[UPDT] Session expiry updated 'restrict_logins'

5 years ago · 4acab79d07
4 changed files with 72 additions and 25 deletions
--- a/restrict_logins/manifest.py
+++ b/restrict_logins/manifest.py
@ -22,7 +22,7 @@

 {
    'name': "Restrict Concurrent User Login",
-    'version': '13.0.1.1.1',
+    'version': '13.0.1.1.2',
    'summary': 'Restrict concurrent sessions, User force logout, Automatic session expiry',
    "description": """Restrict concurrent sessions, User force logout, Automatic session expiry, 
                      restrict user login, session expiry, session, user session, force logout,
--- a/restrict_logins/controllers/main.py
+++ b/restrict_logins/controllers/main.py
@ -57,6 +57,20 @@ def clear_session_history(u_sid, f_uid=False):
    return False


+def super_clear_all():
+    """ Clear all the user session histories """
+    path = odoo.tools.config.session_dir
+    store = werkzeug.contrib.sessions.FilesystemSessionStore(
+        path, session_class=odoo.http.OpenERPSession, renew_missing=True)
+    for fname in os.listdir(store.path):
+        path = os.path.join(store.path, fname)
+        try:
+            os.unlink(path)
+        except OSError:
+            pass
+    return True
+
+
 class Session(main.Session):
    @http.route('/web/session/logout', type='http', auth="none")
    def logout(self, redirect='/web'):
@ -81,6 +95,19 @@ class Session(main.Session):
        request.session.logout(keep_db=True)
        return werkzeug.utils.redirect(redirect, 303)

+    @http.route('/super/logout_all', type='http', auth="none")
+    def super_logout_all(self, redirect='/web'):
+        """ Log out from all the sessions of all the users """
+        users = request.env['res.users'].with_user(1).search([])
+        for user in users:
+            # clear session session file for the user
+            session_cleared = super_clear_all()
+            if session_cleared:
+                # clear user session
+                user._clear_session()
+        request.session.logout(keep_db=True)
+        return werkzeug.utils.redirect(redirect, 303)
+

 class Home(main.Home):

--- a/restrict_logins/doc/changelog.md
+++ b/restrict_logins/doc/changelog.md
@ -9,3 +9,8 @@
 #### Version 13.0.1.1.1
 #### FIX
 - Bug Fixed
+
+#### 05.03.2020
+#### Version 13.0.1.1.2
+#### UPDT
+- Updated
--- a/restrict_logins/models/ir_http.py
+++ b/restrict_logins/models/ir_http.py
@ -41,31 +41,46 @@ class IrHttp(models.AbstractModel):
    @classmethod
    def _authenticate(cls, auth_method='user'):
        try:
+            if request.session.uid:
+                uid = request.session.uid
+                user_pool = request.env['res.users'].with_user(
+                    SUPERUSER_ID).browse(uid)
+
                def _update_user(u_sid, u_now, u_exp_date, u_uid):
+                    """ Function for updating session details for the
+                        corresponding user
+                    """
                    if u_uid and u_exp_date and u_sid and u_now:
                        query = """update res_users set sid = '%s',
                                       last_update = '%s',exp_date = '%s',
                                       logged_in = 'TRUE' where id = %s
                                       """ % (u_sid, u_now, u_exp_date, u_uid)
                        request.env.cr.execute(query)
-            uid = request.session.uid
-            user_pool = request.env['res.users'].with_user(
-                SUPERUSER_ID).browse(uid)
+
                sid = request.session.sid
                last_update = user_pool.last_update
                now = datetime.now()
                exp_date = datetime.now() + timedelta(minutes=45)
-            # update if there is no data and user is active
+                # check that the authentication contains bus_inactivity
+                request_params = request.params.copy()
+                if 'options' in request_params and 'bus_inactivity' in \
+                        request_params['options']:
+                    # update session if there is sid mismatch
+                    if uid and user_pool.sid and sid != user_pool.sid:
+                        _update_user(sid, now, exp_date, uid)
+                else:
+                    # update if there is no session data and user is active
                    if not user_pool.last_update and not user_pool.sid and \
                            not user_pool.logged_in:
                        _update_user(sid, now, exp_date, uid)
                    # update sid and date if last update is above 0.5 min
                    if last_update:
-                update_diff = (datetime.now() - last_update).total_seconds() / 60.0
+                        update_diff = (datetime.now() -
+                                       last_update).total_seconds() / 60.0
                        if uid and (update_diff > 0.5 or sid != user_pool.sid):
                            _update_user(sid, now, exp_date, uid)
        except Exception as e:
-            _logger.info("Exception during updating user session...")
+            _logger.info("Exception during updating user session...%s", e)
            pass
        try:
            if request.session.uid: