anoopmb
/
frappe
1
0
Fork 0
Koodi Ongelmat 0 Pull-pyynnöt 0 Julkaisut 0 Wiki Toiminta
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
32828 Commitit
1 Haara
314 MiB
 
 
 
 
 
 
Puu: 355a9e7e7b
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from '355a9e7e7b'
${ noResults }
frappe/frappe/sessions.py

417 rivejä
12 KiB
Raaka Blame Historia 

  1. # Copyright (c) 2015, Frappe Technologies Pvt. Ltd. and Contributors

  2. # MIT License. See license.txt

  3. 

  4. from __future__ import unicode_literals

  5. """

  6. Boot session from cache or build

  7. 

  8. Session bootstraps info needed by common client side activities including

  9. permission, homepage, default variables, system defaults etc

  10. """

  11. import frappe, json

  12. from frappe import _

  13. import frappe.utils

  14. from frappe.utils import cint, cstr, get_assets_json

  15. import frappe.model.meta

  16. import frappe.defaults

  17. import frappe.translate

  18. import redis

  19. from six.moves.urllib.parse import unquote

  20. from six import text_type

  21. from frappe.cache_manager import clear_user_cache

  22. 

  23. @frappe.whitelist(allow_guest=True)

  24. def clear(user=None):

  25. 	frappe.local.session_obj.update(force=True)

  26. 	frappe.local.db.commit()

  27. 	clear_user_cache(frappe.session.user)

  28. 	frappe.response['message'] = _("Cache Cleared")

  29. 

  30. def clear_sessions(user=None, keep_current=False, device=None, force=False):

  31. 	'''Clear other sessions of the current user. Called at login / logout

  32. 

  33. 	:param user: user name (default: current user)

  34. 	:param keep_current: keep current session (default: false)

  35. 	:param device: delete sessions of this device (default: desktop, mobile)

  36. 	:param force: triggered by the user (default false)

  37. 	'''

  38. 

  39. 	reason = "Logged In From Another Session"

  40. 	if force:

  41. 		reason = "Force Logged out by the user"

  42. 

  43. 	for sid in get_sessions_to_clear(user, keep_current, device):

  44. 		delete_session(sid, reason=reason)

  45. 

  46. def get_sessions_to_clear(user=None, keep_current=False, device=None):

  47. 	'''Returns sessions of the current user. Called at login / logout

  48. 

  49. 	:param user: user name (default: current user)

  50. 	:param keep_current: keep current session (default: false)

  51. 	:param device: delete sessions of this device (default: desktop, mobile)

  52. 	'''

  53. 	if not user:

  54. 		user = frappe.session.user

  55. 

  56. 	if not device:

  57. 		device = ("desktop", "mobile")

  58. 

  59. 	if not isinstance(device, (tuple, list)):

  60. 		device = (device,)

  61. 

  62. 	offset = 0

  63. 	if user == frappe.session.user:

  64. 		simultaneous_sessions = frappe.db.get_value('User', user, 'simultaneous_sessions') or 1

  65. 		offset = simultaneous_sessions - 1

  66. 

  67. 	condition = ''

  68. 	if keep_current:

  69. 		condition = ' AND sid != {0}'.format(frappe.db.escape(frappe.session.sid))

  70. 

  71. 	return frappe.db.sql_list("""

  72. 		SELECT `sid` FROM `tabSessions`

  73. 		WHERE user=%(user)s

  74. 		AND device in %(device)s

  75. 		{condition}

  76. 		ORDER BY `lastupdate` DESC

  77. 		LIMIT 100 OFFSET {offset}""".format(condition=condition, offset=offset),

  78. 		{"user": user, "device": device})

  79. 

  80. def delete_session(sid=None, user=None, reason="Session Expired"):

  81. 	from frappe.core.doctype.activity_log.feed import logout_feed

  82. 

  83. 	frappe.cache().hdel("session", sid)

  84. 	frappe.cache().hdel("last_db_session_update", sid)

  85. 	if sid and not user:

  86. 		user_details = frappe.db.sql("""select user from tabSessions where sid=%s""", sid, as_dict=True)

  87. 		if user_details: user = user_details[0].get("user")

  88. 

  89. 	logout_feed(user, reason)

  90. 	frappe.db.sql("""delete from tabSessions where sid=%s""", sid)

  91. 	frappe.db.commit()

  92. 

