Commit 9dc18675 authored by Valentin Samir's avatar Valentin Samir

Possibility to logout from all of one user sessions

parent bfcf410f
......@@ -4,6 +4,13 @@
{% load i18n %}
{% block content %}
<div class="alert alert-success" role="alert">{% trans "Logged" %}</div>
{% bootstrap_button _('Logout') size='lg' button_class="btn-danger btn-block" href="logout" %}
<form class="form-signin" method="get" action="logout">
<div class="checkbox">
<label>
<input type="checkbox" name="all" value="1"> {% trans "Log me out from all my sessions" %}
</label>
</div>
{% bootstrap_button _('Logout') size='lg' button_type="submit" button_class="btn-danger btn-block"%}
</form>
{% endblock %}
......@@ -26,6 +26,7 @@ from django.views.generic import View
import requests
from lxml import etree
from datetime import timedelta
from importlib import import_module
import cas_server.utils as utils
import cas_server.forms as forms
......@@ -35,6 +36,8 @@ from .utils import JsonResponse
from .models import ServiceTicket, ProxyTicket, ProxyGrantingTicket
from .models import ServicePattern
SessionStore = import_module(settings.SESSION_ENGINE).SessionStore
class AttributesMixin(object):
"""mixin for the attributs methode"""
......@@ -55,36 +58,30 @@ class AttributesMixin(object):
class LogoutMixin(object):
"""destroy CAS session utils"""
def clean_session_variables(self):
"""Clean sessions variables"""
try:
del self.request.session["authenticated"]
except KeyError:
pass
try:
del self.request.session["username"]
except KeyError:
pass
try:
del self.request.session["warn"]
except KeyError:
pass
def logout(self):
def logout(self, all=False):
"""effectively destroy CAS session"""
# logout the user from the current session
try:
username = self.request.session.get("username")
user = models.User.objects.get(
username=self.request.session.get("username"),
username=username,
session_key=self.request.session.session_key
)
self.clean_session_variables()
self.request.session.flush()
user.logout(self.request)
user.delete()
except models.User.DoesNotExist:
self.clean_session_variables()
# if user not found in database, flush the session anyway
self.request.session.flush()
# If all is set logout user from alternative sessions
if all:
for user in models.User.objects.filter(username=username):
session = SessionStore(session_key=user.session_key)
session.flush()
user.logout(self.request)
user.delete()
class LogoutView(View, LogoutMixin):
"""destroy CAS session (logout) view"""
......@@ -101,7 +98,7 @@ class LogoutView(View, LogoutMixin):
def get(self, request, *args, **kwargs):
"""methode called on GET request on this view"""
self.init_get(request)
self.logout()
self.logout(self.request.GET.get("all"))
# if service is set, redirect to service after logout
if self.service:
list(messages.get_messages(request)) # clean messages before leaving the django app
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment