def logout_on_server(request): user = getattr(request, 'user', None) from django.contrib.auth.signals import user_logged_out if hasattr(user, 'is_authenticated') and not user.is_authenticated(): user = None user_logged_out.send(sender=user.__class__, request=request, user=user) request.session.flush() if hasattr(request, 'user'): from django.contrib.auth.models import AnonymousUser request.user = AnonymousUser()
def render_to_response(self, context, *args, **kwargs): User = get_user_model() user = self.request.user logout(self.request) user_logged_out.send(sender=User, request=self.request, user=user) messages.add_message(self.request, messages.SUCCESS, "Logged Out") return HttpResponseRedirect(settings.LOGIN_URL)
def get(self, request, *args, **kwargs): request._auth.delete() user_logged_out.send(sender=request.user.__class__, request=request, user=request.user) return Response({'message': '로그아웃 완료'}, status=status.HTTP_202_ACCEPTED)
def mutate_and_get_payload(cls, input, context, info): token = get_token(context) if not token: return Logout(status='ok') form = BlacklistJWTTokenForm({'token': token}) if not form.is_valid(): return Logout(status='Ok') payload = form.cleaned_data.get('payload') user = form.cleaned_data.get('user') user_logged_out.send(sender=user.__class__, request=context, user=user) if jwt_using_blacklist: blacklist = jwt_blacklist_get_handler(payload) if blacklist is None: jwt_blacklist_set_handler(payload) if jwt_using_long_running_token and jwt_delete_long_running_token_when_logout: long_running_token = jwt_long_running_token_get_handler(user) if long_running_token is not None: long_running_token.delete() return Logout(status='Ok')
def delete(self, request, *args, **kwargs): """ @apiVersion 1.0.0 @api {DELETE} /auth Login @apiName Logout @apiGroup Auth @apiPermission Authenticated @apiSuccessExample {json} Success-Response: HTTP/1.1 200 OK { "status": 200, "success": true, "errors: [], "data": {} } """ try: token_key = get_token_from_header(request) token = Token.objects.get(key=token_key) user = token.user token.delete() user_logged_out.send(sender=user.__class__, request=request, user=user) except Exception: raise exceptions.AuthenticationFailed(_('Invalid Token')) return Response()
def post(self, request, format=None): authtoken = IsScoped.get_auth_token(request) request.user.auth_token_set.filter(~Q(id=authtoken.id)).delete() user_logged_out.send(sender=request.user.__class__, request=request, user=request.user) return Response(None, status=status.HTTP_204_NO_CONTENT)
def logout(request, lang='ru'): """ Removes the authenticated user's ID from the request and flushes their session data. """ # Dispatch the signal before the user is logged out so the receivers have a # chance to find out *who* logged out. user = getattr(request, 'user', None) if hasattr(user, 'is_authenticated') and not user.is_authenticated: user = None user_logged_out.send(sender=user.__class__, request=request, user=user) if hasattr(request, 'user'): request.user = AnonymousUser() # orders = Order.objects.filter(user=user) # if orders: # from django.contrib.sessions.backends.db import SessionStore # session = SessionStore() # session.save() # request.session = session # else: request.session.flush() if request.is_ajax(): return JsonResponse({'result': 1}) else: return redirect(request.META['HTTP_REFERER'])
def post(self, request, format=None): request._auth.delete() user_logged_out.send(sender=request.user.__class__, request=request, user=request.user) body = {"message": "logout successful"} return Response(body, status=status.HTTP_200_OK)
def logout(request): """ Set current token to inactive. """ # Dispatch the signal before the user is logged out so the receivers have a # chance to find out *who* logged out. user = getattr(request, 'user', None) if hasattr(user, 'is_authenticated') and not user.is_authenticated: user = None user_logged_out.send(sender=user.__class__, request=request, user=user) if hasattr(request, 'token') and request.token.is_active: if request.token.active_takeover: active_takeover = request.token.active_takeover active_takeover.is_active = False active_takeover.save() if hasattr(request, 'user'): request.user = request.token.user else: token = request.token token.is_active = False token.save() if hasattr(request, 'user'): request.user = AnonymousUser()
def logout(request): """ Removes the authenticated user's ID from the request and flushes their session data. """ # Dispatch the signal before the user is logged out so the receivers have a # chance to find out *who* logged out. user = getattr(request, 'user', None) if hasattr(user, 'is_authenticated') and not user.is_authenticated(): user = None user_logged_out.send(sender=user.__class__, request=request, user=user) # remember language choice saved to session # for backwards compatibility django_language is also checked (remove in 1.8) language = request.session.get(LANGUAGE_SESSION_KEY, request.session.get('django_language')) request.session.flush() if language is not None: request.session[LANGUAGE_SESSION_KEY] = language if hasattr(request, 'user'): from django.contrib.auth.models import AnonymousUser request.user = AnonymousUser() return render(request, 'return_merchandise_authorizations/index.html', {'rmas': Rma.objects.all().order_by('-date')}, context_instance=RequestContext(request))
def destroy(self, request, *args, **kwargs): self.perform_destroy(self.request._auth) user_logged_out.send(sender=request.user.__class__, request=request, user=request.user) return Response(status=status.HTTP_204_NO_CONTENT)
def post(self, request, format=None): request._auth.delete() user_logged_out.send(sender=request.user.__class__, request=request, user=request.user) logout(request) return Response(None, status=status.HTTP_204_NO_CONTENT)
def mutate(self, info, refresh_token=None, **kwargs): if refresh_token: refresh_token = get_refresh_token(refresh_token) refresh_token.revoke() user_logged_out.send(sender=self.__class__, request=info.context, user=info.context.user) return LogoutMutation(success=True)
def post(self, request, format=None): request._auth.delete() user_logged_out.send(sender=request.user.__class__, request=request, user=request.user) if getattr(settings, "REST_SESSION_LOGIN", True): django_logout(request) return Response(None, status=status.HTTP_204_NO_CONTENT)
def post(self, request, format=None): """ User logout resource. """ print('LOGGING:') print(request) request._auth.delete() user_logged_out.send(sender=request.user.__class__, request=request, user=request.user) return Response(None, status=status.HTTP_204_NO_CONTENT)
def post(self, request, format=None): request._auth.delete() user_logged_out.send(sender=request.user.__class__, request=request, user=request.user) return Response({ 'request_status': 1, 'msg': "Logout Success..." }, status=status.HTTP_200_OK)
def post(self, request, format=None): request._auth.delete() user_logged_out.send(sender=request.user.__class__, request=request, user=request.user) return Response( {'data': { 'message': 'User has logged out successfully!' }}, status=status.HTTP_200_OK)
def post(self, request, format=None): request.user.auth_token_set.all().delete() user_logged_out.send(sender=request.user.__class__, request=request, user=request.user) return Response( { 'request_status': 1, 'msg': "Logout from all device Success..." }, status=status.HTTP_200_OK)
def post(self, request, *args, **kwargs): request._auth.delete() user_logged_out.send(sender=request.user.__class__, request=request, user=request.user) return Response( { "detail": "You have been logged out successfully!", "authenticated": False }, status=status.HTTP_200_OK)
def do_logout(self): """Logout a user.""" # silent unsubscription (sans sub/nosub msg) from LoggedInUser pub API.do_unsub(this.user_sub_id, silent=True) del this.user_sub_id self.update_subs(None) user_logged_out.send( sender=self.user_model, request=this.request, user=this.user, ) this.user_id = None this.user_ddp_id = None
def test_logout_signal_cleared_authed_time(self): user = UserFactory() request = HttpRequest() request.session = { authaction_constants.SESSION_LAST_AUTH: True, } user_logged_out.send(sender=user.__class__, request=request, user=user) self.assertNotIn(authaction_constants.SESSION_LAST_AUTH, request.session)
def post(self, request, format=None): request._auth.delete() user_logged_out.send(sender=request.user.__class__, request=request, user=request.user) response = Response(None, status=status.HTTP_204_NO_CONTENT) response.delete_cookie('auth_token', path='/', domain="tranquanghuy.me") # response.delete_cookie('auth_token', path='/', domain=None) return response
def logout(request): user = getattr(request, 'user', None) if hasattr(user, 'is_authenticated') and not user.is_authenticated: user = None user_logged_out.send(sender=user.__class__, request=request, user=user) try: del request.session[get_session_key(request)] except KeyError: pass if hasattr(request, 'user'): request.user = AnonymousUser()
def logout(request): template_name='admin_profile/admin_login.html' username = request.user success_msg = '%s, You have successfully logged out.'%username messages.add_message(request, messages.SUCCESS, success_msg) user = getattr(request, 'user', None) if hasattr(user, 'is_authenticated') and not user.is_authenticated(): user = None user_logged_out.send(sender=user.__class__, request=request, user=user) request.session.flush() if hasattr(request, 'user'): from django.contrib.auth.models import AnonymousUser request.user = AnonymousUser() return HttpResponseRedirect( reverse("admin_login"),)
