anoopmb
/
frappe
1
0
포크 0
코드 이슈 0 풀 리퀘스트 0 릴리즈 0 위키 활동
25개 이상의 토픽을 선택하실 수 없습니다. Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10329 커밋
1 브렌치
314 MiB
 
 
 
 
 
 
트리: d763435500
브랜치 태그
${ item.name }
${ searchTerm } 브랜치 생성
from 'd763435500'
${ noResults }
frappe/frappe/sessions.py

373 lines
11 KiB
Raw Blame 히스토리 

  1. # Copyright (c) 2015, Frappe Technologies Pvt. Ltd. and Contributors

  2. # MIT License. See license.txt

  3. 

  4. from __future__ import unicode_literals

  5. """

  6. Boot session from cache or build

  7. 

  8. Session bootstraps info needed by common client side activities including

  9. permission, homepage, default variables, system defaults etc

  10. """

  11. import frappe, json

  12. from frappe import _

  13. import frappe.utils

  14. from frappe.utils import cint, cstr

  15. import frappe.model.meta

  16. import frappe.defaults

  17. import frappe.translate

  18. from frappe.utils.change_log import get_change_log

  19. import redis

  20. from urllib import unquote

  21. 

  22. @frappe.whitelist()

  23. def clear(user=None):

  24. 	frappe.local.session_obj.update(force=True)

  25. 	frappe.local.db.commit()

  26. 	clear_cache(frappe.session.user)

  27. 	clear_global_cache()

  28. 	frappe.response['message'] = _("Cache Cleared")

  29. 

  30. def clear_cache(user=None):

  31. 	cache = frappe.cache()

  32. 

  33. 	groups = ("bootinfo", "user_recent", "user_roles", "user_doc", "lang",

  34. 		"defaults", "user_permissions", "roles", "home_page", "linked_with", "desktop_icons")

  35. 

  36. 	if user:

  37. 		for name in groups:

  38. 			cache.hdel(name, user)

  39. 		cache.delete_keys("user:" + user)

  40. 		frappe.defaults.clear_cache(user)

  41. 	else:

  42. 		for name in groups:

  43. 			cache.delete_key(name, user)

  44. 		clear_global_cache()

  45. 		frappe.defaults.clear_cache()

  46. 

  47. def clear_global_cache():

  48. 	frappe.model.meta.clear_cache()

  49. 	frappe.cache().delete_value(["app_hooks", "installed_apps",

  50. 		"app_modules", "module_app", "notification_config", 'system_settings'])

  51. 	frappe.setup_module_map()

  52. 

  53. def clear_sessions(user=None, keep_current=False, device=None):

  54. 	if not user:

  55. 		user = frappe.session.user

  56. 

  57. 	if not device:

  58. 		device = frappe.session.data.device or "desktop"

  59. 

  60. 	for sid in frappe.db.sql_list("""select sid from tabSessions where user=%s and device=%s""", (user, device)):

  61. 		if keep_current and frappe.session.sid==sid:

  62. 			continue

  63. 		else:

  64. 			delete_session(sid)

  65. 

  66. def delete_session(sid=None, user=None):

  67. 	if not user:

  68. 		user = hasattr(frappe.local, "session") and frappe.session.user or "Guest"

  69. 	frappe.cache().hdel("session", sid)

  70. 	frappe.cache().hdel("last_db_session_update", sid)

  71. 	frappe.db.sql("""delete from tabSessions where sid=%s""", sid)

  72. 	frappe.db.commit()

  73. 

  74. def clear_all_sessions():

  75. 	"""This effectively logs out all users"""

  76. 	frappe.only_for("Administrator")

  77. 	for sid in frappe.db.sql_list("select sid from `tabSessions`"):

  78. 		delete_session(sid)

  79. 

  80. def clear_expired_sessions():

  81. 	"""This function is meant to be called from scheduler"""

  82. 	for device in ("desktop", "mobile"):

  83. 		for sid in frappe.db.sql_list("""select sid from tabSessions

  84. 				where TIMEDIFF(NOW(), lastupdate) > TIME(%s)

  85. 				and device = %s""", (get_expiry_period(device), device)):

  86. 			delete_session(sid)

  87. 

  88. def get():

  89. 	"""get session boot info"""

  90. 	from frappe.desk.notifications import \

  91. 		get_notification_info_for_boot, get_notifications

  92. 	from frappe.boot import get_bootinfo

  93. 	from frappe.limits import get_limits, get_expiry_message

  94. 

  95. 	bootinfo = None

  96. 	if not getattr(frappe.conf,'disable_session_cache', None):

  97. 		# check if cache exists

  98. 		bootinfo = frappe.cache().hget("bootinfo", frappe.session.user)

  99. 		if bootinfo:

  100. 			bootinfo['from_cache'] = 1

  101. 			bootinfo["notification_info"].update(get_notifications())

  102. 			bootinfo["user"]["recent"] = json.dumps(\

  103. 				frappe.cache().hget("user_recent", frappe.session.user))

  104. 

  105. 	if not bootinfo:

  106. 		# if not create it

  107. 		bootinfo = get_bootinfo()

  108. 		bootinfo["notification_info"] = get_notification_info_for_boot()

  109. 		frappe.cache().hset("bootinfo", frappe.session.user, bootinfo)

  110. 		try:

  111. 			frappe.cache().ping()

  112. 		except redis.exceptions.ConnectionError:

  113. 			message = _("Redis cache server not running. Please contact Administrator / Tech support")

  114. 			if 'messages' in bootinfo:

  115. 				bootinfo['messages'].append(message)

  116. 			else:

  117. 				bootinfo['messages'] = [message]

  118. 

  119. 		# check only when clear cache is done, and don't cache this

  120. 		if frappe.local.request:

  121. 			bootinfo["change_log"] = get_change_log()

  122. 

  123. 	bootinfo["metadata_version"] = frappe.cache().get_value("metadata_version")

  124. 	if not bootinfo["metadata_version"]:

  125. 		bootinfo["metadata_version"] = frappe.reset_metadata_version()

  126. 

  127. 	for hook in frappe.get_hooks("extend_bootinfo"):

  128. 		frappe.get_attr(hook)(bootinfo=bootinfo)

  129. 

  130. 	bootinfo["lang"] = frappe.translate.get_user_lang()

  131. 	bootinfo["disable_async"] = frappe.conf.disable_async

  132. 

  133. 	# limits

  134. 	bootinfo.limits = get_limits()

  135. 	bootinfo.expiry_message = get_expiry_message()

  136. 

  137. 	return bootinfo

  138. 

  139. def get_csrf_token():

  140. 	if not frappe.local.session.data.csrf_token:

  141. 		generate_csrf_token()

  142. 

  143. 	return frappe.local.session.data.csrf_token

  144. 

  145. def generate_csrf_token():

  146. 	frappe.local.session.data.csrf_token = frappe.generate_hash()

  147. 	frappe.local.session_obj.update(force=True)

  148. 

  149. 	# send sid and csrf token to the user

  150. 	# handles the case when a user logs in again from another tab

  151. 	# and it leads to invalid request in the current tab

  152. 	frappe.publish_realtime(event="csrf_generated",

  153. 		message={"sid": frappe.local.session.sid, "csrf_token": frappe.local.session.data.csrf_token},

  154. 		user=frappe.session.user, after_commit=True)

  155. 

  156. class Session:

  157. 	def __init__(self, user, resume=False, full_name=None, user_type=None):

  158. 		self.sid = cstr(frappe.form_dict.get('sid') or

  159. 			unquote(frappe.request.cookies.get('sid', 'Guest')))

  160. 		self.user = user

  161. 		self.device = frappe.form_dict.get("device") or "desktop"

  162. 		self.user_type = user_type

  163. 		self.full_name = full_name

  164. 		self.data = frappe._dict({'data': frappe._dict({})})

  165. 		self.time_diff = None

  166. 

  167. 		# set local session

  168. 		frappe.local.session = self.data

  169. 

