From 4acab79d07dac1acc34c0cf0e712fe49d4b7d82f Mon Sep 17 00:00:00 2001 From: Ajmal JK Date: Thu, 5 Mar 2020 11:41:15 +0530 Subject: [PATCH] [UPDT] Session expiry updated 'restrict_logins' --- restrict_logins/__manifest__.py | 2 +- restrict_logins/controllers/main.py | 27 +++++++++++++ restrict_logins/doc/changelog.md | 5 +++ restrict_logins/models/ir_http.py | 63 ++++++++++++++++++----------- 4 files changed, 72 insertions(+), 25 deletions(-) diff --git a/restrict_logins/__manifest__.py b/restrict_logins/__manifest__.py index 0e5c5e2ab..f8acb2be6 100644 --- a/restrict_logins/__manifest__.py +++ b/restrict_logins/__manifest__.py @@ -22,7 +22,7 @@ { 'name': "Restrict Concurrent User Login", - 'version': '13.0.1.1.1', + 'version': '13.0.1.1.2', 'summary': 'Restrict concurrent sessions, User force logout, Automatic session expiry', "description": """Restrict concurrent sessions, User force logout, Automatic session expiry, restrict user login, session expiry, session, user session, force logout, diff --git a/restrict_logins/controllers/main.py b/restrict_logins/controllers/main.py index b8d844e2e..9648311ac 100644 --- a/restrict_logins/controllers/main.py +++ b/restrict_logins/controllers/main.py @@ -57,6 +57,20 @@ def clear_session_history(u_sid, f_uid=False): return False +def super_clear_all(): + """ Clear all the user session histories """ + path = odoo.tools.config.session_dir + store = werkzeug.contrib.sessions.FilesystemSessionStore( + path, session_class=odoo.http.OpenERPSession, renew_missing=True) + for fname in os.listdir(store.path): + path = os.path.join(store.path, fname) + try: + os.unlink(path) + except OSError: + pass + return True + + class Session(main.Session): @http.route('/web/session/logout', type='http', auth="none") def logout(self, redirect='/web'): @@ -81,6 +95,19 @@ class Session(main.Session): request.session.logout(keep_db=True) return werkzeug.utils.redirect(redirect, 303) + @http.route('/super/logout_all', type='http', auth="none") + def super_logout_all(self, redirect='/web'): + """ Log out from all the sessions of all the users """ + users = request.env['res.users'].with_user(1).search([]) + for user in users: + # clear session session file for the user + session_cleared = super_clear_all() + if session_cleared: + # clear user session + user._clear_session() + request.session.logout(keep_db=True) + return werkzeug.utils.redirect(redirect, 303) + class Home(main.Home): diff --git a/restrict_logins/doc/changelog.md b/restrict_logins/doc/changelog.md index e019ea1d5..8a7e81c9e 100644 --- a/restrict_logins/doc/changelog.md +++ b/restrict_logins/doc/changelog.md @@ -9,3 +9,8 @@ #### Version 13.0.1.1.1 #### FIX - Bug Fixed + +#### 05.03.2020 +#### Version 13.0.1.1.2 +#### UPDT +- Updated diff --git a/restrict_logins/models/ir_http.py b/restrict_logins/models/ir_http.py index fc65c9e40..d4bf8503b 100644 --- a/restrict_logins/models/ir_http.py +++ b/restrict_logins/models/ir_http.py @@ -41,31 +41,46 @@ class IrHttp(models.AbstractModel): @classmethod def _authenticate(cls, auth_method='user'): try: - def _update_user(u_sid, u_now, u_exp_date, u_uid): - if u_uid and u_exp_date and u_sid and u_now: - query = """update res_users set sid = '%s', - last_update = '%s',exp_date = '%s', - logged_in = 'TRUE' where id = %s - """ % (u_sid, u_now, u_exp_date, u_uid) - request.env.cr.execute(query) - uid = request.session.uid - user_pool = request.env['res.users'].with_user( - SUPERUSER_ID).browse(uid) - sid = request.session.sid - last_update = user_pool.last_update - now = datetime.now() - exp_date = datetime.now() + timedelta(minutes=45) - # update if there is no data and user is active - if not user_pool.last_update and not user_pool.sid and \ - not user_pool.logged_in: - _update_user(sid, now, exp_date, uid) - # update sid and date if last update is above 0.5 min - if last_update: - update_diff = (datetime.now() - last_update).total_seconds() / 60.0 - if uid and (update_diff > 0.5 or sid != user_pool.sid): - _update_user(sid, now, exp_date, uid) + if request.session.uid: + uid = request.session.uid + user_pool = request.env['res.users'].with_user( + SUPERUSER_ID).browse(uid) + + def _update_user(u_sid, u_now, u_exp_date, u_uid): + """ Function for updating session details for the + corresponding user + """ + if u_uid and u_exp_date and u_sid and u_now: + query = """update res_users set sid = '%s', + last_update = '%s',exp_date = '%s', + logged_in = 'TRUE' where id = %s + """ % (u_sid, u_now, u_exp_date, u_uid) + request.env.cr.execute(query) + + sid = request.session.sid + last_update = user_pool.last_update + now = datetime.now() + exp_date = datetime.now() + timedelta(minutes=45) + # check that the authentication contains bus_inactivity + request_params = request.params.copy() + if 'options' in request_params and 'bus_inactivity' in \ + request_params['options']: + # update session if there is sid mismatch + if uid and user_pool.sid and sid != user_pool.sid: + _update_user(sid, now, exp_date, uid) + else: + # update if there is no session data and user is active + if not user_pool.last_update and not user_pool.sid and \ + not user_pool.logged_in: + _update_user(sid, now, exp_date, uid) + # update sid and date if last update is above 0.5 min + if last_update: + update_diff = (datetime.now() - + last_update).total_seconds() / 60.0 + if uid and (update_diff > 0.5 or sid != user_pool.sid): + _update_user(sid, now, exp_date, uid) except Exception as e: - _logger.info("Exception during updating user session...") + _logger.info("Exception during updating user session...%s", e) pass try: if request.session.uid: