aboutsummaryrefslogtreecommitdiffstats
path: root/accounts
diff options
context:
space:
mode:
authorAndrea Lepori <alepori@student.ethz.ch>2022-03-23 19:10:35 +0100
committerAndrea Lepori <alepori@student.ethz.ch>2022-03-23 19:10:47 +0100
commit7926fee19b2241e2f3facef8b6eb8789f5d97d49 (patch)
tree0ddc4a687feb0ec0e8e81003248905f26ca1c3cc /accounts
parentadd option to disable oauth (diff)
downloadscout-subs-7926fee19b2241e2f3facef8b6eb8789f5d97d49.tar.gz
scout-subs-7926fee19b2241e2f3facef8b6eb8789f5d97d49.zip
initial support of user switcher
Diffstat (limited to 'accounts')
-rw-r--r--accounts/urls.py1
-rw-r--r--accounts/views.py75
2 files changed, 76 insertions, 0 deletions
diff --git a/accounts/urls.py b/accounts/urls.py
index 46cb438..b35796b 100644
--- a/accounts/urls.py
+++ b/accounts/urls.py
@@ -12,4 +12,5 @@ urlpatterns = [
path('oauth_connect/', views.oauth_connect, name='oauth_connect'),
path('oauth_disconnect/', views.oauth_disconnect, name='oauth_disconnect'),
path('auth_connect/', views.auth_connect, name='auth_connect'),
+ path('user_switcher/', views.user_switcher, name='user_switcher'),
]
diff --git a/accounts/views.py b/accounts/views.py
index cd17552..e9d2bfe 100644
--- a/accounts/views.py
+++ b/accounts/views.py
@@ -1,3 +1,4 @@
+import datetime
from django.shortcuts import render
from django.urls import reverse
from django.conf import settings
@@ -15,6 +16,7 @@ from client.models import UserCode, MedicalData
from authlib.integrations.django_client import OAuth
+import json
import dateparser
import os
import requests
@@ -203,6 +205,79 @@ def auth_connect(request):
return HttpResponseRedirect(reverse("personal") + "#settings")
+@sensitive_variables("sessionid")
+def set_session_cookie(response, sessionid, expires):
+ expires_date = datetime.datetime.fromtimestamp(int(expires))
+ max_age = (expires_date - datetime.datetime.utcnow()).total_seconds()
+ response.set_cookie(
+ "sessionid",
+ sessionid,
+ max_age=max_age,
+ expires=expires,
+ domain=settings.SESSION_COOKIE_DOMAIN,
+ secure=settings.SESSION_COOKIE_SECURE,
+ httponly=settings.SESSION_COOKIE_HTTPONLY,
+ samesite=settings.SESSION_COOKIE_SAMESITE,
+ )
+
+@sensitive_variables("data")
+def set_switch_cookie(response, data):
+
+ max_age = 30 * 60 * 60 * 24
+ expires = datetime.datetime.strftime(
+ datetime.datetime.utcnow() + datetime.timedelta(seconds=max_age),
+ "%a, %d-%b-%Y %H:%M:%S GMT",
+ )
+ response.set_cookie(
+ "user_switcher",
+ json.dumps(data),
+ max_age=max_age,
+ expires=expires,
+ domain=settings.SESSION_COOKIE_DOMAIN,
+ secure=settings.SESSION_COOKIE_SECURE,
+ httponly=settings.SESSION_COOKIE_HTTPONLY,
+ samesite=settings.SESSION_COOKIE_SAMESITE,
+ )
+
+@sensitive_variables("sessions")
+def user_switcher(request):
+ if request.method == 'POST':
+ if request.POST["metadata"] == 'new':
+ response = HttpResponseRedirect('/accounts/login')
+
+ sessions = dict()
+ if "user_switcher" in request.COOKIES:
+ sessions = json.loads(request.COOKIES.get("user_switcher"))
+
+ sessions[request.user.username] = (request.session.session_key, request.session.get_expiry_date().timestamp())
+ set_switch_cookie(response, sessions)
+
+ response.set_cookie("sessionid", "")
+
+ return response
+
+ if request.POST["metadata"][0] == 's':
+ response = HttpResponseRedirect("/")
+ username = request.POST["metadata"][1:]
+
+ sessions = dict()
+ if "user_switcher" in request.COOKIES:
+ sessions = json.loads(request.COOKIES.get("user_switcher"))
+
+ sessions[request.user.username] = (request.session.session_key, request.session.get_expiry_date().timestamp())
+ set_switch_cookie(response, sessions)
+
+ if username in sessions:
+ set_session_cookie(response, sessions[username][0], sessions[username][1])
+ else:
+ set_session_cookie(response, "", 0)
+
+ print("done")
+ return response
+
+
+ return HttpResponseRedirect("/")
+
@sensitive_variables("raw_passsword")
def signup(request):
out_errors = []