def _user_requires_secure_session(couch_user): if not couch_user: return False domains = couch_user.get_domains() if any(Domain.is_secure_session_required(domain) for domain in domains): return True from corehq.apps.users.models import DomainPermissionsMirror for domain in domains: mirrors = DomainPermissionsMirror.mirror_domains(domain) if any(Domain.is_secure_session_required(m) for m in mirrors): return True return False
def process_view(self, request, view_func, view_args, view_kwargs): if not request.user.is_authenticated: return secure_session = request.session.get('secure_session') timeout = settings.SECURE_TIMEOUT if secure_session else settings.INACTIVITY_TIMEOUT domain = getattr(request, "domain", None) now = datetime.datetime.utcnow() # figure out if we want to switch to secure_sessions change_to_secure_session = (not secure_session and ( (domain and Domain.is_secure_session_required(domain)) or self._user_requires_secure_session(request.couch_user))) if change_to_secure_session: timeout = settings.SECURE_TIMEOUT # force re-authentication if the user has been logged in longer than the secure timeout if self._session_expired(timeout, request.user.last_login, now): LogoutView.as_view( template_name=settings.BASE_TEMPLATE)(request) # this must be after logout so it is attached to the new session request.session['secure_session'] = True request.session.set_expiry(timeout * 60) return HttpResponseRedirect( reverse('login') + '?next=' + request.path) request.session['secure_session'] = True request.session.set_expiry(timeout * 60)
def process_view(self, request, view_func, view_args, view_kwargs): if not request.user.is_authenticated(): return secure_session = request.session.get('secure_session') domain = getattr(request, "domain", None) now = datetime.datetime.utcnow() if not secure_session and ( (domain and Domain.is_secure_session_required(domain)) or self._user_requires_secure_session(request.couch_user)): if self._session_expired(settings.SECURE_TIMEOUT, request.user.last_login, now): django_logout(request, template_name=settings.BASE_TEMPLATE) # this must be after logout so it is attached to the new session request.session['secure_session'] = True return HttpResponseRedirect(reverse('login') + '?next=' + request.path) else: request.session['secure_session'] = True request.session['last_request'] = json_format_datetime(now) return else: last_request = request.session.get('last_request') timeout = settings.SECURE_TIMEOUT if secure_session else settings.INACTIVITY_TIMEOUT if self._session_expired(timeout, last_request, now): django_logout(request, template_name=settings.BASE_TEMPLATE) return HttpResponseRedirect(reverse('login') + '?next=' + request.path) request.session['last_request'] = json_format_datetime(now)
def process_view(self, request, view_func, view_args, view_kwargs): if not request.user.is_authenticated: return secure_session = request.session.get('secure_session') timeout = settings.SECURE_TIMEOUT if secure_session else settings.INACTIVITY_TIMEOUT domain = getattr(request, "domain", None) now = datetime.datetime.utcnow() # figure out if we want to switch to secure_sessions change_to_secure_session = ( not secure_session and ( (domain and Domain.is_secure_session_required(domain)) or self._user_requires_secure_session(request.couch_user))) if change_to_secure_session: timeout = settings.SECURE_TIMEOUT # force re-authentication if the user has been logged in longer than the secure timeout if self._session_expired(timeout, request.user.last_login, now): django_logout(request, template_name=settings.BASE_TEMPLATE) # this must be after logout so it is attached to the new session request.session['secure_session'] = True request.session.set_expiry(timeout * 60) return HttpResponseRedirect(reverse('login') + '?next=' + request.path) request.session['secure_session'] = True request.session.set_expiry(timeout * 60)
def _user_requires_secure_session(couch_user): return couch_user and any( Domain.is_secure_session_required(domain) for domain in couch_user.get_domains())
def _user_requires_secure_session(couch_user): return couch_user and any(Domain.is_secure_session_required(domain) for domain in couch_user.get_domains())