4 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/09bfb4f3f60d/ Changeset: 09bfb4f3f60d User: dannon Date: 2015-02-04 15:33:07+00:00 Summary: Initial version of session_timeout. Still needs client side work to handle API/web.json requests better but that turned out to be a large project -- see TODOs for more details. Affected #: 5 files diff -r 11c8048ae648d3b8ddae7f180f6bbde4aac4fb83 -r 09bfb4f3f60d4fa31bc4f0ed91151cc60d0c6256 config/galaxy.ini.sample --- a/config/galaxy.ini.sample +++ b/config/galaxy.ini.sample @@ -392,6 +392,13 @@ #inactivity_box_content = Your account has not been activated yet. Feel free to browse around and see what's available, but you won't be able to upload data or run jobs until you have verified your email address. + +# Galaxy Session Timeout +# This provides a timeout (in minutes) after which a user will have to log back in. +# A duration of 0 disables this feature. +#session_duration = 0 + + # -- Analytics # You can enter tracking code here to track visitor's behavior diff -r 11c8048ae648d3b8ddae7f180f6bbde4aac4fb83 -r 09bfb4f3f60d4fa31bc4f0ed91151cc60d0c6256 lib/galaxy/config.py --- a/lib/galaxy/config.py +++ b/lib/galaxy/config.py @@ -171,6 +171,7 @@ self.instance_resource_url = kwargs.get( 'instance_resource_url', None ) self.registration_warning_message = kwargs.get( 'registration_warning_message', None ) self.ga_code = kwargs.get( 'ga_code', None ) + self.session_duration = int(kwargs.get( 'session_duration', 0 )) # Get the disposable email domains blacklist file and its contents self.blacklist_location = kwargs.get( 'blacklist_file', None ) self.blacklist_content = None diff -r 11c8048ae648d3b8ddae7f180f6bbde4aac4fb83 -r 09bfb4f3f60d4fa31bc4f0ed91151cc60d0c6256 lib/galaxy/model/__init__.py --- a/lib/galaxy/model/__init__.py +++ b/lib/galaxy/model/__init__.py @@ -1335,7 +1335,7 @@ FAILED_METADATA = 'failed_metadata', RESUBMITTED = 'resubmitted' ) # failed_metadata and resubmitted are only valid as DatasetInstance states currently - + non_ready_states = ( states.UPLOAD, states.QUEUED, @@ -2997,6 +2997,7 @@ self.is_valid = is_valid self.prev_session_id = prev_session_id self.histories = [] + self.last_action = galaxy.model.orm.now.now() def add_history( self, history, association=None ): if association is None: diff -r 11c8048ae648d3b8ddae7f180f6bbde4aac4fb83 -r 09bfb4f3f60d4fa31bc4f0ed91151cc60d0c6256 lib/galaxy/model/migrate/versions/0128_session_timeout.py --- /dev/null +++ b/lib/galaxy/model/migrate/versions/0128_session_timeout.py @@ -0,0 +1,50 @@ +""" +Migration script to add session update time (used for timeouts) +""" +from sqlalchemy import * +from sqlalchemy.orm import * +from migrate import * +from migrate.changeset import * +from galaxy.model.custom_types import * + +import datetime +now = datetime.datetime.utcnow + +import logging +log = logging.getLogger( __name__ ) + +metadata = MetaData() + + +def upgrade(migrate_engine): + metadata.bind = migrate_engine + print __doc__ + metadata.reflect() + + lastaction_column = Column( "last_action", DateTime, default=now ) + __add_column( lastaction_column, "galaxy_session", metadata ) + + +def downgrade(migrate_engine): + metadata.bind = migrate_engine + metadata.reflect() + + __drop_column( "last_action", "galaxy_session", metadata ) + + +def __add_column(column, table_name, metadata, **kwds): + try: + table = Table( table_name, metadata, autoload=True ) + column.create( table, **kwds ) + except Exception as e: + print str(e) + log.exception( "Adding column %s failed." % column) + + +def __drop_column( column_name, table_name, metadata ): + try: + table = Table( table_name, metadata, autoload=True ) + getattr( table.c, column_name ).drop() + except Exception as e: + print str(e) + log.exception( "Dropping column %s failed." % column_name ) diff -r 11c8048ae648d3b8ddae7f180f6bbde4aac4fb83 -r 09bfb4f3f60d4fa31bc4f0ed91151cc60d0c6256 lib/galaxy/web/framework/webapp.py --- a/lib/galaxy/web/framework/webapp.py +++ b/lib/galaxy/web/framework/webapp.py @@ -1,5 +1,6 @@ """ """ +import datetime import inspect import os import hashlib @@ -210,6 +211,32 @@ self.response.send_redirect( url_for( '/static/user_disabled.html' ) ) if config.require_login: self._ensure_logged_in_user( environ, session_cookie ) + if config.session_duration and not self.environ.get('is_api_request', False): + # TODO DBTODO Session-based API requests need to be handled + # correctly here. Disabled for now. The issue is that API + # request response error codes aren't handled in a consistent + # way on the client side. All ajax calls from the client need + # to go through a single point of control where we can do things + # like