  93. def clear_all_sessions(reason=None):

  94. 	"""This effectively logs out all users"""

  95. 	frappe.only_for("Administrator")

  96. 	if not reason: reason = "Deleted All Active Session"

  97. 	for sid in frappe.db.sql_list("select sid from `tabSessions`"):

  98. 		delete_session(sid, reason=reason)

  99. 

  100. def get_expired_sessions():

  101. 	'''Returns list of expired sessions'''

  102. 	expired = []

  103. 	for device in ("desktop", "mobile"):

  104. 		expired += frappe.db.sql_list("""SELECT `sid`

  105. 				FROM `tabSessions`

  106. 				WHERE (NOW() - `lastupdate`) > %s

  107. 				AND device = %s""", (get_expiry_period_for_query(device), device))

  108. 

  109. 	return expired

  110. 

  111. def clear_expired_sessions():

  112. 	"""This function is meant to be called from scheduler"""

  113. 	for sid in get_expired_sessions():

  114. 		delete_session(sid, reason="Session Expired")

  115. 

  116. def get():

  117. 	"""get session boot info"""

  118. 	from frappe.boot import get_bootinfo, get_unseen_notes

  119. 	from frappe.utils.change_log import get_change_log

  120. 

  121. 	bootinfo = None

  122. 	if not getattr(frappe.conf,'disable_session_cache', None):

  123. 		# check if cache exists

  124. 		bootinfo = frappe.cache().hget("bootinfo", frappe.session.user)

  125. 		if bootinfo:

  126. 			bootinfo['from_cache'] = 1

  127. 			bootinfo["user"]["recent"] = json.dumps(\

  128. 				frappe.cache().hget("user_recent", frappe.session.user))

  129. 

  130. 	if not bootinfo:

  131. 		# if not create it

  132. 		bootinfo = get_bootinfo()

  133. 		frappe.cache().hset("bootinfo", frappe.session.user, bootinfo)

  134. 		try:

  135. 			frappe.cache().ping()

  136. 		except redis.exceptions.ConnectionError:

  137. 			message = _("Redis cache server not running. Please contact Administrator / Tech support")

  138. 			if 'messages' in bootinfo:

  139. 				bootinfo['messages'].append(message)

  140. 			else:

  141. 				bootinfo['messages'] = [message]

  142. 

  143. 		# check only when clear cache is done, and don't cache this

  144. 		if frappe.local.request:

  145. 			bootinfo["change_log"] = get_change_log()

  146. 

  147. 	bootinfo["metadata_version"] = frappe.cache().get_value("metadata_version")

  148. 	if not bootinfo["metadata_version"]:

  149. 		bootinfo["metadata_version"] = frappe.reset_metadata_version()

  150. 

  151. 	bootinfo.notes = get_unseen_notes()

  152. 	bootinfo.assets_json = get_assets_json()

  153. 

  154. 	for hook in frappe.get_hooks("extend_bootinfo"):

  155. 		frappe.get_attr(hook)(bootinfo=bootinfo)

  156. 

  157. 	bootinfo["lang"] = frappe.translate.get_user_lang()

  158. 	bootinfo["disable_async"] = frappe.conf.disable_async

  159. 

  160. 	bootinfo["setup_complete"] = cint(frappe.db.get_single_value('System Settings', 'setup_complete'))

  161. 	bootinfo["is_first_startup"] = cint(frappe.db.get_single_value('System Settings', 'is_first_startup'))

  162. 

  163. 	return bootinfo

  164. 

  165. def get_csrf_token():

  166. 	if not frappe.local.session.data.csrf_token:

  167. 		generate_csrf_token()

  168. 

  169. 	return frappe.local.session.data.csrf_token

  170. 

  171. def generate_csrf_token():

  172. 	frappe.local.session.data.csrf_token = frappe.generate_hash()

  173. 	frappe.local.session_obj.update(force=True)

  174. 

  175. class Session:

  176. 	def __init__(self, user, resume=False, full_name=None, user_type=None):

  177. 		self.sid = cstr(frappe.form_dict.get('sid') or

  178. 			unquote(frappe.request.cookies.get('sid', 'Guest')))

  179. 		self.user = user

  180. 		self.device = frappe.form_dict.get("device") or "desktop"

  181. 		self.user_type = user_type

  182. 		self.full_name = full_name

  183. 		self.data = frappe._dict({'data': frappe._dict({})})

  184. 		self.time_diff = None

  185. 

  186. 		# set local session

  187. 		frappe.local.session = self.data

  188. 

  189. 		if resume:

  190. 			self.resume()

  191. 

  192. 		else:

  193. 			if self.user:

  194. 				self.start()

  195. 

  196. 	def start(self):

  197. 		"""start a new session"""

  198. 		# generate sid

  199. 		if self.user=='Guest':

  200. 			sid = 'Guest'

  201. 		else:

  202. 			sid = frappe.generate_hash()

  203. 

  204. 		self.data.user = self.user

  205. 		self.data.sid = sid

  206. 		self.data.data.user = self.user

  207. 		self.data.data.session_ip = frappe.local.request_ip

  208. 		if self.user != "Guest":

  209. 			self.data.data.update({

  210. 				"last_updated": frappe.utils.now(),

  211. 				"session_expiry": get_expiry_period(self.device),

  212. 				"full_name": self.full_name,

  213. 				"user_type": self.user_type,

  214. 				"device": self.device,

  215. 				"session_country": get_geo_ip_country(frappe.local.request_ip) if frappe.local.request_ip else None,

  216. 			})

  217. 

  218. 		# insert session

  219. 		if self.user!="Guest":

  220. 			self.insert_session_record()

  221. 

  222. 			# update user

  223. 			user = frappe.get_doc("User", self.data['user'])

  224. 			frappe.db.sql("""UPDATE `tabUser`

  225. 				SET

  226. 					last_login = %(now)s,

  227. 					last_ip = %(ip)s,

  228. 					last_active = %(now)s

  229. 				WHERE name=%(name)s""", {

  230. 					'now': frappe.utils.now(),

  231. 					'ip': frappe.local.request_ip,

  232. 					'name': self.data['user']

  233. 				})

  234. 			user.run_notifications("before_change")

  235. 			user.run_notifications("on_update")

  236. 			frappe.db.commit()

  237. 

  238. 	def insert_session_record(self):

  239. 		frappe.db.sql("""insert into `tabSessions`

  240. 			(`sessiondata`, `user`, `lastupdate`, `sid`, `status`, `device`)

  241. 			values (%s , %s, NOW(), %s, 'Active', %s)""",

  242. 				(str(self.data['data']), self.data['user'], self.data['sid'], self.device))

  243. 

  244. 		# also add to memcache

  245. 		frappe.cache().hset("session", self.data.sid, self.data)

  246. 

  247. 	def resume(self):

  248. 		"""non-login request: load a session"""

  249. 		import frappe

  250. 		from frappe.auth import validate_ip_address

  251. 		data = self.get_session_record()

  252. 

  253. 		if data:

  254. 			# set language

  255. 			self.data.update({'data': data, 'user':data.user, 'sid': self.sid})

  256. 			self.user = data.user

  257. 			validate_ip_address(self.user)

  258. 			self.device = data.device

  259. 		else:

  260. 			self.start_as_guest()

  261. 

  262. 		if self.sid != "Guest":

  263. 			frappe.local.user_lang = frappe.translate.get_user_lang(self.data.user)

  264. 			frappe.local.lang = frappe.local.user_lang

  265. 

  266. 	def get_session_record(self):

  267. 		"""get session record, or return the standard Guest Record"""

  268. 		from frappe.auth import clear_cookies

  269. 		r = self.get_session_data()

  270. 

  271. 		if not r:

  272. 			frappe.response["session_expired"] = 1

  273. 			clear_cookies()

  274. 			self.sid = "Guest"

  275. 			r = self.get_session_data()

  276. 

  277. 		return r

  278. 

  279. 	def get_session_data(self):

  280. 		if self.sid=="Guest":

  281. 			return frappe._dict({"user":"Guest"})

  282. 

  283. 		data = self.get_session_data_from_cache()

  284. 		if not data:

  285. 			data = self.get_session_data_from_db()

  286. 		return data

  287. 

  288. 	def get_session_data_from_cache(self):

  289. 		data = frappe.cache().hget("session", self.sid)

  290. 		if data:

  291. 			data = frappe._dict(data)

  292. 			session_data = data.get("data", {})

  293. 

  294. 			# set user for correct timezone

  295. 			self.time_diff = frappe.utils.time_diff_in_seconds(frappe.utils.now(),

  296. 				session_data.get("last_updated"))

  297. 			expiry = get_expiry_in_seconds(session_data.get("session_expiry"))

  298. 

  299. 			if self.time_diff > expiry:

  300. 				self._delete_session()

  301. 				data = None

  302. 

  303. 		return data and data.data

  304. 

