From b42ed7be7acf62bc79a158088298e43d4140c5d5 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Thu, 30 Apr 2020 17:59:47 +0200
Subject: [PATCH] Less spooky messages when session expired

---
 locales/en.json                       | 1 +
 moulinette/authenticators/__init__.py | 8 +++++++-
 moulinette/cache.py                   | 7 +++++++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/locales/en.json b/locales/en.json
index 97ff034f..aa27c5cd 100644
--- a/locales/en.json
+++ b/locales/en.json
@@ -31,6 +31,7 @@
     "success": "Success!",
     "unable_authenticate": "Unable to authenticate",
     "unable_retrieve_session": "Unable to retrieve the session because '{exception}'",
+    "session_expired": "The session expired. Please re-authenticate.",
     "unknown_group": "Unknown '{group}' group",
     "unknown_user": "Unknown '{user}' user",
     "values_mismatch": "Values don't match",
diff --git a/moulinette/authenticators/__init__.py b/moulinette/authenticators/__init__.py
index 3a78b7e6..fa0feb45 100644
--- a/moulinette/authenticators/__init__.py
+++ b/moulinette/authenticators/__init__.py
@@ -5,7 +5,7 @@ import logging
 import hashlib
 import hmac
 
-from moulinette.cache import open_cachefile, get_cachedir
+from moulinette.cache import open_cachefile, get_cachedir, cachefile_exists
 from moulinette.core import MoulinetteError
 
 logger = logging.getLogger("moulinette.authenticator")
@@ -159,6 +159,10 @@ class BaseAuthenticator(object):
             "%s.asc" % session_id, mode, subdir="session/%s" % self.name
         )
 
+    def _session_exists(self, session_id):
+        """Check a session exists"""
+        return cachefile_exists("%s.asc" % session_id, subdir="session/%s" % self.name)
+
     def _store_session(self, session_id, session_token):
         """Store a session to be able to use it later to reauthenticate"""
 
@@ -170,6 +174,8 @@ class BaseAuthenticator(object):
 
     def _authenticate_session(self, session_id, session_token):
         """Checks session and token against the stored session token"""
+        if not self._session_exists(self, session_id):
+            raise MoulinetteError("session_expired")
         try:
             # FIXME : shouldn't we also add a check that this session file
             # is not too old ? e.g. not older than 24 hours ? idk...
diff --git a/moulinette/cache.py b/moulinette/cache.py
index f71c3fca..c6c8df5e 100644
--- a/moulinette/cache.py
+++ b/moulinette/cache.py
@@ -42,3 +42,10 @@ def open_cachefile(filename, mode="r", subdir=""):
     cache_dir = get_cachedir(subdir, make_dir=True if mode[0] == "w" else False)
     file_path = os.path.join(cache_dir, filename)
     return open(file_path, mode)
+
+
+def cachefile_exists(filename, subdir=""):
+
+    cache_dir = get_cachedir(subdir, make_dir=False)
+    file_path = os.path.join(cache_dir, filename)
+    return os.path.exists(file_path)