def logout_on_server(request):
user = getattr(request, 'user', None)
from django.contrib.auth.signals import user_logged_out
if hasattr(user, 'is_authenticated') and not user.is_authenticated():
user = None
user_logged_out.send(sender=user.__class__, request=request, user=user)
request.session.flush()
if hasattr(request, 'user'):
from django.contrib.auth.models import AnonymousUser
request.user = AnonymousUser()
def render_to_response(self, context, *args, **kwargs):
User = get_user_model()
user = self.request.user
logout(self.request)
user_logged_out.send(sender=User, request=self.request, user=user)
messages.add_message(self.request, messages.SUCCESS, "Logged Out")
return HttpResponseRedirect(settings.LOGIN_URL)
def get(self, request, *args, **kwargs):
request._auth.delete()
user_logged_out.send(sender=request.user.__class__,
request=request,
user=request.user)
return Response({'message': '로그아웃 완료'},
status=status.HTTP_202_ACCEPTED)
def mutate_and_get_payload(cls, input, context, info):
token = get_token(context)
if not token:
return Logout(status='ok')
form = BlacklistJWTTokenForm({'token': token})
if not form.is_valid():
return Logout(status='Ok')
payload = form.cleaned_data.get('payload')
user = form.cleaned_data.get('user')
user_logged_out.send(sender=user.__class__, request=context, user=user)
if jwt_using_blacklist:
blacklist = jwt_blacklist_get_handler(payload)
if blacklist is None:
jwt_blacklist_set_handler(payload)
if jwt_using_long_running_token and jwt_delete_long_running_token_when_logout:
long_running_token = jwt_long_running_token_get_handler(user)
if long_running_token is not None:
long_running_token.delete()
return Logout(status='Ok')
def delete(self, request, *args, **kwargs):
"""
@apiVersion 1.0.0
@api {DELETE} /auth Login
@apiName Logout
@apiGroup Auth
@apiPermission Authenticated
@apiSuccessExample {json} Success-Response:
HTTP/1.1 200 OK
{
"status": 200,
"success": true,
"errors: [],
"data": {}
}
"""
try:
token_key = get_token_from_header(request)
token = Token.objects.get(key=token_key)
user = token.user
token.delete()
user_logged_out.send(sender=user.__class__,
request=request,
user=user)
except Exception:
raise exceptions.AuthenticationFailed(_('Invalid Token'))
return Response()
def post(self, request, format=None):
authtoken = IsScoped.get_auth_token(request)
request.user.auth_token_set.filter(~Q(id=authtoken.id)).delete()
user_logged_out.send(sender=request.user.__class__,
request=request,
user=request.user)
return Response(None, status=status.HTTP_204_NO_CONTENT)
def logout(request, lang='ru'):
"""
Removes the authenticated user's ID from the request and flushes their
session data.
"""
# Dispatch the signal before the user is logged out so the receivers have a
# chance to find out *who* logged out.
user = getattr(request, 'user', None)
if hasattr(user, 'is_authenticated') and not user.is_authenticated:
user = None
user_logged_out.send(sender=user.__class__, request=request, user=user)
if hasattr(request, 'user'):
request.user = AnonymousUser()
# orders = Order.objects.filter(user=user)
# if orders:
# from django.contrib.sessions.backends.db import SessionStore
# session = SessionStore()
# session.save()
# request.session = session
# else:
request.session.flush()
if request.is_ajax():
return JsonResponse({'result': 1})
else:
return redirect(request.META['HTTP_REFERER'])
def post(self, request, format=None):
request._auth.delete()
user_logged_out.send(sender=request.user.__class__,
request=request,
user=request.user)
body = {"message": "logout successful"}
return Response(body, status=status.HTTP_200_OK)
def logout(request):
"""
Set current token to inactive.
"""
# Dispatch the signal before the user is logged out so the receivers have a
# chance to find out *who* logged out.
user = getattr(request, 'user', None)
if hasattr(user, 'is_authenticated') and not user.is_authenticated:
user = None
user_logged_out.send(sender=user.__class__, request=request, user=user)
if hasattr(request, 'token') and request.token.is_active:
if request.token.active_takeover:
active_takeover = request.token.active_takeover
active_takeover.is_active = False
active_takeover.save()
if hasattr(request, 'user'):
request.user = request.token.user
else:
token = request.token
token.is_active = False
token.save()
if hasattr(request, 'user'):
request.user = AnonymousUser()
def logout(request):
"""
Removes the authenticated user's ID from the request and flushes their
session data.
