Browse Source

use regex instead of simplecookie to parse regex, and change cookie name

tags/v2019.9.5
adam j hartz 5 months ago
parent
commit
3f0af1e372
3 changed files with 31 additions and 26 deletions
  1. +3
    -1
      catsoop/dispatch.py
  2. +20
    -25
      catsoop/session.py
  3. +8
    -0
      catsoop/util.py

+ 3
- 1
catsoop/dispatch.py View File

@@ -31,6 +31,7 @@ from email.utils import formatdate
from . import lti
from . import auth
from . import time
from . import util
from . import tutor
from . import loader
from . import errors
@@ -695,7 +696,8 @@ def main(environment, return_context=False, form_data=None):
url_root = urllib.parse.urlparse(context["cs_url_root"])
domain = url_root.netloc.rsplit(":", 1)[0]
path = url_root.path or "/"
hdr["Set-Cookie"] = "sid=%s; Domain=%s; Path=%s" % (
hdr["Set-Cookie"] = "catsoop_sid_%s=%s; Domain=%s; Path=%s" % (
util.catsoop_loc_hash(),
context["cs_sid"],
domain,
path,


+ 20
- 25
catsoop/session.py View File

@@ -24,8 +24,7 @@ import uuid
import traceback
import importlib

from http.cookies import SimpleCookie

from . import util
from . import cslog
from . import debug_log
from . import base_context
@@ -34,7 +33,7 @@ importlib.reload(base_context)

LOGGER = debug_log.LOGGER

_nodoc = {"SimpleCookie", "make_session_dir", "LOGGER"}
_nodoc = {"make_session_dir", "LOGGER"}

VALID_SESSION_RE = re.compile(r"^[A-Fa-f0-9]{32}$")
"""
@@ -87,31 +86,27 @@ def get_session_id(environ):
os.unlink(fullname)
except:
pass
if "HTTP_COOKIE" in environ:
try:
cookies = environ["HTTP_COOKIE"]
cookies = cookies.replace(
" ", ""
) # avoid unnecessary errors from cookie values with embedded spaces
cookie_sid = SimpleCookie(cookies)["sid"].value
if VALID_SESSION_RE.match(cookie_sid) is None:
LOGGER.error(
"[session] cookie_sid (%s) session mismatch, generating new sid"
% cookie_sid
)
return new_session_id(), True
return cookie_sid, False
except Exception as err:
LOGGER.error(
"[session] Error encountered retrieving session ID, err=%s" % str(err)
)
LOGGER.error("[session] traceback=%s" % traceback.format_exc())
LOGGER.error("[session] HTTP_COOKIE: %s" % environ["HTTP_COOKIE"])

COOKIE_REGEX = re.compile(
r"(?:^|;)\s*catsoop_sid_%s\s*=\s*([^;\s]*)\s*(?:;|$)" % util.catsoop_loc_hash()
)
try:
cookie_sid = COOKIE_REGEX.search(environ["HTTP_COOKIE"]).group(1)
if VALID_SESSION_RE.match(cookie_sid) is None:
LOGGER.error(
"[session] SimpleCookie: %s" % SimpleCookie(environ["HTTP_COOKIE"])
"[session] cookie_sid (%s) session mismatch, generating new sid"
% cookie_sid
)
return new_session_id(), True
else:
return cookie_sid, False
except Exception as err:
LOGGER.error(
"[session] Error encountered retrieving session ID with regex, err=%s"
% str(err)
)
LOGGER.error("[session] traceback=%s" % traceback.format_exc())
LOGGER.error("[session] HTTP_COOKIE: %r" % environ.get("HTTP_COOKIE", None))
LOGGER.error("[session] REGEX: %r" % COOKIE_REGEX)
return new_session_id(), True




+ 8
- 0
catsoop/util.py View File

@@ -18,10 +18,18 @@ Extra utilities that don't have a home anywhere else
"""

import ast
import hashlib

from collections import OrderedDict
from datetime import datetime, timedelta

from . import base_context


def catsoop_loc_hash():
return hashlib.md5(base_context.cs_url_root.encode("utf-8")).hexdigest()


_literal_eval_funcs = {
"OrderedDict": OrderedDict,
"frozenset": frozenset,


Loading…
Cancel
Save