[Rt-commit] rt branch, 3.8-trunk, updated. rt-3.8.5-185-g6e6c49b
jesse
jesse at bestpractical.com
Tue Sep 29 18:45:36 EDT 2009
The branch, 3.8-trunk has been updated
via 6e6c49bc823caebb2699630a758ece3aac263816 (commit)
via d64182440e936ad2df3942b16b52368b294cee9e (commit)
via 16525598945c94e6c398f0bae0bdfc50ad6c4791 (commit)
via 8ec64ef05db0de9fe46c7017232c5ac55cd97021 (commit)
via 700837993a0c30ddb9cb84d965b39548eba1a92f (commit)
via 64f65d8f4e1b6281a3fb5da318091fd136d4c4be (commit)
via e2471fde28a70795518d533257057631e4756d3c (commit)
from bd456fc5e712e1cebb8c53f7ba3f9ea65d2cfb7a (commit)
Summary of changes:
lib/RT/Interface/Web.pm | 122 +++++++++++++++++++++++++++-----
share/html/Elements/SetupSessionCookie | 2 +-
share/html/Ticket/ModifyLinks.html | 2 +-
share/html/autohandler | 58 +---------------
4 files changed, 107 insertions(+), 77 deletions(-)
- Log -----------------------------------------------------------------
commit e2471fde28a70795518d533257057631e4756d3c
Author: Jesse Vincent <jesse at bestpractical.com>
Date: Wed Sep 30 05:58:27 2009 +0900
On expiry, actually delete the session rather than just autologout
diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index d542e0f..9012ea8 100755
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -67,7 +67,9 @@ package RT::Interface::Web;
use RT::SavedSearches;
use URI qw();
+use RT::Interface::Web::Session;
use Digest::MD5 ();
+use Encode qw();
# {{{ EscapeUTF8
@@ -101,7 +103,6 @@ Escapes URI component according to RFC2396
=cut
-use Encode qw();
sub EscapeURI {
my $ref = shift;
return unless defined $$ref;
@@ -364,26 +365,24 @@ Load or setup a session cookie for the current user.
=cut
sub SetupSessionCookie {
- my $ARGS = shift;
- use RT::Interface::Web::Session;
my %cookies = CGI::Cookie->fetch;
my $cookiename = "RT_SID_" . RT->Config->Get('rtname');
$cookiename .= "." . $ENV{'SERVER_PORT'} if $ENV{'SERVER_PORT'};
my $SessionCookie = ( $cookies{$cookiename} ? $cookies{$cookiename}->value : undef );
- tie %HTML::Mason::Commands::session, 'RT::Interface::Web::Session', $SessionCookie;
- undef $cookies{$cookiename} unless $SessionCookie && $HTML::Mason::Commands::session{'_session_id'} eq $SessionCookie;
+ tie %HTML::Mason::Commands::session, 'RT::Interface::Web::Session', $SessionCookie;
+
+ unless ( $SessionCookie && $HTML::Mason::Commands::session{'_session_id'} eq $SessionCookie ) {
+ undef $cookies{$cookiename};
+ }
if ( int RT->Config->Get('AutoLogoff') ) {
my $now = int( time / 60 );
my $last_update = $HTML::Mason::Commands::session{'_session_last_update'} || 0;
if ( $last_update && ( $now - $last_update - RT->Config->Get('AutoLogoff') ) > 0 ) {
-
- # clean up sessions, but we should leave the session id
- # Should be creating a new session here
- %HTML::Mason::Commands::session = ( _session_id => $HTML::Mason::Commands::session{'_session_id'} );
+ tied( %HTML::Mason::Commands::session)->delete;
}
# save session on each request when AutoLogoff is turned on
commit 64f65d8f4e1b6281a3fb5da318091fd136d4c4be
Author: Jesse Vincent <jesse at bestpractical.com>
Date: Wed Sep 30 06:16:41 2009 +0900
Split loading and saving of session cookies in two
diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index 9012ea8..4dfe68b 100755
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -358,17 +358,23 @@ sub AttemptPasswordAuthentication {
$m->callback( %$ARGS, CallbackName => 'SuccessfulLogin', CallbackPage => '/autohandler' );
}
-=head2 SetupSessionCookie
+=head2 LoadSessionCookie
Load or setup a session cookie for the current user.
=cut
-sub SetupSessionCookie {
-
- my %cookies = CGI::Cookie->fetch;
+sub _SessionCookieName {
my $cookiename = "RT_SID_" . RT->Config->Get('rtname');
$cookiename .= "." . $ENV{'SERVER_PORT'} if $ENV{'SERVER_PORT'};
+ return $cookiename;
+}
+
+sub LoadSessionCookie {
+
+ my %cookies = CGI::Cookie->fetch;
+ my $cookiename = _SessionCookieName();
+
my $SessionCookie = ( $cookies{$cookiename} ? $cookies{$cookiename}->value : undef );
tie %HTML::Mason::Commands::session, 'RT::Interface::Web::Session', $SessionCookie;
@@ -388,18 +394,21 @@ sub SetupSessionCookie {
# save session on each request when AutoLogoff is turned on
$HTML::Mason::Commands::session{'_session_last_update'} = $now if $now != $last_update;
}
+}
- if ( !$cookies{$cookiename} ) {
+sub SaveSessionCookie {
my $cookie = new CGI::Cookie(
- -name => $cookiename,
+ -name => _SessionCookieName(),
-value => $HTML::Mason::Commands::session{_session_id},
-path => RT->Config->Get('WebPath'),
-secure => ( RT->Config->Get('WebSecureCookies') ? 1 : 0 )
);
$HTML::Mason::Commands::r->headers_out->{'Set-Cookie'} = $cookie->as_string;
- }
}
+
+
+
=head2 Redirect URL
This routine ells the current user's browser to redirect to URL.
diff --git a/share/html/Elements/SetupSessionCookie b/share/html/Elements/SetupSessionCookie
index e4208d6..5a13550 100755
--- a/share/html/Elements/SetupSessionCookie
+++ b/share/html/Elements/SetupSessionCookie
@@ -48,7 +48,7 @@
<%INIT>
return if $m->is_subrequest; # avoid reentrancy, as suggested by masonbook
-RT::Interface::Web::SetupSessionCookie();
+RT::Interface::Web::LoadSessionCookie();
return ();
</%INIT>
diff --git a/share/html/autohandler b/share/html/autohandler
index 09fc096..a496aed 100755
--- a/share/html/autohandler
+++ b/share/html/autohandler
@@ -105,6 +105,8 @@ $session{'home_refresh_interval'} = $ARGS{'HomeRefreshInterval'} if ( $ARGS{'Hom
# Process per-page global callbacks
$m->callback( %ARGS, CallbackName => 'Default', CallbackPage => '/autohandler' );
+
+RT::Interface::Web::SaveSessionCookie();
RT::Interface::Web::ShowRequestedPage(\%ARGS);
RT::Interface::Web::LogRecordedSQLStatements();
$m->comp( '/Elements/Footer', %ARGS );
commit 700837993a0c30ddb9cb84d965b39548eba1a92f
Author: Jesse Vincent <jesse at bestpractical.com>
Date: Wed Sep 30 06:33:27 2009 +0900
Now we have na InstantiateNewSession function
diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index 4dfe68b..a110497 100755
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -370,7 +370,7 @@ sub _SessionCookieName {
return $cookiename;
}
-sub LoadSessionCookie {
+sub LoadSessionFromCookie {
my %cookies = CGI::Cookie->fetch;
my $cookiename = _SessionCookieName();
@@ -388,7 +388,7 @@ sub LoadSessionCookie {
my $last_update = $HTML::Mason::Commands::session{'_session_last_update'} || 0;
if ( $last_update && ( $now - $last_update - RT->Config->Get('AutoLogoff') ) > 0 ) {
- tied( %HTML::Mason::Commands::session)->delete;
+ InstantiateNewSession();
}
# save session on each request when AutoLogoff is turned on
@@ -396,6 +396,12 @@ sub LoadSessionCookie {
}
}
+sub InstantiateNewSession {
+ tied( %HTML::Mason::Commands::session)->delete if tied(%HTML::Mason::Commands::session);
+ tie %HTML::Mason::Commands::session, 'RT::Interface::Web::Session', undef;
+}
+
+
sub SaveSessionCookie {
my $cookie = new CGI::Cookie(
-name => _SessionCookieName(),