def test_remove_jwt_after_logout(self): user = self.user request = self.request jwt = make_login_token(user) token = jwt.token request.session['JWT'] = token user_logged_out.send(sender=user.__class__, request=request, user=user) with self.assertRaises(JWT.DoesNotExist): JWT.objects.get_model_from_token(token) self.assertNotIn('JWT', request.session)
def logout(request): """ Removes the authenticated user's ID from the request and flushes their session data. """ # Dispatch the signal before the user is logged out so the receivers have a # chance to find out *who* logged out. user = getattr(request, 'user', None) if hasattr(user, 'is_authenticated') and not user.is_authenticated(): user = None user_logged_out.send(sender=user.__class__, request=request, user=user) request.session.flush() if hasattr(request, 'user'): request.user = AnonymousUser()
def logout(request): if request.user.is_active: session_key = request.session.session_key user = getattr(request, 'user', None) if not getattr(user, 'is_authenticated', True): user = None user_logged_out.send(sender=user.__class__, request=request, user=user) ActivityPeriod.objects.filter(session_id=session_key).update( expire_time=datetime.now()) request.session.set_expiry(-1) if hasattr(request, 'user'): from django.contrib.auth.models import AnonymousUser request.user = AnonymousUser() return redirect("/")
def logout(request): """ Removes the authenticated user's ID from the request, flushes their session data, and rotates the CSRF token. """ # This function was lifted almost verbatim from Django's implementation of logout() user = getattr(request, 'user', None) if hasattr(user, 'is_authenticated') and not user.is_authenticated(): user = None # Dispatch the signal before the user is logged out so the receivers have a chance to find out *who* logged out. user_logged_out.send(sender=user.__class__, request=request, user=user) request.session.flush() if hasattr(request, 'user'): request.user = AnonymousUser() csrf.rotate_token(request)
def test_logout_signal_trigger_django_messages(self, messages_mocked): # Setup org, admin, user and log the user org = setup_org() setup_admin(org) user = setup_user(org) setup_authenticated_session(self.client, org, user) message_to_display_on_login_page = "bingo!" messages_mocked.return_value = message_to_display_on_login_page mocked_request = Mock() mocked_request.GET = {} mocked_request.axes_attempt_time = datetime.now() user_logged_out.send(self.__class__, request=mocked_request, user=user) messages_mocked.assert_called_once()
def logout(request): """ Removes the authenticated user's ID from the request and flushes their session data. """ # Dispatch the signal before the user is logged out so the receivers have a # chance to find out *who* logged out. user = getattr(request, 'user', None) if hasattr(user, 'is_authenticated') and not user.is_authenticated(): user = None user_logged_out.send(sender=user.__class__, request=request, user=user) request.session.flush() if hasattr(request, 'user'): from django.contrib.auth.models import AnonymousUser request.user = AnonymousUser()
def custom_exception_handler(exc, context): # Call the default exception handler first, to get the standard error response. response = exception_handler(exc, context) # Add the error code to the response. if isinstance(exc, APIException): response.data['error_code'] = exc.get_codes() # If the user was throttled, they could be attempting a DOS attack. Let's log them out! :] if isinstance(exc, Throttled): request = context['view'].request if request.user.is_authenticated and request.auth: request.auth.delete() user_logged_out.send(sender=request.user.__class__, request=request, user=request.user) response.data['detail'] = "Request was throttled." return response
def logout(request): """ Set current token to inactive. """ # Dispatch the signal before the user is logged out so the receivers have a # chance to find out *who* logged out. user = getattr(request, 'user', None) if hasattr(user, 'is_authenticated') and not user.is_authenticated(): user = None user_logged_out.send(sender=user.__class__, request=request, user=user) if hasattr(request, 'user'): request.user = AnonymousUser() if hasattr(request, 'token') and request.token.is_active: token = request.token token.is_active = False token.save()