redirect/etc. This is API calls as well as something + # like 40 @web.json requests that might not get handled well on + # the clientside. + # + # Make sure we're not past the duration, and either log out or + # update timestamp. + now = datetime.datetime.now() + expiration_time = self.galaxy_session.update_time + datetime.timedelta(minutes=config.session_duration) + if expiration_time < now: + # Expiration time has passed. + self.handle_user_logout() + self.response.send_redirect( url_for( controller='user', + action='login', + message="You have been logged out due to inactivity. Please log in again to continue using Galaxy.", + status='info', + use_panels=True ) ) + else: + self.galaxy_session.update_time = datetime.datetime.now() + self.sa_session.add(self.galaxy_session) + self.sa_session.flush() def setup_i18n( self ): locales = [] https://bitbucket.org/galaxy/galaxy-central/commits/d3a4dca4bfa5/ Changeset: d3a4dca4bfa5 User: dannon Date: 2015-02-04 16:06:53+00:00 Summary: Handle timeout correctly for API requests. There's still the issue of clients potentially not understanding this, and of course the @web.json requests. Affected #: 1 file diff -r 09bfb4f3f60d4fa31bc4f0ed91151cc60d0c6256 -r d3a4dca4bfa571599494a315343c2e635fbc7b5f lib/galaxy/web/framework/webapp.py --- a/lib/galaxy/web/framework/webapp.py +++ b/lib/galaxy/web/framework/webapp.py @@ -211,7 +211,7 @@ self.response.send_redirect( url_for( '/static/user_disabled.html' ) ) if config.require_login: self._ensure_logged_in_user( environ, session_cookie ) - if config.session_duration and not self.environ.get('is_api_request', False): + if config.session_duration: # TODO DBTODO Session-based API requests need to be handled # correctly here. Disabled for now. The issue is that API # request response error codes aren't handled in a consistent @@ -228,7 +228,12 @@ if expiration_time < now: # Expiration time has passed. self.handle_user_logout() - self.response.send_redirect( url_for( controller='user', + if self.environ.get('is_api_request', False): + self.response.status = 401 + self.user = None + self.galaxy_session = None + else: + self.response.send_redirect( url_for( controller='user', action='login', message="You have been logged out due to inactivity. Please log in again to continue using Galaxy.", status='info', https://bitbucket.org/galaxy/galaxy-central/commits/2d7653d16e02/ Changeset: 2d7653d16e02 User: dannon Date: 2015-02-04 16:07:58+00:00 Summary: Update commentary per previous commit re: API request handling. Affected #: 1 file diff -r d3a4dca4bfa571599494a315343c2e635fbc7b5f -r 2d7653d16e02119e9028c63b4a4920f46a7cefa6 lib/galaxy/web/framework/webapp.py --- a/lib/galaxy/web/framework/webapp.py +++ b/lib/galaxy/web/framework/webapp.py @@ -212,14 +212,11 @@ if config.require_login: self._ensure_logged_in_user( environ, session_cookie ) if config.session_duration: - # TODO DBTODO Session-based API requests need to be handled - # correctly here. Disabled for now. The issue is that API - # request response error codes aren't handled in a consistent - # way on the client side. All ajax calls from the client need - # to go through a single point of control where we can do things - # like redirect/etc. This is API calls as well as something - # like 40 @web.json requests that might not get handled well on - # the clientside. + # TODO DBTODO All ajax calls from the client need to go through + # a single point of control where we can do things like + # redirect/etc. This is API calls as well as something like 40 + # @web.json requests that might not get handled well on the + # clientside. # # Make sure we're not past the duration, and either log out or # update timestamp. https://bitbucket.org/galaxy/galaxy-central/commits/f0ae870b22e9/ Changeset: f0ae870b22e9 User: dannon Date: 2015-02-04 16:08:25+00:00 Summary: pep8 webapp.py. Affected #: 1 file diff -r 2d7653d16e02119e9028c63b4a4920f46a7cefa6 -r f0ae870b22e955a6668dd46e55b31e708184abb4 lib/galaxy/web/framework/webapp.py --- a/lib/galaxy/web/framework/webapp.py +++ b/lib/galaxy/web/framework/webapp.py @@ -231,10 +231,10 @@ self.galaxy_session = None else: self.response.send_redirect( url_for( controller='user', - action='login', - message="You have been logged out due to inactivity. Please log in again to continue using Galaxy.", - status='info', - use_panels=True ) ) + action='login', + message="You have been logged out due to inactivity. Please log in again to continue using Galaxy.", + status='info', + use_panels=True ) ) else: self.galaxy_session.update_time = datetime.datetime.now() self.sa_session.add(self.galaxy_session) Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.