Possibility to logout from all of one user sessions

2015-12-12 12:02:26 +01:00 · 2015-12-12 12:02:26 +01:00 · 9dc18675f9
commit 9dc18675f9
parent bfcf410f26
2 changed files with 25 additions and 21 deletions
--- a/cas_server/templates/cas_server/logged.html
+++ b/cas_server/templates/cas_server/logged.html
@ -4,6 +4,13 @@
 {% load i18n %}
 {% block content %}
 <div class="alert alert-success" role="alert">{% trans "Logged" %}</div>
-{% bootstrap_button _('Logout') size='lg' button_class="btn-danger btn-block" href="logout" %}
+<form class="form-signin" method="get" action="logout">
  <div class="checkbox">
    <label>
      <input type="checkbox" name="all" value="1"> {% trans "Log me out from all my sessions" %}
    </label>
  </div>
  {% bootstrap_button _('Logout') size='lg' button_type="submit" button_class="btn-danger btn-block"%}
 </form>
 {% endblock %}
--- a/cas_server/views.py
+++ b/cas_server/views.py
@ -26,6 +26,7 @@ from django.views.generic import View
 import requests
 from lxml import etree
 from datetime import timedelta
 from importlib import import_module
 import cas_server.utils as utils
 import cas_server.forms as forms
@ -35,6 +36,8 @@ from .utils import JsonResponse
 from .models import ServiceTicket, ProxyTicket, ProxyGrantingTicket
 from .models import ServicePattern
 SessionStore = import_module(settings.SESSION_ENGINE).SessionStore
 class AttributesMixin(object):
    """mixin for the attributs methode"""
@ -55,36 +58,30 @@ class AttributesMixin(object):
 class LogoutMixin(object):
    """destroy CAS session utils"""
-    def clean_session_variables(self):
+    def logout(self, all=False):
        """Clean sessions variables"""
        try:
            del self.request.session["authenticated"]
        except KeyError:
            pass
        try:
            del self.request.session["username"]
        except KeyError:
            pass
        try:
            del self.request.session["warn"]
        except KeyError:
            pass
    def logout(self):
        """effectively destroy CAS session"""
        # logout the user from the current session
        try:
            username = self.request.session.get("username")
            user = models.User.objects.get(
-                username=self.request.session.get("username"),
+                username=username,
                session_key=self.request.session.session_key
            )
            self.clean_session_variables()
            self.request.session.flush()
            user.logout(self.request)
            user.delete()
        except models.User.DoesNotExist:
-            self.clean_session_variables()
+            # if user not found in database, flush the session anyway
            self.request.session.flush()
        # If all is set logout user from alternative sessions
        if all:
            for user in models.User.objects.filter(username=username):
                session = SessionStore(session_key=user.session_key)
                session.flush()
                user.logout(self.request)
                user.delete()
 class LogoutView(View, LogoutMixin):
    """destroy CAS session (logout) view"""
@ -101,7 +98,7 @@ class LogoutView(View, LogoutMixin):
    def get(self, request, *args, **kwargs):
        """methode called on GET request on this view"""
        self.init_get(request)
-        self.logout()
+        self.logout(self.request.GET.get("all"))
        # if service is set, redirect to service after logout
        if self.service:
            list(messages.get_messages(request))  # clean messages before leaving the django app