[tor-commits] [bridgedb/master] Remove Session Cookie

aagbsn at torproject.org aagbsn at torproject.org
Wed Apr 17 00:26:45 UTC 2013


commit 4307e958bf3711e9cab542f80df55bf760288b7d
Author: aagbsn <aagbsn at extc.org>
Date:   Wed Mar 27 23:38:00 2013 +0000

    Remove Session Cookie
---
 lib/bridgedb/HTTPServer.py |   60 +++----------------------------------------
 1 files changed, 5 insertions(+), 55 deletions(-)

diff --git a/lib/bridgedb/HTTPServer.py b/lib/bridgedb/HTTPServer.py
index dcd1dcd..dc61124 100644
--- a/lib/bridgedb/HTTPServer.py
+++ b/lib/bridgedb/HTTPServer.py
@@ -16,7 +16,7 @@ import os
 
 from twisted.internet import reactor
 import twisted.web.resource
-from twisted.web.server import Site, Session
+from twisted.web.server import Site
 from twisted.web import static
 from twisted.web.util import redirectTo
 
@@ -33,7 +33,6 @@ from random import randint
 from mako.template import Template
 from mako.lookup import TemplateLookup
 from zope.interface import Interface, Attribute, implements
-from twisted.python.components import registerAdapter
 
 template_root = os.path.join(os.path.dirname(__file__),'templates')
 lookup = TemplateLookup(directories=[template_root],
@@ -49,19 +48,9 @@ except:
     geoip = None
     logging.warn("GeoIP database not found") 
 
-class ICaptchaState(Interface):
-    captchaSolved = Attribute("A bool that indicates whether a Captcha has been solved")
-    clientIP  = Attribute("The IP address of the client")
-
-class CaptchaState(object):
-    implements(ICaptchaState)
-    def __init__(self, session):
-        self.captchaSolved = False
-        self.clientIP = ""
-
 class CaptchaProtectedResource(twisted.web.resource.Resource):
-    def __init__(self, useRecaptcha=False, recaptchaPrivKey='', recaptchaPubKey='',
-            useForwardedHeader=False, resource=None):
+    def __init__(self, useRecaptcha=False, recaptchaPrivKey='',
+            recaptchaPubKey='', useForwardedHeader=False, resource=None):
         self.isLeaf = resource.isLeaf
         self.useForwardedHeader = useForwardedHeader
         self.recaptchaPrivKey = recaptchaPrivKey
@@ -82,10 +71,6 @@ class CaptchaProtectedResource(twisted.web.resource.Resource):
         return ip
 
     def render_GET(self, request):
-        if self.captchaSolved(request):
-            getSession(request).expire()
-            return self.resource.render(request)
-
         # get a captcha
         c = Raptcha(self.recaptchaPubKey, self.recaptchaPrivKey)
         c.get()
@@ -94,18 +79,7 @@ class CaptchaProtectedResource(twisted.web.resource.Resource):
         imgstr = 'data:image/jpeg;base64,%s' % base64.b64encode(c.image)
         return lookup.get_template('captcha.html').render(imgstr=imgstr, challenge_field=c.challenge)
 
-    def captchaSolved(self, request):
-        s = ICaptchaState(getSession(request))
-        ip = self.getClientIP(request)
-        if s.captchaSolved and ip == s.clientIP:
-            return True
-        return False
-        
     def render_POST(self, request):
-        if self.captchaSolved(request):
-            getSession(request).expire()
-            return self.resource.render(request)
-
         try:
             challenge = request.args['recaptcha_challenge_field'][0]
             response = request.args['recaptcha_response_field'][0]
@@ -121,10 +95,7 @@ class CaptchaProtectedResource(twisted.web.resource.Resource):
         if recaptcha_response.is_valid:
             logging.info("Valid recaptcha from %s. Parameters were %r",
                     remote_ip, request.args)
-            # set a valid captcha solved for this session!
-            c = ICaptchaState(getSession(request))
-            c.captchaSolved = True
-            c.clientIP = self.getClientIP(request)
+            return self.resource.render(request)
         else:
             logging.info("Invalid recaptcha from %s. Parameters were %r",
                          remote_ip, request.args)
@@ -155,7 +126,7 @@ class WebResource(twisted.web.resource.Resource):
         if not domains: domains = []
         self.domains = domains
 
-    def render_GET(self, request):
+    def render(self, request):
         return self.getBridgeRequestAnswer(request)
 
     def getBridgeRequestAnswer(self, request):
@@ -250,26 +221,6 @@ class WebRoot(twisted.web.resource.Resource):
     def render_GET(self, request):
         return lookup.get_template('index.html').render()
 
-def getSession(self, sessionInterface = None):
-    # Session management
-    if not self.session:
-        cookiename = b"_".join([b'TWISTED_SESSION'] + self.sitepath)
-        sessionCookie = self.getCookie(cookiename)
-        if sessionCookie:
-            try:
-                self.session = self.site.getSession(sessionCookie)
-            except KeyError:
-                pass
-        # if it still hasn't been set, fix it up.
-        if not self.session:
-            self.session = self.site.makeSession()
-            #XXX: secure cookies
-            self.addCookie(cookiename, self.session.uid, path=b'/', secure=True, max_age=60)
-    self.session.touch()
-    if sessionInterface:
-        return self.session.getComponent(sessionInterface)
-    return self.session
-
 def addWebServer(cfg, dist, sched):
     """Set up a web server.
          cfg -- a configuration object from Main.  We use these options:
@@ -297,7 +248,6 @@ def addWebServer(cfg, dist, sched):
                    domains=cfg.EMAIL_DOMAINS)
 
     if cfg.RECAPTCHA_ENABLED:
-        registerAdapter(CaptchaState, Session, ICaptchaState) 
         protected = CaptchaProtectedResource(
                 recaptchaPrivKey=cfg.RECAPTCHA_PRIV_KEY,
                 recaptchaPubKey=cfg.RECAPTCHA_PUB_KEY,



More information about the tor-commits mailing list