Possibility to logout from all of one user sessions

2015-12-12 12:02:26 +01:00
parent bfcf410f26
commit 9dc18675f9
2 changed files with 25 additions and 21 deletions
--- a/cas_server/views.py
+++ b/cas_server/views.py
@ -26,6 +26,7 @@ from django.views.generic import View
 import requests
 from lxml import etree
 from datetime import timedelta
+from importlib import import_module

 import cas_server.utils as utils
 import cas_server.forms as forms
@ -35,6 +36,8 @@ from .utils import JsonResponse
 from .models import ServiceTicket, ProxyTicket, ProxyGrantingTicket
 from .models import ServicePattern

+SessionStore = import_module(settings.SESSION_ENGINE).SessionStore
+

 class AttributesMixin(object):
    """mixin for the attributs methode"""
@ -55,36 +58,30 @@ class AttributesMixin(object):

 class LogoutMixin(object):
    """destroy CAS session utils"""
-    def clean_session_variables(self):
-        """Clean sessions variables"""
-        try:
-            del self.request.session["authenticated"]
-        except KeyError:
-            pass
-        try:
-            del self.request.session["username"]
-        except KeyError:
-            pass
-        try:
-            del self.request.session["warn"]
-        except KeyError:
-            pass
-
-    def logout(self):
+    def logout(self, all=False):
        """effectively destroy CAS session"""
+        # logout the user from the current session
        try:
+            username = self.request.session.get("username")
            user = models.User.objects.get(
-                username=self.request.session.get("username"),
+                username=username,
                session_key=self.request.session.session_key
            )
-            self.clean_session_variables()
            self.request.session.flush()
            user.logout(self.request)
            user.delete()
        except models.User.DoesNotExist:
-            self.clean_session_variables()
+            # if user not found in database, flush the session anyway
            self.request.session.flush()

+        # If all is set logout user from alternative sessions
+        if all:
+            for user in models.User.objects.filter(username=username):
+                session = SessionStore(session_key=user.session_key)
+                session.flush()
+                user.logout(self.request)
+                user.delete()
+

 class LogoutView(View, LogoutMixin):
    """destroy CAS session (logout) view"""
@ -101,7 +98,7 @@ class LogoutView(View, LogoutMixin):
    def get(self, request, *args, **kwargs):
        """methode called on GET request on this view"""
        self.init_get(request)
-        self.logout()
+        self.logout(self.request.GET.get("all"))
        # if service is set, redirect to service after logout
        if self.service:
            list(messages.get_messages(request))  # clean messages before leaving the django app