Copyright (C) 2012-2020 Rudolf Cardinal (email@example.com).
This file is part of CamCOPS.
CamCOPS is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
CamCOPS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with CamCOPS. If not, see <https://www.gnu.org/licenses/>.
Implements sessions for web clients (humans).
Class representing an HTTPS session.
ip_addr – client IP address
last_activity_utc – date/time of last activity that occurred
delete_old_sessions(req: CamcopsRequest) → None¶
Delete all expired sessions.
get_oldest_last_activity_allowed(req: CamcopsRequest) → pendulum.datetime.DateTime¶
What is the latest time that the last activity (for a session) could have occurred, before the session would have timed out?
now - session_timeout.
get_session(req: CamcopsRequest, session_id_str: Optional[str], session_token: Optional[str]) → CamcopsSession¶
Retrieves, or makes, a new
camcops_server.cc_modules.cc_session.CamcopsSessionfor this Pyramid Request, given a specific
get_session_for_tablet(ts: TabletSession) → CamcopsSession¶
For a given
camcops_server.cc_modules.cc_tabletsession.TabletSession(used by tablet client devices), returns a corresponding
This also performs user authorization.
User authentication is via the
Makes, or retrieves, a new
camcops_server.cc_modules.cc_session.CamcopsSessionfor this Pyramid Request.
The session is found using the ID/token information in the request’s cookies.
get_task_filter() → camcops_server.cc_modules.cc_taskfilter.TaskFilter¶
camcops_server.cc_modules.cc_taskfilter.TaskFilterin use for this session.
Returns a formatted version of the date/time at which the last activity took place for this session.
login(user: camcops_server.cc_modules.cc_user.User) → None¶
Log in. Associates the user with the session and makes a new token.
2021-05-01: If this is an API session, we don’t interfere with other sessions. But if it is a human logging in, we log out any other non-API sessions from the same user (per security recommendations: one session per authenticated user – with exceptions that we make for API sessions).
logout() → None¶
Log out, wiping session details.
Returns the user’s username, or
generate_token(num_bytes: int = 16) → str¶
Make a new session token that’s not in use.
It doesn’t matter if it’s already in use by a session with a different ID, because the ID/token pair is unique. (Removing that constraint gets rid of an in-principle-but-rare locking problem.)