  305. 	def get_session_data_from_db(self):

  306. 		self.device = frappe.db.sql('SELECT `device` FROM `tabSessions` WHERE `sid`=%s', self.sid)

  307. 		self.device = self.device and self.device[0][0] or 'desktop'

  308. 

  309. 		rec = frappe.db.sql("""

  310. 			SELECT `user`, `sessiondata`

  311. 			FROM `tabSessions` WHERE `sid`=%s AND

  312. 			(NOW() - lastupdate) < %s

  313. 			""", (self.sid, get_expiry_period_for_query(self.device)))

  314. 

  315. 		if rec:

  316. 			data = frappe._dict(frappe.safe_eval(rec and rec[0][1] or '{}'))

  317. 			data.user = rec[0][0]

  318. 		else:

  319. 			self._delete_session()

  320. 			data = None

  321. 

  322. 		return data

  323. 

  324. 	def _delete_session(self):

  325. 		delete_session(self.sid, reason="Session Expired")

  326. 

  327. 	def start_as_guest(self):

  328. 		"""all guests share the same 'Guest' session"""

  329. 		self.user = "Guest"

  330. 		self.start()

  331. 

  332. 	def update(self, force=False):

  333. 		"""extend session expiry"""

  334. 		if (frappe.session['user'] == "Guest" or frappe.form_dict.cmd=="logout"):

  335. 			return

  336. 

  337. 		now = frappe.utils.now()

  338. 

  339. 		self.data['data']['last_updated'] = now

  340. 		self.data['data']['lang'] = text_type(frappe.lang)

  341. 

  342. 		# update session in db

  343. 		last_updated = frappe.cache().hget("last_db_session_update", self.sid)

  344. 		time_diff = frappe.utils.time_diff_in_seconds(now, last_updated) if last_updated else None

  345. 

  346. 		# database persistence is secondary, don't update it too often

  347. 		updated_in_db = False

  348. 		if force or (time_diff==None) or (time_diff > 600):

  349. 			# update sessions table

  350. 			frappe.db.sql("""update `tabSessions` set sessiondata=%s,

  351. 				lastupdate=NOW() where sid=%s""" , (str(self.data['data']),

  352. 				self.data['sid']))

  353. 

  354. 			# update last active in user table

  355. 			frappe.db.sql("""update `tabUser` set last_active=%(now)s where name=%(name)s""", {

  356. 				"now": now,

  357. 				"name": frappe.session.user

  358. 			})

  359. 

  360. 			frappe.db.commit()

  361. 			frappe.cache().hset("last_db_session_update", self.sid, now)

  362. 

  363. 			updated_in_db = True

  364. 

  365. 		# set in memcache

  366. 		frappe.cache().hset("session", self.sid, self.data)

  367. 

  368. 		return updated_in_db

  369. 

  370. def get_expiry_period_for_query(device=None):

  371. 	if frappe.db.db_type == 'postgres':

  372. 		return get_expiry_period(device)

  373. 	else:

  374. 		return get_expiry_in_seconds(device=device)

  375. 

  376. def get_expiry_in_seconds(expiry=None, device=None):

  377. 	if not expiry:

  378. 		expiry = get_expiry_period(device)

  379. 	parts = expiry.split(":")

  380. 	return (cint(parts[0]) * 3600) + (cint(parts[1]) * 60) + cint(parts[2])

  381. 

  382. def get_expiry_period(device="desktop"):

  383. 	if device=="mobile":

  384. 		key = "session_expiry_mobile"

  385. 		default = "720:00:00"

  386. 	else:

  387. 		key = "session_expiry"

  388. 		default = "06:00:00"

  389. 

  390. 	exp_sec = frappe.defaults.get_global_default(key) or default

  391. 

  392. 	# incase seconds is missing

  393. 	if len(exp_sec.split(':')) == 2:

  394. 		exp_sec = exp_sec + ':00'

  395. 

  396. 	return exp_sec

  397. 

  398. def get_geo_from_ip(ip_addr):

  399. 	try:

  400. 		from geolite2 import geolite2

  401. 		with geolite2 as f:

  402. 			reader = f.reader()

  403. 			data   = reader.get(ip_addr)

  404. 

  405. 			return frappe._dict(data)

  406. 	except ImportError:

  407. 		return

  408. 	except ValueError:

  409. 		return

  410. 	except TypeError:

  411. 		return

  412. 

  413. def get_geo_ip_country(ip_addr):

  414. 	match = get_geo_from_ip(ip_addr)

  415. 	if match:

  416. 		return match.country