diff --git a/share/html/Elements/SetupSessionCookie b/share/html/Elements/SetupSessionCookie
index 5a13550..3afe683 100755
--- a/share/html/Elements/SetupSessionCookie
+++ b/share/html/Elements/SetupSessionCookie
@@ -48,7 +48,7 @@
<%INIT>
return if $m->is_subrequest; # avoid reentrancy, as suggested by masonbook
-RT::Interface::Web::LoadSessionCookie();
+RT::Interface::Web::LoadSessionFromCookie();
return ();
</%INIT>
commit 8ec64ef05db0de9fe46c7017232c5ac55cd97021
Author: Jesse Vincent <jesse at bestpractical.com>
Date: Wed Sep 30 06:49:46 2009 +0900
UTF8 filtering now operates directly on the reference
diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index a110497..21fac16 100755
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -353,6 +353,7 @@ sub AttemptPasswordAuthentication {
$m->abort;
}
+ RT::Interface::Web::InstantiateNewSession();
$RT::Logger->info("Successful login for @{[$ARGS->{user}]} from $ENV{'REMOTE_ADDR'}");
$HTML::Mason::Commands::session{'CurrentUser'} = $user_obj;
$m->callback( %$ARGS, CallbackName => 'SuccessfulLogin', CallbackPage => '/autohandler' );
@@ -568,7 +569,7 @@ sub StripContent {
sub DecodeARGS {
my $ARGS = shift;
- return map {
+ %{$ARGS} = map {
# if they've passed multiple values, they'll be an array. if they've
# passed just one, a scalar whatever they are, mark them as utf8
diff --git a/share/html/autohandler b/share/html/autohandler
index a496aed..53da16a 100755
--- a/share/html/autohandler
+++ b/share/html/autohandler
@@ -66,11 +66,10 @@ local *session unless $m->is_subrequest;
# Disable AutoFlush using an attribute
$m->autoflush( $m->request_comp->attr('AutoFlush') ) if ( $m->request_comp->attr_exists('AutoFlush') );
-%ARGS = RT::Interface::Web::DecodeARGS(\%ARGS);
+RT::Interface::Web::DecodeARGS(\%ARGS);
RT::Interface::Web::PreprocessTimeUpdates(\%ARGS);
-
RT::Interface::Web::MaybeShowInstallModePage();
$m->comp( '/Elements/SetupSessionCookie', %ARGS );
@@ -79,7 +78,7 @@ $session{'CurrentUser'} = RT::CurrentUser->new() unless ( $session{'CurrentUser'
RT::Interface::Web::MaybeShowNoAuthPage(\%ARGS);
-RT::Interface::Web::AttemptExternalAuth(\%ARGS);
+RT::Interface::Web::AttemptExternalAuth(\%ARGS) unless ($session{'CurrentUser'} && $session{'CurrentUser'}->id);
delete $session{'CurrentUser'} unless $session{'CurrentUser'} && $session{'CurrentUser'}->Id;
commit 16525598945c94e6c398f0bae0bdfc50ad6c4791
Author: Jesse Vincent <jesse at bestpractical.com>
Date: Wed Sep 30 06:51:30 2009 +0900
remove an obvious comment
diff --git a/share/html/autohandler b/share/html/autohandler
index 53da16a..2242cab 100755
--- a/share/html/autohandler
+++ b/share/html/autohandler
@@ -63,7 +63,6 @@ RT::Interface::Web::MaybeEnableSQLStatementLog();
# avoid reentrancy, as suggested by masonbook
local *session unless $m->is_subrequest;
-# Disable AutoFlush using an attribute
$m->autoflush( $m->request_comp->attr('AutoFlush') ) if ( $m->request_comp->attr_exists('AutoFlush') );
RT::Interface::Web::DecodeARGS(\%ARGS);
commit d64182440e936ad2df3942b16b52368b294cee9e
Author: Jesse Vincent <jesse at bestpractical.com>
Date: Wed Sep 30 07:45:01 2009 +0900
Typo fix for ruslan
diff --git a/share/html/Ticket/ModifyLinks.html b/share/html/Ticket/ModifyLinks.html
index efd026d..ae14e93 100755
--- a/share/html/Ticket/ModifyLinks.html
+++ b/share/html/Ticket/ModifyLinks.html
@@ -75,7 +75,7 @@ my $Ticket = LoadTicket($id);
my @results;
