Share user sessions through the database#1172
Conversation
whisperity
added
enhancement 🌟
WIP 💣
whisperity
added
RDY-OnHold 🛑
whisperity
force-pushed
the
share-sessions-through-db
branch
from
b15db87 to
2cedd78
Compare
|
@whisperity The migration script has been merged. Please resolve the conflicts to review you pull request. |
whisperity
force-pushed
the
share-sessions-through-db
branch
from
2cedd78 to
b2c9d16
Compare
whisperity
removed
the
RDY-OnHold 🛑
whisperity
force-pushed
the
share-sessions-through-db
branch
from
b2c9d16 to
b23faef
Compare
config/version.json
Outdated
| "product_db_version": { | ||
| "major" : "6", | ||
| "minor" : "0" | ||
| "minor" : "1" |
There was a problem hiding this comment.
These versions can be removed later alembic schema versions should be used.
There was a problem hiding this comment.
I'm adding this file back but without changing the version inside. Removing these dicts tumbles down into edits required that should not be part of this or any of my other PRs. See #1204.
| self.is_group = is_group | ||
|
|
||
|
|
||
| class Session(Base): |
There was a problem hiding this comment.
Wouldn't we mix the current database sessions with the user login sessions? I'm just thinking about a different naming here.
There was a problem hiding this comment.
You import them with different names using from ... import ... as .... The user login session, as an object, is an internal thing to session_manager.py, and should not be imported by code outside of it.
whisperity
force-pushed
the
share-sessions-through-db
branch
from
b23faef to
f9bc20c
Compare
| if session_token: | ||
| headers = {'Cookie': session_manager.SESSION_COOKIE_NAME + | ||
| "=" + session_token} | ||
| headers = {'Cookie': SESSION_COOKIE_NAME + '=' + session_token} |
There was a problem hiding this comment.
You use this line of code in multiple places. Can we create a helper function for it?
There was a problem hiding this comment.
I don't think there exists a good place where this helper function could be put.
| @@ -0,0 +1,541 @@ | |||
| # ------------------------------------------------------------------------- | |||
There was a problem hiding this comment.
Did you modified this file or just changed the path? Why github doesn't recognize that the path was changed?
There was a problem hiding this comment.
The first commit split the file into a serverside and a clientside code. The second commit modified the serverside file.
| records = transaction.query(SessionRecord). \ | ||
| filter(and_(SessionRecord.auth_string == | ||
| session.persistent_hash, | ||
| SessionRecord.token == token)).all() |
There was a problem hiding this comment.
Can't we just call the delete operation on the query?
.query().filter().delete()
whisperity
force-pushed
the
share-sessions-through-db
branch
2 times, most recently
from
33ac223 to
b250973
Compare
whisperity
force-pushed
the
share-sessions-through-db
branch
2 times, most recently
from
016ca0d to
60db95e
Compare
| try: | ||
| manager = session_manager.SessionManager(root_sha, force_auth) | ||
| manager = session_manager.SessionManager( | ||
| server_cfg_file, |
There was a problem hiding this comment.
I am getting the following error when starting CodeChecker with an empty workspace:
UnboundLocalError: local variable 'server_cfg_file' referenced before assignment
There was a problem hiding this comment.
This is fixed. Damn you IDE for pasting code after an else: like it was meant to be in the else's statement body.
whisperity
force-pushed
the
share-sessions-through-db
branch
from
60db95e to
a5cf659
Compare
|
|
||
|
|
||
| def upgrade(): | ||
| ### commands auto generated by Alembic - please adjust! ### |
There was a problem hiding this comment.
Please remove these generated comments if the migration script is ok.
| import portalocker | ||
|
|
||
| from libcodechecker.logger import get_logger | ||
| <<<<<<< HEAD:libcodechecker/session_manager.py |
There was a problem hiding this comment.
Could you remove these git marks from the source?
| in SessionManager.__valid_sessions | ||
| if s.still_reusable()] | ||
| self.__logins_since_prune = 0 | ||
| <<<<<<< HEAD:libcodechecker/session_manager.py |
whisperity
force-pushed
the
share-sessions-through-db
branch
from
a5cf659 to
e98959b
Compare
whisperity
force-pushed
the
share-sessions-through-db
branch
from
e98959b to
aedcc67
Compare
|
@whisperity do we have a better place to share information between the server and the client? The name of |
|
@gyorb We don't. I was thinking on extending the API to tell the client what is the cookie's name, but then the command line client would need to be rewritten to store for each individual server not only the token but the cookie name too, essentially slowly turning the CLI into a terminal webbrowser... These are sort of global constants that need to be shared between the faces in a particular build. I have an idea for making the build script generate the relevant files that contain the constants, kinda like how configure generates a header used in an autotools project. Could do this as a later patch. |
3 participants
Along with the existing storage in the server's memory, user authentication session tokens will also be saved to the configuration database, in a new table. This way, if multiple servers are used, the user can authenticate through either and still receive the same token as they had before.
When a session cookie is presented, the following steps are taken to verify it:
Session expiry times in the configuration file apply to how tokens in the database also expire. Expired tokens are not reused, at the attempt of reusal, they are deleted from the DB too.
Explicit logout also removes tokens from database.