Moving anon user tracking from image element to form submit

hasjob/templates/formlayout.html.jinja2

@@ -1,3 +1,4 @@
+{% from "macros.html.jinja2" import anon_user_script %}
 {%- if current_view.tabs -%}
   {%- extends "tablayout.html.jinja2" -%}
 {%- else -%}
@@ -27,4 +28,5 @@
   {%- if header_campaign %}{{ campaign_script() }}{% endif %}
   {% assets "js_tinymce" %}<script src="{{ ASSET_URL }}" type="text/javascript"></script>{% endassets %}
   {% block footerscripts %}{% endblock %}
+  {{ anon_user_script() }}
 {% endblock %}

hasjob/templates/layout.html.jinja2

@@ -1,6 +1,6 @@
 {%- extends "baseframe.html.jinja2" -%}
 {%- from "baseframe/components.html.jinja2" import hgnav -%}
-{%- from "macros.html.jinja2" import campaign_header, campaign_script, filters_setup_script -%}
+{%- from "macros.html.jinja2" import campaign_header, campaign_script, filters_setup_script, anon_user_script -%}
 
 {%- block doctypehtml -%}
 <!DOCTYPE html>
@@ -54,7 +54,7 @@
       {{ filters_setup_script(job_filters, data_filters) }}
     {%- else %}
       {{ filters_setup_script(job_filters) }}
-  {%- endif %}
+    {%- endif %}
   {%- endif %}
 {%- endblock %}
 
@@ -225,13 +225,11 @@
     to find out when new jobs are posted. Hosted by
     <a href="http://e2enetworks.com/">E2E Networks</a>.
   {%- endif %}
-  {%- if not g.user and not g.anon_user %}
-    <img src="{{ url_for('sniffle') }}" width="1" height="1" alt=""/>
-  {%- endif %}
 </p>
 {% endblock %}
 
 {% block layoutscripts %}
   {%- if header_campaign %}{{ campaign_script() }}{% endif %}
   {% block footerscripts %}{% endblock %}
+  {{ anon_user_script() }}
 {% endblock %}

hasjob/templates/macros.html.jinja2

@@ -207,3 +207,37 @@
     </script>
   {%- endwith %}
 {%- endmacro -%}
+
+{%- macro anon_user_script() -%}
+  {%- if not g.user and not g.anon_user %}
+  <script type="text/javascript">
+    $(function () {
+      var anonymized = false;
+      var csrf_token = $('meta[name="csrf-token"]').attr('content');
+      var anonymize = function (event) {
+        $.post(
+          "{{ url_for('anon_session') }}",
+          {
+            event: event,
+            csrf_token: csrf_token
+          },
+          function (data) {
+            console.log(data);
+          });
+        anonymized = true;
+      }
+      window.onscroll = function (e) {
+        if (!anonymized) {
+          anonymize("scroll");
+        }
+      }
+      window.onpointermove = function (e) {
+        if (!anonymized) {
+          anonymize("pointermove");
+        }
+      }
+    })
+  </script>
+  {%- endif %}
+{%- endmacro -%}
+

hasjob/templates/sheet.html.jinja2

@@ -1,5 +1,5 @@
 {%- extends "layout.html.jinja2" -%}
-{%- from "macros.html.jinja2" import campaign_header, campaign_script -%}
+{%- from "macros.html.jinja2" import campaign_header, campaign_script, anon_user_script -%}
 {% block messages %}{% endblock %}
 {% block basecontent %}
   {%- if header_campaign %}<div id="header-campaign"></div>{% endif %}
@@ -24,4 +24,5 @@
 {% block layoutscripts %}
   {%- if header_campaign %}{{ campaign_script() }}{% endif %}
   {% block footerscripts %}{% endblock %}
+  {{ anon_user_script() }}
 {% endblock %}

hasjob/templates/tablayout.html.jinja2

@@ -1,3 +1,4 @@
+{% from "macros.html.jinja2" import anon_user_script %}
 {%- extends "layout.html.jinja2" -%}
 {% block pageheaders %}
   <link href="//cdnjs.cloudflare.com/ajax/libs/c3/0.4.14/c3.min.css" rel="stylesheet"/>
@@ -31,4 +32,5 @@
   <script type="text/javascript" src="//cdnjs.cloudflare.com/ajax/libs/d3/3.5.17/d3.min.js"></script>
   <script type="text/javascript" src="//cdnjs.cloudflare.com/ajax/libs/c3/0.4.14/c3.min.js"></script>
   {% block footerscripts %}{% endblock %}
+  {{ anon_user_script() }}
 {% endblock %}

hasjob/views/api.py

@@ -1,8 +1,10 @@
 # -*- coding: utf-8 -*-
 
-from flask import jsonify
-from coaster.views import requestargs
-from ..models import Tag, Domain
+from flask import jsonify, g, session, request, Response
+from flask_wtf import FlaskForm
+from coaster.views import requestargs, render_with
+
+from ..models import db, Tag, Domain, AnonUser, EventSession, EventSessionBase, UserEvent
 from .. import app, lastuser
 
 
@@ -18,3 +20,32 @@ def tag_autocomplete(q):
 @requestargs('q')
 def domain_autocomplete(q):
     return jsonify({'domains': [d.name for d in Domain.autocomplete(q)]})
+
+
+@app.route('/api/1/anonsession', methods=['POST'])
+@render_with(json=True)
+def anon_session():
+    """
+    Load anon user:
+
+    1. If client returns valid csrf token, create and set g.anon_user
+    2. if g.anon_user exists, set session['au'] to anon_user.id
+    """
+    csrf_form = FlaskForm()
+    if csrf_form.validate_on_submit():
+        # This client sent us back valid csrf token
+        g.anon_user = AnonUser()
+        db.session.add(g.anon_user)
+        g.esession = EventSession.new_from_request(request)
+        g.esession.anon_user = g.anon_user
+        db.session.add(g.esession)
+        if 'au' in session:
+            g.esession.load_from_cache(session['au'], UserEvent)
+        # We'll update session['au'] below after database commit
+        db.session.commit()
+
+    if g.anon_user:
+        session['au'] = g.anon_user.id
+        session.permanent = True
+
+    return Response({'status': 'ok'})

hasjob/views/helper.py

@@ -2,7 +2,6 @@
 
 from os import path
 from datetime import datetime, timedelta
-from uuid import uuid4
 from urllib import quote, quote_plus
 import hashlib
 import bleach
@@ -19,25 +18,16 @@
 
 from .. import app, redis_store, lastuser
 from ..extapi import location_geodata
-from ..models import (agelimit, newlimit, db, JobCategory, JobPost, JobType, POST_STATE, BoardJobPost, Tag, JobPostTag,
-    Campaign, CampaignView, CampaignAnonView, EventSessionBase, EventSession, UserEventBase, UserEvent, JobImpression,
-    JobViewSession, AnonUser, campaign_event_session_table, JobLocation, PAY_TYPE)
+from ..models import (db, JobCategory, JobPost, JobType, BoardJobPost, Tag, JobPostTag,
+    Campaign, CampaignView, CampaignAnonView, EventSessionBase, EventSession, UserEventBase,
+    UserEvent, JobImpression, JobViewSession, AnonUser, campaign_event_session_table,
+    JobLocation, PAY_TYPE)
 from ..utils import scrubemail, redactemail, cointoss
 
 
 gif1x1 = 'R0lGODlhAQABAJAAAP8AAAAAACH5BAUQAAAALAAAAAABAAEAAAICBAEAOw=='.decode('base64')
 
 
-@app.route('/_sniffle.gif')
-def sniffle():
-    return gif1x1, 200, {
-        'Content-Type': 'image/gif',
-        'Cache-Control': 'no-cache, no-store, must-revalidate',
-        'Pragma': 'no-cache',
-        'Expires': '0'
-    }
-
-
 def index_is_paginated():
     return request.method == 'POST' and 'startdate' in request.values
 
@@ -66,18 +56,12 @@ def load_user_data(user):
     """
     All pre-request utilities, run after g.user becomes available.
 
-    Part 1: Load anon user:
-
-    1. If there's g.user and session['anon_user'], it loads that anon_user and tags with user=g.user, then removes anon
-    2. If there's no g.user and no session['anon_user'], sets session['anon_user'] = 'test'
-    3. If there's no g.user and there is session['anon_user'] = 'test', creates a new anon user, then saves to cookie
-    4. If there's no g.user and there is session['anon_user'] != 'test', loads g.anon_user
-
+    Part 1: If session['au'] exists, either set g.anon_user or set anon_user.user (if g.user exists).
     Part 2: Are we in kiosk mode? Is there a preview campaign?
     Part 3: Look up user's IP address location as geonameids for use in targeting.
     """
-    g.anon_user = None  # Could change below
-    g.event_data = {}   # Views can add data to the current pageview event
+    g.anon_user = None
+    g.event_data = {}
     g.esession = None
     g.viewcounts = {}
     g.impressions = session.pop('impressions', {})  # Retrieve from cookie session if present there
@@ -87,65 +71,38 @@ def load_user_data(user):
     now = datetime.utcnow()
 