  170. 		if resume:

  171. 			self.resume()

  172. 

  173. 		else:

  174. 			if self.user:

  175. 				self.start()

  176. 

  177. 	def start(self):

  178. 		"""start a new session"""

  179. 		# generate sid

  180. 		if self.user=='Guest':

  181. 			sid = 'Guest'

  182. 		else:

  183. 			sid = frappe.generate_hash()

  184. 

  185. 		self.data.user = self.user

  186. 		self.data.sid = sid

  187. 		self.data.data.user = self.user

  188. 		self.data.data.session_ip = frappe.local.request_ip

  189. 		if self.user != "Guest":

  190. 			self.data.data.update({

  191. 				"last_updated": frappe.utils.now(),

  192. 				"session_expiry": get_expiry_period(self.device),

  193. 				"full_name": self.full_name,

  194. 				"user_type": self.user_type,

  195. 				"device": self.device,

  196. 				"session_country": get_geo_ip_country(frappe.local.request_ip) if frappe.local.request_ip else None,

  197. 			})

  198. 

  199. 		# insert session

  200. 		if self.user!="Guest":

  201. 			self.insert_session_record()

  202. 

  203. 			# update user

  204. 			frappe.db.sql("""UPDATE tabUser SET last_login = %(now)s, last_ip = %(ip)s, last_active = %(now)s

  205. 				where name=%(name)s""", {

  206. 					"now": frappe.utils.now(),

  207. 					"ip": frappe.local.request_ip,

  208. 					"name": self.data['user']

  209. 				})

  210. 

  211. 			frappe.db.commit()

  212. 

  213. 	def insert_session_record(self):

  214. 		frappe.db.sql("""insert into tabSessions

  215. 			(sessiondata, user, lastupdate, sid, status, device)

  216. 			values (%s , %s, NOW(), %s, 'Active', %s)""",

  217. 				(str(self.data['data']), self.data['user'], self.data['sid'], self.device))

  218. 

  219. 		# also add to memcache

  220. 		frappe.cache().hset("session", self.data.sid, self.data)

  221. 

  222. 	def resume(self):

  223. 		"""non-login request: load a session"""

  224. 		import frappe

  225. 

  226. 		data = self.get_session_record()

  227. 

  228. 		if data:

  229. 			# set language

  230. 			self.data.update({'data': data, 'user':data.user, 'sid': self.sid})

  231. 			self.user = data.user

  232. 			self.device = data.device

  233. 		else:

  234. 			self.start_as_guest()

  235. 

  236. 		if self.sid != "Guest":

  237. 			frappe.local.user_lang = frappe.translate.get_user_lang(self.data.user)

  238. 			frappe.local.lang = frappe.local.user_lang

  239. 

  240. 	def get_session_record(self):

  241. 		"""get session record, or return the standard Guest Record"""

  242. 		from frappe.auth import clear_cookies

  243. 		r = self.get_session_data()

  244. 		if not r:

  245. 			frappe.response["session_expired"] = 1

  246. 			clear_cookies()

  247. 			self.sid = "Guest"

  248. 			r = self.get_session_data()

  249. 

  250. 		return r

  251. 

  252. 	def get_session_data(self):

  253. 		if self.sid=="Guest":

  254. 			return frappe._dict({"user":"Guest"})

  255. 

  256. 		data = self.get_session_data_from_cache()

  257. 		if not data:

  258. 			data = self.get_session_data_from_db()

  259. 		return data

  260. 

  261. 	def get_session_data_from_cache(self):

  262. 		data = frappe.cache().hget("session", self.sid)

  263. 		if data:

  264. 			data = frappe._dict(data)

  265. 			session_data = data.get("data", {})

  266. 

  267. 			# set user for correct timezone

  268. 			self.time_diff = frappe.utils.time_diff_in_seconds(frappe.utils.now(),

  269. 				session_data.get("last_updated"))

  270. 			expiry = self.get_expiry_in_seconds(session_data.get("session_expiry"))

  271. 

  272. 			if self.time_diff > expiry:

  273. 				self.delete_session()

  274. 				data = None

  275. 

  276. 		return data and data.data

  277. 

  278. 	def get_session_data_from_db(self):

  279. 		self.device = frappe.db.get_value("Sessions", {"sid": self.sid}, "device") or 'desktop'

  280. 

  281. 		rec = frappe.db.sql("""select user, sessiondata

  282. 			from tabSessions where sid=%s and

  283. 			TIMEDIFF(NOW(), lastupdate) < TIME(%s)""", (self.sid,

  284. 				get_expiry_period(self.device)))

  285. 		if rec:

  286. 			data = frappe._dict(eval(rec and rec[0][1] or '{}'))

  287. 			data.user = rec[0][0]

  288. 		else:

  289. 			self.delete_session()

  290. 			data = None

  291. 

  292. 		return data

  293. 

  294. 	def get_expiry_in_seconds(self, expiry):

  295. 		if not expiry:

  296. 			return 3600

  297. 		parts = expiry.split(":")

  298. 		return (cint(parts[0]) * 3600) + (cint(parts[1]) * 60) + cint(parts[2])

  299. 

  300. 	def delete_session(self):

  301. 		delete_session(self.sid, user=self.user)

  302. 

  303. 	def start_as_guest(self):

  304. 		"""all guests share the same 'Guest' session"""

  305. 		self.user = "Guest"

  306. 		self.start()

  307. 

  308. 	def update(self, force=False):

  309. 		"""extend session expiry"""

  310. 		if (frappe.session['user'] == "Guest" or frappe.form_dict.cmd=="logout"):

  311. 			return

  312. 

  313. 		now = frappe.utils.now()

  314. 

  315. 		self.data['data']['last_updated'] = now

  316. 		self.data['data']['lang'] = unicode(frappe.lang)

  317. 

  318. 		# update session in db

  319. 		last_updated = frappe.cache().hget("last_db_session_update", self.sid)

  320. 		time_diff = frappe.utils.time_diff_in_seconds(now, last_updated) if last_updated else None

  321. 

  322. 		# database persistence is secondary, don't update it too often

  323. 		updated_in_db = False

  324. 		if force or (time_diff==None) or (time_diff > 600):

  325. 			# update sessions table

  326. 			frappe.db.sql("""update tabSessions set sessiondata=%s,

  327. 				lastupdate=NOW() where sid=%s""" , (str(self.data['data']),

  328. 				self.data['sid']))

  329. 

  330. 			# update last active in user table

  331. 			frappe.db.sql("""update `tabUser` set last_active=%(now)s where name=%(name)s""", {

  332. 				"now": frappe.utils.now(),

  333. 				"name": frappe.session.user

  334. 			})

  335. 

  336. 			frappe.cache().hset("last_db_session_update", self.sid, now)

  337. 			updated_in_db = True

  338. 

  339. 		# set in memcache

  340. 		frappe.cache().hset("session", self.sid, self.data)

  341. 

  342. 		return updated_in_db

  343. 

  344. def get_expiry_period(device="desktop"):

  345. 	if device=="mobile":

  346. 		key = "session_expiry_mobile"

  347. 		default = "720:00:00"

  348. 	else:

  349. 		key = "session_expiry"

  350. 		default = "06:00:00"

  351. 

  352. 	exp_sec = frappe.defaults.get_global_default(key) or default

  353. 

  354. 	# incase seconds is missing

  355. 	if len(exp_sec.split(':')) == 2:

  356. 		exp_sec = exp_sec + ':00'

  357. 

  358. 	return exp_sec

  359. 

  360. def get_geo_from_ip(ip_addr):

  361. 	try:

  362. 		from geoip import geolite2

  363. 		return geolite2.lookup(ip_addr)

  364. 	except ImportError:

  365. 		return

  366. 	except ValueError:

  367. 		return

  368. 

  369. def get_geo_ip_country(ip_addr):

  370. 	match = get_geo_from_ip(ip_addr)

  371. 	if match:

  372. 		return match.country