def onUserLogsOut(event): request = getRequest() if request is None: return site = api.portal.get() user = api.user.get_current() try: session_manager = SessionManager(site, request, user) resp = request.response resp.expireCookie(session_manager.cookie_name) session_manager.delete() except: pass
def __call__(self): if self.request.REQUEST_METHOD == 'POST' and self.request.form.get( 'id'): session_id = self.request.form.get('id') user_id = self.request.form.get('userid') user = api.user.get(user_id) sm = SessionManager(self.context, self.request, user) sm.session_id = session_id sm.expire() self.sessions = get_active_sessions() return super(SessionsView, self).__call__()
def __call__(self): alsoProvides(self.request, IBlocksTransformEnabled) self.site = api.portal.get() if (self.request.REQUEST_METHOD == 'POST' and self.request.form.get('removesession') == 'yes'): session_id = self.request.form.get('id') user = api.user.get_current() sm = SessionManager(api.portal.get(), self.request, user) sm.session_id = session_id sm.expire() self._user_cache = {} self.pas_member = getMultiAdapter((self.site, self.request), name=u"pas_member") self.util = getMultiAdapter((self.site, self.request), name="castle-utils") self.sessions = self.get_open_sessions() self.has_add_permission = api.user.has_permission('Add portal content', obj=self.site) return self
def beforeCommit(event): """ Couple causes here: 1. Lockout support check if user attempted to login to the site. If success, reset counter, if fail, tally it. """ request = event.request if not ICastleLayer.providedBy(request): return site = api.portal.get() resp = request.response contentType = resp.getHeader('Content-Type') if site is None or contentType is None or not contentType.startswith( 'text/html'): return None # now, check user roles. If they have none, make sure to # throw an exception with message saying the user's account # is disabled user = api.user.get_current() if user.getId() is None: return if api.user.get_roles(user=user) == ['Authenticated']: # clear login cookies mt = api.portal.get_tool('portal_membership') mt.logoutUser(request) resp.redirect('%s/@@disabled-user' % site.absolute_url()) session_manager = SessionManager(site, request, user) if not session_manager.has_session_id(): # register new session with new id and storage session_manager.register() else: session = session_manager.get() if not session: session_manager.log({}) else: if session_manager.expired(session): mt = api.portal.get_tool('portal_membership') mt.logoutUser(request) resp.expireCookie(session_manager.cookie_name) session_manager.delete() resp.redirect('%s/@@session-removed' % site.absolute_url()) else: session_manager.log(session)