aboutsummaryrefslogtreecommitdiffstats
path: root/accounts
diff options
context:
space:
mode:
authorAndrea Lepori <alepori@student.ethz.ch>2022-04-27 21:56:26 +0200
committerAndrea Lepori <alepori@student.ethz.ch>2022-04-27 21:56:26 +0200
commitee8791a87bc42570689a74bdf5b4abec1d93344a (patch)
treee157e3baebb273f31416af9520f7db82a58a4885 /accounts
parentmove all items in dropdown (diff)
downloadscout-subs-ee8791a87bc42570689a74bdf5b4abec1d93344a.tar.gz
scout-subs-ee8791a87bc42570689a74bdf5b4abec1d93344a.zip
multiuser logout support
Diffstat (limited to 'accounts')
-rw-r--r--accounts/views.py47
1 files changed, 46 insertions, 1 deletions
diff --git a/accounts/views.py b/accounts/views.py
index 67e8911..ecaab4a 100644
--- a/accounts/views.py
+++ b/accounts/views.py
@@ -108,6 +108,41 @@ class CustomLoginView(LoginView):
form_class = AuthForm
extra_context = {'midata_enabled': MIDATA_ENABLED}
+ def get(self, request, *args, **kwargs):
+ # check auto-login is enabled
+ if "autologin" not in request.COOKIES:
+ return super(CustomLoginView, self).get(request, *args, **kwargs)
+
+ if request.COOKIES.get("autologin") != "true":
+ return super(CustomLoginView, self).get(request, *args, **kwargs)
+
+ # check if user has a cookie saved
+ response = HttpResponseRedirect("/")
+
+ sessions = dict()
+ # no cookie
+ if "user_switcher" not in request.COOKIES:
+ return super(CustomLoginView, self).get(request, *args, **kwargs)
+
+ sessions = json.loads(request.COOKIES.get("user_switcher"))
+
+ # empty cookie
+ if len(sessions) == 0:
+ return super(CustomLoginView, self).get(request, *args, **kwargs)
+
+ # pick the first username to login to
+ username = list(sessions.keys())[0]
+
+ set_session_cookie(response, sessions[username][0], sessions[username][1])
+ del sessions[username]
+
+ set_switch_cookie(response, sessions)
+
+ # disable autologin
+ response.set_cookie("autologin", "false")
+
+ return response
+
# send to hitobito request to get token
def oauth_login(request):
if not MIDATA_ENABLED:
@@ -260,10 +295,11 @@ def user_switcher(request):
set_switch_cookie(response, sessions)
response.set_cookie("sessionid", "")
+ response.set_cookie("autologin", "false")
return response
- if request.POST["metadata"][0] == 's':
+ elif request.POST["metadata"][0] == 's':
response = HttpResponseRedirect("/")
username = request.POST["metadata"][1:]
@@ -281,6 +317,15 @@ def user_switcher(request):
set_switch_cookie(response, sessions)
+ response.set_cookie("autologin", "false")
+
+ return response
+ elif request.POST["metadata"] == "logout":
+ # send user to logout page
+ # on the login page we check if we have a cookie set
+ response = HttpResponseRedirect("/accounts/logout")
+ response.set_cookie("autologin", "true")
+
return response