def onUserLogsOut(event):
request = getRequest()
if request is None:
return
site = api.portal.get()
user = api.user.get_current()
try:
session_manager = SessionManager(site, request, user)
resp = request.response
resp.expireCookie(session_manager.cookie_name)
session_manager.delete()
except:
pass
def __call__(self):
if self.request.REQUEST_METHOD == 'POST' and self.request.form.get(
'id'):
session_id = self.request.form.get('id')
user_id = self.request.form.get('userid')
user = api.user.get(user_id)
sm = SessionManager(self.context, self.request, user)
sm.session_id = session_id
sm.expire()
self.sessions = get_active_sessions()
return super(SessionsView, self).__call__()
def __call__(self):
alsoProvides(self.request, IBlocksTransformEnabled)
self.site = api.portal.get()
if (self.request.REQUEST_METHOD == 'POST'
and self.request.form.get('removesession') == 'yes'):
session_id = self.request.form.get('id')
user = api.user.get_current()
sm = SessionManager(api.portal.get(), self.request, user)
sm.session_id = session_id
sm.expire()
self._user_cache = {}
self.pas_member = getMultiAdapter((self.site, self.request),
name=u"pas_member")
self.util = getMultiAdapter((self.site, self.request),
name="castle-utils")
self.sessions = self.get_open_sessions()
self.has_add_permission = api.user.has_permission('Add portal content',
obj=self.site)
return self
def beforeCommit(event):
"""
Couple causes here:
1. Lockout support
check if user attempted to login to the site.
If success, reset counter, if fail, tally it.
"""
request = event.request
if not ICastleLayer.providedBy(request):
return
site = api.portal.get()
resp = request.response
contentType = resp.getHeader('Content-Type')
if site is None or contentType is None or not contentType.startswith(
'text/html'):
return None
# now, check user roles. If they have none, make sure to
# throw an exception with message saying the user's account
# is disabled
user = api.user.get_current()
if user.getId() is None:
return
if api.user.get_roles(user=user) == ['Authenticated']:
# clear login cookies
mt = api.portal.get_tool('portal_membership')
mt.logoutUser(request)
resp.redirect('%s/@@disabled-user' % site.absolute_url())
session_manager = SessionManager(site, request, user)
if not session_manager.has_session_id():
# register new session with new id and storage
session_manager.register()
else:
session = session_manager.get()
if not session:
session_manager.log({})
else:
if session_manager.expired(session):
mt = api.portal.get_tool('portal_membership')
mt.logoutUser(request)
resp.expireCookie(session_manager.cookie_name)
session_manager.delete()
resp.redirect('%s/@@session-removed' % site.absolute_url())
else:
session_manager.log(session)