     if request.endpoint not in ('static', 'baseframe.static'):
-        # Loading an anon user only if we're not rendering static resources
-        if user:
-            if 'au' in session and session['au'] is not None and not unicode(session['au']).startswith(u'test'):
+        if 'au' in session and session['au'] is not None:
+            if unicode(session['au']).startswith('test'):
+                # old test token that we no longer need
+                session.pop('au', None)
+            else:
+                # fetch anon user and set anon_user.user if g.user exists
                 anon_user = AnonUser.query.get(session['au'])
                 if anon_user:
-                    anon_user.user = user
-            session.pop('au', None)
-        else:
-            if not session.get('au'):
-                session['au'] = u'test-' + unicode(uuid4())
-                g.esession = EventSessionBase.new_from_request(request)
-                g.event_data['anon_cookie_test'] = session['au']
-            # elif session['au'] == 'test':  # Legacy test cookie, original request now lost
-            #     g.anon_user = AnonUser()
-            #     db.session.add(g.anon_user)
-            #     g.esession = EventSession.new_from_request(request)
-            #     g.esession.anon_user = g.anon_user
-            #     db.session.add(g.esession)
-            #     # We'll update session['au'] below after database commit
-            # elif unicode(session['au']).startswith('test-'):  # Newer redis-backed test cookie
-            #     # This client sent us back our test cookie, so set a real value now
-            #     g.anon_user = AnonUser()
-            #     db.session.add(g.anon_user)
-            #     g.esession = EventSession.new_from_request(request)
-            #     g.esession.anon_user = g.anon_user
-            #     db.session.add(g.esession)
-            #     g.esession.load_from_cache(session['au'], UserEvent)
-            #     # We'll update session['au'] below after database commit
-            else:
-                anon_user = None  # AnonUser.query.get(session['au'])
-                if not anon_user:
-                    # XXX: We got a fake value? This shouldn't happen
-                    g.event_data['anon_cookie_test'] = session['au']
-                    session['au'] = u'test-' + unicode(uuid4())  # Try again
-                    g.esession = EventSessionBase.new_from_request(request)
-                else:
+                    if g.user:
+                        anon_user.user = g.user
+                        session.pop('au', None)
                     g.anon_user = anon_user
-
-    # Prepare event session if it's not already present
-    if g.user or g.anon_user and not g.esession:
-        g.esession = EventSession.get_session(uuid=session.get('es'), user=g.user, anon_user=g.anon_user)
-    if g.esession:
-        session['es'] = g.esession.uuid
-
-    # Don't commit here. It flushes SQLAlchemy's session cache and forces
-    # fresh database hits. Let after_request commit. (Commented out 30-03-2016)
-    # db.session.commit()
-    g.db_commit_needed = True
-
-    if g.anon_user:
-        session['au'] = g.anon_user.id
-        session.permanent = True
-        if 'impressions' in session:
+                else:
+                    # the AnonUser record has been deleted for some reason,
+                    # this should not happen.
+                    session.pop('au', None)
+        elif not g.user:
+            # g.user, g.anon_user, session['au'], none of them are set
+            g.esession = EventSessionBase.new_from_request(request)
+
+        # Prepare event session if it's not already present
+        if g.user or g.anon_user and not g.esession:
+            g.esession = EventSession.get_session(uuid=session.get('es'), user=g.user, anon_user=g.anon_user)
+        if g.esession:
+            session['es'] = g.esession.uuid
+
+        if g.anon_user and 'impressions' in session:
             # Run this in the foreground since we need this later in the request for A/B display consistency.
             # This is most likely being called from the UI-non-blocking sniffle.gif anyway.
             save_impressions(g.esession.id, session.pop('impressions').values(), now)
 
     # We have a user, now look up everything else
-
     if session.get('kiosk'):
         g.kiosk = True
     else:
@@ -191,7 +148,7 @@ def load_user_data(user):
 
 @app.after_request
 def record_views_and_events(response):
-    if hasattr(g, 'db_commit_needed') and g.db_commit_needed:
+    if len(db.session.dirty) > 0 or len(db.session.new) > 0:
         db.session.commit()
 
     # We had a few error reports with g.* variables missing in this function, so now
@@ -300,7 +257,8 @@ def record_views_and_events(response):
                     jobpost_id=g.jobpost_viewed[0],
                     bgroup=g.jobpost_viewed[1])
         else:
-            g.esession.save_to_cache(session['au'])
+            if 'au' in session:
+                g.esession.save_to_cache(session['au'])
             if g.impressions:
                 # Save impressions to user's cookie session to write to db later
                 session['impressions'] = g.impressions

hasjob/views/index.py

@@ -353,7 +353,6 @@ def index(basequery=None, filters={}, md5sum=None, tag=None, domain=None, locati
                 BoardJobPost.board == g.board, JobPost.state.LISTED).options(
                     db.load_only('jobpost_id', 'pinned')).all()
         }
-
     else:
         board_jobs = {}