Adding session expire for inactivity with log event

Zambom
1 parent 3d665298
Showing 5 changed files with 47 additions and 1 deletions Show diff stats
amadeus/settings.py
amadeus/templates/base.html
amadeus/urls.py
requirements.txt
users/middleware.py
@@ -51,6 +51,7 @@ INSTALLED_APPS = [
     'django_bootstrap_breadcrumbs',
     's3direct',
     'django_summernote',
+    'session_security',
     'amadeus',
     'users',
@@ -76,6 +77,8 @@ MIDDLEWARE_CLASSES = [
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
+    'users.middleware.SessionExpireMiddleware',
+    'session_security.middleware.SessionSecurityMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     'django.middleware.locale.LocaleMiddleware',
@@ -106,7 +109,9 @@ TEMPLATES = [
 WSGI_APPLICATION = 'amadeus.wsgi.application'
-
+SESSION_SECURITY_WARN_AFTER = 1140
+SESSION_SECURITY_EXPIRE_AFTER = 1200
+SESSION_EXPIRE_AT_BROWSER_CLOSE = True
 # Database
 # https://docs.djangopr/*oject.com/en/1.9/ref/settings/#databases
@@ -59,6 +59,7 @@
         <link rel="stylesheet" type="text/css" href="{% static theme_selected %}">
     {% endwith %}
+
 </head>
 <body>
     {% block nav %}
@@ -215,6 +216,8 @@
         </div>
     {% endblock %}
+    {% include 'session_security/all.html' %}
+
     <!-- Init material Bootstrap -->
     <script type="text/javascript">$.material.init()</script>
     <script src="{% static 'js/main.js' %}"></script>
@@ -39,6 +39,7 @@ urlpatterns = [
     #S3Direct
     url(r'^s3direct/', include('s3direct.urls')),
     url(r'^summernote/', include('django_summernote.urls')),
+    url(r'session_security/', include('session_security.urls')),
 ]
 if settings.DEBUG:
@@ -32,3 +32,4 @@ slugify==0.0.1
 validators==0.11.0
 Werkzeug==0.11.11
 whitenoise==3.2.2
+django-session-security==2.4.0
@@ -0,0 +1,36 @@
+"""
+	Middleware to register a log event for a session expire
+	Called before session_security package clears the session and log out the user
+"""
+
+from datetime import datetime, timedelta
+from session_security.settings import EXPIRE_AFTER
+from session_security.utils import get_last_activity, set_last_activity
+
+from log.models import Log
+
+class SessionExpireMiddleware(object):
+
+	def process_request(self, request):
+		if not request.user.is_authenticated():
+			return
+
+		now = datetime.now()
+
+		if '_session_security' not in request.session:
+			return
+		
+		delta = now - get_last_activity(request.session)
+		expire_seconds = EXPIRE_AFTER
+
+		if delta >= timedelta(seconds = expire_seconds):
+			log = Log()
+			log.user = str(request.user)
+			log.user_id = request.user.id
+			log.user_email = request.user.email
+			log.context = {'condition': 'session_expire'}
+			log.component = "user"
+			log.action = "logout"
+			log.resource = "system"
+
+			log.save()
 \ No newline at end of file
	@@ -39,6 +39,7 @@ urlpatterns = [		@@ -39,6 +39,7 @@ urlpatterns = [
39	#S3Direct	39	#S3Direct
40	url(r'^s3direct/', include('s3direct.urls')),	40	url(r'^s3direct/', include('s3direct.urls')),
41	url(r'^summernote/', include('django_summernote.urls')),	41	url(r'^summernote/', include('django_summernote.urls')),
		42	+ url(r'session_security/', include('session_security.urls')),
42	]	43	]
43		44
44	if settings.DEBUG:	45	if settings.DEBUG:
	@@ -32,3 +32,4 @@ slugify==0.0.1		@@ -32,3 +32,4 @@ slugify==0.0.1
32	validators==0.11.0	32	validators==0.11.0
33	Werkzeug==0.11.11	33	Werkzeug==0.11.11
34	whitenoise==3.2.2	34	whitenoise==3.2.2
		35	+django-session-security==2.4.0
	@@ -0,0 +1,36 @@		@@ -0,0 +1,36 @@
		1	+"""
		2	+ Middleware to register a log event for a session expire
		3	+ Called before session_security package clears the session and log out the user
		4	+"""
		5	+
		6	+from datetime import datetime, timedelta
		7	+from session_security.settings import EXPIRE_AFTER
		8	+from session_security.utils import get_last_activity, set_last_activity
		9	+
		10	+from log.models import Log
		11	+
		12	+class SessionExpireMiddleware(object):
		13	+
		14	+ def process_request(self, request):
		15	+ if not request.user.is_authenticated():
		16	+ return
		17	+
		18	+ now = datetime.now()
		19	+
		20	+ if '_session_security' not in request.session:
		21	+ return
		22	+
		23	+ delta = now - get_last_activity(request.session)
		24	+ expire_seconds = EXPIRE_AFTER
		25	+
		26	+ if delta >= timedelta(seconds = expire_seconds):
		27	+ log = Log()
		28	+ log.user = str(request.user)
		29	+ log.user_id = request.user.id
		30	+ log.user_email = request.user.email
		31	+ log.context = {'condition': 'session_expire'}
		32	+ log.component = "user"
		33	+ log.action = "logout"
		34	+ log.resource = "system"
		35	+
		36	+ log.save()
0	\ No newline at end of file	37	\ No newline at end of file