$m->callback( TicketObj => $Ticket, ARGSRef => \%ARGS, Results => \@results );
push @results, ProcessTicketLinks( TicketObj => $Ticket, ARGSRef => \%ARGS );
-$TicketObj->ApplyTransactionBatch;
+$Ticket->ApplyTransactionBatch;
</%INIT>
commit 6e6c49bc823caebb2699630a758ece3aac263816
Author: Jesse Vincent <jesse at bestpractical.com>
Date: Wed Sep 30 07:45:13 2009 +0900
Move most of the autohandler logic into Interface::Web
diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index 21fac16..4205e2c 100755
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -166,6 +166,81 @@ sub WebExternalAutoInfo {
# }}}
+sub HandleRequest {
+ my $ARGS = shift;
+
+ $HTML::Mason::Commands::r->content_type("text/html; charset=utf-8");
+
+ $HTML::Mason::Commands::m->{'rt_base_time'} = [ Time::HiRes::gettimeofday() ];
+
+ # Roll back any dangling transactions from a previous failed connection
+ $RT::Handle->ForceRollback() if $RT::Handle->TransactionDepth;
+
+ MaybeEnableSQLStatementLog();
+
+ # avoid reentrancy, as suggested by masonbook
+ local *HTML::Mason::Commands::session unless $HTML::Mason::Commands::m->is_subrequest;
+
+ $HTML::Mason::Commands::m->autoflush( $HTML::Mason::Commands::m->request_comp->attr('AutoFlush') )
+ if ( $HTML::Mason::Commands::m->request_comp->attr_exists('AutoFlush') );
+
+ DecodeARGS($ARGS);
+
+ PreprocessTimeUpdates($ARGS);
+
+ MaybeShowInstallModePage();
+ $HTML::Mason::Commands::m->comp( '/Elements/SetupSessionCookie', %$ARGS );
+ SaveSessionCookie();
+ $HTML::Mason::Commands::session{'CurrentUser'} = RT::CurrentUser->new() unless _UserLoggedIn();
+
+ MaybeShowNoAuthPage($ARGS);
+
+ AttemptExternalAuth($ARGS) unless _UserLoggedIn();
+
+ _ForceLogout() unless _UserLoggedIn();
+
+ # Process per-page authentication callbacks
+ $HTML::Mason::Commands::m->callback( %$ARGS, CallbackName => 'Auth', CallbackPage => '/autohandler' );
+
+ unless ( _UserLoggedIn()) {
+ _ForceLogout();
+ # If the user is logging in, let's authenticate
+ if ( defined $ARGS->{user} && defined $ARGS->{pass} ) {
+ AttemptPasswordAuthentication($ARGS);
+
+ # if no credentials then show him login page
+ } else {
+ $HTML::Mason::Commands::m->comp( '/Elements/Login', %$ARGS );
+ $HTML::Mason::Commands::m->abort;
+ }
+ }
+
+ warn "Not logged in! " unless _UserLoggedIn();
+ # now it applies not only to home page, but any dashboard that can be used as a workspace
+ $HTML::Mason::Commands::session{'home_refresh_interval'} = $ARGS->{'HomeRefreshInterval'} if ( $ARGS->{'HomeRefreshInterval'} );
+
+ # Process per-page global callbacks
+ $HTML::Mason::Commands::m->callback( %$ARGS, CallbackName => 'Default', CallbackPage => '/autohandler' );
+
+ ShowRequestedPage($ARGS);
+ LogRecordedSQLStatements();
+
+}
+
+sub _ForceLogout {
+
+ delete $HTML::Mason::Commands::session{'CurrentUser'} ;
+}
+
+sub _UserLoggedIn {
+ if ($HTML::Mason::Commands::session{CurrentUser} && $HTML::Mason::Commands::session{'CurrentUser'}->id) {
+ return 1;
+ } else {
+ return undef;
+ }
+
+}
+
=head2 MaybeShowInstallModePage
This function, called exclusively by RT's autohandler, dispatches
@@ -353,7 +428,6 @@ sub AttemptPasswordAuthentication {
$m->abort;
}
- RT::Interface::Web::InstantiateNewSession();
$RT::Logger->info("Successful login for @{[$ARGS->{user}]} from $ENV{'REMOTE_ADDR'}");
$HTML::Mason::Commands::session{'CurrentUser'} = $user_obj;
