Download as
Browse Code »

Commit 4f770788461fe65cfbc3aa8fd859cbfcfe4e7874

Authored by Zambom
1 parent 3d665298
Exists in master and in 3 other branches amadeus_univasf, image-crop, refactoring

Adding session expire for inactivity with log event

Showing 5 changed files with 47 additions and 1 deletions   Show diff stats
amadeus/settings.py
  Diff comments   View file @4f77078
... ... @@ -51,6 +51,7 @@ INSTALLED_APPS = [
51 51 'django_bootstrap_breadcrumbs',
52 52 's3direct',
53 53 'django_summernote',
  54 + 'session_security',
54 55  
55 56 'amadeus',
56 57 'users',
... ... @@ -76,6 +77,8 @@ MIDDLEWARE_CLASSES = [
76 77 'django.middleware.csrf.CsrfViewMiddleware',
77 78 'django.contrib.auth.middleware.AuthenticationMiddleware',
78 79 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
  80 + 'users.middleware.SessionExpireMiddleware',
  81 + 'session_security.middleware.SessionSecurityMiddleware',
79 82 'django.contrib.messages.middleware.MessageMiddleware',
80 83 'django.middleware.clickjacking.XFrameOptionsMiddleware',
81 84 'django.middleware.locale.LocaleMiddleware',
... ... @@ -106,7 +109,9 @@ TEMPLATES = [
106 109  
107 110 WSGI_APPLICATION = 'amadeus.wsgi.application'
108 111  
109   -
  112 +SESSION_SECURITY_WARN_AFTER = 1140
  113 +SESSION_SECURITY_EXPIRE_AFTER = 1200
  114 +SESSION_EXPIRE_AT_BROWSER_CLOSE = True
110 115 # Database
111 116 # https://docs.djangopr/*oject.com/en/1.9/ref/settings/#databases
112 117  
... ...
amadeus/templates/base.html
  Diff comments   View file @4f77078
... ... @@ -59,6 +59,7 @@
59 59 <link rel="stylesheet" type="text/css" href="{% static theme_selected %}">
60 60 {% endwith %}
61 61  
  62 +
62 63 </head>
63 64 <body>
64 65 {% block nav %}
... ... @@ -215,6 +216,8 @@
215 216 </div>
216 217 {% endblock %}
217 218  
  219 + {% include 'session_security/all.html' %}
  220 +
218 221 <!-- Init material Bootstrap -->
219 222 <script type="text/javascript">$.material.init()</script>
220 223 <script src="{% static 'js/main.js' %}"></script>
... ...
amadeus/urls.py
  Diff comments   View file @4f77078
... ... @@ -39,6 +39,7 @@ urlpatterns = [
39 39 #S3Direct
40 40 url(r'^s3direct/', include('s3direct.urls')),
41 41 url(r'^summernote/', include('django_summernote.urls')),
  42 + url(r'session_security/', include('session_security.urls')),
42 43 ]
43 44  
44 45 if settings.DEBUG:
... ...
requirements.txt
  Diff comments   View file @4f77078
... ... @@ -32,3 +32,4 @@ slugify==0.0.1
32 32 validators==0.11.0
33 33 Werkzeug==0.11.11
34 34 whitenoise==3.2.2
  35 +django-session-security==2.4.0
... ...
users/middleware.py 0 → 100644
  Diff comments   View file @4f77078
... ... @@ -0,0 +1,36 @@
  1 +"""
  2 + Middleware to register a log event for a session expire
  3 + Called before session_security package clears the session and log out the user
  4 +"""
  5 +
  6 +from datetime import datetime, timedelta
  7 +from session_security.settings import EXPIRE_AFTER
  8 +from session_security.utils import get_last_activity, set_last_activity
  9 +
  10 +from log.models import Log
  11 +
  12 +class SessionExpireMiddleware(object):
  13 +
  14 + def process_request(self, request):
  15 + if not request.user.is_authenticated():
  16 + return
  17 +
  18 + now = datetime.now()
  19 +
  20 + if '_session_security' not in request.session:
  21 + return
  22 +
  23 + delta = now - get_last_activity(request.session)
  24 + expire_seconds = EXPIRE_AFTER
  25 +
  26 + if delta >= timedelta(seconds = expire_seconds):
  27 + log = Log()
  28 + log.user = str(request.user)
  29 + log.user_id = request.user.id
  30 + log.user_email = request.user.email
  31 + log.context = {'condition': 'session_expire'}
  32 + log.component = "user"
  33 + log.action = "logout"
  34 + log.resource = "system"
  35 +
  36 + log.save()
0 37 \ No newline at end of file
... ...