[Freeipa-devel] [PATCH 82] Compliant client side session cookie behavior

Petr Viktorin pviktori at redhat.com
Tue Nov 13 12:39:00 UTC 2012 

Continuing from yesterday. I tried building the RPMs, installing a 
server, running the tests, and checking the Web UI. Each of these steps 
failed.


On 11/11/2012 11:18 PM, John Dennis wrote:
> Note: This has been tested with both the command line api and the
> browser on both Fedora and RHEL-6. It has also been tested to make sure
> any cookies stored before an upgrade will work correctly.
>
> --
> John Dennis <jdennis at redhat.com>
>
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
> freeipa-jdennis-0082-Compliant-client-side-session-cookie-behavior.patch
>
>
>>From 089d69a1e06636bbd2836fcb9072b5a2ffef7ae2 Mon Sep 17 00:00:00 2001
> From: John Dennis<jdennis at redhat.com>
> Date: Sun, 11 Nov 2012 17:05:32 -0500
> Subject: [PATCH 82] Compliant client side session cookie behavior
> Content-Type: text/plain; charset="utf-8"
> Content-Transfer-Encoding: 8bit
>
[...]
>
> Ticket https://fedorahosted.org/freeipa/ticket/3022
> ---
>   ipalib/rpc.py                       | 224 +++++++++++++----
>   ipalib/session.py                   |  39 +--
>   ipapython/cookie.py                 | 486 ++++++++++++++++++++++++++++++++++++
>   ipaserver/rpcserver.py              |   6 +-
>   tests/test_ipapython/test_cookie.py | 332 ++++++++++++++++++++++++
>   5 files changed, 1017 insertions(+), 70 deletions(-)
>   create mode 100644 ipapython/cookie.py
>   create mode 100644 tests/test_ipapython/test_cookie.py
>
> diff --git a/ipalib/rpc.py b/ipalib/rpc.py
> index c555105..b2021c1 100644
> --- a/ipalib/rpc.py
> +++ b/ipalib/rpc.py
> @@ -61,7 +64,8 @@ from ipalib.krb_utils import KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN, KRB5KRB_AP_ERR_TKT
>                                KRB5_FCC_PERM, KRB5_FCC_NOFILE, KRB5_CC_FORMAT, KRB5_REALM_CANT_RESOLVE
>   from ipapython.dn import DN
>
> -COOKIE_NAME = 'ipa_session_cookie:%s'
> +COOKIE_NAME = 'ipa_session'

COOKIE_NAME is used in ipa-client-install, which promptly fails when it 
does `kernel_keyring.del_key(COOKIE_NAME % host_principal)`.
(There should probably be a helper function to encapsulate this call.)

> +KEYRING_COOKIE_NAME = '%s_cookie:%%s' % COOKIE_NAME
>
>   def xml_wrap(value):
>       """

> diff --git a/ipalib/session.py b/ipalib/session.py
> index 36beece..900259a 100644
> --- a/ipalib/session.py
> +++ b/ipalib/session.py
> @@ -955,13 +955,18 @@ class MemcacheSessionManager(SessionManager):
>             Session id as string or None if not found.
>           '''
>           session_id = None
> -        if cookie_header is not None:
> -            cookie = Cookie.SimpleCookie()
> -            cookie.load(cookie_header)
> -            session_cookie = cookie.get(self.session_cookie_name)
> -            if session_cookie is not None:
> -                session_id = session_cookie.value
> -                self.debug('found session cookie_id = %s', session_id)
> +        try:
> +            session_cookie = Cookie.get_named_cookie_from_string(cookie_header, self.session_cookie_name)
> +        except Exception, e:
> +            session_cookie = None
> +        else:
> +            session_id = session_cookie.value

When the user first accesses the Web UI, session_cookie will be None, 
resulting in an Internal Server Error.


> diff --git a/ipapython/cookie.py b/ipapython/cookie.py
> new file mode 100644
> index 0000000..0033aed
> --- /dev/null
> +++ b/ipapython/cookie.py
[...]
> +
> +    @property
> +    def timestamp(self):

Pylint complains here and in similar places below:
ipapython/cookie.py:313: [E0202, Cookie.timestamp] An attribute affected 
in ipapython.cookie line 310 hide this method

> diff --git a/tests/test_ipapython/test_cookie.py b/tests/test_ipapython/test_cookie.py
> new file mode 100644
> index 0000000..4b3c317
> --- /dev/null
> +++ b/tests/test_ipapython/test_cookie.py
> @@ -0,0 +1,332 @@
> +# Authors:
> +#   John Dennis<jdennis at redhat.com>
> +#
> +# Copyright (C) 2012  Red Hat
> +# see file 'COPYING' for use and warranty information
> +#
> +# This program is free software; you can redistribute it and/or modify
> +# it under the terms of the GNU General Public License as published by
> +# the Free Software Foundation, either version 3 of the License, or
> +# (at your option) any later version.
> +#
> +# This program is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> +# GNU General Public License for more details.
> +#
> +# You should have received a copy of the GNU General Public License
> +# along with this program.  If not, see<http://www.gnu.org/licenses/>.
> +
> +import unittest
> +import time
> +import datetime
> +import calendar
> +from cookie import Cookie

Here I get ImportError: No module named cookie.


-- 
Petr³

More information about the Freeipa-devel mailing list