def check_session_cookie(response): u''' The cookies for auth (auth_tkt) and session (ckan) are separate. This checks whether a user is logged in, and determines the validity of the session cookie, removing it if necessary. ''' for cookie in request.cookies: # Remove the ckan session cookie if logged out. if cookie == u'ckan' and not getattr(g, u'user', None): # Check session for valid data (including flash messages) is_valid_cookie_data = False for key, value in session.items(): if not key.startswith(u'_') and value: is_valid_cookie_data = True break if not is_valid_cookie_data: if session.id: log.debug(u'No valid session data - deleting session') log.debug(u'Session: %r', session.items()) session.delete() else: log.debug(u'No session id - deleting session cookie') response.delete_cookie(cookie) # Remove auth_tkt repoze.who cookie if user not logged in. elif cookie == u'auth_tkt' and not session.id: response.delete_cookie(cookie) return response
def user_logout(context, data_dict): """Perform the user logout. :param email: the user email :type email: string :format email: string :param key: the received token :type key: string :format key: string :returns: success :rtype: string """ user.logout() if session.id: log.debug(u'Deleting Session: %r', session.items()) session.delete() # Clear flask session try: flask.session.clear() except: log.error("flask session could no be deleted") # check if user remains in context if toolkit.c.user: log.warning('user could be still logged in ({0})'.format( toolkit.c.user)) # check if authorization cookie remains for cookie in request.cookies: if cookie == u'auth_tkt': log.warning( "found cookie {0}, user needs to log out from UI".format( cookie)) raise logic.NotAuthorized( "found cookie {0}, user needs to log out from UI".format( cookie)) return "logout successful"
def logged_out(self): """ Accounts came_from. If specified, logs out of ckan only. If not specified, logs out of both ckan and wotkit. """ # we need to get our language info back and the show the correct page lang = session.get('lang') came_from = session.get('logout_came_from') log.debug("came from: " + str(came_from)) c.user = None session.delete() if came_from: # extract came_from and construct new came from before redirecting (next_redirect_url, comma, remaining_came_from) = came_from.partition(',') if remaining_came_from: redirect_url = next_redirect_url + "?came_from=" + remaining_came_from else: redirect_url = next_redirect_url log.debug("redirecting logout to: " + redirect_url) routes.redirect_to(str(redirect_url)) else: # redirect user to logout url url = config_globals.get_logout_success_url() routes.redirect_to(str(url))
def logged_out(self): # we need to get our language info back and the show the correct page lang = session.get('lang') c.user = None session.delete() h.redirect_to(locale=lang, controller='user', action='logged_out_page')