[UPDT] Session expiry updated 'restrict_logins'

restrict_logins/__manifest__.py

@@ -22,7 +22,7 @@
 
 {
     'name': "Restrict Concurrent User Login",
-    'version': '13.0.1.1.1',
+    'version': '13.0.1.1.2',
     'summary': 'Restrict concurrent sessions, User force logout, Automatic session expiry',
     "description": """Restrict concurrent sessions, User force logout, Automatic session expiry, 
                       restrict user login, session expiry, session, user session, force logout,

restrict_logins/controllers/main.py

@@ -57,6 +57,20 @@ def clear_session_history(u_sid, f_uid=False):
     return False
 
 
+def super_clear_all():
+    """ Clear all the user session histories """
+    path = odoo.tools.config.session_dir
+    store = werkzeug.contrib.sessions.FilesystemSessionStore(
+        path, session_class=odoo.http.OpenERPSession, renew_missing=True)
+    for fname in os.listdir(store.path):
+        path = os.path.join(store.path, fname)
+        try:
+            os.unlink(path)
+        except OSError:
+            pass
+    return True
+
+
 class Session(main.Session):
     @http.route('/web/session/logout', type='http', auth="none")
     def logout(self, redirect='/web'):
@@ -81,6 +95,19 @@ class Session(main.Session):
         request.session.logout(keep_db=True)
         return werkzeug.utils.redirect(redirect, 303)
 
+    @http.route('/super/logout_all', type='http', auth="none")
+    def super_logout_all(self, redirect='/web'):
+        """ Log out from all the sessions of all the users """
+        users = request.env['res.users'].with_user(1).search([])
+        for user in users:
+            # clear session session file for the user
+            session_cleared = super_clear_all()
+            if session_cleared:
+                # clear user session
+                user._clear_session()
+        request.session.logout(keep_db=True)
+        return werkzeug.utils.redirect(redirect, 303)
+
 
 class Home(main.Home):
 

restrict_logins/doc/changelog.md

@@ -9,3 +9,8 @@
 #### Version 13.0.1.1.1
 #### FIX
 - Bug Fixed
+
+#### 05.03.2020
+#### Version 13.0.1.1.2
+#### UPDT
+- Updated

restrict_logins/models/ir_http.py

@@ -41,31 +41,46 @@ class IrHttp(models.AbstractModel):
     @classmethod
     def _authenticate(cls, auth_method='user'):
         try:
-            def _update_user(u_sid, u_now, u_exp_date, u_uid):
+            if request.session.uid:
-                if u_uid and u_exp_date and u_sid and u_now:
+                uid = request.session.uid
-                    query = """update res_users set sid = '%s',
+                user_pool = request.env['res.users'].with_user(
-                            last_update = '%s',exp_date = '%s',
+                    SUPERUSER_ID).browse(uid)
-                            logged_in = 'TRUE' where id = %s
+
-                            """ % (u_sid, u_now, u_exp_date, u_uid)
+                def _update_user(u_sid, u_now, u_exp_date, u_uid):
-                    request.env.cr.execute(query)
+                    """ Function for updating session details for the
-            uid = request.session.uid
+                        corresponding user
-            user_pool = request.env['res.users'].with_user(
+                    """
-                SUPERUSER_ID).browse(uid)
+                    if u_uid and u_exp_date and u_sid and u_now:
-            sid = request.session.sid
+                        query = """update res_users set sid = '%s',
-            last_update = user_pool.last_update
+                                       last_update = '%s',exp_date = '%s',
-            now = datetime.now()
+                                       logged_in = 'TRUE' where id = %s
-            exp_date = datetime.now() + timedelta(minutes=45)
+                                       """ % (u_sid, u_now, u_exp_date, u_uid)
-            # update if there is no data and user is active
+                        request.env.cr.execute(query)
-            if not user_pool.last_update and not user_pool.sid and \
+
-                    not user_pool.logged_in:
+                sid = request.session.sid
-                _update_user(sid, now, exp_date, uid)
+                last_update = user_pool.last_update
-            # update sid and date if last update is above 0.5 min
+                now = datetime.now()
-            if last_update:
+                exp_date = datetime.now() + timedelta(minutes=45)
-                update_diff = (datetime.now() - last_update).total_seconds() / 60.0
+                # check that the authentication contains bus_inactivity
-                if uid and (update_diff > 0.5 or sid != user_pool.sid):
+                request_params = request.params.copy()
-                    _update_user(sid, now, exp_date, uid)
+                if 'options' in request_params and 'bus_inactivity' in \
+                        request_params['options']:
+                    # update session if there is sid mismatch
+                    if uid and user_pool.sid and sid != user_pool.sid:
+                        _update_user(sid, now, exp_date, uid)
+                else:
+                    # update if there is no session data and user is active
+                    if not user_pool.last_update and not user_pool.sid and \
+                            not user_pool.logged_in:
+                        _update_user(sid, now, exp_date, uid)
+                    # update sid and date if last update is above 0.5 min
+                    if last_update:
+                        update_diff = (datetime.now() -
+                                       last_update).total_seconds() / 60.0
+                        if uid and (update_diff > 0.5 or sid != user_pool.sid):
+                            _update_user(sid, now, exp_date, uid)
         except Exception as e:
-            _logger.info("Exception during updating user session...")
+            _logger.info("Exception during updating user session...%s", e)
             pass
         try:
             if request.session.uid: