Possibility to logout from all of one user sessions
This commit is contained in:
parent
bfcf410f26
commit
9dc18675f9
@ -4,6 +4,13 @@
|
|||||||
{% load i18n %}
|
{% load i18n %}
|
||||||
{% block content %}
|
{% block content %}
|
||||||
<div class="alert alert-success" role="alert">{% trans "Logged" %}</div>
|
<div class="alert alert-success" role="alert">{% trans "Logged" %}</div>
|
||||||
{% bootstrap_button _('Logout') size='lg' button_class="btn-danger btn-block" href="logout" %}
|
<form class="form-signin" method="get" action="logout">
|
||||||
|
<div class="checkbox">
|
||||||
|
<label>
|
||||||
|
<input type="checkbox" name="all" value="1"> {% trans "Log me out from all my sessions" %}
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
{% bootstrap_button _('Logout') size='lg' button_type="submit" button_class="btn-danger btn-block"%}
|
||||||
|
</form>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
|
@ -26,6 +26,7 @@ from django.views.generic import View
|
|||||||
import requests
|
import requests
|
||||||
from lxml import etree
|
from lxml import etree
|
||||||
from datetime import timedelta
|
from datetime import timedelta
|
||||||
|
from importlib import import_module
|
||||||
|
|
||||||
import cas_server.utils as utils
|
import cas_server.utils as utils
|
||||||
import cas_server.forms as forms
|
import cas_server.forms as forms
|
||||||
@ -35,6 +36,8 @@ from .utils import JsonResponse
|
|||||||
from .models import ServiceTicket, ProxyTicket, ProxyGrantingTicket
|
from .models import ServiceTicket, ProxyTicket, ProxyGrantingTicket
|
||||||
from .models import ServicePattern
|
from .models import ServicePattern
|
||||||
|
|
||||||
|
SessionStore = import_module(settings.SESSION_ENGINE).SessionStore
|
||||||
|
|
||||||
|
|
||||||
class AttributesMixin(object):
|
class AttributesMixin(object):
|
||||||
"""mixin for the attributs methode"""
|
"""mixin for the attributs methode"""
|
||||||
@ -55,36 +58,30 @@ class AttributesMixin(object):
|
|||||||
|
|
||||||
class LogoutMixin(object):
|
class LogoutMixin(object):
|
||||||
"""destroy CAS session utils"""
|
"""destroy CAS session utils"""
|
||||||
def clean_session_variables(self):
|
def logout(self, all=False):
|
||||||
"""Clean sessions variables"""
|
|
||||||
try:
|
|
||||||
del self.request.session["authenticated"]
|
|
||||||
except KeyError:
|
|
||||||
pass
|
|
||||||
try:
|
|
||||||
del self.request.session["username"]
|
|
||||||
except KeyError:
|
|
||||||
pass
|
|
||||||
try:
|
|
||||||
del self.request.session["warn"]
|
|
||||||
except KeyError:
|
|
||||||
pass
|
|
||||||
|
|
||||||
def logout(self):
|
|
||||||
"""effectively destroy CAS session"""
|
"""effectively destroy CAS session"""
|
||||||
|
# logout the user from the current session
|
||||||
try:
|
try:
|
||||||
|
username = self.request.session.get("username")
|
||||||
user = models.User.objects.get(
|
user = models.User.objects.get(
|
||||||
username=self.request.session.get("username"),
|
username=username,
|
||||||
session_key=self.request.session.session_key
|
session_key=self.request.session.session_key
|
||||||
)
|
)
|
||||||
self.clean_session_variables()
|
|
||||||
self.request.session.flush()
|
self.request.session.flush()
|
||||||
user.logout(self.request)
|
user.logout(self.request)
|
||||||
user.delete()
|
user.delete()
|
||||||
except models.User.DoesNotExist:
|
except models.User.DoesNotExist:
|
||||||
self.clean_session_variables()
|
# if user not found in database, flush the session anyway
|
||||||
self.request.session.flush()
|
self.request.session.flush()
|
||||||
|
|
||||||
|
# If all is set logout user from alternative sessions
|
||||||
|
if all:
|
||||||
|
for user in models.User.objects.filter(username=username):
|
||||||
|
session = SessionStore(session_key=user.session_key)
|
||||||
|
session.flush()
|
||||||
|
user.logout(self.request)
|
||||||
|
user.delete()
|
||||||
|
|
||||||
|
|
||||||
class LogoutView(View, LogoutMixin):
|
class LogoutView(View, LogoutMixin):
|
||||||
"""destroy CAS session (logout) view"""
|
"""destroy CAS session (logout) view"""
|
||||||
@ -101,7 +98,7 @@ class LogoutView(View, LogoutMixin):
|
|||||||
def get(self, request, *args, **kwargs):
|
def get(self, request, *args, **kwargs):
|
||||||
"""methode called on GET request on this view"""
|
"""methode called on GET request on this view"""
|
||||||
self.init_get(request)
|
self.init_get(request)
|
||||||
self.logout()
|
self.logout(self.request.GET.get("all"))
|
||||||
# if service is set, redirect to service after logout
|
# if service is set, redirect to service after logout
|
||||||
if self.service:
|
if self.service:
|
||||||
list(messages.get_messages(request)) # clean messages before leaving the django app
|
list(messages.get_messages(request)) # clean messages before leaving the django app
|
||||||
|
Loading…
Reference in New Issue
Block a user