From 4f770788461fe65cfbc3aa8fd859cbfcfe4e7874 Mon Sep 17 00:00:00 2001 From: Zambom Date: Thu, 26 Jan 2017 00:09:52 -0200 Subject: [PATCH] Adding session expire for inactivity with log event --- amadeus/settings.py | 7 ++++++- amadeus/templates/base.html | 3 +++ amadeus/urls.py | 1 + requirements.txt | 1 + users/middleware.py | 36 ++++++++++++++++++++++++++++++++++++ 5 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 users/middleware.py diff --git a/amadeus/settings.py b/amadeus/settings.py index 83edc22..eea3c33 100644 --- a/amadeus/settings.py +++ b/amadeus/settings.py @@ -51,6 +51,7 @@ INSTALLED_APPS = [ 'django_bootstrap_breadcrumbs', 's3direct', 'django_summernote', + 'session_security', 'amadeus', 'users', @@ -76,6 +77,8 @@ MIDDLEWARE_CLASSES = [ 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', + 'users.middleware.SessionExpireMiddleware', + 'session_security.middleware.SessionSecurityMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.locale.LocaleMiddleware', @@ -106,7 +109,9 @@ TEMPLATES = [ WSGI_APPLICATION = 'amadeus.wsgi.application' - +SESSION_SECURITY_WARN_AFTER = 1140 +SESSION_SECURITY_EXPIRE_AFTER = 1200 +SESSION_EXPIRE_AT_BROWSER_CLOSE = True # Database # https://docs.djangopr/*oject.com/en/1.9/ref/settings/#databases diff --git a/amadeus/templates/base.html b/amadeus/templates/base.html index b2a9cd3..2b9a2b7 100644 --- a/amadeus/templates/base.html +++ b/amadeus/templates/base.html @@ -59,6 +59,7 @@ {% endwith %} + {% block nav %} @@ -215,6 +216,8 @@ {% endblock %} + {% include 'session_security/all.html' %} + diff --git a/amadeus/urls.py b/amadeus/urls.py index 66609ac..6583efb 100644 --- a/amadeus/urls.py +++ b/amadeus/urls.py @@ -39,6 +39,7 @@ urlpatterns = [ #S3Direct url(r'^s3direct/', include('s3direct.urls')), url(r'^summernote/', include('django_summernote.urls')), + url(r'session_security/', include('session_security.urls')), ] if settings.DEBUG: diff --git a/requirements.txt b/requirements.txt index c9b205a..926bef7 100644 --- a/requirements.txt +++ b/requirements.txt @@ -32,3 +32,4 @@ slugify==0.0.1 validators==0.11.0 Werkzeug==0.11.11 whitenoise==3.2.2 +django-session-security==2.4.0 diff --git a/users/middleware.py b/users/middleware.py new file mode 100644 index 0000000..c89eaf8 --- /dev/null +++ b/users/middleware.py @@ -0,0 +1,36 @@ +""" + Middleware to register a log event for a session expire + Called before session_security package clears the session and log out the user +""" + +from datetime import datetime, timedelta +from session_security.settings import EXPIRE_AFTER +from session_security.utils import get_last_activity, set_last_activity + +from log.models import Log + +class SessionExpireMiddleware(object): + + def process_request(self, request): + if not request.user.is_authenticated(): + return + + now = datetime.now() + + if '_session_security' not in request.session: + return + + delta = now - get_last_activity(request.session) + expire_seconds = EXPIRE_AFTER + + if delta >= timedelta(seconds = expire_seconds): + log = Log() + log.user = str(request.user) + log.user_id = request.user.id + log.user_email = request.user.email + log.context = {'condition': 'session_expire'} + log.component = "user" + log.action = "logout" + log.resource = "system" + + log.save() \ No newline at end of file -- libgit2 0.21.2