From ee8791a87bc42570689a74bdf5b4abec1d93344a Mon Sep 17 00:00:00 2001 From: Andrea Lepori Date: Wed, 27 Apr 2022 21:56:26 +0200 Subject: multiuser logout support --- accounts/views.py | 47 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 46 insertions(+), 1 deletion(-) (limited to 'accounts') diff --git a/accounts/views.py b/accounts/views.py index 67e8911..ecaab4a 100644 --- a/accounts/views.py +++ b/accounts/views.py @@ -108,6 +108,41 @@ class CustomLoginView(LoginView): form_class = AuthForm extra_context = {'midata_enabled': MIDATA_ENABLED} + def get(self, request, *args, **kwargs): + # check auto-login is enabled + if "autologin" not in request.COOKIES: + return super(CustomLoginView, self).get(request, *args, **kwargs) + + if request.COOKIES.get("autologin") != "true": + return super(CustomLoginView, self).get(request, *args, **kwargs) + + # check if user has a cookie saved + response = HttpResponseRedirect("/") + + sessions = dict() + # no cookie + if "user_switcher" not in request.COOKIES: + return super(CustomLoginView, self).get(request, *args, **kwargs) + + sessions = json.loads(request.COOKIES.get("user_switcher")) + + # empty cookie + if len(sessions) == 0: + return super(CustomLoginView, self).get(request, *args, **kwargs) + + # pick the first username to login to + username = list(sessions.keys())[0] + + set_session_cookie(response, sessions[username][0], sessions[username][1]) + del sessions[username] + + set_switch_cookie(response, sessions) + + # disable autologin + response.set_cookie("autologin", "false") + + return response + # send to hitobito request to get token def oauth_login(request): if not MIDATA_ENABLED: @@ -260,10 +295,11 @@ def user_switcher(request): set_switch_cookie(response, sessions) response.set_cookie("sessionid", "") + response.set_cookie("autologin", "false") return response - if request.POST["metadata"][0] == 's': + elif request.POST["metadata"][0] == 's': response = HttpResponseRedirect("/") username = request.POST["metadata"][1:] @@ -281,6 +317,15 @@ def user_switcher(request): set_switch_cookie(response, sessions) + response.set_cookie("autologin", "false") + + return response + elif request.POST["metadata"] == "logout": + # send user to logout page + # on the login page we check if we have a cookie set + response = HttpResponseRedirect("/accounts/logout") + response.set_cookie("autologin", "true") + return response -- cgit v1.2.1