"""
# Dispatch the signal before the user is logged out so the receivers have a
# chance to find out *who* logged out.
user = getattr(request, 'user', None)
if hasattr(user, 'is_authenticated') and not user.is_authenticated():
user = None
user_logged_out.send(sender=user.__class__, request=request, user=user)
# remember language choice saved to session
# for backwards compatibility django_language is also checked (remove in 1.8)
language = request.session.get(LANGUAGE_SESSION_KEY,
request.session.get('django_language'))
request.session.flush()
if language is not None:
request.session[LANGUAGE_SESSION_KEY] = language
if hasattr(request, 'user'):
from django.contrib.auth.models import AnonymousUser
request.user = AnonymousUser()
return render(request,
'return_merchandise_authorizations/index.html',
{'rmas': Rma.objects.all().order_by('-date')},
context_instance=RequestContext(request))
def destroy(self, request, *args, **kwargs):
self.perform_destroy(self.request._auth)
user_logged_out.send(sender=request.user.__class__,
request=request,
user=request.user)
return Response(status=status.HTTP_204_NO_CONTENT)
def post(self, request, format=None):
request._auth.delete()
user_logged_out.send(sender=request.user.__class__,
request=request,
user=request.user)
logout(request)
return Response(None, status=status.HTTP_204_NO_CONTENT)
def mutate(self, info, refresh_token=None, **kwargs):
if refresh_token:
refresh_token = get_refresh_token(refresh_token)
refresh_token.revoke()
user_logged_out.send(sender=self.__class__,
request=info.context,
user=info.context.user)
return LogoutMutation(success=True)
def post(self, request, format=None):
request._auth.delete()
user_logged_out.send(sender=request.user.__class__,
request=request,
user=request.user)
if getattr(settings, "REST_SESSION_LOGIN", True):
django_logout(request)
return Response(None, status=status.HTTP_204_NO_CONTENT)
def post(self, request, format=None):
"""
User logout resource.
"""
print('LOGGING:')
print(request)
request._auth.delete()
user_logged_out.send(sender=request.user.__class__, request=request, user=request.user)
return Response(None, status=status.HTTP_204_NO_CONTENT)
def post(self, request, format=None):
request._auth.delete()
user_logged_out.send(sender=request.user.__class__,
request=request,
user=request.user)
return Response({
'request_status': 1,
'msg': "Logout Success..."
},
status=status.HTTP_200_OK)
def post(self, request, format=None):
request._auth.delete()
user_logged_out.send(sender=request.user.__class__,
request=request,
user=request.user)
return Response(
{'data': {
'message': 'User has logged out successfully!'
}},
status=status.HTTP_200_OK)
def post(self, request, format=None):
request.user.auth_token_set.all().delete()
user_logged_out.send(sender=request.user.__class__,
request=request, user=request.user)
return Response(
{
'request_status': 1,
'msg': "Logout from all device Success..."
},
status=status.HTTP_200_OK)
def post(self, request, *args, **kwargs):
request._auth.delete()
user_logged_out.send(sender=request.user.__class__,
request=request,
user=request.user)
return Response(
{
"detail": "You have been logged out successfully!",
"authenticated": False
},
status=status.HTTP_200_OK)
def do_logout(self):
"""Logout a user."""
# silent unsubscription (sans sub/nosub msg) from LoggedInUser pub
API.do_unsub(this.user_sub_id, silent=True)
del this.user_sub_id
self.update_subs(None)
user_logged_out.send(
sender=self.user_model, request=this.request, user=this.user,
)
this.user_id = None
this.user_ddp_id = None
def test_logout_signal_cleared_authed_time(self):
user = UserFactory()
request = HttpRequest()
request.session = {
authaction_constants.SESSION_LAST_AUTH: True,
}
user_logged_out.send(sender=user.__class__, request=request, user=user)
self.assertNotIn(authaction_constants.SESSION_LAST_AUTH, request.session)
def post(self, request, format=None):
request._auth.delete()
user_logged_out.send(sender=request.user.__class__,
request=request,
user=request.user)
response = Response(None, status=status.HTTP_204_NO_CONTENT)
response.delete_cookie('auth_token',
path='/',
domain="tranquanghuy.me")
# response.delete_cookie('auth_token', path='/', domain=None)
return response
def logout(request):
user = getattr(request, 'user', None)
if hasattr(user, 'is_authenticated') and not user.is_authenticated:
user = None
user_logged_out.send(sender=user.__class__, request=request, user=user)
try:
del request.session[get_session_key(request)]
except KeyError:
pass
if hasattr(request, 'user'):
request.user = AnonymousUser()
def logout_on_server(request):
user = getattr(request, 'user', None)
from django.contrib.auth.signals import user_logged_out
if hasattr(user, 'is_authenticated') and not user.is_authenticated():
user = None
user_logged_out.send(sender=user.__class__, request=request, user=user)
request.session.flush()
if hasattr(request, 'user'):
from django.contrib.auth.models import AnonymousUser
request.user = AnonymousUser()
def logout(request):
template_name='admin_profile/admin_login.html'
username = request.user
success_msg = '%s, You have successfully logged out.'%username
messages.add_message(request, messages.SUCCESS, success_msg)
user = getattr(request, 'user', None)
if hasattr(user, 'is_authenticated') and not user.is_authenticated():
user = None
user_logged_out.send(sender=user.__class__, request=request, user=user)
request.session.flush()
if hasattr(request, 'user'):
from django.contrib.auth.models import AnonymousUser
request.user = AnonymousUser()
return HttpResponseRedirect( reverse("admin_login"),)
def test_remove_jwt_after_logout(self):
user = self.user
request = self.request
jwt = make_login_token(user)
token = jwt.token
request.session['JWT'] = token
user_logged_out.send(sender=user.__class__, request=request, user=user)
with self.assertRaises(JWT.DoesNotExist):
JWT.objects.get_model_from_token(token)
self.assertNotIn('JWT', request.session)
def logout(request):
"""
Removes the authenticated user's ID from the request and flushes their
session data.
"""
# Dispatch the signal before the user is logged out so the receivers have a
# chance to find out *who* logged out.
user = getattr(request, 'user', None)
if hasattr(user, 'is_authenticated') and not user.is_authenticated():
user = None
user_logged_out.send(sender=user.__class__, request=request, user=user)
request.session.flush()
if hasattr(request, 'user'):
request.user = AnonymousUser()
def logout(request):
if request.user.is_active:
session_key = request.session.session_key
user = getattr(request, 'user', None)
if not getattr(user, 'is_authenticated', True):
user = None
user_logged_out.send(sender=user.__class__, request=request, user=user)
ActivityPeriod.objects.filter(session_id=session_key).update(
expire_time=datetime.now())
request.session.set_expiry(-1)
if hasattr(request, 'user'):
from django.contrib.auth.models import AnonymousUser
request.user = AnonymousUser()
return redirect("/")
def logout(request):
"""
Removes the authenticated user's ID from the request, flushes their
session data, and rotates the CSRF token.
"""
# This function was lifted almost verbatim from Django's implementation of logout()
user = getattr(request, 'user', None)
if hasattr(user, 'is_authenticated') and not user.is_authenticated():
user = None
# Dispatch the signal before the user is logged out so the receivers have a chance to find out *who* logged out.
user_logged_out.send(sender=user.__class__, request=request, user=user)
request.session.flush()
if hasattr(request, 'user'):
request.user = AnonymousUser()
csrf.rotate_token(request)
def test_logout_signal_trigger_django_messages(self, messages_mocked):
# Setup org, admin, user and log the user
org = setup_org()
setup_admin(org)
user = setup_user(org)
setup_authenticated_session(self.client, org, user)
message_to_display_on_login_page = "bingo!"
messages_mocked.return_value = message_to_display_on_login_page
mocked_request = Mock()
mocked_request.GET = {}
mocked_request.axes_attempt_time = datetime.now()
user_logged_out.send(self.__class__, request=mocked_request, user=user)
messages_mocked.assert_called_once()
def logout(request):
"""
Removes the authenticated user's ID from the request and flushes their
session data.
"""
# Dispatch the signal before the user is logged out so the receivers have a
# chance to find out *who* logged out.
user = getattr(request, 'user', None)
if hasattr(user, 'is_authenticated') and not user.is_authenticated():
user = None
user_logged_out.send(sender=user.__class__, request=request, user=user)
request.session.flush()
if hasattr(request, 'user'):
from django.contrib.auth.models import AnonymousUser
request.user = AnonymousUser()
def custom_exception_handler(exc, context):
# Call the default exception handler first, to get the standard error response.
response = exception_handler(exc, context)
# Add the error code to the response.
if isinstance(exc, APIException):
response.data['error_code'] = exc.get_codes()
# If the user was throttled, they could be attempting a DOS attack. Let's log them out! :]
if isinstance(exc, Throttled):
request = context['view'].request
if request.user.is_authenticated and request.auth:
request.auth.delete()
user_logged_out.send(sender=request.user.__class__, request=request, user=request.user)
response.data['detail'] = "Request was throttled."
return response
def logout(request):
"""
Set current token to inactive.
"""
# Dispatch the signal before the user is logged out so the receivers have a
# chance to find out *who* logged out.
user = getattr(request, 'user', None)
if hasattr(user, 'is_authenticated') and not user.is_authenticated():
user = None
user_logged_out.send(sender=user.__class__, request=request, user=user)
if hasattr(request, 'user'):
request.user = AnonymousUser()
if hasattr(request, 'token') and request.token.is_active:
token = request.token
token.is_active = False
token.save()
def post(self, request, format=None):
print(request)
request._auth.delete()
user_logged_out.send(sender=request.user.__class__,
request=request, user=request.user)
# ip = get_client_ip(request)
# geo_data = get_ip_location(ip)
profile_user = request.user
first_name = profile_user.profile.firstname
# tenant_query_owner = Tenant.objects.filter(
# org_admin=tenant_user
# )
# tenant_query_user = TenantUserMapping.objects.filter(
# user=tenant_user
# )
# if tenant_query_owner:
# tenant = tenant_query_owner.get()
# elif tenant_query_user:
# tenant = tenant_query_user.get().tenant
# AuditTable.objects.create(
# tenant=tenant,
# username=tenant_user,
# timestamp=datetime.now(),
# ip_address=ip,
# continent_code=geo_data[
# 'continent_code'
# ] if 'continent_code' in geo_data else None,
# continent_name=geo_data['continent_name'],
# country_code=geo_data['country_code'],
# country_name=geo_data['country_name'],
# region_code=geo_data['region_code'],
# region_name=geo_data['region_name'],
# city=geo_data['city'],
# country_flag=geo_data['location']['country_flag'],
# country_flag_emoji=geo_data[
# 'location']['country_flag_emoji'],
# action=request.user.name + ' Logout'
# )
return Response(
{
'request_status': 1,
'msg': f'Thank You {first_name}, You Have Been Successfully Logged Out'
},
status=status.HTTP_200_OK)
def get_cover_user(request):
"""
Determines the correct user object corresponding to the current coversession.
Returns
- a CoverMember object if the user is a known user
- an UnknownCoverMember object if the user is a logged in Covermember who is unkown to the system
- an AnonymousUser object if there is no active Cover session
"""
cookie_name = getattr(settings, 'COVER_COOKIE', 'cover_session_id')
session_id = request.COOKIES.get(cookie_name, 0)
cover_api = CoverAPI(settings.COVER_API_URL, settings.COVER_API_APP,
settings.COVER_API_SECRET)
try:
session = cover_api.get_session(session_id)
except APIError:
# No active Cover session (or something else is wrong with the website)
return AnonymousUser()
# Get user object (CoverMember or AnonymousUser) for the current Django session
user = get_user(request)
if user.get_username() != session.user['id']:
# Current Django session user and the current Cover session don't match, logout the Django session
user_logged_out.send(sender=user.__class__, request=request, user=user)
request.session.flush()
user = AnonymousUser()
if isinstance(user, AnonymousUser):
# No active Django session, try to authenticate the Cover user
user = authenticate(request, session=session)
if not user:
user = UnknownCoverMember(session)
elif user.is_active:
# Initiate Django session
login(request, user)
return user or AnonymousUser()
def logout(request):
"""
Removes the authenticated user's ID from the request and flushes their
session data.
"""
# Dispatch the signal before the user is logged out so the receivers have a
# chance to find out *who* logged out.
user = getattr(request, "user", None)
if hasattr(user, "is_authenticated") and not user.is_authenticated():
user = None
user_logged_out.send(sender=user.__class__, request=request, user=user)
# remember language choice saved to session
language = request.session.get(LANGUAGE_SESSION_KEY)
request.session.flush()
if language is not None:
request.session[LANGUAGE_SESSION_KEY] = language
if hasattr(request, "user"):
request.user = MojAnonymousUser()
def logout(request):
"""
Removes the authenticated user's ID from the request and flushes their
session data.
"""
# Dispatch the signal before the user is logged out so the receivers have a
# chance to find out *who* logged out.
user = getattr(request, 'user', None)
if hasattr(user, 'is_authenticated') and not user.is_authenticated:
user = None
user_logged_out.send(sender=user.__class__, request=request, user=user)
# remember language choice saved to session
language = request.session.get(LANGUAGE_SESSION_KEY)
request.session.flush()
if language is not None:
request.session[LANGUAGE_SESSION_KEY] = language
if hasattr(request, 'user'):
request.user = MojAnonymousUser()
def dispatch(self, request, *args, **kwargs):
user = request.user
if not user.is_authenticated:
user = None
user_logged_out.send(sender=user.__class__, request=request, user=user)
# remember language choice saved to session
language = request.session.get(LANGUAGE_SESSION_KEY)
theme = utils.get_session_data(request, constants.SessionKeys.THEME)
request.session.flush()
if theme:
utils.update_session_data(
request, constants.SessionKeys.THEME, theme)
if language:
request.session[LANGUAGE_SESSION_KEY] = language
request.user = AnonymousUser()
next_page = self.get_next_page()
if next_page:
# Redirect to this page until the session has been cleared.
return HttpResponseRedirect(next_page)
return super(LogoutView, self).dispatch(request, *args, **kwargs)
def post(self, request, format=None):
request.user.auth_token_set.all().delete()
user_logged_out.send(sender=request.user.__class__, request=request, user=request.user)
return Response(None, status=status.HTTP_204_NO_CONTENT)