def post(self, request, format=None): print(request) request._auth.delete() user_logged_out.send(sender=request.user.__class__, request=request, user=request.user) # ip = get_client_ip(request) # geo_data = get_ip_location(ip) profile_user = request.user first_name = profile_user.profile.firstname # tenant_query_owner = Tenant.objects.filter( # org_admin=tenant_user # ) # tenant_query_user = TenantUserMapping.objects.filter( # user=tenant_user # ) # if tenant_query_owner: # tenant = tenant_query_owner.get() # elif tenant_query_user: # tenant = tenant_query_user.get().tenant # AuditTable.objects.create( # tenant=tenant, # username=tenant_user, # timestamp=datetime.now(), # ip_address=ip, # continent_code=geo_data[ # 'continent_code' # ] if 'continent_code' in geo_data else None, # continent_name=geo_data['continent_name'], # country_code=geo_data['country_code'], # country_name=geo_data['country_name'], # region_code=geo_data['region_code'], # region_name=geo_data['region_name'], # city=geo_data['city'], # country_flag=geo_data['location']['country_flag'], # country_flag_emoji=geo_data[ # 'location']['country_flag_emoji'], # action=request.user.name + ' Logout' # ) return Response( { 'request_status': 1, 'msg': f'Thank You {first_name}, You Have Been Successfully Logged Out' }, status=status.HTTP_200_OK)
def get_cover_user(request): """ Determines the correct user object corresponding to the current coversession. Returns - a CoverMember object if the user is a known user - an UnknownCoverMember object if the user is a logged in Covermember who is unkown to the system - an AnonymousUser object if there is no active Cover session """ cookie_name = getattr(settings, 'COVER_COOKIE', 'cover_session_id') session_id = request.COOKIES.get(cookie_name, 0) cover_api = CoverAPI(settings.COVER_API_URL, settings.COVER_API_APP, settings.COVER_API_SECRET) try: session = cover_api.get_session(session_id) except APIError: # No active Cover session (or something else is wrong with the website) return AnonymousUser() # Get user object (CoverMember or AnonymousUser) for the current Django session user = get_user(request) if user.get_username() != session.user['id']: # Current Django session user and the current Cover session don't match, logout the Django session user_logged_out.send(sender=user.__class__, request=request, user=user) request.session.flush() user = AnonymousUser() if isinstance(user, AnonymousUser): # No active Django session, try to authenticate the Cover user user = authenticate(request, session=session) if not user: user = UnknownCoverMember(session) elif user.is_active: # Initiate Django session login(request, user) return user or AnonymousUser()
def logout(request): """ Removes the authenticated user's ID from the request and flushes their session data. """ # Dispatch the signal before the user is logged out so the receivers have a # chance to find out *who* logged out. user = getattr(request, "user", None) if hasattr(user, "is_authenticated") and not user.is_authenticated(): user = None user_logged_out.send(sender=user.__class__, request=request, user=user) # remember language choice saved to session language = request.session.get(LANGUAGE_SESSION_KEY) request.session.flush() if language is not None: request.session[LANGUAGE_SESSION_KEY] = language if hasattr(request, "user"): request.user = MojAnonymousUser()
def logout(request): """ Removes the authenticated user's ID from the request and flushes their session data. """ # Dispatch the signal before the user is logged out so the receivers have a # chance to find out *who* logged out. user = getattr(request, 'user', None) if hasattr(user, 'is_authenticated') and not user.is_authenticated: user = None user_logged_out.send(sender=user.__class__, request=request, user=user) # remember language choice saved to session language = request.session.get(LANGUAGE_SESSION_KEY) request.session.flush() if language is not None: request.session[LANGUAGE_SESSION_KEY] = language if hasattr(request, 'user'): request.user = MojAnonymousUser()
def dispatch(self, request, *args, **kwargs): user = request.user if not user.is_authenticated: user = None user_logged_out.send(sender=user.__class__, request=request, user=user) # remember language choice saved to session language = request.session.get(LANGUAGE_SESSION_KEY) theme = utils.get_session_data(request, constants.SessionKeys.THEME) request.session.flush() if theme: utils.update_session_data( request, constants.SessionKeys.THEME, theme) if language: request.session[LANGUAGE_SESSION_KEY] = language request.user = AnonymousUser() next_page = self.get_next_page() if next_page: # Redirect to this page until the session has been cleared. return HttpResponseRedirect(next_page) return super(LogoutView, self).dispatch(request, *args, **kwargs)
def post(self, request, format=None): request.user.auth_token_set.all().delete() user_logged_out.send(sender=request.user.__class__, request=request, user=request.user) return Response(None, status=status.HTTP_204_NO_CONTENT)