diff options
-rw-r--r-- | accounts/urls.py | 1 | ||||
-rw-r--r-- | accounts/views.py | 75 | ||||
-rw-r--r-- | client/templatetags/app_filter.py | 11 | ||||
-rw-r--r-- | client/views.py | 2 | ||||
-rw-r--r-- | templates/registration/base_client.html | 34 | ||||
-rw-r--r-- | version.txt | 2 |
6 files changed, 118 insertions, 7 deletions
diff --git a/accounts/urls.py b/accounts/urls.py index 46cb438..b35796b 100644 --- a/accounts/urls.py +++ b/accounts/urls.py @@ -12,4 +12,5 @@ urlpatterns = [ path('oauth_connect/', views.oauth_connect, name='oauth_connect'), path('oauth_disconnect/', views.oauth_disconnect, name='oauth_disconnect'), path('auth_connect/', views.auth_connect, name='auth_connect'), + path('user_switcher/', views.user_switcher, name='user_switcher'), ] diff --git a/accounts/views.py b/accounts/views.py index cd17552..e9d2bfe 100644 --- a/accounts/views.py +++ b/accounts/views.py @@ -1,3 +1,4 @@ +import datetime from django.shortcuts import render from django.urls import reverse from django.conf import settings @@ -15,6 +16,7 @@ from client.models import UserCode, MedicalData from authlib.integrations.django_client import OAuth +import json import dateparser import os import requests @@ -203,6 +205,79 @@ def auth_connect(request): return HttpResponseRedirect(reverse("personal") + "#settings") +@sensitive_variables("sessionid") +def set_session_cookie(response, sessionid, expires): + expires_date = datetime.datetime.fromtimestamp(int(expires)) + max_age = (expires_date - datetime.datetime.utcnow()).total_seconds() + response.set_cookie( + "sessionid", + sessionid, + max_age=max_age, + expires=expires, + domain=settings.SESSION_COOKIE_DOMAIN, + secure=settings.SESSION_COOKIE_SECURE, + httponly=settings.SESSION_COOKIE_HTTPONLY, + samesite=settings.SESSION_COOKIE_SAMESITE, + ) + +@sensitive_variables("data") +def set_switch_cookie(response, data): + + max_age = 30 * 60 * 60 * 24 + expires = datetime.datetime.strftime( + datetime.datetime.utcnow() + datetime.timedelta(seconds=max_age), + "%a, %d-%b-%Y %H:%M:%S GMT", + ) + response.set_cookie( + "user_switcher", + json.dumps(data), + max_age=max_age, + expires=expires, + domain=settings.SESSION_COOKIE_DOMAIN, + secure=settings.SESSION_COOKIE_SECURE, + httponly=settings.SESSION_COOKIE_HTTPONLY, + samesite=settings.SESSION_COOKIE_SAMESITE, + ) + +@sensitive_variables("sessions") +def user_switcher(request): + if request.method == 'POST': + if request.POST["metadata"] == 'new': + response = HttpResponseRedirect('/accounts/login') + + sessions = dict() + if "user_switcher" in request.COOKIES: + sessions = json.loads(request.COOKIES.get("user_switcher")) + + sessions[request.user.username] = (request.session.session_key, request.session.get_expiry_date().timestamp()) + set_switch_cookie(response, sessions) + + response.set_cookie("sessionid", "") + + return response + + if request.POST["metadata"][0] == 's': + response = HttpResponseRedirect("/") + username = request.POST["metadata"][1:] + + sessions = dict() + if "user_switcher" in request.COOKIES: + sessions = json.loads(request.COOKIES.get("user_switcher")) + + sessions[request.user.username] = (request.session.session_key, request.session.get_expiry_date().timestamp()) + set_switch_cookie(response, sessions) + + if username in sessions: + set_session_cookie(response, sessions[username][0], sessions[username][1]) + else: + set_session_cookie(response, "", 0) + + print("done") + return response + + + return HttpResponseRedirect("/") + @sensitive_variables("raw_passsword") def signup(request): out_errors = [] diff --git a/client/templatetags/app_filter.py b/client/templatetags/app_filter.py index df92775..c447d35 100644 --- a/client/templatetags/app_filter.py +++ b/client/templatetags/app_filter.py @@ -2,6 +2,8 @@ from django import template from django.db.models.query_utils import Q from client.models import Document, KeyVal, Keys +import json + register = template.Library() @register.filter(name="doc_key") def doc_key(doc): @@ -46,4 +48,11 @@ def parse_multiple_choice(str): if len(arr) < 2: return [arr[0], []] - return [arr[0], arr[1:]]
\ No newline at end of file + return [arr[0], arr[1:]] + +@register.filter(name="parse_userswitcher") +def parse_userswitcher(str): + if not str: + return [] + + return json.loads(str).keys()
