Upgrade to 4.2.2
[usit-rt.git] / lib / RT / Interface / Web / Session.pm
CommitLineData
84fb5b46
MKG
1# BEGIN BPS TAGGED BLOCK {{{
2#
3# COPYRIGHT:
4#
320f0092 5# This software is Copyright (c) 1996-2014 Best Practical Solutions, LLC
84fb5b46
MKG
6# <sales@bestpractical.com>
7#
8# (Except where explicitly superseded by other copyright notices)
9#
10#
11# LICENSE:
12#
13# This work is made available to you under the terms of Version 2 of
14# the GNU General Public License. A copy of that license should have
15# been provided with this software, but in any event can be snarfed
16# from www.gnu.org.
17#
18# This work is distributed in the hope that it will be useful, but
19# WITHOUT ANY WARRANTY; without even the implied warranty of
20# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21# General Public License for more details.
22#
23# You should have received a copy of the GNU General Public License
24# along with this program; if not, write to the Free Software
25# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
26# 02110-1301 or visit their web page on the internet at
27# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
28#
29#
30# CONTRIBUTION SUBMISSION POLICY:
31#
32# (The following paragraph is not intended to limit the rights granted
33# to you to modify and distribute this software under the terms of
34# the GNU General Public License and is only of importance to you if
35# you choose to contribute your changes and enhancements to the
36# community by submitting them to Best Practical Solutions, LLC.)
37#
38# By intentionally submitting any modifications, corrections or
39# derivatives to this work, or any other work intended for use with
40# Request Tracker, to Best Practical Solutions, LLC, you confirm that
41# you are the copyright holder for those contributions and you grant
42# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
43# royalty-free, perpetual, license to use, copy, create derivative
44# works based on those contributions, and sublicense and distribute
45# those contributions and any derivatives thereof.
46#
47# END BPS TAGGED BLOCK }}}
48
49package RT::Interface::Web::Session;
50use warnings;
51use strict;
52
53use RT::CurrentUser;
54
55=head1 NAME
56
57RT::Interface::Web::Session - RT web session class
58
59=head1 SYNOPSYS
60
61
62=head1 DESCRIPTION
63
64RT session class and utilities.
65
66CLASS METHODS can be used without creating object instances,
67it's mainly utilities to clean unused session records.
68
69Object is tied hash and can be used to access session data.
70
71=head1 METHODS
72
73=head2 CLASS METHODS
74
75=head3 Class
76
77Returns name of the class that is used as sessions storage.
78
79=cut
80
81sub Class {
82 my $self = shift;
83
84 my $class = RT->Config->Get('WebSessionClass')
85 || $self->Backends->{RT->Config->Get('DatabaseType')}
86 || 'Apache::Session::File';
87 eval "require $class";
88 die $@ if $@;
89 return $class;
90}
91
92=head3 Backends
93
94Returns hash reference with names of the databases as keys and
95sessions class names as values.
96
97=cut
98
99sub Backends {
100 return {
af59614d
MKG
101 mysql => 'Apache::Session::MySQL',
102 Pg => 'Apache::Session::Postgres',
103 Oracle => 'Apache::Session::Oracle',
84fb5b46
MKG
104 };
105}
106
107=head3 Attributes
108
109Returns hash reference with attributes that are used to create
110new session objects.
111
112=cut
113
114sub Attributes {
115 my $class = $_[0]->Class;
af59614d
MKG
116 my $res;
117 if ( my %props = RT->Config->Get('WebSessionProperties') ) {
118 $res = \%props;
119 }
120 elsif ( $class->isa('Apache::Session::File') ) {
121 $res = {
84fb5b46
MKG
122 Directory => $RT::MasonSessionDir,
123 LockDirectory => $RT::MasonSessionDir,
124 Transaction => 1,
125 };
af59614d
MKG
126 }
127 else {
128 $res = {
129 Handle => $RT::Handle->dbh,
130 LockHandle => $RT::Handle->dbh,
131 Transaction => 1,
132 };
133 }
320f0092
MKG
134 $res->{LongReadLen} = RT->Config->Get('MaxAttachmentSize')
135 if $class->isa('Apache::Session::Oracle');
af59614d 136 return $res;
84fb5b46
MKG
137}
138
139=head3 Ids
140
141Returns array ref with list of the session IDs.
142
143=cut
144
145sub Ids {
146 my $self = shift || __PACKAGE__;
147 my $attributes = $self->Attributes;
148 if( $attributes->{Directory} ) {
149 return $self->_IdsDir( $attributes->{Directory} );
150 } else {
151 return $self->_IdsDB( $RT::Handle->dbh );
152 }
153}
154
155sub _IdsDir {
156 my ($self, $dir) = @_;
157 require File::Find;
158 my %file;
159 File::Find::find(
160 sub { return unless /^[a-zA-Z0-9]+$/;
161 $file{$_} = (stat($_))[9];
162 },
163 $dir,
164 );
165
166 return [ sort { $file{$a} <=> $file{$b} } keys %file ];
167}
168
169sub _IdsDB {
170 my ($self, $dbh) = @_;
171 my $ids = $dbh->selectcol_arrayref("SELECT id FROM sessions ORDER BY LastUpdated DESC");
172 die "couldn't get ids: ". $dbh->errstr if $dbh->errstr;
173 return $ids;
174}
175
176=head3 ClearOld
177
178Takes seconds and deletes all sessions that are older.
179
180=cut
181
182sub ClearOld {
183 my $class = shift || __PACKAGE__;
184 my $attributes = $class->Attributes;
185 if( $attributes->{Directory} ) {
186 return $class->_ClearOldDir( $attributes->{Directory}, @_ );
187 } else {
188 return $class->_ClearOldDB( $RT::Handle->dbh, @_ );
189 }
190}
191
192sub _ClearOldDB {
193 my ($self, $dbh, $older_than) = @_;
194 my $rows;
195 unless( int $older_than ) {
196 $rows = $dbh->do("DELETE FROM sessions");
197 die "couldn't delete sessions: ". $dbh->errstr unless defined $rows;
198 } else {
199 require POSIX;
200 my $date = POSIX::strftime("%Y-%m-%d %H:%M", localtime( time - int $older_than ) );
201
202 my $sth = $dbh->prepare("DELETE FROM sessions WHERE LastUpdated < ?");
203 die "couldn't prepare query: ". $dbh->errstr unless $sth;
204 $rows = $sth->execute( $date );
205 die "couldn't execute query: ". $dbh->errstr unless defined $rows;
206 }
207
01e3b242 208 $RT::Logger->info("successfully deleted $rows sessions");
84fb5b46
MKG
209 return;
210}
211
212sub _ClearOldDir {
213 my ($self, $dir, $older_than) = @_;
214
215 require File::Spec if int $older_than;
216
217 my $now = time;
218 my $class = $self->Class;
219 my $attrs = $self->Attributes;
220
221 foreach my $id( @{ $self->Ids } ) {
222 if( int $older_than ) {
5b0d0914
MKG
223 my $mtime = (stat(File::Spec->catfile($dir,$id)))[9];
224 if( $mtime > $now - $older_than ) {
84fb5b46
MKG
225 $RT::Logger->debug("skipped session '$id', isn't old");
226 next;
227 }
228 }
229
230 my %session;
231 local $@;
232 eval { tie %session, $class, $id, $attrs };
233 if( $@ ) {
234 $RT::Logger->debug("skipped session '$id', couldn't load: $@");
235 next;
236 }
237 tied(%session)->delete;
01e3b242 238 $RT::Logger->info("successfully deleted session '$id'");
84fb5b46 239 }
403d7b0b 240
01e3b242
MKG
241 # Apache::Session::Lock::File will clean out locks older than X, but it
242 # leaves around bogus locks if they're too new, even though they're
243 # guaranteed dead. On even just largeish installs, the accumulated number
244 # of them may bump into ext3/4 filesystem limits since Apache::Session
245 # doesn't use a fan-out tree.
403d7b0b
MKG
246 my $lock = Apache::Session::Lock::File->new;
247 $lock->clean( $dir, $older_than );
248
01e3b242
MKG
249 # Take matters into our own hands and clear bogus locks hanging around
250 # regardless of how recent they are.
251 $self->ClearOrphanLockFiles($dir);
252
84fb5b46
MKG
253 return;
254}
255
01e3b242
MKG
256=head3 ClearOrphanLockFiles
257
258Takes a directory in which to look for L<Apache::Session::Lock::File> locks
259which no longer have a corresponding session file. If not provided, the
260directory is taken from the session configuration data.
261
262=cut
263
264sub ClearOrphanLockFiles {
265 my $class = shift;
266 my $dir = shift || $class->Attributes->{Directory}
267 or return;
268
269 if (opendir my $dh, $dir) {
270 for (readdir $dh) {
271 next unless /^Apache-Session-([0-9a-f]{32})\.lock$/;
272 next if -e "$dir/$1";
273
274 RT->Logger->debug("deleting orphaned session lockfile '$_'");
275
276 unlink "$dir/$_"
277 or warn "Failed to unlink session lockfile $dir/$_: $!";
278 }
279 closedir $dh;
280 } else {
281 warn "Unable to open directory '$dir' for reading: $!";
282 }
283}
284
84fb5b46
MKG
285=head3 ClearByUser
286
287Checks all sessions and if user has more then one session
288then leave only the latest one.
289
290=cut
291
292sub ClearByUser {
293 my $self = shift || __PACKAGE__;
294 my $class = $self->Class;
295 my $attrs = $self->Attributes;
296
01e3b242 297 my $deleted;
84fb5b46
MKG
298 my %seen = ();
299 foreach my $id( @{ $self->Ids } ) {
300 my %session;
301 local $@;
302 eval { tie %session, $class, $id, $attrs };
303 if( $@ ) {
304 $RT::Logger->debug("skipped session '$id', couldn't load: $@");
305 next;
306 }
307 if( $session{'CurrentUser'} && $session{'CurrentUser'}->id ) {
308 unless( $seen{ $session{'CurrentUser'}->id }++ ) {
309 $RT::Logger->debug("skipped session '$id', first user's session");
310 next;
311 }
312 }
313 tied(%session)->delete;
01e3b242
MKG
314 $RT::Logger->info("successfully deleted session '$id'");
315 $deleted++;
84fb5b46 316 }
01e3b242 317 $self->ClearOrphanLockFiles if $deleted;
84fb5b46
MKG
318}
319
320sub TIEHASH {
321 my $self = shift;
322 my $id = shift;
323
324 my $class = $self->Class;
325 my $attrs = $self->Attributes;
326
327 my %session;
328
329 local $@;
330 eval { tie %session, $class, $id, $attrs };
331 eval { tie %session, $class, undef, $attrs } if $@;
332 if ( $@ ) {
01e3b242
MKG
333 die "RT couldn't store your session. "
334 . "This may mean that that the directory '$RT::MasonSessionDir' isn't writable or a database table is missing or corrupt.\n\n"
84fb5b46
MKG
335 . $@;
336 }
337
338 return tied %session;
339}
340
3411;