Ticket #1927: visit-from-params2.diff

turbogears/identity/tests/test_visit.py

@@ -1 +1 @@
 import time
+
+from Cookie import SimpleCookie
 from unittest import TestCase
+
 import cherrypy
+
 from turbogears import config, controllers, expose, startup, testutil, visit
-from Cookie import SimpleCookie
 
 
 def cookie_header(response):
@@ -14 +17 @@
 
     @expose()
     def index(self):
-        new = None
-        if visit.current():
-            new = visit.current().is_new
+        new = visit_key = None
+        cur_visit = visit.current()
+        if cur_visit:
+            new = cur_visit.is_new
+            key = cur_visit.key
         visit_on = config.get('visit.on')
-        return dict(new=new, visit_on=visit_on)
+        return dict(new=new, key=key, visit_on=visit_on)
 
 
 class TestVisit(TestCase):
@@ -26 +31 @@
     def setUp(self):
         testutil.stop_server(tg_only = True)
         self._visit_on = config.get('visit.on', False)
+        self._visit_source = config.get('visit.source', 'cookie')
         config.update({'visit.on': True})
         self._visit_timeout = config.get('visit.timeout', 20)
         config.update({'visit.timeout': 50})
         self.cookie_name = config.get("visit.cookie.name", 'tg-visit')
+        self._visit_key_param = config.get("visit.form.name", 'tg_visit')
         self.app = testutil.make_app(VisitRoot)
         testutil.start_server()
 
@@ -53 +60 @@
         response = self.app.get("/")
         # first visit's cookie
         print "Headers", response.headers
-        print "Config", config.get('visit.on')
+        print "Visit on", config.get('visit.on')
         morsel = response.cookies_set[self.cookie_name]
         response = self.app.get("/", headers=cookie_header(response))
         assert not response.raw['new']
 
+    def test_visit_from_form(self):
+        """Test if the visit key is retrieved from the request params."""
+        _app = self.app
+        try:
+            testutil.stop_server(tg_only = True)
+            config.update({'visit.source': 'cookie,form'})
+            self.app = testutil.make_app(VisitRoot)
+            testutil.start_server()
+            # first visit's cookie
+            first_key = self.app.get("/").raw.get('key')
+            # second request with no cookies
+            self.app.cookies = {}
+            response = self.app.get("/",
+                params={self._visit_key_param: first_key})
+        finally:
+            config.update({'visit.source': self._visit_source})
+            self.app = _app
+        assert first_key == response.raw['key']
+
+    def test_visit_from_form_with_cookie_fallback(self):
+        """Test if visit key is retrieved from cookie if not found in params."""
+        _app = self.app
+        try:
+            testutil.stop_server(tg_only = True)
+            config.update({'visit.source': 'form,cookie'})
+            _app = testutil.make_app(VisitRoot)
+            testutil.start_server()
+            # first visit's cookie
+            first_key = self.app.get("/").raw.get('key')
+            # second request with no params
+            response = self.app.get("/")
+        finally:
+            config.update({'visit.source': self._visit_source})
+            self.app = _app
+        assert first_key == response.raw['key']
+
     def test_cookie_expires(self):
         """Test if the visit timeout mechanism works."""
         timeout = config.get('visit.timeout', 50)
@@ -107 +150 @@
             '%a, %d-%b-%Y %H:%M:%S GMT')[:8] + (0,))
         should_expire = time.mktime(time.gmtime()) + int(morsel['max-age'])
         assert abs(should_expire - expires) < 3, (should_expire, expires, should_expire - expires)
-

turbogears/visit/api.py

@@ -1 +1 @@
 import logging
 import sha
 import threading
+import time
+
 from random import random
 from datetime import timedelta, datetime
-import time
+
+import cherrypy
 import pkg_resources
-import cherrypy
+
 from cherrypy.filters.basefilter import BaseFilter
 from turbogears import config
 
@@ -174 +177 @@
     def __init__(self):
         log.info("Visit filter initialised")
         get = config.get
+        # Where to look for the session key in the request and in which order
+        self.source = [s.strip().lower() for s in
+            get("visit.source", "cookie").split(',')]
+        if set(self.source).difference(('cookie', 'form')):
+            log.warning("Unsupported 'visit.source' '%s' in configuration.")
         # Get the name to use for the identity cookie.
         self.cookie_name = get("visit.cookie.name", "tg-visit")
+        # and the name of the request param. MUST NOT contain dashes or dots,
+        # otherwise the NestedVariablesFilter will chocke on it.
+        self.visit_key_param = get("visit.form.name", "tg_visit")
         # TODO: The path should probably default to whatever
         # the root is masquerading as in the event of a
         # virtual path filter.
@@ -195 +206 @@
         if not config.get("visit.on", True):
             set_current(None)
             return
+        cpreq = cherrypy.request
         visit = current()
-        cookies = cherrypy.request.simple_cookie
         if not visit:
-            if self.cookie_name in cookies:
-                # Process visit based on cookie
-                visit_key = cookies[self.cookie_name].value
-                visit = _manager.visit_for_key(visit_key)
+            visit_key = None
+            for source in self.source:
+                if source == 'cookie':
+                    visit_key = cpreq.simple_cookie.get(self.cookie_name)
+                    if visit_key:
+                        visit_key = visit_key.value
+                        log.debug("Retrieved visit key '%s' from cookie '%s'.",
+                            visit_key, self.cookie_name)
+                elif source == 'form':
+                    visit_key = cpreq.params.pop(self.visit_key_param, None)
+                    log.debug(
+                        "Retrieved visit key '%s' from request param '%s'.",
+                        visit_key, self.visit_key_param)
+                if visit_key:
+                    visit = _manager.visit_for_key(visit_key)
+                    break
             if not visit:
                 visit_key = self._generate_key()
                 visit = _manager.new_visit_with_key(visit_key)
+                log.debug("Created new visit with key: %s", visit_key)
+            else:
+                log.debug("Using visit from request with key: %s", visit_key)
             self.send_cookie(visit_key)
             set_current(visit)
         # Inform all the plugins that a request has been made for the current

turbogears/qstemplates/quickstart/+package+/config/app.cfg_tmpl

@@ -92 +92 @@
 # Number of minutes a visit may be idle before it expires.
 # visit.timeout=20
 
+# Where to look for the key of an existing visit in the request and in which
+# order. Comma-separated list of possible values: 'cookie', 'form'.
+# By default only use visit key in session cookie.
+# visit.source="cookie"
+
 # The name of the cookie to transmit to the visitor's browser.
 # visit.cookie.name="tg-visit"
 
+# The name of the request parameter with the session key (for when
+# 'visit.source' includes 'form'). Name MUST NOT contain dashes or dots!
+# visit.form.name="tg_visit"
+
 # Domain name to specify when setting the cookie (must begin with . according to
 # RFC 2109). The default (None) should work for most cases and will default to
 # the machine to which the request was made. NOTE: localhost is NEVER a valid