Possibility to logout from all of one user sessions
This commit is contained in:
parent
bfcf410f26
commit
9dc18675f9
@ -4,6 +4,13 @@
|
||||
{% load i18n %}
|
||||
{% block content %}
|
||||
<div class="alert alert-success" role="alert">{% trans "Logged" %}</div>
|
||||
{% bootstrap_button _('Logout') size='lg' button_class="btn-danger btn-block" href="logout" %}
|
||||
<form class="form-signin" method="get" action="logout">
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<input type="checkbox" name="all" value="1"> {% trans "Log me out from all my sessions" %}
|
||||
</label>
|
||||
</div>
|
||||
{% bootstrap_button _('Logout') size='lg' button_type="submit" button_class="btn-danger btn-block"%}
|
||||
</form>
|
||||
{% endblock %}
|
||||
|
||||
|
@ -26,6 +26,7 @@ from django.views.generic import View
|
||||
import requests
|
||||
from lxml import etree
|
||||
from datetime import timedelta
|
||||
from importlib import import_module
|
||||
|
||||
import cas_server.utils as utils
|
||||
import cas_server.forms as forms
|
||||
@ -35,6 +36,8 @@ from .utils import JsonResponse
|
||||
from .models import ServiceTicket, ProxyTicket, ProxyGrantingTicket
|
||||
from .models import ServicePattern
|
||||
|
||||
SessionStore = import_module(settings.SESSION_ENGINE).SessionStore
|
||||
|
||||
|
||||
class AttributesMixin(object):
|
||||
"""mixin for the attributs methode"""
|
||||
@ -55,36 +58,30 @@ class AttributesMixin(object):
|
||||
|
||||
class LogoutMixin(object):
|
||||
"""destroy CAS session utils"""
|
||||
def clean_session_variables(self):
|
||||
"""Clean sessions variables"""
|
||||
try:
|
||||
del self.request.session["authenticated"]
|
||||
except KeyError:
|
||||
pass
|
||||
try:
|
||||
del self.request.session["username"]
|
||||
except KeyError:
|
||||
pass
|
||||
try:
|
||||
del self.request.session["warn"]
|
||||
except KeyError:
|
||||
pass
|
||||
|
||||
def logout(self):
|
||||
def logout(self, all=False):
|
||||
"""effectively destroy CAS session"""
|
||||
# logout the user from the current session
|
||||
try:
|
||||
username = self.request.session.get("username")
|
||||
user = models.User.objects.get(
|
||||
username=self.request.session.get("username"),
|
||||
username=username,
|
||||
session_key=self.request.session.session_key
|
||||
)
|
||||
self.clean_session_variables()
|
||||
self.request.session.flush()
|
||||
user.logout(self.request)
|
||||
user.delete()
|
||||
except models.User.DoesNotExist:
|
||||
self.clean_session_variables()
|
||||
# if user not found in database, flush the session anyway
|
||||
self.request.session.flush()
|
||||
|
||||
# If all is set logout user from alternative sessions
|
||||
if all:
|
||||
for user in models.User.objects.filter(username=username):
|
||||
session = SessionStore(session_key=user.session_key)
|
||||
session.flush()
|
||||
user.logout(self.request)
|
||||
user.delete()
|
||||
|
||||
|
||||
class LogoutView(View, LogoutMixin):
|
||||
"""destroy CAS session (logout) view"""
|
||||
@ -101,7 +98,7 @@ class LogoutView(View, LogoutMixin):
|
||||
def get(self, request, *args, **kwargs):
|
||||
"""methode called on GET request on this view"""
|
||||
self.init_get(request)
|
||||
self.logout()
|
||||
self.logout(self.request.GET.get("all"))
|
||||
# if service is set, redirect to service after logout
|
||||
if self.service:
|
||||
list(messages.get_messages(request)) # clean messages before leaving the django app
|
||||
|
Loading…
Reference in New Issue
Block a user