$m->callback( %$ARGS, CallbackName => 'SuccessfulLogin', CallbackPage => '/autohandler' );
@@ -375,15 +449,11 @@ sub LoadSessionFromCookie {
my %cookies = CGI::Cookie->fetch;
my $cookiename = _SessionCookieName();
-
my $SessionCookie = ( $cookies{$cookiename} ? $cookies{$cookiename}->value : undef );
-
tie %HTML::Mason::Commands::session, 'RT::Interface::Web::Session', $SessionCookie;
-
unless ( $SessionCookie && $HTML::Mason::Commands::session{'_session_id'} eq $SessionCookie ) {
undef $cookies{$cookiename};
}
-
if ( int RT->Config->Get('AutoLogoff') ) {
my $now = int( time / 60 );
my $last_update = $HTML::Mason::Commands::session{'_session_last_update'} || 0;
@@ -410,6 +480,7 @@ sub SaveSessionCookie {
-path => RT->Config->Get('WebPath'),
-secure => ( RT->Config->Get('WebSecureCookies') ? 1 : 0 )
);
+
$HTML::Mason::Commands::r->headers_out->{'Set-Cookie'} = $cookie->as_string;
}
diff --git a/share/html/autohandler b/share/html/autohandler
index 2242cab..1bb2c93 100755
--- a/share/html/autohandler
+++ b/share/html/autohandler
@@ -50,65 +50,9 @@ use RT::Util;
$m->callback( ARGSRef => \%ARGS, CallbackName => 'Init', CallbackPage => '/autohandler' );
-$r->content_type("text/html; charset=utf-8");
+RT::Interface::Web::HandleRequest(\%ARGS);
-$m->{'rt_base_time'} = [ Time::HiRes::gettimeofday() ];
-
-
-# Roll back any dangling transactions from a previous failed connection
-$RT::Handle->ForceRollback() if $RT::Handle->TransactionDepth;
-
-RT::Interface::Web::MaybeEnableSQLStatementLog();
-
-# avoid reentrancy, as suggested by masonbook
-local *session unless $m->is_subrequest;
-
-$m->autoflush( $m->request_comp->attr('AutoFlush') ) if ( $m->request_comp->attr_exists('AutoFlush') );
-
-RT::Interface::Web::DecodeARGS(\%ARGS);
-
-RT::Interface::Web::PreprocessTimeUpdates(\%ARGS);
-
-RT::Interface::Web::MaybeShowInstallModePage();
-
-$m->comp( '/Elements/SetupSessionCookie', %ARGS );
-
-$session{'CurrentUser'} = RT::CurrentUser->new() unless ( $session{'CurrentUser'} && $session{'CurrentUser'}->Id );
-
-RT::Interface::Web::MaybeShowNoAuthPage(\%ARGS);
-
-RT::Interface::Web::AttemptExternalAuth(\%ARGS) unless ($session{'CurrentUser'} && $session{'CurrentUser'}->id);
-
-delete $session{'CurrentUser'} unless $session{'CurrentUser'} && $session{'CurrentUser'}->Id;
-
-# Process per-page authentication callbacks
-$m->callback( %ARGS, CallbackName => 'Auth', CallbackPage => '/autohandler');
-
-delete $session{'CurrentUser'} unless $session{'CurrentUser'} && $session{'CurrentUser'}->Id;
-
-unless ( $session{'CurrentUser'} ) {
- # If the user is logging in, let's authenticate
- if ( defined $user && defined $pass ) {
- RT::Interface::Web::AttemptPasswordAuthentication( \%ARGS );
-
- # if no credentials then show him login page
- } else {
- $m->comp( '/Elements/Login', %ARGS );
- $m->abort;
- }
- }
-
-# now it applies not only to home page, but any dashboard that can be used as a workspace
-$session{'home_refresh_interval'} = $ARGS{'HomeRefreshInterval'} if ( $ARGS{'HomeRefreshInterval'} );
-
-# Process per-page global callbacks
-$m->callback( %ARGS, CallbackName => 'Default', CallbackPage => '/autohandler' );
-
-RT::Interface::Web::SaveSessionCookie();
-RT::Interface::Web::ShowRequestedPage(\%ARGS);
-RT::Interface::Web::LogRecordedSQLStatements();
$m->comp( '/Elements/Footer', %ARGS );
-
</%INIT>
<%ARGS>
$user => undef
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list