\ No newline at end of file diff --git a/client/views.py b/client/views.py index 0f1bfaa..04ebaf9 100644 --- a/client/views.py +++ b/client/views.py @@ -2,7 +2,7 @@ from django.db.models.expressions import OuterRef, Subquery from django.template.loader import get_template from client.models import GroupSettings, UserCode, Keys, DocumentType, Document, PersonalData, KeyVal, MedicalData from django.db.models import Q -from django.http import HttpResponseRedirect, FileResponse +from django.http import HttpResponse, HttpResponseRedirect, FileResponse from django.contrib.auth.decorators import login_required from django.shortcuts import render from accounts.views import copy_from_midata diff --git a/templates/registration/base_client.html b/templates/registration/base_client.html index 362238c..8543852 100644 --- a/templates/registration/base_client.html +++ b/templates/registration/base_client.html @@ -5,6 +5,7 @@ <html> <head> {% load static %} + {% load app_filter %} <link rel="stylesheet" type="text/css" href="{% static 'material_icons.css' %}"> <link rel="stylesheet" type="text/css" href="{% static 'materialize.min.css' %}"> <style> @@ -94,6 +95,9 @@ </head> <body> <nav class="nav-extended"> + <form id="user_form" method="post" action="{% url 'user_switcher'%}"> + {% csrf_token %} + <input type="hidden" name="metadata" id="metadata"> <div class="nav-wrapper {{color}}"> <a style="margin-left: 10px;" href="{% url 'index' %}" class="breadcrumb hide-on-small-only">Home</a> <ul class="left hide-on-med-and-up"> @@ -108,20 +112,31 @@ {% if user.is_staff or perms.client.staff %} <li class="hide-on-small-only"><a href="{% url 'server' %}">Pannello Admin</a></li> {% endif %} - <li class="hide-on-small-only tooltipped" data-position="bottom" data-tooltip="Dati personali"><a href="{% url 'personal' %}">{{ user.username }}</a></li> - <li class="hide-on-med-and-up tooltipped" data-position="bottom" data-tooltip="Dati personali"><a href="{% url 'personal' %}"><i class="material-icons">person</i></a></li> {% if user.is_staff or perms.client.staff %} <li class="tooltipped hide-on-med-and-up" data-position="bottom" data-tooltip="Pannello Admin" class="hide-on-med-and-up"><a href="{% url 'server' %}"><i class="material-icons">build</i></a></li> {% endif %} {% if group_view %} <li class="tooltipped hide-on-med-and-up" data-position="bottom" data-tooltip="Lista documenti" class="hide-on-med-and-up"><a class="modal-trigger" href="#modal_capi"><i class="material-icons">list</i></a></li> {% endif %} - <li class="tooltipped" data-position="bottom" data-tooltip="Informazioni"><a href="{% url 'about' %}"><i class="material-icons">info_outline</i></a></li> - <li class="tooltipped" data-position="bottom" data-tooltip="Logout"><a href="{% url 'logout' %}"><i class="material-icons">exit_to_app</i></a></li> + <li class="userswitcher" data-target='userswitcher'><a href="#">{{ user.username }}</a></li> + <ul id='userswitcher' class='dropdown-content'> + <li><a href="{% url 'personal' %}"><i class="material-icons">person</i>Gestione account</a></li> + <li><a href="{% url 'logout' %}"><i class="material-icons">exit_to_app</i>Logout</a></li> + <li class="divider" tabindex="-1"></li> + {% for username in request.COOKIES.user_switcher|parse_userswitcher%} + {% if username != user.username %} + <li><a onclick="switcher_submit('s{{username}}')">{{username}}</a></li> + {% endif %} + {% endfor %} + <li><a onclick="switcher_submit('new')"><i class="material-icons">person_add</i>Aggiungi un altro utente</a></li> + <li class="divider" tabindex="-1"></li> + <li><a href="{% url 'about' %}">Informazioni sul prodotto</a></li> + </ul> </ul> </div> {% block toolbar %} {% endblock %} + </form> </nav> <main id="main" style="margin-left: 10px;margin-right: 10px;margin-top: 10px;"> @@ -135,6 +150,17 @@ $(document).ready(function(){ $('.tooltipped').tooltip(); }); + + document.addEventListener('DOMContentLoaded', function() { + var elems = document.querySelectorAll('.userswitcher'); + var instances = M.Dropdown.init(elems, {"coverTrigger": false, "constrainWidth": false}); + }); + function switcher_submit(id) { + var form = document.getElementById('user_form') + var action = document.getElementById('metadata') + action.setAttribute('value', id); + form.submit() + } {% block script %} {% endblock%} </script> diff --git a/version.txt b/version.txt index 56eed72..4df8563 100644 --- a/version.txt +++ b/version.txt @@ -1,2 +1,2 @@ version=0.4
-rev=22 +rev=23 |