From 9e42c9e2c69bbfa04a3488a724ec1a8ee6ab8ab4 Mon Sep 17 00:00:00 2001
From: sidya82 <quentin.rouland.82@gmail.com>
Date: Thu, 27 Feb 2014 23:33:51 +0100
Subject: [PATCH] =?UTF-8?q?=09supprim=C3=A9:=20=20=20=20=20=20=20=20sessio?=
 =?UTF-8?q?n.py=20=09modifi=C3=A9:=20=20=20=20=20=20=20=20=20superTornado.?=
 =?UTF-8?q?py=20=09supprim=C3=A9:=20=20=20=20=20=20=20=20test.html?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 session.py      | 147 ------------------------------------------------
 superTornado.py |  15 ++++-
 test.html       |  31 ----------
 3 files changed, 12 insertions(+), 181 deletions(-)
 delete mode 100644 session.py
 delete mode 100644 test.html

diff --git a/session.py b/session.py
deleted file mode 100644
index 4c8c4ee..0000000
--- a/session.py
+++ /dev/null
@@ -1,147 +0,0 @@
-
-"""
-
-Usage:
-In your application script,
-    settings["session_secret"] = 'some secret password!!'
-    settings["session_dir"] = 'sessions'  # the directory to store sessions in
-    application.session_manager = session.TornadoSessionManager(settings["session_secret"], settings["session_dir"])
-
-In your RequestHandler (probably in __init__),
-    self.session = session.TornadoSession(self.application.session_manager, self)
-
-After that, you can use it like this (in get(), post(), etc):
-    self.session['blah'] = 1234
-    self.save()
-    blah = self.session['blah']
-
-    etc.
-
-
-the basic session mechanism is this:
-* take some data, pickle it, store it somewhere.
-* assign an id to it. run that id through a HMAC (NOT just a hash function) to prevent tampering.
-* put the id and HMAC output in a cookie.
-* when you get a request, load the id, verify the HMAC. if it matches, load the data from wherever you put it and depickle it.
-
-
-"""
-
-import pickle
-import os.path
-import hmac
-import hashlib
-import uuid
-
-class Session(dict):
-    """ A Session is basically a dict with a session_id and an hmac_digest string to verify access rights """
-    def __init__(self, session_id, hmac_digest):
-        self.session_id = session_id
-        self.hmac_digest = hmac_digest
-
-
-class SessionManager(object):
-    """ SessionManager handles the cookie and file read/writes for a Session """
-    def __init__(self, secret, session_dir = ''):
-        self.secret = secret
-
-        # figure out where to store the session file
-        if session_dir == '':
-            session_dir = os.path.join(os.path.dirname(__file__), 'sessions')
-        self.session_dir = session_dir
-
-
-    def _read(self, session_id):
-        session_path = self._get_session_path(session_id)
-        try :
-            data = pickle.load(open(session_path))
-            if type(data) == type({}):
-                return data
-            else:
-                return {}
-        except IOError:
-            return {}
-
-    def get(self, session_id = None, hmac_digest = None):
-        # set up the session state (create it from scratch, or from parameters
-        if session_id == None:
-            session_should_exist = False
-            session_id = self._generate_uid()
-            hmac_digest = self._get_hmac_digest(session_id)
-        else:
-            session_should_exist = True
-            session_id = session_id
-            hmac_digest = hmac_digest   # keyed-Hash Message Authentication Code
-
-        # make sure the HMAC digest we generate matches the given one, to validate
-        expected_hmac_digest = self._get_hmac_digest(session_id)
-        if hmac_digest != expected_hmac_digest:
-            raise InvalidSessionException()
-
-        # create the session object
-        session = Session(session_id, hmac_digest)
-
-        # read the session file, if this is a pre-existing session
-        if session_should_exist:
-            data = self._read(session_id)
-            for i, j in data.iteritems():
-                session[i] = j
-
-        return session
-
-    def _get_session_path(self, session_id):
-        return os.path.join(self.session_dir, 'SESSION' + str(session_id))
-
-    def set(self, session):
-        session_path = self._get_session_path(session.session_id)
-        session_file = open(session_path, 'wb')
-        pickle.dump(dict(session.items()), session_file)
-        session_file.close()
-
-    def _get_hmac_digest(self, session_id):
-        return hmac.new(session_id, self.secret, hashlib.sha1).hexdigest()
-
-    def _generate_uid(self):
-        base = hashlib.md5( self.secret + str(uuid.uuid4()) )
-        return base.hexdigest()
-
-class TornadoSessionManager(SessionManager):
-    """ A TornadoSessionManager is a SessionManager that is specifically for use in Tornado, using Tornado's cookies """
-
-    def get(self, requestHandler = None):
-        if requestHandler == None:
-            return super(TornadoSessionManager, self).get()
-        else:
-            session_id = requestHandler.get_secure_cookie("session_id")
-            hmac_digest = requestHandler.get_secure_cookie("hmac_digest")
-            return super(TornadoSessionManager, self).get(session_id, hmac_digest)
-
-
-    def set(self, requestHandler, session):
-        requestHandler.set_secure_cookie("session_id", session.session_id)
-        requestHandler.set_secure_cookie("hmac_digest", session.hmac_digest)
-        return super(TornadoSessionManager, self).set(session)
-
-class TornadoSession(Session):
-    """ A TornadoSession is a Session object for use in Tornado """
-    def __init__(self, tornado_session_manager, request_handler):
-        self.session_manager = tornado_session_manager
-        self.request_handler = request_handler
-        # get the session object's data and transfer it to this session item
-        try:
-            plain_session = tornado_session_manager.get(request_handler)
-        except InvalidSessionException:
-            plain_session = tornado_session_manager.get()
-
-        for i, j in plain_session.iteritems():
-            self[i] = j
-        self.session_id = plain_session.session_id
-        self.hmac_digest = plain_session.hmac_digest
-
-
-
-    def save(self):
-        self.session_manager.set(self.request_handler, self)
-
-class InvalidSessionException(Exception):
-    pass
diff --git a/superTornado.py b/superTornado.py
index 3472dff..e0e26e2 100644
--- a/superTornado.py
+++ b/superTornado.py
@@ -34,7 +34,7 @@ class MainHandler(BaseHandler):
             else:
                 print '->Send visual alarm authorized user'
                 print 'maison.request("GET", "micom/lamp.php?room=salon1&order=1")'
-            print "->Send to client authorized user access"
+            print "->Authorized user access"
             self.set_secure_cookie("user", iden)
             self.redirect("/video")
         else:
@@ -45,7 +45,7 @@ class MainHandler(BaseHandler):
             else:
                     print '->Send visual alarm unauthorized user'
                     print 'maison.request("GET", "micom/lamp.php?room=salon1&order=1")'
-            print "->Send to client unauthorized user access"
+            print "->An unauthorized user try to access"
             self.write("Unauthorized user access")
 
