proposal for improving the dont-verify-ssl hack

[myslice.git] / manifoldapi / manifoldapi.py

diff --git a/manifoldapi/manifoldapi.py b/manifoldapi/manifoldapi.py
index 2edecdd..0fc4033 100644 (file)
--- a/manifoldapi/manifoldapi.py
+++ b/manifoldapi/manifoldapi.py
@@ -9,7 +9,7 @@ from django.shortcuts import redirect
 from manifold.core.result_value import ResultValue
 from manifoldresult import ManifoldResult, ManifoldCode, ManifoldException, truncate_result
 
-from unfold.sessioncache import SessionCache
+# from unfold.sessioncache import SessionCache
 
 from myslice.settings import config, logger
 
@@ -27,11 +27,10 @@ class ManifoldAPI:
         
         # Manifold uses a self signed certificate
         # https://www.python.org/dev/peps/pep-0476/
-        if hasattr(ssl, '_create_unverified_context'): 
-            self.server = xmlrpclib.Server(self.url, verbose=False, allow_none=True,
-                                           context=ssl._create_unverified_context())
-        else :
-            self.server = xmlrpclib.Server(self.url, verbose=False, allow_none=True)
+        try:    turn_off_server_verify = { 'context' : ssl._create_unverified_context() } 
+        except: turn_off_server_verify = {}
+        self.server = xmlrpclib.Server(self.url, verbose=False, allow_none=True,
+                                       **turn_off_server_verify)
 
     # xxx temporary code for scaffolding a ManifolResult on top of an API that does not expose error info
     # as of march 2013 we work with an API that essentially either returns the value, or raises 
@@ -92,13 +91,15 @@ def _execute_query(request, query, manifold_api_session_auth):
         # but most importantly there is a need to refine that test, since 
         # code==2 does not necessarily mean an expired session
         # XXX only if we know it is the issue
-        SessionCache().end_session(request)
+        #SessionCache().end_session(request)
         # Flush django session
+        del request.session['manifold']
+
         request.session.flush()
         #raise Exception, 'Error running query: {}'.format(result)
     
     if result['code'] == 1:
-        log.warning("MANIFOLD : {}".format(result['description']))
+        logger.warning("MANIFOLD : {}".format(result['description']))
 
     # XXX Handle errors
     #Error running query: {'origin': [0, 'XMLRPCAPI'], 'code': 2, 'description': 'No such session: No row was found for one()', 'traceback': 'Traceback (most recent call last):\n  File "/usr/local/lib/python2.7/dist-packages/manifold/core/xmlrpc_api.py", line 68, in xmlrpc_forward\n    user = Auth(auth).check()\n  File "/usr/local/lib/python2.7/dist-packages/manifold/auth/__init__.py", line 245, in check\n    return self.auth_method.check()\n  File "/usr/local/lib/python2.7/dist-packages/manifold/auth/__init__.py", line 95, in check\n    raise AuthenticationFailure, "No such session: %s" % e\nAuthenticationFailure: No such session: No row was found for one()\n', 'type': 2, 'ts': None, 'value': None}
@@ -107,13 +108,18 @@ def _execute_query(request, query, manifold_api_session_auth):
 
 def execute_query(request, query):
     
-    manifold_api_session_auth = SessionCache().get_auth(request)
-    if not manifold_api_session_auth:
+    logger.debug("EXECUTE QUERY: request - {}".format(request.session.items()))
+    
+    if not 'manifold' in request.session or not 'auth' in request.session['manifold']:
+    #manifold_api_session_auth = SessionCache().get_auth(request)
+    #if not manifold_api_session_auth:
         request.session.flush()
         #raise Exception, "User not authenticated"
         host = request.get_host()
         return redirect('/')
     
+    manifold_api_session_auth = request.session['manifold']['auth']
+
     return _execute_query(request, query, manifold_api_session_auth)
 
 def execute_admin_query(request, query):