From ee8791a87bc42570689a74bdf5b4abec1d93344a Mon Sep 17 00:00:00 2001 From: Andrea Lepori Date: Wed, 27 Apr 2022 21:56:26 +0200 Subject: multiuser logout support --- accounts/views.py | 47 ++++++++++++++++++++++++++++++++- templates/registration/base_admin.html | 3 +-- templates/registration/base_client.html | 3 +-- version.txt | 2 +- 4 files changed, 49 insertions(+), 6 deletions(-) diff --git a/accounts/views.py b/accounts/views.py index 67e8911..ecaab4a 100644 --- a/accounts/views.py +++ b/accounts/views.py @@ -108,6 +108,41 @@ class CustomLoginView(LoginView): form_class = AuthForm extra_context = {'midata_enabled': MIDATA_ENABLED} + def get(self, request, *args, **kwargs): + # check auto-login is enabled + if "autologin" not in request.COOKIES: + return super(CustomLoginView, self).get(request, *args, **kwargs) + + if request.COOKIES.get("autologin") != "true": + return super(CustomLoginView, self).get(request, *args, **kwargs) + + # check if user has a cookie saved + response = HttpResponseRedirect("/") + + sessions = dict() + # no cookie + if "user_switcher" not in request.COOKIES: + return super(CustomLoginView, self).get(request, *args, **kwargs) + + sessions = json.loads(request.COOKIES.get("user_switcher")) + + # empty cookie + if len(sessions) == 0: + return super(CustomLoginView, self).get(request, *args, **kwargs) + + # pick the first username to login to + username = list(sessions.keys())[0] + + set_session_cookie(response, sessions[username][0], sessions[username][1]) + del sessions[username] + + set_switch_cookie(response, sessions) + + # disable autologin + response.set_cookie("autologin", "false") + + return response + # send to hitobito request to get token def oauth_login(request): if not MIDATA_ENABLED: @@ -260,10 +295,11 @@ def user_switcher(request): set_switch_cookie(response, sessions) response.set_cookie("sessionid", "") + response.set_cookie("autologin", "false") return response - if request.POST["metadata"][0] == 's': + elif request.POST["metadata"][0] == 's': response = HttpResponseRedirect("/") username = request.POST["metadata"][1:] @@ -281,6 +317,15 @@ def user_switcher(request): set_switch_cookie(response, sessions) + response.set_cookie("autologin", "false") + + return response + elif request.POST["metadata"] == "logout": + # send user to logout page + # on the login page we check if we have a cookie set + response = HttpResponseRedirect("/accounts/logout") + response.set_cookie("autologin", "true") + return response diff --git a/templates/registration/base_admin.html b/templates/registration/base_admin.html index c24255b..edc3bae 100644 --- a/templates/registration/base_admin.html +++ b/templates/registration/base_admin.html @@ -95,7 +95,7 @@
  • listLista documenti
  • {% endif %} -
  • exit_to_appLogout
  • +
  • exit_to_appLogout
  • @@ -105,7 +105,6 @@
  • {{username}}
  • {% endif %} {% endfor %} -
  • person_addAggiungi un altro utente
  • diff --git a/templates/registration/base_client.html b/templates/registration/base_client.html index c2483b8..c4e62b6 100644 --- a/templates/registration/base_client.html +++ b/templates/registration/base_client.html @@ -119,7 +119,7 @@
  • listLista documenti
  • {% endif %} -
  • exit_to_appLogout
  • +
  • exit_to_appLogout
  • @@ -129,7 +129,6 @@
  • {{username}}
  • {% endif %} {% endfor %} -
  • person_addAggiungi un altro utente
  • diff --git a/version.txt b/version.txt index a5da7b2..bd2c9de 100644 --- a/version.txt +++ b/version.txt @@ -1,2 +1,2 @@ version=0.5 -rev=11 +rev=12 -- cgit v1.2.1