('select device from tabSessions where sid=%s', self.sid)

  325. 		self.device = self.device and self.device[0][0] or 'desktop'

  326. 

  327. 		rec = frappe.db.sql("""select user, sessiondata

  328. 			from tabSessions where sid=%s and

  329. 			TIMEDIFF(NOW(), lastupdate) < TIME(%s)""", (self.sid,

  330. 				get_expiry_period(self.device)))

  331. 		if rec:

  332. 			data = frappe._dict(eval(rec and rec[0][1] or '{}'))

  333. 			data.user = rec[0][0]

  334. 		else:

  335. 			self.delete_session()

  336. 			data = None

  337. 

  338. 		return data

  339. 

  340. 	def get_expiry_in_seconds(self, expiry):

  341. 		if not expiry:

  342. 			return 3600

  343. 		parts = expiry.split(":")

  344. 		return (cint(parts[0]) * 3600) + (cint(parts[1]) * 60) + cint(parts[2])

  345. 

  346. 	def delete_session(self):

  347. 		delete_session(self.sid, reason="Session Expired")

  348. 

  349. 	def start_as_guest(self):

  350. 		"""all guests share the same 'Guest' session"""

  351. 		self.user = "Guest"

  352. 		self.start()

  353. 

  354. 	def update(self, force=False):

  355. 		"""extend session expiry"""

  356. 		if (frappe.session['user'] == "Guest" or frappe.form_dict.cmd=="logout"):

  357. 			return

  358. 

  359. 		now = frappe.utils.now()

  360. 

  361. 		self.data['data']['last_updated'] = now

  362. 		self.data['data']['lang'] = unicode(frappe.lang)

  363. 

  364. 		# update session in db

  365. 		last_updated = frappe.cache().hget("last_db_session_update", self.sid)

  366. 		time_diff = frappe.utils.time_diff_in_seconds(now, last_updated) if last_updated else None

  367. 

  368. 		# database persistence is secondary, don't update it too often

  369. 		updated_in_db = False

  370. 		if force or (time_diff==None) or (time_diff > 600):

  371. 			# update sessions table

  372. 			frappe.db.sql("""update tabSessions set sessiondata=%s,

  373. 				lastupdate=NOW() where sid=%s""" , (str(self.data['data']),

  374. 				self.data['sid']))

  375. 

  376. 			# update last active in user table

  377. 			frappe.db.sql("""update `tabUser` set last_active=%(now)s where name=%(name)s""", {

  378. 				"now": now,

  379. 				"name": frappe.session.user

  380. 			})

  381. 

  382. 			frappe.db.commit()

  383. 			frappe.cache().hset("last_db_session_update", self.sid, now)

  384. 

  385. 			updated_in_db = True

  386. 

  387. 		# set in memcache

  388. 		frappe.cache().hset("session", self.sid, self.data)

  389. 

  390. 		return updated_in_db

  391. 

  392. def get_expiry_period(device="desktop"):

  393. 	if device=="mobile":

  394. 		key = "session_expiry_mobile"

  395. 		default = "720:00:00"

  396. 	else:

  397. 		key = "session_expiry"

  398. 		default = "06:00:00"

  399. 

  400. 	exp_sec = frappe.defaults.get_global_default(key) or default

  401. 

  402. 	# incase seconds is missing

  403. 	if len(exp_sec.split(':')) == 2:

  404. 		exp_sec = exp_sec + ':00'

  405. 

  406. 	return exp_sec

  407. 

  408. def get_geo_from_ip(ip_addr):

  409. 	try:

  410. 		from geoip import geolite2

  411. 		return geolite2.lookup(ip_addr)

  412. 	except ImportError:

  413. 		return

  414. 	except ValueError:

  415. 		return

  416. 

  417. def get_geo_ip_country(ip_addr):

  418. 	match = get_geo_from_ip(ip_addr)

  419. 	if match:

  420. 		return match.country