diff options
author | Andrea Lepori <alepori@student.ethz.ch> | 2022-03-23 19:10:35 +0100 |
---|---|---|
committer | Andrea Lepori <alepori@student.ethz.ch> | 2022-03-23 19:10:47 +0100 |
commit | 7926fee19b2241e2f3facef8b6eb8789f5d97d49 (patch) | |
tree | 0ddc4a687feb0ec0e8e81003248905f26ca1c3cc /accounts | |
parent | add option to disable oauth (diff) | |
download | scout-subs-7926fee19b2241e2f3facef8b6eb8789f5d97d49.tar.gz scout-subs-7926fee19b2241e2f3facef8b6eb8789f5d97d49.zip |
initial support of user switcher
Diffstat (limited to 'accounts')
-rw-r--r-- | accounts/urls.py | 1 | ||||
-rw-r--r-- | accounts/views.py | 75 |
2 files changed, 76 insertions, 0 deletions
diff --git a/accounts/urls.py b/accounts/urls.py index 46cb438..b35796b 100644 --- a/accounts/urls.py +++ b/accounts/urls.py @@ -12,4 +12,5 @@ urlpatterns = [ path('oauth_connect/', views.oauth_connect, name='oauth_connect'), path('oauth_disconnect/', views.oauth_disconnect, name='oauth_disconnect'), path('auth_connect/', views.auth_connect, name='auth_connect'), + path('user_switcher/', views.user_switcher, name='user_switcher'), ] diff --git a/accounts/views.py b/accounts/views.py index cd17552..e9d2bfe 100644 --- a/accounts/views.py +++ b/accounts/views.py @@ -1,3 +1,4 @@ +import datetime from django.shortcuts import render from django.urls import reverse from django.conf import settings @@ -15,6 +16,7 @@ from client.models import UserCode, MedicalData from authlib.integrations.django_client import OAuth +import json import dateparser import os import requests @@ -203,6 +205,79 @@ def auth_connect(request): return HttpResponseRedirect(reverse("personal") + "#settings") +@sensitive_variables("sessionid") +def set_session_cookie(response, sessionid, expires): + expires_date = datetime.datetime.fromtimestamp(int(expires)) + max_age = (expires_date - datetime.datetime.utcnow()).total_seconds() + response.set_cookie( + "sessionid", + sessionid, + max_age=max_age, + expires=expires, + domain=settings.SESSION_COOKIE_DOMAIN, + secure=settings.SESSION_COOKIE_SECURE, + httponly=settings.SESSION_COOKIE_HTTPONLY, + samesite=settings.SESSION_COOKIE_SAMESITE, + ) + +@sensitive_variables("data") +def set_switch_cookie(response, data): + + max_age = 30 * 60 * 60 * 24 + expires = datetime.datetime.strftime( + datetime.datetime.utcnow() + datetime.timedelta(seconds=max_age), + "%a, %d-%b-%Y %H:%M:%S GMT", + ) + response.set_cookie( + "user_switcher", + json.dumps(data), + max_age=max_age, + expires=expires, + domain=settings.SESSION_COOKIE_DOMAIN, + secure=settings.SESSION_COOKIE_SECURE, + httponly=settings.SESSION_COOKIE_HTTPONLY, + samesite=settings.SESSION_COOKIE_SAMESITE, + ) + +@sensitive_variables("sessions") +def user_switcher(request): + if request.method == 'POST': + if request.POST["metadata"] == 'new': + response = HttpResponseRedirect('/accounts/login') + + sessions = dict() + if "user_switcher" in request.COOKIES: + sessions = json.loads(request.COOKIES.get("user_switcher")) + + sessions[request.user.username] = (request.session.session_key, request.session.get_expiry_date().timestamp()) + set_switch_cookie(response, sessions) + + response.set_cookie("sessionid", "") + + return response + + if request.POST["metadata"][0] == 's': + response = HttpResponseRedirect("/") + username = request.POST["metadata"][1:] + + sessions = dict() + if "user_switcher" in request.COOKIES: + sessions = json.loads(request.COOKIES.get("user_switcher")) + + sessions[request.user.username] = (request.session.session_key, request.session.get_expiry_date().timestamp()) + set_switch_cookie(response, sessions) + + if username in sessions: + set_session_cookie(response, sessions[username][0], sessions[username][1]) + else: + set_session_cookie(response, "", 0) + + print("done") + return response + + + return HttpResponseRedirect("/") + @sensitive_variables("raw_passsword") def signup(request): out_errors = [] |