shared use machine short-cookie timeout implemented for survex file editing only

core/utils.py

@@ -48,6 +48,8 @@ alphabet = []
 sha = hashlib.new('sha256')
 COOKIE_MAX_AGE = 2*365*24*60*60 # seconds
 COOKIE_SHORT_TIMEOUT = 60*60 # seconds
+PUBLIC_LAPTOP_COOKIE_NAME = "public_laptop"
+PUBLIC_LAPTOP_COOKIE_TEXT = "this is a public laptop"
 throw = 35.0
 
 EXPOSERVER = "expo" # hostname of the server at expo.survex.com
@@ -78,11 +80,11 @@ except:
     # Opening of file for writing is going to fail currently, so decide it doesn't matter for now
     pass
 
-def get_cookie_max_age():
+def get_cookie_max_age(request=None):
     """This is where we detect whether the machine the user is using is a shared-use device or a personal device.
     If it is shared-use, then we set a much shorter cookie timout period.
     """
-    if shared_use_machine():
+    if shared_use_machine(request):
         return COOKIE_SHORT_TIMEOUT
     else:        
         return COOKIE_MAX_AGE
@@ -309,11 +311,26 @@ def get_git_string(user):
         person = people[0]
         return f"{person.fullname} <{user.email}>"    
 
-def shared_use_machine():
+def shared_use_machine(request):
     """Looks for a cookie which only exists on shared use machines
     """
+    print(f" -  shared use cookie check {request}")
+    
+    if not request: # temporary while rolling out implementation to all calling functions
         return False      
 
+    if not (cookie_txt := request.COOKIES.get(PUBLIC_LAPTOP_COOKIE_NAME, "")):
+        return False
+    elif cookie_txt == PUBLIC_LAPTOP_COOKIE_TEXT:        
+        print(f" -  shared use cookie exists, and has expected value: '{cookie_txt}'")
+        return True
+    else:
+        print(f" -  shared use cookie exists, but has wrong value: '{cookie_txt}' not '{PUBLIC_LAPTOP_COOKIE_TEXT}'")
+        return True
+
+
+
+    
 def get_cookie(request):
     """The initial idea of having a default turned out to be a bad idea as people just ignore the field.
     If the default value is blank, then the form validation code makes the user type something in. 

core/views/other.py

@@ -11,7 +11,7 @@ from troggle.core.models.logbooks import LogbookEntry, writelogbook  # , PersonL
 
 # from databaseReset import reinit_db # don't do this. databaseRest runs code *at import time*
 from troggle.core.models.troggle import Expedition
-from troggle.core.utils import current_expo, COOKIE_SHORT_TIMEOUT
+from troggle.core.utils import current_expo, COOKIE_SHORT_TIMEOUT, PUBLIC_LAPTOP_COOKIE_NAME, PUBLIC_LAPTOP_COOKIE_TEXT
 from troggle.parsers.imports import (
     import_caves,
     import_drawingsfiles,
@@ -42,7 +42,7 @@ def public_laptop(request):
     This hack to be replaced in due course by a proper call from a user saying whether they are using a shared machine or not.
     """
     response = HttpResponse(f"Cookie has been set on this machine, which now defines it as a public laptop. So the login cookie lifetimes will now be short:{COOKIE_SHORT_TIMEOUT/(60*60)} hour(s)")
-    response.set_cookie("public_laptop", "this is a public laptop", max_age=COOKIE_SHORT_TIMEOUT)  # Cookie expires in 1 hour
+    response.set_cookie(PUBLIC_LAPTOP_COOKIE_NAME, PUBLIC_LAPTOP_COOKIE_TEXT, max_age=COOKIE_SHORT_TIMEOUT)  # Cookie expires in 1 hour
     return response
 
 def todos(request, module):

core/views/survex.py

@@ -441,8 +441,8 @@ def svx(request, survex_file):
     else:
         edit_response = render(request, "svxfile.html", vmap)
         
-    edit_response.set_cookie('editor_id', editor, max_age=get_cookie_max_age()) # cookie expires after get_cookie_max_age() seconds
-    print(f"Cookie reset: {editor} for another {get_cookie_max_age()/3600} hour(s)")
+    edit_response.set_cookie('editor_id', editor, max_age=get_cookie_max_age(request)) # cookie expires after get_cookie_max_age() seconds
+    print(f"Cookie reset: {editor} for another {get_cookie_max_age(request)/3600} hour(s)")
 
     return edit_response