refactoring cookie age as a function not a constant

2026-03-28 18:12:54 +00:00 · 2025-06-14 20:36:31 +03:00
parent d8cdf7bc5a
commit 40fb066e2b
11 changed files with 30 additions and 23 deletions
--- a/core/utils.py
+++ b/core/utils.py
@@ -46,6 +46,7 @@ TROG = {"pagecache": {"expedition": {}}, "caves": {"gcavelookup": {}, "gcavecoun
 alphabet = []
 sha = hashlib.new('sha256')
 COOKIE_MAX_AGE = 2*365*24*60*60 # seconds
+COOKIE_SHORT_TIMEOUT = 60*60 # seconds
 throw = 35.0

 EXPOSERVER = "expo" # hostname of the server at expo.survex.com
@@ -76,6 +77,11 @@ except:
    # Opening of file for writing is going to fail currently, so decide it doesn't matter for now
    pass

+def get_cookie_max_age():
+    """This is where we detect whether the machine the user is using is a shared-use device or a personbal device.
+    If it is shared-use, then we set a much shorter cookie timout period.
+    """
+    return COOKIE_MAX_AGE

 def sanitize_name(name):
    """Filenames sould not contain these characters as then the system barf when it tries to use them in URLs
--- a/core/views/cave_kataster.py
+++ b/core/views/cave_kataster.py
@@ -9,7 +9,6 @@ from django.shortcuts import redirect, render
 import troggle.settings as settings
 #from troggle.core.models.caves import Entrance, Cave
 from troggle.core.utils import (
-    COOKIE_MAX_AGE,
    WriteAndCommitError,
    current_expo,
    get_cookie,
--- a/core/views/caves.py
+++ b/core/views/caves.py
@@ -21,7 +21,7 @@ from troggle.core.models.caves import Cave, CaveAndEntrance, Entrance, GetCaveLo
 from troggle.core.models.logbooks import QM
 from troggle.core.models.wallets import Wallet
 from troggle.core.utils import (
-    COOKIE_MAX_AGE,
+    get_cookie_max_age,
    WriteAndCommitError,
    current_expo,
    get_editor, 
@@ -547,7 +547,7 @@ def edit_cave(request, path="", slug=None):
                edit_response = HttpResponseRedirect("/" + cave.url)
            else:
                edit_response = HttpResponseRedirect(reverse("newentrance", args = [cave.url_parent(), cave.slug()])) 
-            edit_response.set_cookie('editor_id', editor, max_age=COOKIE_MAX_AGE) # cookie expires after COOKIE_MAX_AGE seconds
+            edit_response.set_cookie('editor_id', editor, max_age=get_cookie_max_age()) # cookie expires after get_cookie_max_age() seconds

            try:
                cave_file = cave.file_output()
@@ -777,7 +777,7 @@ def edit_entrance(request, path="", caveslug=None, entslug=None):
            try:
                write_and_commit([entrance_file, cave_file], f"Online edit of entrance {entrance.slug}", editor)
                edit_response = HttpResponseRedirect("/" + cave.url)
-                edit_response.set_cookie('editor_id', editor, max_age=COOKIE_MAX_AGE) # cookie expires after COOKIE_MAX_AGE seconds
+                edit_response.set_cookie('editor_id', editor, max_age=get_cookie_max_age()) # cookie expires after get_cookie_max_age() seconds
                return edit_response
            except Exception as e:
                efilepath, econtent, eencoding = entrance_file
--- a/core/views/editor_helpers.py
+++ b/core/views/editor_helpers.py
@@ -16,7 +16,8 @@ from django.conf import settings as django_settings
 from PIL import Image

 import troggle.settings as settings
-from troggle.core.utils import ( COOKIE_MAX_AGE, 
+from troggle.core.utils import ( 
+    get_cookie_max_age, 
    WriteAndCommitError, get_editor, 
    git_string, 
    write_binary_file, write_and_commit, write_files,
@@ -409,7 +410,7 @@ def new_image_form(request, path):
            )
            save_original_in_expofiles(f, year, form.cleaned_data["photographer"], host, image_rel_path, referer)
            j_response = JsonResponse({"html": html_snippet})
-            j_response.set_cookie('editor_id', editor, max_age=COOKIE_MAX_AGE) # does NOT seem to work updating who_are_you cookie
+            j_response.set_cookie('editor_id', editor, max_age=get_cookie_max_age()) # does NOT work updating who_are_you cookie - because it is JsonResponse not HttpResponse.
            return j_response
    else:
        # print(f"new_image_form():  not POST ")
--- a/core/views/expo.py
+++ b/core/views/expo.py
@@ -14,7 +14,7 @@ import troggle.core.views.caves
 import troggle.settings as settings
 from troggle.core.models.caves import Cave
 from troggle.core.utils import (
-    COOKIE_MAX_AGE,
+    get_cookie_max_age,
    WriteAndCommitError,
    current_expo,
    git_string, 
@@ -493,8 +493,8 @@ def editexpopage(request, path):

            if not filefound or result != html:  # Check if content changed at all
                edit_response = HttpResponseRedirect(reverse("expopage", args=[path]))  # Redirect after POST
-                edit_response.set_cookie('editor_id', editor, max_age=COOKIE_MAX_AGE) # cookie expires after COOKIE_MAX_AGE seconds
-                print(f"Cookie set: {editor} for {COOKIE_MAX_AGE/(24*3600)} days")
+                edit_response.set_cookie('editor_id', editor, max_age=get_cookie_max_age()) # cookie expires after get_cookie_max_age() seconds
+                print(f"Cookie set: {editor} for {get_cookie_max_age()/(3600)} hour(s)")
                try:
                    change_message = pageform.cleaned_data["change_message"]
                    write_and_commit([(filepath, result, "utf-8")], f"{change_message} - online edit of {path}", editor)
@@ -610,7 +610,7 @@ def edittxtpage(request, path, filepath):
                savepath = "/" + path
                print(f"redirect {savepath}")
                response = redirect(savepath) # Redirect after POST
-                response.set_cookie('editor_id', editor, max_age=COOKIE_MAX_AGE) # cookie expires after COOKIE_MAX_AGE seconds
+                response.set_cookie('editor_id', editor, max_age=get_cookie_max_age()) # cookie expires after get_cookie_max_age() seconds
                return response  
                
            else:
--- a/core/views/logbook_edit.py
+++ b/core/views/logbook_edit.py
@@ -13,7 +13,7 @@ from troggle.core.models.logbooks import LogbookEntry, PersonLogEntry, writelogb
 from troggle.core.models.survex import DrawingFile
 from troggle.core.models.troggle import DataIssue, Expedition, PersonExpedition
 from troggle.core.utils import (
-    COOKIE_MAX_AGE,
+    get_cookie_max_age,
    add_commit,
    alphabet_suffix,
    current_expo,
@@ -344,7 +344,7 @@ def logbookedit(request, year=None, slug=None):
            # error settings e.g dateflag and authroflag so the user gets no feedback about bad data entered.
            # so we need to pass the flags explicitly in the url and then extract them from the request in the GET bit. sigh.
            response = HttpResponseRedirect(f"/logbookedit/{slug}?dateflag={dateflag}&authorflag={authorflag}")
-            response.set_cookie('editor_id', editor, max_age=COOKIE_MAX_AGE) # cookie expires after COOKIE_MAX_AGE seconds
+            response.set_cookie('editor_id', editor, max_age=get_cookie_max_age()) # cookie expires after get_cookie_max_age() seconds
            return response
            
            # Do the redirect instead of this:
--- a/core/views/other.py
+++ b/core/views/other.py
@@ -11,7 +11,7 @@ from troggle.core.models.logbooks import LogbookEntry, writelogbook  # , PersonL

 # from databaseReset import reinit_db # don't do this. databaseRest runs code *at import time*
 from troggle.core.models.troggle import Expedition
-from troggle.core.utils import current_expo, COOKIE_MAX_AGE
+from troggle.core.utils import current_expo, COOKIE_SHORT_TIMEOUT
 from troggle.parsers.imports import (
    import_caves,
    import_drawingsfiles,
@@ -38,9 +38,11 @@ todo = """

 def public_laptop(request):
    """Just sets a cookie. Visit this web page from Crowley, Anathema, Aziraphale, Pulsifer etc.
+    
+    This hack to be replaced in due course by a proper call from a user saying whether they are using a shared machine or not.
    """
-    response = HttpResponse("Cookie has been set on this machine, which now defines it as a public laptop. So login cookie lifetimes will now be short.")
-    response.set_cookie("public_laptop", "this is a public laptop", max_age=COOKIE_MAX_AGE)  # Cookie expires in 1 hour
+    response = HttpResponse(f"Cookie has been set on this machine, which now defines it as a public laptop. So the login cookie lifetimes will now be short:{COOKIE_SHORT_TIMEOUT/(60*60)} hour(s)")
+    response.set_cookie("public_laptop", "this is a public laptop", max_age=COOKIE_SHORT_TIMEOUT)  # Cookie expires in 1 hour
    return response

 def todos(request, module):
--- a/core/views/signup.py
+++ b/core/views/signup.py
@@ -12,7 +12,6 @@ from troggle.core.models.troggle import DataIssue, Person, PersonExpedition
 from troggle.core.models.logbooks import Expedition
 from troggle.core.views.editor_helpers import HTMLarea
 from troggle.core.utils import (
-    COOKIE_MAX_AGE,
    WriteAndCommitError,
    add_commit,
    current_expo,
--- a/core/views/survex.py
+++ b/core/views/survex.py
@@ -18,7 +18,7 @@ from troggle.core.models.logbooks import LogbookEntry
 from troggle.core.models.survex import SurvexBlock, SurvexFile  #, SurvexDirectory
 from troggle.core.models.wallets import Wallet
 from troggle.core.utils import (
-    COOKIE_MAX_AGE, 
+    get_cookie_max_age, 
    add_commit, 
    current_expo, 
    get_editor, 
@@ -441,8 +441,8 @@ def svx(request, survex_file):
    else:
        edit_response = render(request, "svxfile.html", vmap)
        
-    edit_response.set_cookie('editor_id', editor, max_age=COOKIE_MAX_AGE) # cookie expires after COOKIE_MAX_AGE seconds
-    print(f"Cookie reset: {editor} for another {COOKIE_MAX_AGE/3600} hours")
+    edit_response.set_cookie('editor_id', editor, max_age=get_cookie_max_age()) # cookie expires after get_cookie_max_age() seconds
+    print(f"Cookie reset: {editor} for another {get_cookie_max_age()/3600} hour(s)")

    return edit_response

--- a/core/views/uploads.py
+++ b/core/views/uploads.py
@@ -12,7 +12,7 @@ from troggle.core.models.caves import GetCaveLookup
 from troggle.core.models.survex import DrawingFile
 from troggle.core.models.troggle import DataIssue, Expedition, PersonExpedition
 from troggle.core.utils import (
-    COOKIE_MAX_AGE,
+    get_cookie_max_age,
    alphabet_suffix,
    current_expo,
    get_editor,
@@ -755,5 +755,5 @@ def dwgupload(request, folder=None, gitdisable="no"):
            "who_are_you": editor,
        },
    )
-    response.set_cookie('editor_id', editor, max_age=COOKIE_MAX_AGE) # cookie expires after COOKIE_MAX_AGE seconds
+    response.set_cookie('editor_id', editor, max_age=get_cookie_max_age()) # cookie expires after get_cookie_max_age() seconds
    return response
--- a/core/views/wallets_edit.py
+++ b/core/views/wallets_edit.py
@@ -20,7 +20,7 @@ from troggle.core.models.survex import SurvexBlock, SurvexFile, SurvexPersonRole
 from troggle.core.models.troggle import DataIssue, Expedition
 from troggle.core.models.wallets import YEAR_RANGE, Wallet, make_valid_date
 from troggle.core.utils import (
-    COOKIE_MAX_AGE,
+    get_cookie_max_age,
    WriteAndCommitError,
    add_commit,
    current_expo,
@@ -978,6 +978,6 @@ def walletedit(request, path=None):
                "freetextsize": str(max(60, len(str(freetext)))),
            },
        )
-    edit_response.set_cookie('editor_id', editor, max_age=COOKIE_MAX_AGE) # cookie expires after COOKIE_MAX_AGE seconds
+    edit_response.set_cookie('editor_id', editor, max_age=get_cookie_max_age()) # cookie expires after get_cookie_max_age() seconds
    return edit_response