 class VideoHandler(BaseHandler):
@@ -56,12 +56,21 @@ class VideoHandler(BaseHandler):
         name = tornado.escape.xhtml_escape(self.current_user)
         self.write("Hello, " + name)
 
-
+class UnauthorizedHandler(BaseHandler):
+    def get(self):
+        self.render("index.html")
+    def post(self):
+        force = self.get_argument("id","")
+        if force == 1 :
+            self.set_secure_cookie("user", "illegalUser")
+        else :
+            self.redirect("/")
 
 
 application = tornado.web.Application([
     (r"/", MainHandler),
     (r"/video", VideoHandler),
+    (r"/unauthorized", UnauthorizedHandler),
 ], cookie_secret="1213215656")
 
 if __name__ == "__main__":
diff --git a/test.html b/test.html
deleted file mode 100644
index b24b2a1..0000000
--- a/test.html
+++ /dev/null
@@ -1,31 +0,0 @@
-<!DOCTYPE html>
-<html>
-    <head>
-        <meta charset="utf-8">
-    <script type="text/javascript">
-        var messageContainer = document.getElementById("messages");
-        function WebSocketTest() {
-            if ("WebSocket" in window) {
-                messageContainer.innerHTML = "WebSocket is supported by your Browser!";
-                var ws = new WebSocket("ws://192.168.1.23:80/test/?Id=123456789");
-                ws.onopen = function() {
-                    ws.send("Message to send");
-                };
-                ws.onmessage = function (evt) {
-                    var received_msg = evt.data;
-                    messageContainer.innerHTML = "Message is received...";
-                };
-                ws.onclose = function() {
-                    messageContainer.innerHTML = "Connection is closed...";
-                };
-            } else {
-                messageContainer.innerHTML = "WebSocket NOT supported by your Browser!";
-            }
-        }
-        </script>
-    </head>
-    <body>
-        <a href="javascript:WebSocketTest()">Run WebSocket</a>
-        <div id="messages" style="height:200px;background:black;color:white;"></div>
-    </body>
-</html>