diff options
| author | Philip Sargent <philip.sargent@gmail.com> | 2025-06-25 23:30:20 +0300 |
|---|---|---|
| committer | Philip Sargent <philip.sargent@gmail.com> | 2025-06-25 23:30:20 +0300 |
| commit | a7966e714de7ed3aae5dd25c578344c934dd8572 (patch) | |
| tree | ce5edfac97c6a490dd80753a4c67847a74ea7be7 | |
| parent | 19844cd94a4a7c798921a2858f038eb9a2db99a5 (diff) | |
| download | troggle-a7966e714de7ed3aae5dd25c578344c934dd8572.tar.gz troggle-a7966e714de7ed3aae5dd25c578344c934dd8572.tar.bz2 troggle-a7966e714de7ed3aae5dd25c578344c934dd8572.zip | |
shared use machine short-cookie timeout implemented for survex file editing only
| -rw-r--r-- | core/utils.py | 25 | ||||
| -rw-r--r-- | core/views/other.py | 4 | ||||
| -rw-r--r-- | core/views/survex.py | 4 |
3 files changed, 25 insertions, 8 deletions
diff --git a/core/utils.py b/core/utils.py index a2f55dd..116e517 100644 --- a/core/utils.py +++ b/core/utils.py @@ -48,6 +48,8 @@ alphabet = [] sha = hashlib.new('sha256') COOKIE_MAX_AGE = 2*365*24*60*60 # seconds COOKIE_SHORT_TIMEOUT = 60*60 # seconds +PUBLIC_LAPTOP_COOKIE_NAME = "public_laptop" +PUBLIC_LAPTOP_COOKIE_TEXT = "this is a public laptop" throw = 35.0 EXPOSERVER = "expo" # hostname of the server at expo.survex.com @@ -78,11 +80,11 @@ except: # Opening of file for writing is going to fail currently, so decide it doesn't matter for now pass -def get_cookie_max_age(): +def get_cookie_max_age(request=None): """This is where we detect whether the machine the user is using is a shared-use device or a personal device. If it is shared-use, then we set a much shorter cookie timout period. """ - if shared_use_machine(): + if shared_use_machine(request): return COOKIE_SHORT_TIMEOUT else: return COOKIE_MAX_AGE @@ -309,10 +311,25 @@ def get_git_string(user): person = people[0] return f"{person.fullname} <{user.email}>" -def shared_use_machine(): +def shared_use_machine(request): """Looks for a cookie which only exists on shared use machines """ - return False + print(f" - shared use cookie check {request}") + + if not request: # temporary while rolling out implementation to all calling functions + return False + + if not (cookie_txt := request.COOKIES.get(PUBLIC_LAPTOP_COOKIE_NAME, "")): + return False + elif cookie_txt == PUBLIC_LAPTOP_COOKIE_TEXT: + print(f" - shared use cookie exists, and has expected value: '{cookie_txt}'") + return True + else: + print(f" - shared use cookie exists, but has wrong value: '{cookie_txt}' not '{PUBLIC_LAPTOP_COOKIE_TEXT}'") + return True + + + def get_cookie(request): """The initial idea of having a default turned out to be a bad idea as people just ignore the field. diff --git a/core/views/other.py b/core/views/other.py index fd1d1ef..ceec79f 100644 --- a/core/views/other.py +++ b/core/views/other.py @@ -11,7 +11,7 @@ from troggle.core.models.logbooks import LogbookEntry, writelogbook # , PersonL # from databaseReset import reinit_db # don't do this. databaseRest runs code *at import time* from troggle.core.models.troggle import Expedition -from troggle.core.utils import current_expo, COOKIE_SHORT_TIMEOUT +from troggle.core.utils import current_expo, COOKIE_SHORT_TIMEOUT, PUBLIC_LAPTOP_COOKIE_NAME, PUBLIC_LAPTOP_COOKIE_TEXT from troggle.parsers.imports import ( import_caves, import_drawingsfiles, @@ -42,7 +42,7 @@ def public_laptop(request): This hack to be replaced in due course by a proper call from a user saying whether they are using a shared machine or not. """ response = HttpResponse(f"Cookie has been set on this machine, which now defines it as a public laptop. So the login cookie lifetimes will now be short:{COOKIE_SHORT_TIMEOUT/(60*60)} hour(s)") - response.set_cookie("public_laptop", "this is a public laptop", max_age=COOKIE_SHORT_TIMEOUT) # Cookie expires in 1 hour + response.set_cookie(PUBLIC_LAPTOP_COOKIE_NAME, PUBLIC_LAPTOP_COOKIE_TEXT, max_age=COOKIE_SHORT_TIMEOUT) # Cookie expires in 1 hour return response def todos(request, module): diff --git a/core/views/survex.py b/core/views/survex.py index 3c7e26a..230d98f 100644 --- a/core/views/survex.py +++ b/core/views/survex.py @@ -441,8 +441,8 @@ def svx(request, survex_file): else: edit_response = render(request, "svxfile.html", vmap) - edit_response.set_cookie('editor_id', editor, max_age=get_cookie_max_age()) # cookie expires after get_cookie_max_age() seconds - print(f"Cookie reset: {editor} for another {get_cookie_max_age()/3600} hour(s)") + edit_response.set_cookie('editor_id', editor, max_age=get_cookie_max_age(request)) # cookie expires after get_cookie_max_age() seconds + print(f"Cookie reset: {editor} for another {get_cookie_max_age(request)/3600} hour(s)") return edit_response |